mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-30 04:39:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibWeb: Make Environment's top level origin nullable
Some checks are pending
CI / Lagom (arm64, Sanitizer_CI, false, macos-15, macOS, Clang) (push) Waiting to run
Details
CI / Lagom (x86_64, Fuzzers_CI, false, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Details
CI / Lagom (x86_64, Sanitizer_CI, false, ubuntu-24.04, Linux, GNU) (push) Waiting to run
Details
CI / Lagom (x86_64, Sanitizer_CI, true, ubuntu-24.04, Linux, Clang) (push) Waiting to run
Details
Package the js repl as a binary artifact / build-and-package (arm64, macos-15, macOS, macOS-universal2) (push) Waiting to run
Details
Package the js repl as a binary artifact / build-and-package (x86_64, ubuntu-24.04, Linux, Linux-x86_64) (push) Waiting to run
Details
Run test262 and test-wasm / run_and_update_results (push) Waiting to run
Details
Lint Code / lint (push) Waiting to run
Details
Label PRs with merge conflicts / auto-labeler (push) Waiting to run
Details
Push notes / build (push) Waiting to run
Details

Browse source 
This matches the definition in the spec, and is also a step towards
removing the default constructor of URL::Origin.
This commit is contained in:
Shannon Booth 2025-05-25 16:47:37 +12:00 committed by Shannon Booth
commit 937994cfaa
Notes: github-actions[bot] 2025-05-27 02:49:41 +00:00
11 changed files with 20 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Libraries/LibWeb/DOM/Document.cpp
View file

@ -316,7 +316,7 @@ WebIDL::ExceptionOr<GC::Ref<Document>> Document::create_and_initialize(Type type
top_level_creation_url = parent_environment.top_level_creation_url;
// 3. Set topLevelOrigin to parentEnvironment's top-level origin.
top_level_origin = parent_environment.top_level_origin;
top_level_origin = parent_environment.top_level_origin.value();
}
// 10. Set up a window environment settings object with creationURL, realm execution context,

7
Libraries/LibWeb/Fetch/Infrastructure/NetworkPartitionKey.cpp
View file

@ -15,8 +15,9 @@ NetworkPartitionKey determine_the_network_partition_key(HTML::Environment const&
// 1. Let topLevelOrigin be environments top-level origin.
auto top_level_origin = environment.top_level_origin;
// FIXME: 2. If topLevelOrigin is null, then set topLevelOrigin to environments top-level creation URLs origin
// This field is supposed to be nullable
// 2. If topLevelOrigin is null, then set topLevelOrigin to environments top-level creation URLs origin
if (!top_level_origin.has_value())
top_level_origin = environment.top_level_creation_url->origin();
// 3. Assert: topLevelOrigin is an origin.
@ -26,7 +27,7 @@ NetworkPartitionKey determine_the_network_partition_key(HTML::Environment const&
void* second_key = nullptr;
// 6. Return (topLevelSite, secondKey).
return { top_level_origin, second_key };
return { top_level_origin.release_value(), second_key };
}
// https://fetch.spec.whatwg.org/#request-determine-the-network-partition-key

2
Libraries/LibWeb/HTML/BrowsingContext.cpp
View file

@ -254,7 +254,7 @@ WebIDL::ExceptionOr<BrowsingContext::BrowsingContextAndDocument> BrowsingContext
document->set_policy_container(creator->policy_container()->clone(document->heap()));
// 3. If creator's origin is same origin with creator's relevant settings object's top-level origin,
if (creator->origin().is_same_origin(creator->relevant_settings_object().top_level_origin)) {
if (creator->origin().is_same_origin(creator->relevant_settings_object().top_level_origin.value())) {
// then set document's opener policy to creator's browsing context's top-level browsing context's active document's opener policy.
VERIFY(creator->browsing_context());
VERIFY(creator->browsing_context()->top_level_browsing_context()->active_document());

2
Libraries/LibWeb/HTML/HTMLElement.cpp
View file

@ -1039,7 +1039,7 @@ TokenizedFeature::NoOpener HTMLElement::get_an_elements_noopener(URL::URL const&
auto const& top_level_origin = relevant_settings_object(*this).top_level_origin;
// 3. If blobOrigin is not same site with topLevelOrigin, then return true.
if (!blob_origin.is_same_site(top_level_origin))
if (!blob_origin.is_same_site(top_level_origin.value()))
return TokenizedFeature::NoOpener::Yes;
}

2
Libraries/LibWeb/HTML/HTMLInputElement.cpp
View file

@ -420,7 +420,7 @@ WebIDL::ExceptionOr<void> HTMLInputElement::show_picker()
// and this's type attribute is not in the File Upload state or Color state, then throw a "SecurityError" DOMException.
// NOTE: File and Color inputs are exempted from this check for historical reason: their input activation behavior also shows their pickers,
// and has never been guarded by an origin check.
if (!relevant_settings_object(*this).origin().is_same_origin(relevant_settings_object(*this).top_level_origin)
if (!relevant_settings_object(*this).origin().is_same_origin(relevant_settings_object(*this).top_level_origin.value())
&& m_type != TypeAttributeState::FileUpload && m_type != TypeAttributeState::Color) {
return WebIDL::SecurityError::create(realm(), "Cross origin pickers are not allowed"_string);
}

2
Libraries/LibWeb/HTML/HTMLSelectElement.cpp
View file

@ -516,7 +516,7 @@ WebIDL::ExceptionOr<void> HTMLSelectElement::show_picker()
// 2. If this's relevant settings object's origin is not same origin with this's relevant settings object's top-level origin,
// and this is a select element, then throw a "SecurityError" DOMException.
if (!relevant_settings_object(*this).origin().is_same_origin(relevant_settings_object(*this).top_level_origin)) {
if (!relevant_settings_object(*this).origin().is_same_origin(relevant_settings_object(*this).top_level_origin.value())) {
return WebIDL::SecurityError::create(realm(), "Cross origin pickers are not allowed"_string);
}

4
Libraries/LibWeb/HTML/Navigable.cpp
View file

@ -428,7 +428,7 @@ Navigable::ChosenNavigable Navigable::choose_a_navigable(StringView name, Tokeni
// 4. If currentDocument's opener policy's value is "same-origin" or "same-origin-plus-COEP",
// and currentDocument's origin is not same origin with currentDocument's relevant settings object's top-level origin, then:
if ((current_document->opener_policy().value == OpenerPolicyValue::SameOrigin || current_document->opener_policy().value == OpenerPolicyValue::SameOriginPlusCOEP)
&& !current_document->origin().is_same_origin(relevant_settings_object(*current_document).top_level_origin)) {
&& !current_document->origin().is_same_origin(relevant_settings_object(*current_document).top_level_origin.value())) {
// 1. Set noopener to true.
no_opener = TokenizedFeature::NoOpener::Yes;
@ -936,7 +936,7 @@ static WebIDL::ExceptionOr<Navigable::NavigationParamsVariant> create_navigation
Optional<URL::URL> top_level_creation_url = current_url;
// 2. Let topLevelOrigin be null.
URL::Origin top_level_origin;
Optional<URL::Origin> top_level_origin;
// 3. If navigable is not a top-level traversable, then:
if (!navigable->is_top_level_traversable()) {

7
Libraries/LibWeb/HTML/Scripting/Environments.h
View file

@ -37,7 +37,10 @@ public:
Optional<URL::URL> top_level_creation_url;
// https://html.spec.whatwg.org/multipage/webappapis.html#concept-environment-top-level-origin
URL::Origin top_level_origin;
// A for now implementation-defined value, null, or an origin. For a "top-level" potential execution environment it is null
// (i.e., when there is no response yet); otherwise it is the "top-level" environment's origin. For a dedicated worker or worklet
// it is the top-level origin of its creator. For a shared or service worker it is an implementation-defined value.
Optional<URL::Origin> top_level_origin;
// https://html.spec.whatwg.org/multipage/webappapis.html#concept-environment-target-browsing-context
GC::Ptr<BrowsingContext> target_browsing_context;
@ -52,7 +55,7 @@ public:
protected:
Environment() = default;
Environment(String id, URL::URL creation_url, Optional<URL::URL> top_level_creation_url, URL::Origin top_level_origin, GC::Ptr<BrowsingContext> target_browsing_context)
Environment(String id, URL::URL creation_url, Optional<URL::URL> top_level_creation_url, Optional<URL::Origin> top_level_origin, GC::Ptr<BrowsingContext> target_browsing_context)
: id(move(id))
, creation_url(move(creation_url))
, top_level_creation_url(move(top_level_creation_url))

2
Libraries/LibWeb/HTML/Scripting/SerializedEnvironmentSettingsObject.cpp
View file

@ -35,7 +35,7 @@ ErrorOr<Web::HTML::SerializedEnvironmentSettingsObject> decode(Decoder& decoder)
object.id = TRY(decoder.decode<String>());
object.creation_url = TRY(decoder.decode<URL::URL>());
object.top_level_creation_url = TRY(decoder.decode<Optional<URL::URL>>());
object.top_level_origin = TRY(decoder.decode<URL::Origin>());
object.top_level_origin = TRY(decoder.decode<Optional<URL::Origin>>());
object.api_url_character_encoding = TRY(decoder.decode<String>());
object.api_base_url = TRY(decoder.decode<URL::URL>());
object.origin = TRY(decoder.decode<URL::Origin>());

2
Libraries/LibWeb/HTML/Scripting/SerializedEnvironmentSettingsObject.h
View file

@ -23,7 +23,7 @@ struct SerializedEnvironmentSettingsObject {
String id;
URL::URL creation_url;
Optional<URL::URL> top_level_creation_url;
URL::Origin top_level_origin;
Optional<URL::Origin> top_level_origin;
String api_url_character_encoding;
URL::URL api_base_url;

2
Libraries/LibWeb/HTML/Window.cpp
View file

@ -171,7 +171,7 @@ static TokenizedFeature::NoOpener get_noopener_for_window_open(DOM::Document con
auto top_level_origin = source_document.relevant_settings_object().top_level_origin;
// 3. If blobOrigin is not same site with topLevelOrigin, then return true.
if (!blob_origin.is_same_site(top_level_origin))
if (!blob_origin.is_same_site(top_level_origin.value()))
return TokenizedFeature::NoOpener::Yes;
}