Enable sandbox on webview

atom/app/atom_main_delegate.cc

@@ -130,9 +130,6 @@ void AtomMainDelegate::PreSandboxStartup() {
     // Disable setuid sandbox since it is not longer required on linux(namespace
     // sandbox is available on most distros).
     command_line->AppendSwitch(::switches::kDisableSetuidSandbox);
-  } else {
-    // Disable renderer sandbox for most of node's functions.
-    command_line->AppendSwitch(::switches::kNoSandbox);
   }
 
   // Allow file:// URIs to read other file:// URIs by default.

atom/browser/web_contents_preferences.cc

@@ -108,11 +108,15 @@ void WebContentsPreferences::AppendExtraCommandLineSwitches(
   command_line->AppendSwitchASCII(switches::kWebviewTag,
                                   webview_tag ? "true" : "false");
 
-  // If the `sandbox` option was passed to the BrowserWindow's webPreferences,
-  // pass `--enable-sandbox` to the renderer so it won't have any node.js
-  // integration.
-  if (IsSandboxed(web_contents))
-    command_line->AppendSwitch(switches::kEnableSandbox);
+  if (IsSandboxed(web_contents)) {
+    // pass `--enable-sandbox` to the renderer so it won't have any node.js
+    // integration.
+    command_line->AppendSwitch(switches::kEnableSandbox); 
+  }
+  else {
+    // Disable renderer sandbox for most of node's functions.
+    command_line->AppendSwitch(::switches::kNoSandbox);
+  }
   if (web_preferences.GetBoolean("nativeWindowOpen", &b) && b)
     command_line->AppendSwitch(switches::kNativeWindowOpen);