LibWeb/HTML: Allow throwing SecurityError for push/replaceState() abuse

Corresponds to 73e51b414b
Author: https://github.com/AtkinsSJ Commit: 02e8c0e1d1 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/4186
2025-05-02 01:08:48 +00:00 · 2025-04-02 12:30:27 +01:00 · 2025-04-02 12:30:27 +01:00 · 02e8c0e1d1 · 2025-04-02 16:28:59 +00:00
commit 02e8c0e1d1
parent 7367150536
1 changed files with 3 additions and 2 deletions
--- a/Libraries/LibWeb/HTML/History.cpp
+++ b/Libraries/LibWeb/HTML/History.cpp
@ -180,8 +180,9 @@ WebIDL::ExceptionOr<void> History::shared_history_push_replace_state(JS::Value d
    if (!document->is_fully_active())
        return WebIDL::SecurityError::create(realm(), "Cannot perform pushState or replaceState on a document that isn't fully active."_string);

-    // 3. Optionally, return. (For example, the user agent might disallow calls to these methods that are invoked on a timer,
-    //    or from event listeners that are not triggered in response to a clear user action, or that are invoked in rapid succession.)
+    // 3. Optionally, throw a "SecurityError" DOMException. (For example, the user agent might disallow calls to these
+    //    methods that are invoked on a timer, or from event listeners that are not triggered in response to a clear
+    //    user action, or that are invoked in rapid succession.)

    // 4. Let serializedData be StructuredSerializeForStorage(data). Rethrow any exceptions.
    //    FIXME: Actually rethrow exceptions here once we start using the serialized data.