On Mon, 2020-04-06 at 19:39 +0200, theapple...@differentmail.com wrote:
> I read following article: Sandboxing WebKitGTK Apps – Michael
> Catanzaro
> https://blogs.gnome.org/mcatanzaro/2020/03/31/sandboxing-webkitgtk-apps/
>
> Is Evolution also sandboxed to a certain extend (not only the
> flatpack version)?
Hi,
no, the 3.36.x (and earlier) version does not use WebKitGTK+ sandboxing
(neither current development version, for what it worth).
Evolution itself has its own web extensions (Michael wrote about them
in the article), one for the (message) preview, one for the composer.
Evolution has disabled user-provided JavaScript code (not every exploit
involves JavaScript, I know) and it controls what is loaded from the
outside (the remote content settings in Evolution). I do not think it's
any close to real sandboxing, but it also tries to show HTML mails in
slightly restricted environment.
Bye,
Milan
_______________________________________________
evolution-list mailing list
evolution-list@gnome.org
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
