Re: [Evolution] Evolution sandbox?

From: Milan Crha <mcrha redhat com>
To: evolution-list gnome org
Subject: Re: [Evolution] Evolution sandbox?
Date: Mon, 06 Apr 2020 20:02:37 +0200

On Mon, 2020-04-06 at 19:39 +0200, theapplepie differentmail com wrote:

I read following article: Sandboxing WebKitGTK Apps – Michael
Catanzaro
https://blogs.gnome.org/mcatanzaro/2020/03/31/sandboxing-webkitgtk-apps/

Is Evolution also sandboxed to a certain extend (not only the
flatpack version)?


        Hi,
no, the 3.36.x (and earlier) version does not use WebKitGTK+ sandboxing
(neither current development version, for what it worth).

Evolution itself has its own web extensions (Michael wrote about them
in the article), one for the (message) preview, one for the composer.
Evolution has disabled user-provided JavaScript code (not every exploit
involves JavaScript, I know) and it controls what is loaded from the
outside (the remote content settings in Evolution). I do not think it's
any close to real sandboxing, but it also tries to show HTML mails in
slightly restricted environment.
        Bye,
        Milan

Follow-Ups:
- Re: [Evolution] Evolution sandbox?
  - From: theapplepie differentmail com

References:
- [Evolution] Evolution sandbox?
  - From: theapplepie differentmail com

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]