Evolution sandbox?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Evolution sandbox?

theapplepie@differentmail.com
Hello

I have a general and non-urgent question from a layperson.

I read following article: Sandboxing WebKitGTK Apps – Michael Catanzaro
https://blogs.gnome.org/mcatanzaro/2020/03/31/sandboxing-webkitgtk-apps/

Is Evolution also sandboxed to a certain extend (not only the flatpack version)?

Thanks

Dan

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: Evolution sandbox?

Gnome Evolution - General mailing list
On Mon, 2020-04-06 at 19:39 +0200, [hidden email] wrote:
> I read following article: Sandboxing WebKitGTK Apps – Michael
> Catanzaro
> https://blogs.gnome.org/mcatanzaro/2020/03/31/sandboxing-webkitgtk-apps/
>
> Is Evolution also sandboxed to a certain extend (not only the
> flatpack version)?

        Hi,
no, the 3.36.x (and earlier) version does not use WebKitGTK+ sandboxing
(neither current development version, for what it worth).

Evolution itself has its own web extensions (Michael wrote about them
in the article), one for the (message) preview, one for the composer.
Evolution has disabled user-provided JavaScript code (not every exploit
involves JavaScript, I know) and it controls what is loaded from the
outside (the remote content settings in Evolution). I do not think it's
any close to real sandboxing, but it also tries to show HTML mails in
slightly restricted environment.
        Bye,
        Milan

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list
Reply | Threaded
Open this post in threaded view
|

Re: Evolution sandbox?

theapplepie@differentmail.com
> no, the 3.36.x (and earlier) version does not use WebKitGTK+
> sandboxing
> (neither current development version, for what it worth).
>
> Evolution itself has its own web extensions (Michael wrote about them
> in the article), one for the (message) preview, one for the composer.
> Evolution has disabled user-provided JavaScript code (not every
> exploit
> involves JavaScript, I know) and it controls what is loaded from the
> outside (the remote content settings in Evolution). I do not think
> it's
> any close to real sandboxing, but it also tries to show HTML mails in
> slightly restricted environment.

Hi Milan

Thanks a lot for your helpful and interesting answer!

_______________________________________________
evolution-list mailing list
[hidden email]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-list