LibIPC: Ensure only valid URLs are passed over IPC

Invalid URLs should be signified by a wrapper class, such as an Optional<URL::URL> in the IPC file. I do not believe that we have anything which currently relies on passing through an invalid URL.
Author: https://github.com/shannonbooth Commit: https://github.com/LadybirdBrowser/ladybird/commit/25df98875d9 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/3609 Reviewed-by: https://github.com/trflynn89
2025-04-20 11:36:10 +00:00 · 2025-02-16 14:13:57 +13:00 · 2025-02-16 14:13:57 +13:00 · 25df98875d · 2025-02-19 13:03:01 +00:00
commit 25df98875d
parent 0b8bcdcbd3
1 changed files with 7 additions and 4 deletions
--- a/Libraries/LibIPC/Decoder.cpp
+++ b/Libraries/LibIPC/Decoder.cpp
@ -13,6 +13,7 @@
 #include <LibCore/Socket.h>
 #include <LibIPC/Decoder.h>
 #include <LibIPC/File.h>
+#include <LibURL/Parser.h>
 #include <LibURL/URL.h>

 namespace IPC {
@ -81,13 +82,15 @@ template<>
 ErrorOr<URL::URL> decode(Decoder& decoder)
 {
    auto url_string = TRY(decoder.decode<ByteString>());
-    URL::URL url { url_string };
+    auto url = URL::Parser::basic_parse(url_string);
+    if (!url.has_value())
+        return Error::from_string_view("Failed to parse URL in IPC Decode"sv);

    bool has_blob_url = TRY(decoder.decode<bool>());
    if (!has_blob_url)
-        return url;
+        return url.release_value();

-    url.set_blob_url_entry(URL::BlobURLEntry {
+    url->set_blob_url_entry(URL::BlobURLEntry {
        .object = URL::BlobURLEntry::Object {
            .type = TRY(decoder.decode<String>()),
            .data = TRY(decoder.decode<ByteBuffer>()),
@ -95,7 +98,7 @@ ErrorOr<URL::URL> decode(Decoder& decoder)
        .environment { .origin = TRY(decoder.decode<URL::Origin>()) },
    });

-    return url;
+    return url.release_value();
 }

 template<>