LibWeb/HTML: Add null handling for "get noopener for window open"

See: https://github.com/whatwg/html/pull/10847 Which also fixes a crash when window.open is given a blob URL which is not present in the Blob URL registry.
Author: https://github.com/shannonbooth Commit: 6c691ccddc Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/2872 Reviewed-by: https://github.com/gmta ✅
2025-07-19 15:32:31 +00:00 · 2024-12-11 15:34:31 +13:00 · 2024-12-11 15:34:31 +13:00 · 6c691ccddc · 2024-12-17 16:07:46 +00:00
commit 6c691ccddc
parent 03aafda788
3 changed files with 13 additions and 6 deletions
--- a/Libraries/LibWeb/HTML/Window.cpp
+++ b/Libraries/LibWeb/HTML/Window.cpp
@ -155,12 +155,12 @@ WebIDL::ExceptionOr<GC::Ptr<WindowProxy>> Window::window_open_steps(StringView u
 }

 // https://html.spec.whatwg.org/multipage/nav-history-apis.html#get-noopener-for-window-open
-static TokenizedFeature::NoOpener get_noopener_for_window_open(DOM::Document const& source_document, TokenizedFeature::Map const& tokenized_features, URL::URL url)
+static TokenizedFeature::NoOpener get_noopener_for_window_open(DOM::Document const& source_document, TokenizedFeature::Map const& tokenized_features, Optional<URL::URL> const& url)
 {
-    // 1. If url's scheme is "blob":
-    if (url.scheme() == "blob"sv) {
+    // 1. If url is not null and url's blob URL entry is not null:
+    if (url.has_value() && url->blob_url_entry().has_value()) {
        // 1. Let blobOrigin be url's blob URL entry's environment's origin.
-        auto blob_origin = url.blob_url_entry()->environment_origin;
+        auto blob_origin = url->blob_url_entry()->environment_origin;

        // 2. Let topLevelOrigin be sourceDocument's relevant settings object's top-level origin.
        auto top_level_origin = source_document.relevant_settings_object().top_level_origin;
@ -221,8 +221,7 @@ WebIDL::ExceptionOr<Window::OpenedWindow> Window::window_open_steps_internal(Str
    }

    // 9. Let noopener be the result of getting noopener for window open with sourceDocument, tokenizedFeatures, and urlRecord.
-    // FIXME: Spec bug: https://github.com/whatwg/html/issues/10844
-    auto no_opener = get_noopener_for_window_open(source_document, tokenized_features, url_record.has_value() ? *url_record : URL::URL("about:blank"));
+    auto no_opener = get_noopener_for_window_open(source_document, tokenized_features, url_record);

    // 10. Remove tokenizedFeatures["noopener"] and tokenizedFeatures["noreferrer"].
    tokenized_features.remove("noopener"sv);
--- a/Tests/LibWeb/Text/expected/HTML/Window-open-blob-url-without-blob-entry.txt
+++ b/Tests/LibWeb/Text/expected/HTML/Window-open-blob-url-without-blob-entry.txt
@ -0,0 +1 @@
+PASS! (Didn't crash)
--- a/Tests/LibWeb/Text/input/HTML/Window-open-blob-url-without-blob-entry.html
+++ b/Tests/LibWeb/Text/input/HTML/Window-open-blob-url-without-blob-entry.html
@ -0,0 +1,7 @@
+<script src="../include.js"></script>
+<script>
+    test(() => {
+        window.open('blob:file://').close();
+        println("PASS! (Didn't crash)");
+    })
+</script>