LibWeb: Restrict weird about:foo URIs

This commit:
- Prevents path traversal via the about: scheme
- Prevents loading about:inspector
- Requires about: URIs to be opaque paths
- Prevents crashes with invalid percent encoded paths

Libraries/LibWeb/Loader/ResourceLoader.cpp

@@ -272,19 +272,26 @@ void ResourceLoader::load(LoadRequest& request, GC::Root<SuccessCallback> succes
         // FIXME: Implement timing info for about requests.
         Requests::RequestTimingInfo fixme_implement_timing_info {};
 
+        auto serialized_path = URL::percent_decode(url.serialize_path());
+
         // About version page
-        if (url.path_segment_at_index(0) == "version") {
+        if (serialized_path == "version") {
             success_callback->function()(MUST(load_about_version_page()).bytes(), fixme_implement_timing_info, response_headers, {}, {});
             return;
         }
 
         // Other about static HTML pages
-        auto resource = Core::Resource::load_from_uri(MUST(String::formatted("resource://ladybird/{}.html", url.path_segment_at_index(0))));
+        auto target_file = ByteString::formatted("{}.html", serialized_path);
+
+        auto about_directory = MUST(Core::Resource::load_from_uri("resource://ladybird/about-pages"_string));
+        if (about_directory->children().contains_slow(target_file.view())) {
+            auto resource = Core::Resource::load_from_uri(ByteString::formatted("resource://ladybird/about-pages/{}", target_file));
             if (!resource.is_error()) {
                 auto data = resource.value()->data();
                 success_callback->function()(data, fixme_implement_timing_info, response_headers, {}, {});
                 return;
             }
+        }
 
         Platform::EventLoopPlugin::the().deferred_invoke(GC::create_function(m_heap, [success_callback, response_headers = move(response_headers), fixme_implement_timing_info = move(fixme_implement_timing_info)] {
             success_callback->function()(ByteString::empty().to_byte_buffer(), fixme_implement_timing_info, response_headers, {}, {});

Meta/gn/secondary/Ladybird/BUILD.gn

@@ -154,6 +154,7 @@ executable("ladybird_executable") {
     deps += [ "//Userland/Libraries/LibThreading" ]
   } else {
     data_deps += [
+      ":ladybird_copy_about_pages",
       ":ladybird_copy_cacert",
       ":ladybird_copy_config_resources",
       ":ladybird_copy_fonts",
@@ -265,11 +266,14 @@ themes = [
 ]
 
 web_resources = [
-  "//Base/res/ladybird/about.html",
   "//Base/res/ladybird/inspector.css",
   "//Base/res/ladybird/inspector.html",
   "//Base/res/ladybird/inspector.js",
-  "//Base/res/ladybird/newtab.html",
+]
+
+about_pages = [
+  "//Base/res/ladybird/about-pages/about.html",
+  "//Base/res/ladybird/about-pages/newtab.html",
 ]
 
 web_templates = [
@@ -327,6 +331,13 @@ if (current_os != "mac") {
     outputs = [ "$root_out_dir/share/Lagom/ladybird/{{source_file_part}}" ]
   }
 
+  copy("ladybird_copy_about_pages") {
+    sources = about_pages
+    outputs = [
+      "$root_out_dir/share/Lagom/ladybird/about-pages/{{source_file_part}}",
+    ]
+  }
+
   copy("ladybird_copy_web_templates") {
     sources = web_templates
     outputs =
@@ -477,6 +488,12 @@ if (current_os != "mac") {
     outputs = [ "{{bundle_resources_dir}}/ladybird/{{source_file_part}}" ]
   }
 
+  bundle_data("ladybird_about_pages") {
+    sources = about_pages
+    outputs =
+        [ "{{bundle_resources_dir}}/ladybird/about-pages/{{source_file_part}}" ]
+  }
+
   bundle_data("ladybird_web_templates") {
     sources = web_templates
     outputs =
@@ -537,6 +554,7 @@ if (current_os != "mac") {
     bundle_executable_dir = "$bundle_contents_dir/MacOS"
 
     deps = [
+      ":ladybird_about_pages",
       ":ladybird_bundle_executables",
       ":ladybird_bundle_info_plist",
       ":ladybird_bundle_libs",

UI/cmake/ResourceFiles.cmake

@@ -63,10 +63,12 @@ list(TRANSFORM 128x128_ICONS PREPEND "${LADYBIRD_SOURCE_DIR}/Base/res/icons/128x
 list(TRANSFORM BROWSER_ICONS PREPEND "${LADYBIRD_SOURCE_DIR}/Base/res/icons/browser/")
 
 set(WEB_RESOURCES
-    about.html
     inspector.css
     inspector.html
     inspector.js
+)
+set(ABOUT_PAGES
+    about.html
     newtab.html
 )
 set(WEB_TEMPLATES
@@ -75,6 +77,7 @@ set(WEB_TEMPLATES
     version.html
 )
 list(TRANSFORM WEB_RESOURCES PREPEND "${LADYBIRD_SOURCE_DIR}/Base/res/ladybird/")
+list(TRANSFORM ABOUT_PAGES PREPEND "${LADYBIRD_SOURCE_DIR}/Base/res/ladybird/about-pages/")
 list(TRANSFORM WEB_TEMPLATES PREPEND "${LADYBIRD_SOURCE_DIR}/Base/res/ladybird/templates/")
 
 set(THEMES
@@ -163,6 +166,10 @@ function(copy_resources_to_build base_directory bundle_target)
         DESTINATION ${base_directory} TARGET ${bundle_target}
     )
 
+    copy_resource_set(ladybird/about-pages RESOURCES ${ABOUT_PAGES}
+        DESTINATION ${base_directory} TARGET ${bundle_target}
+    )
+
     copy_resource_set(ladybird/templates RESOURCES ${WEB_TEMPLATES}
         DESTINATION ${base_directory} TARGET ${bundle_target}
     )
@@ -186,6 +193,7 @@ function(install_ladybird_resources destination component)
     install(FILES ${BROWSER_ICONS} DESTINATION "${destination}/icons/browser" COMPONENT ${component})
     install(FILES ${THEMES} DESTINATION "${destination}/themes" COMPONENT ${component})
     install(FILES ${WEB_RESOURCES} DESTINATION "${destination}/ladybird" COMPONENT ${component})
+    install(FILES ${ABOUT_PAGES} DESTINATION "${destination}/ladybird/about-pages" COMPONENT ${component})
     install(FILES ${WEB_TEMPLATES} DESTINATION "${destination}/ladybird/templates" COMPONENT ${component})
     install(FILES ${CONFIG_RESOURCES} DESTINATION "${destination}/ladybird/default-config" COMPONENT ${component})
     install(FILES ${DOWNLOADED_RESOURCES} DESTINATION "${destination}/ladybird" COMPONENT ${component})