From 4dfc29356d29aaad3e3a6f34a0e89c94890ae5a2 Mon Sep 17 00:00:00 2001
From: Timothy Flynn <trflynn89@pm.me>
Date: Tue, 18 Mar 2025 13:22:31 -0400
Subject: [PATCH] LibWeb: Initialize the Storage byte count upon creation

A Storage object may be created with an existing storage bottle. For
example, if you navigate from site.com/page1 to site.com/page2, they
will have different localStorage objects, but will use the same bottle
for actual storage.

Previously, if page1 set some key/value item, we would initialize the
byte count to 0 on page2 despite having a non-empty bottle. Thus, if
page2 set a smaller value with the same key, we would overflow the
computed byte count, and all subsequent writes would be rejected.

This was seen navigating from the chess.com home page to the daily
puzzle page.
---
 Libraries/LibWeb/HTML/Storage.cpp               |  3 +++
 .../LibWeb/Text/data/local-storage-iframe.html  |  4 ++++
 .../HTML/local-storage-usage-after-nav.txt      |  2 ++
 .../HTML/local-storage-usage-after-nav.html     | 17 +++++++++++++++++
 4 files changed, 26 insertions(+)
 create mode 100644 Tests/LibWeb/Text/data/local-storage-iframe.html
 create mode 100644 Tests/LibWeb/Text/expected/HTML/local-storage-usage-after-nav.txt
 create mode 100644 Tests/LibWeb/Text/input/HTML/local-storage-usage-after-nav.html

diff --git a/Libraries/LibWeb/HTML/Storage.cpp b/Libraries/LibWeb/HTML/Storage.cpp
index 6eb9e63352b..512388df972 100644
--- a/Libraries/LibWeb/HTML/Storage.cpp
+++ b/Libraries/LibWeb/HTML/Storage.cpp
@@ -46,6 +46,9 @@ Storage::Storage(JS::Realm& realm, Type type, NonnullRefPtr<StorageAPI::StorageB
         .named_property_deleter_has_identifier = true,
     };
 
+    for (auto const& item : map())
+        m_stored_bytes += item.key.byte_count() + item.value.byte_count();
+
     all_storages().set(*this);
 }
 
diff --git a/Tests/LibWeb/Text/data/local-storage-iframe.html b/Tests/LibWeb/Text/data/local-storage-iframe.html
new file mode 100644
index 00000000000..f87199395fe
--- /dev/null
+++ b/Tests/LibWeb/Text/data/local-storage-iframe.html
@@ -0,0 +1,4 @@
+<script>
+    localStorage.setItem("foo", "barbaz");
+    parent.postMessage("local storage set", "*");
+</script>
diff --git a/Tests/LibWeb/Text/expected/HTML/local-storage-usage-after-nav.txt b/Tests/LibWeb/Text/expected/HTML/local-storage-usage-after-nav.txt
new file mode 100644
index 00000000000..8101bdaccf6
--- /dev/null
+++ b/Tests/LibWeb/Text/expected/HTML/local-storage-usage-after-nav.txt
@@ -0,0 +1,2 @@
+barbaz
+bar
diff --git a/Tests/LibWeb/Text/input/HTML/local-storage-usage-after-nav.html b/Tests/LibWeb/Text/input/HTML/local-storage-usage-after-nav.html
new file mode 100644
index 00000000000..5038ee36485
--- /dev/null
+++ b/Tests/LibWeb/Text/input/HTML/local-storage-usage-after-nav.html
@@ -0,0 +1,17 @@
+<iframe id="frame" src="../../data/local-storage-iframe.html"></iframe>
+<script src="../include.js"></script>
+<script>
+    asyncTest(done => {
+        window.onmessage = () => {
+           try {
+                println(localStorage.getItem("foo"));
+                localStorage.setItem("foo", "bar");
+                println(localStorage.getItem("foo"));
+            } catch (e) {
+                println(e);
+            }
+
+            done();
+        };
+    });
+</script>