[webkit-gtk] Web process sandbox

Martin Robinson mrobinson at webkit.org
Wed Jan 7 09:57:28 PST 2015


On Wed, Jan 7, 2015 at 9:46 AM, Michael Catanzaro <mcatanzaro at igalia.com> wrote:
> I wish I could say that application developers don't need to know or care
> about the sandbox, but web extensions are a huge exception. Sandboxing the
> web process will inevitably break web extensions. Therefore:

Perhaps it makes sense that web extensions will need to rely on their
client programs to access resources outside of the sandbox. If we
allow disabling the sandbox or make it simple to expand it, I fear
that applications will simply switch it off, making their users much
less secure.

--Martin


More information about the webkit-gtk mailing list