From 988c8451d458e3bb4d37cd6b94d5b12a6ea3e9b8 Mon Sep 17 00:00:00 2001
From: Aliaksandr Kalenik <kalenik.aliaksandr@gmail.com>
Date: Wed, 24 Apr 2024 17:57:18 +0000
Subject: [PATCH] LibWeb: Skip HTMLLinkElement resource fetching for documents
 without BC

Fixes crashing after following steps:
1. Open https://github.com/SerenityOS/serenity
2. Click on "Pull requests" tab

The problem was `navigable` null pointer dereferencing in
`decode_favicon()`. But navigable is null because the document was
created by `parseFromString()` DOMParser API.

With this change we skip fetching initiated by HTMLLinkElement if
document does not have a browsing context:
- Favicon is not displayed for such documents so no need to fetch.
- Stylesheets fetching won't affect such document because style or
  layout does not run for them.
---
 .../move-loaded-link-stylesheet-between-documents.txt  |  2 +-
 .../Text/expected/favicon-in-inactive-document.txt     |  1 +
 .../Text/input/favicon-in-inactive-document.html       | 10 ++++++++++
 Userland/Libraries/LibWeb/HTML/HTMLLinkElement.cpp     |  4 ++++
 4 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 Tests/LibWeb/Text/expected/favicon-in-inactive-document.txt
 create mode 100644 Tests/LibWeb/Text/input/favicon-in-inactive-document.html

diff --git a/Tests/LibWeb/Text/expected/css/move-loaded-link-stylesheet-between-documents.txt b/Tests/LibWeb/Text/expected/css/move-loaded-link-stylesheet-between-documents.txt
index 3c8368567e6..a86e28698bf 100644
--- a/Tests/LibWeb/Text/expected/css/move-loaded-link-stylesheet-between-documents.txt
+++ b/Tests/LibWeb/Text/expected/css/move-loaded-link-stylesheet-between-documents.txt
@@ -1,3 +1,3 @@
 Sheets in old doc: 0
-Sheets in new doc: 1
+Sheets in new doc: 0
 PASS (didn't crash)
diff --git a/Tests/LibWeb/Text/expected/favicon-in-inactive-document.txt b/Tests/LibWeb/Text/expected/favicon-in-inactive-document.txt
new file mode 100644
index 00000000000..aaecaf93c4a
--- /dev/null
+++ b/Tests/LibWeb/Text/expected/favicon-in-inactive-document.txt
@@ -0,0 +1 @@
+PASS (didn't crash)
diff --git a/Tests/LibWeb/Text/input/favicon-in-inactive-document.html b/Tests/LibWeb/Text/input/favicon-in-inactive-document.html
new file mode 100644
index 00000000000..8f69e9fff4b
--- /dev/null
+++ b/Tests/LibWeb/Text/input/favicon-in-inactive-document.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<script src="include.js"></script>
+<script>
+    test(() => {
+        const parser = new DOMParser();
+        const htmlString = '<head><link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAAEElEQVR4nGNgGAWjYBTAAAADEAABPywr7AAAAABJRU5ErkJggg=="></head>';
+        const doc = parser.parseFromString(htmlString, "text/html");
+        println("PASS (didn't crash)");
+    });
+</script>
diff --git a/Userland/Libraries/LibWeb/HTML/HTMLLinkElement.cpp b/Userland/Libraries/LibWeb/HTML/HTMLLinkElement.cpp
index 5c8d4dd8162..029180e4445 100644
--- a/Userland/Libraries/LibWeb/HTML/HTMLLinkElement.cpp
+++ b/Userland/Libraries/LibWeb/HTML/HTMLLinkElement.cpp
@@ -59,6 +59,10 @@ void HTMLLinkElement::inserted()
 {
     HTMLElement::inserted();
 
+    if (!document().browsing_context()) {
+        return;
+    }
+
     if (m_relationship & Relationship::Stylesheet) {
         // https://html.spec.whatwg.org/multipage/links.html#link-type-stylesheet:fetch-and-process-the-linked-resource
         // The appropriate times to fetch and process this type of link are: