docs: security.md mark 'Enable process sandboxing' as active by defau… (#48647)

* docs: security.md mark 'Enable process sandboxing' as active by default since electron 20

Co-authored-by: LeUser111 <florian.wiedenmann@grob.de>

* Adjusted according to feedback

Co-authored-by: LeUser111 <florian.wiedenmann@grob.de>

* Updated according to feedback - adjusted sandbox.md

Co-authored-by: LeUser111 <florian.wiedenmann@grob.de>

* formatting

Co-authored-by: LeUser111 <florian.wiedenmann@grob.de>

* Fixed broken markup

Co-authored-by: LeUser111 <florian.wiedenmann@grob.de>

* Implemented docs linting suggestions

Co-authored-by: LeUser111 <florian.wiedenmann@grob.de>

* docs: docs/tutorial/sandbox.md - fixed typo

Co-authored-by: Erick Zhao <erick@hotmail.ca>

Co-authored-by: Teaveloper <49181620+LeUser111@users.noreply.github.com>

* docs: web-preferences.md - sandbox: mention default value and relation to nodeIntegration

Co-authored-by: LeUser111 <florian.wiedenmann@grob.de>

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: LeUser111 <florian.wiedenmann@grob.de>
Co-authored-by: Teaveloper <49181620+LeUser111@users.noreply.github.com>

docs/tutorial/sandbox.md

@@ -13,7 +13,13 @@ the GPU service and the network service.
 See Chromium's [Sandbox design document][sandbox] for more information.
 
 Starting from Electron 20, the sandbox is enabled for renderer processes without any
-further configuration. If you want to disable the sandbox for a process, see the
+further configuration.
+
+Sandboxing is tied to Node.js integration. _Enabling Node.js integration_ for a
+renderer process by setting `nodeIntegration: true` _disables the sandbox_ for the
+process.
+
+If you want to disable the sandbox for a process, see the
 [Disabling the sandbox for a single process](#disabling-the-sandbox-for-a-single-process)
 section.
 
@@ -98,7 +104,8 @@ app.whenReady().then(() => {
 ```
 
 Sandboxing is also disabled whenever Node.js integration is enabled in the renderer.
-This can be done through the BrowserWindow constructor with the `nodeIntegration: true` flag.
+This can be done through the BrowserWindow constructor with the `nodeIntegration: true` flag
+or by providing the respective HTML boolean attribute for a `webview`.
 
 ```js title='main.js'
 app.whenReady().then(() => {
@@ -111,6 +118,10 @@ app.whenReady().then(() => {
 })
 ```
 
+```html title='index.html (Renderer Process)'
+<webview nodeIntegration src="page.html"></webview>
+```
+
 ### Enabling the sandbox globally
 
 If you want to force sandboxing for all renderers, you can also use the

docs/tutorial/security.md

@@ -244,6 +244,10 @@ to enable this behavior.
 Even when `nodeIntegration: false` is used, to truly enforce strong isolation
 and prevent the use of Node primitives `contextIsolation` **must** also be used.
 
+Beware that _disabling context isolation_ for a renderer process by setting
+`nodeIntegration: true` _also disables process sandboxing_ for that process.
+See section below.
+
 :::info
 For more information on what `contextIsolation` is and how to enable it please
 see our dedicated [Context Isolation](context-isolation.md) document.
@@ -251,6 +255,16 @@ see our dedicated [Context Isolation](context-isolation.md) document.
 
 ### 4. Enable process sandboxing
 
+:::info
+This recommendation is the default behavior in Electron since 20.0.0.
+
+Additionally, process sandboxing can be enforced for all renderer processes
+application wide: [Enabling the sandbox globally](sandbox.md#enabling-the-sandbox-globally)
+
+_Disabling context isolation_ (see above) _also disables process sandboxing_,
+regardless of the default, `sandbox: false` or globally enabled sandboxing!
+:::
+
 [Sandboxing](https://chromium.googlesource.com/chromium/src/+/HEAD/docs/design/sandbox.md)
 is a Chromium feature that uses the operating system to
 significantly limit what renderer processes have access to. You should enable