Bug 220117

Summary: [WPE][GTK] Remove webkit_web_context_set_sandbox_enabled() from modern API
Product: WebKit Reporter: Michael Catanzaro <mcatanzaro>
Component: WebKitGTKAssignee: Michael Catanzaro <mcatanzaro>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply, mcatanzaro
Priority: P2    
Version: WebKit Nightly Build   
Hardware: PC   
OS: Linux   
See Also: https://bugs.webkit.org/show_bug.cgi?id=250231
https://bugs.webkit.org/show_bug.cgi?id=250232
Bug Depends on: 249034    
Bug Blocks: 210100    

Description Michael Catanzaro 2020-12-23 05:36:25 PST 
webkit_web_context_set_sandbox_enabled() should not exist in the GTK 4 API. The sandbox should always be enabled, with no API function to disable it.
Comment 1 Michael Catanzaro 2021-10-27 18:48:36 PDT 
One more thing: we should crash if the application tries to allowlist / or /home or $HOME. We cannot prevent apps from allowlisting whatever they wish, but if they want to be stupid they should have to try somewhat harder than that.
Comment 2 Michael Catanzaro 2022-04-08 07:26:40 PDT 
Let's provide an environment variable as an out: disabling the sandbox is very useful for debugging purposes. But it should be much scarier than the current WEBKIT_FORCE_SANDBOX=0. I would name it WEBKIT_ALLOW_HACKING_ME=1 or something like that.
Comment 3 Michael Catanzaro 2022-10-30 09:17:40 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/5944
Comment 4 EWS 2023-01-18 08:10:50 PST 
Committed 259028@main (0f14b00d81e3): <https://commits.webkit.org/259028@main>

Reviewed commits have been landed. Closing PR #5944 and removing active labels.