Use WebKit sandboxing

* src/xwidget.c (Fmake_xwidget): Enable sandboxing if WebKit 2.26
or later.  Do this early, as required for sandboxing (Bug#43071).
Co-authored-by: Qiantan Hong <qhong@mit.edu>
Copyright-paperwork-exempt: yes

diff --git a/src/xwidget.c b/src/xwidget.c
index ea8987f5b3b4047743eae30e48580a120295d454..fb906d181ac31c49e32e6df2f24d80d972f57119 100644 (file)
--- a/src/xwidget.c
+++ b/src/xwidget.c
@@ -101,6 +101,13 @@ Returns the newly constructed xwidget, or nil if construction fails.  */)
   if (EQ (xw->type, Qwebkit))
     {
       block_input ();
+      WebKitWebContext *webkit_context = webkit_web_context_get_default ();
+
+# if WEBKIT_CHECK_VERSION (2, 26, 0)
+      if (!webkit_web_context_get_sandbox_enabled (webkit_context))
+       webkit_web_context_set_sandbox_enabled (webkit_context, TRUE);
+# endif
+
       xw->widgetwindow_osr = gtk_offscreen_window_new ();
       gtk_window_resize (GTK_WINDOW (xw->widgetwindow_osr), xw->width,
                          xw->height);
@@ -139,7 +146,7 @@ Returns the newly constructed xwidget, or nil if construction fails.  */)
                             "load-changed",
                             G_CALLBACK (webkit_view_load_changed_cb), xw);
 
-          g_signal_connect (G_OBJECT (webkit_web_context_get_default ()),
+          g_signal_connect (G_OBJECT (webkit_context),
                             "download-started",
                             G_CALLBACK (webkit_download_cb), xw);