From 25df98875d91c0489f38bd34539daaa17aa49097 Mon Sep 17 00:00:00 2001
From: Shannon Booth <shannon@serenityos.org>
Date: Sun, 16 Feb 2025 14:13:57 +1300
Subject: [PATCH] LibIPC: Ensure only valid URLs are passed over IPC

Invalid URLs should be signified by a wrapper class, such as an
Optional<URL::URL> in the IPC file. I do not believe that we have
anything which currently relies on passing through an invalid URL.
---
 Libraries/LibIPC/Decoder.cpp | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/Libraries/LibIPC/Decoder.cpp b/Libraries/LibIPC/Decoder.cpp
index 5334859783c..58b61c4143a 100644
--- a/Libraries/LibIPC/Decoder.cpp
+++ b/Libraries/LibIPC/Decoder.cpp
@@ -13,6 +13,7 @@
 #include <LibCore/Socket.h>
 #include <LibIPC/Decoder.h>
 #include <LibIPC/File.h>
+#include <LibURL/Parser.h>
 #include <LibURL/URL.h>
 
 namespace IPC {
@@ -81,13 +82,15 @@ template<>
 ErrorOr<URL::URL> decode(Decoder& decoder)
 {
     auto url_string = TRY(decoder.decode<ByteString>());
-    URL::URL url { url_string };
+    auto url = URL::Parser::basic_parse(url_string);
+    if (!url.has_value())
+        return Error::from_string_view("Failed to parse URL in IPC Decode"sv);
 
     bool has_blob_url = TRY(decoder.decode<bool>());
     if (!has_blob_url)
-        return url;
+        return url.release_value();
 
-    url.set_blob_url_entry(URL::BlobURLEntry {
+    url->set_blob_url_entry(URL::BlobURLEntry {
         .object = URL::BlobURLEntry::Object {
             .type = TRY(decoder.decode<String>()),
             .data = TRY(decoder.decode<ByteBuffer>()),
@@ -95,7 +98,7 @@ ErrorOr<URL::URL> decode(Decoder& decoder)
         .environment { .origin = TRY(decoder.decode<URL::Origin>()) },
     });
 
-    return url;
+    return url.release_value();
 }
 
 template<>