LibWeb: Implement basic high resolution time coarsening

Several interfaces that return a high resolution time require that time to be coarsened, in order to prevent timing attacks. This implementation simply reduces the resolution of the returned timestamp to the minimum values given in the specification. Further work may be needed to make our implementation more robust to the kind of attacks that this mechanism is designed to prevent.
Author: https://github.com/tcl3 Commit: 39445d6dd6 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/3381 Reviewed-by: https://github.com/AtkinsSJ ✅
2025-07-29 12:19:54 +00:00 · 2025-01-28 10:47:32 +00:00 · 2025-01-28 10:47:32 +00:00 · 39445d6dd6 · 2025-01-30 17:39:14 +00:00
commit 39445d6dd6
parent a5be7cb6fb
7 changed files with 100 additions and 5 deletions
--- a/Libraries/LibWeb/DOM/Document.cpp
+++ b/Libraries/LibWeb/DOM/Document.cpp
@ -330,7 +330,8 @@ WebIDL::ExceptionOr<GC::Ref<Document>> Document::create_and_initialize(Type type
    DOM::DocumentLoadTimingInfo load_timing_info;
    // AD-HOC: The response object no longer has an associated timing info object. For now, we use response's non-standard response time property,
    //         which represents the time that the time that the response object was created.
-    load_timing_info.navigation_start_time = navigation_params.response->response_time().nanoseconds() / 1e6;
+    auto response_creation_time = navigation_params.response->response_time().nanoseconds() / 1e6;
+    load_timing_info.navigation_start_time = HighResolutionTime::coarsen_time(response_creation_time, HTML::relevant_settings_object(*window).cross_origin_isolated_capability() == HTML::CanUseCrossOriginIsolatedAPIs::Yes);

    // 9. Let document be a new Document, with
    //    type: type