LibWeb: Disallow creating a FileAPI::FileList with a vector of files

This factory forced callers to make a list of GC-allocated FileAPI::File objects. This isn't safe - this opens a window for these files to be garbage collected before the FileList object stores / visits the list. Instead, only allow creating an empty FileList and incrementally adding files to that list.
Author: https://github.com/trflynn89 Commit: 8b4d28b5fd Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/1111
2025-07-29 20:29:18 +00:00 · 2024-08-18 10:48:22 -04:00 · 2024-08-18 10:48:22 -04:00 · 8b4d28b5fd · 2024-08-19 11:30:30 +00:00
commit 8b4d28b5fd
parent a3a69b8ad2
3 changed files with 8 additions and 21 deletions
--- a/Userland/Libraries/LibWeb/FileAPI/FileList.cpp
+++ b/Userland/Libraries/LibWeb/FileAPI/FileList.cpp
@ -14,23 +14,11 @@ namespace Web::FileAPI {

 JS_DEFINE_ALLOCATOR(FileList);

-JS::NonnullGCPtr<FileList> FileList::create(JS::Realm& realm, Vector<JS::NonnullGCPtr<File>>&& files)
-{
-    return realm.heap().allocate<FileList>(realm, realm, move(files));
-}
-
 JS::NonnullGCPtr<FileList> FileList::create(JS::Realm& realm)
 {
    return realm.heap().allocate<FileList>(realm, realm);
 }

-FileList::FileList(JS::Realm& realm, Vector<JS::NonnullGCPtr<File>>&& files)
-    : Bindings::PlatformObject(realm)
-    , m_files(move(files))
-{
-    m_legacy_platform_object_flags = LegacyPlatformObjectFlags { .supports_indexed_properties = 1 };
-}
-
 FileList::FileList(JS::Realm& realm)
    : Bindings::PlatformObject(realm)
 {