From 3341de0f2c88e9e9696c7aa4c1529c13066089d0 Mon Sep 17 00:00:00 2001
From: Ulrich Müller <ulm@gentoo.org>
Date: Sat, 26 Mar 2022 22:24:45 +0100
Subject: 26.3: Enable WebKit sandboxing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bug: https://bugs.gentoo.org/739354
Signed-off-by: Ulrich Müller <ulm@gentoo.org>
---
 emacs/26.3/02_all_webkit-sandbox.patch | 41 ++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 emacs/26.3/02_all_webkit-sandbox.patch

diff --git a/emacs/26.3/02_all_webkit-sandbox.patch b/emacs/26.3/02_all_webkit-sandbox.patch
new file mode 100644
index 0000000..a7a0290
--- /dev/null
+++ b/emacs/26.3/02_all_webkit-sandbox.patch
@@ -0,0 +1,41 @@
+https://bugs.gentoo.org/739354
+
+From 71661b287297f328c2c5ad67e180a760f80850cb Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sat, 24 Oct 2020 15:34:12 -0700
+Subject: Use WebKit sandboxing
+
+* src/xwidget.c (Fmake_xwidget): Enable sandboxing if WebKit 2.26
+or later.  Do this early, as required for sandboxing (Bug#43071).
+Co-authored-by: Qiantan Hong <qhong@mit.edu>
+Copyright-paperwork-exempt: yes
+---
+ src/xwidget.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/xwidget.c b/src/xwidget.c
+index ea8987f..fb906d1 100644
+--- a/src/xwidget.c
++++ b/src/xwidget.c
+@@ -101,6 +101,13 @@
+   if (EQ (xw->type, Qwebkit))
+     {
+       block_input ();
++      WebKitWebContext *webkit_context = webkit_web_context_get_default ();
++
++# if WEBKIT_CHECK_VERSION (2, 26, 0)
++      if (!webkit_web_context_get_sandbox_enabled (webkit_context))
++	webkit_web_context_set_sandbox_enabled (webkit_context, TRUE);
++# endif
++
+       xw->widgetwindow_osr = gtk_offscreen_window_new ();
+       gtk_window_resize (GTK_WINDOW (xw->widgetwindow_osr), xw->width,
+                          xw->height);
+@@ -139,7 +146,7 @@
+                             "load-changed",
+                             G_CALLBACK (webkit_view_load_changed_cb), xw);
+
+-          g_signal_connect (G_OBJECT (webkit_web_context_get_default ()),
++          g_signal_connect (G_OBJECT (webkit_context),
+                             "download-started",
+                             G_CALLBACK (webkit_download_cb), xw);
-- 
cgit v1.2.3-65-gdbad