From 71b039a7218716f7f19edf0a3797cd2ef5c37a11 Mon Sep 17 00:00:00 2001 From: Callum Law Date: Sat, 16 Aug 2025 22:01:27 +1200 Subject: [PATCH] LibWeb: Use document's global object in `is_base_allowed_for_document` Previously we were using the document's window - this was both contrary to spec and causing crashes when the document did not have a window (for instance the `temp_document` in `HTMLParser::parse_html_fragment`. This means we no longer crash when navigating between pages on https://rocketlabcorp.com --- .../LibWeb/ContentSecurityPolicy/BlockingAlgorithms.cpp | 3 +-- Tests/LibWeb/Crash/DOM/base-element-insert-crash.html | 7 +++++++ 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 Tests/LibWeb/Crash/DOM/base-element-insert-crash.html diff --git a/Libraries/LibWeb/ContentSecurityPolicy/BlockingAlgorithms.cpp b/Libraries/LibWeb/ContentSecurityPolicy/BlockingAlgorithms.cpp index d8c510b9294..f4cb5483f1a 100644 --- a/Libraries/LibWeb/ContentSecurityPolicy/BlockingAlgorithms.cpp +++ b/Libraries/LibWeb/ContentSecurityPolicy/BlockingAlgorithms.cpp @@ -625,8 +625,7 @@ JS::ThrowCompletionOr ensure_csp_does_not_block_wasm_byte_compilation(JS:: Directives::Directive::Result is_base_allowed_for_document(JS::Realm& realm, URL::URL const& base, GC::Ref document) { // 1. For each policy of document’s global object’s csp list: - VERIFY(document->window()); - auto csp_list = PolicyList::from_object(*document->window()); + auto csp_list = PolicyList::from_object(document->realm().global_object()); VERIFY(csp_list); for (auto const policy : csp_list->policies()) { // 1. Let source list be null. diff --git a/Tests/LibWeb/Crash/DOM/base-element-insert-crash.html b/Tests/LibWeb/Crash/DOM/base-element-insert-crash.html new file mode 100644 index 00000000000..2e3e484ce63 --- /dev/null +++ b/Tests/LibWeb/Crash/DOM/base-element-insert-crash.html @@ -0,0 +1,7 @@ + + + + +