From 02e8c0e1d108140e6aad7d68a4f7f20f90ba6956 Mon Sep 17 00:00:00 2001 From: Sam Atkins Date: Wed, 2 Apr 2025 12:30:27 +0100 Subject: [PATCH] LibWeb/HTML: Allow throwing SecurityError for push/replaceState() abuse Corresponds to https://github.com/whatwg/html/commit/73e51b414b4e3e284086067fa147996aa89c6dc8 --- Libraries/LibWeb/HTML/History.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Libraries/LibWeb/HTML/History.cpp b/Libraries/LibWeb/HTML/History.cpp index 98d632a6a5f..e7294cdaae5 100644 --- a/Libraries/LibWeb/HTML/History.cpp +++ b/Libraries/LibWeb/HTML/History.cpp @@ -180,8 +180,9 @@ WebIDL::ExceptionOr History::shared_history_push_replace_state(JS::Value d if (!document->is_fully_active()) return WebIDL::SecurityError::create(realm(), "Cannot perform pushState or replaceState on a document that isn't fully active."_string); - // 3. Optionally, return. (For example, the user agent might disallow calls to these methods that are invoked on a timer, - // or from event listeners that are not triggered in response to a clear user action, or that are invoked in rapid succession.) + // 3. Optionally, throw a "SecurityError" DOMException. (For example, the user agent might disallow calls to these + // methods that are invoked on a timer, or from event listeners that are not triggered in response to a clear + // user action, or that are invoked in rapid succession.) // 4. Let serializedData be StructuredSerializeForStorage(data). Rethrow any exceptions. // FIXME: Actually rethrow exceptions here once we start using the serialized data.