From 6cac2981fb45498f7e5b84ded2669fb62111da17 Mon Sep 17 00:00:00 2001
From: Shannon Booth <shannon@serenityos.org>
Date: Wed, 7 Aug 2024 03:06:57 +1200
Subject: [PATCH] LibURL: Fail parsing IPV4 URLs starting with 0x that overflow

Parsing last as an IPV4 number was not returning true in "ends with a
number" as the parsing of that part was overflowing. This means that the
URL is not considered to be an IPv4 address, and is treated as a valid
domain.

Helpfully, the spec also points out in a note that this step is
equivalent to simply checking that the last part ends with 0x followed
by only hex digits - which doesn't suffer from any overflow problem!

Arguably this is an editorial issue in the spec where this should be
clarified a little bit. But for now, fixing this fixes 3 sub tests in
WPT for:

https://wpt.live/url/url-constructor.any.html
---
 Tests/LibWeb/Text/expected/URL/invalid-urls.txt | 2 ++
 Tests/LibWeb/Text/input/URL/invalid-urls.html   | 1 +
 Userland/Libraries/LibURL/Parser.cpp            | 3 ++-
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Tests/LibWeb/Text/expected/URL/invalid-urls.txt b/Tests/LibWeb/Text/expected/URL/invalid-urls.txt
index 7ffbe3d1b7b..b58cdb108e6 100644
--- a/Tests/LibWeb/Text/expected/URL/invalid-urls.txt
+++ b/Tests/LibWeb/Text/expected/URL/invalid-urls.txt
@@ -1,2 +1,4 @@
 new URL('file://xn--/p', undefined)
 error creating URL: 'TypeError: Invalid URL'
+new URL('http://0xffffffff1', undefined)
+error creating URL: 'TypeError: Invalid URL'
diff --git a/Tests/LibWeb/Text/input/URL/invalid-urls.html b/Tests/LibWeb/Text/input/URL/invalid-urls.html
index b8f73c9fece..bb0e774765f 100644
--- a/Tests/LibWeb/Text/input/URL/invalid-urls.html
+++ b/Tests/LibWeb/Text/input/URL/invalid-urls.html
@@ -3,6 +3,7 @@
     test(() => {
         const urls = [
             { input: 'file://xn--/p' },
+            { input: 'http://0xffffffff1' },
         ];
 
         for (url of urls) {
diff --git a/Userland/Libraries/LibURL/Parser.cpp b/Userland/Libraries/LibURL/Parser.cpp
index 6a9aa801b86..f69afda01bd 100644
--- a/Userland/Libraries/LibURL/Parser.cpp
+++ b/Userland/Libraries/LibURL/Parser.cpp
@@ -583,7 +583,8 @@ static bool ends_in_a_number_checker(StringView input)
         return true;
 
     // 5. If parsing last as an IPv4 number does not return failure, then return true.
-    if (parse_ipv4_number(last).has_value())
+    // NOTE: This is equivalent to checking that last is "0X" or "0x", followed by zero or more ASCII hex digits.
+    if (last.starts_with("0x"sv, CaseSensitivity::CaseInsensitive) && all_of(last.substring_view(2), is_ascii_hex_digit))
         return true;
 
     // 6. Return false.