Sandbox all the WebKit!
Description
Improve security of GNOME applications that render web content by doing so in a bubblewrap sandbox.
Goals
Every application using WebKitGTK should opt-in to the web process sandbox by calling webkit_web_context_set_sandbox_enabled()
. See this blog post for context.
Scope
Everything that uses WebKitGTK
People on charge & contact
Michael Catanzaro (@mcatanzaro)
Instructions to achieve the goals
https://gitlab.gnome.org/GNOME/Initiatives/-/wikis/Sandbox-all-the-WebKit!
Label for tracking the initiative
Initiative: Sandbox all the WebKit!
Text for the initiative issue in projects
Every application using WebKitGTK should opt-in to the web process sandbox by calling webkit_web_context_set_sandbox_enabled()
. See #19 for details.
List of projects & tasks
GNOME
-
devhelp -
epiphany -
evolution-data-server -
gnome-boxes -
gnome-builder -
gnome-initial-setup -
gnome-maps -
gnome-online-accounts -
sushi -
yelp
World
-
bijiben -
evolution, reverted awaiting printing -
geary (waiting for printing) -
glade -
gnome-documents(archived) -
libgepub
How can I help
Submit merge requests. It's easy!
If you see any GNOME software included in gnome-build-meta that uses WebKit but is not listed here, it is missing a dependency in gnome-build-meta. Please report it.