[gnome-initial-setup/mcatanzaro/sandbox] Enable web process sandbox

[Michael Catanzaro <mcatanzaro src gnome org>]

commit b29327c8badf9463c9dc3f4335ac78ab523b3b28
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Mon Jun 15 09:26:56 2020 -0500

    Enable web process sandbox
    
    This will make it a lot harder for Mozilla Corporation to hack our users
    via its privacy policy webpage! ;)

 gnome-initial-setup/gis-driver.c | 4 ++++
 gnome-initial-setup/meson.build  | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)
---
diff --git a/gnome-initial-setup/gis-driver.c b/gnome-initial-setup/gis-driver.c
index ae42d52c..a73442e8 100644
--- a/gnome-initial-setup/gis-driver.c
+++ b/gnome-initial-setup/gis-driver.c
@@ -26,6 +26,7 @@
 #include <errno.h>
 #include <locale.h>
 #include <stdlib.h>
+#include <webkit2/webkit2.h>
 
 #include "cc-common-language.h"
 #include "gis-assistant.h"
@@ -884,9 +885,12 @@ gis_driver_startup (GApplication *app)
 {
   GisDriver *driver = GIS_DRIVER (app);
   GisDriverPrivate *priv = gis_driver_get_instance_private (driver);
+  WebKitWebContext *context = webkit_web_context_get_default ();
 
   G_APPLICATION_CLASS (gis_driver_parent_class)->startup (app);
 
+  webkit_web_context_set_sandbox_enabled (context, TRUE);
+
   if (priv->mode == GIS_DRIVER_MODE_NEW_USER)
     connect_to_gdm (driver);
 
diff --git a/gnome-initial-setup/meson.build b/gnome-initial-setup/meson.build
index 9a721dfa..c071d757 100644
--- a/gnome-initial-setup/meson.build
+++ b/gnome-initial-setup/meson.build
@@ -48,7 +48,7 @@ dependencies = [
     dependency ('krb5'),
     dependency ('libsecret-1', version: '>= 0.18.8'),
     dependency ('pwquality'),
-    dependency ('webkit2gtk-4.0'),
+    dependency ('webkit2gtk-4.0', version: '>= 2.26.0'),
     cheese_dep,
     cheese_gtk_dep,
     ibus_dep,