lucasfernog
commented
1 year ago I think it should be opt-in, people usually have problems with limited APIs by default (like when we froze prototypes by default).
Open wusyong opened 1 year ago
lucasfernog
commented
1 year ago I think it should be opt-in, people usually have problems with limited APIs by default (like when we froze prototypes by default).
In tauri v1, we locked our webkitgtk version to 2.22. But now we have bumped to 2.38. This means we could enable sandbox already. https://webkitgtk.org/reference/webkit2gtk/2.28.3/WebKitWebContext.html#webkit-web-context-set-sandbox-enabled What I'm not sure is should we enable by default? Or we just offer an attribute option? Note that sandbox will disable file system, network, and dbus access whithin the webview. Here's an overview of it
cc @lucasfernog @tweidinger