From a7b3360fb6d29cddc088c57d4f825c84d1ea2d0b Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Tue, 3 Dec 2024 12:00:35 +0100 Subject: [PATCH] LibWeb: Make HTMLIFrameElement.sandbox.supports() not throw We have to list the set of allowed values for the DOMTokenList to not throw when asking if one is supported. This fixes an issue where YouTube embeds would hang indefinitely trying to report an endless series of exceptions, seen on https://null.com/ --- Libraries/LibWeb/DOM/DOMTokenList.cpp | 1 + .../the-iframe-element/sandbox-ascii-case-insensitive.txt | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Libraries/LibWeb/DOM/DOMTokenList.cpp b/Libraries/LibWeb/DOM/DOMTokenList.cpp index 9ea2d4c012a..c34d0480b65 100644 --- a/Libraries/LibWeb/DOM/DOMTokenList.cpp +++ b/Libraries/LibWeb/DOM/DOMTokenList.cpp @@ -214,6 +214,7 @@ WebIDL::ExceptionOr DOMTokenList::supports(StringView token) static HashMap> supported_tokens_map = { // NOTE: The supported values for rel were taken from HTMLLinkElement::Relationship { HTML::AttributeNames::rel, { "alternate"sv, "stylesheet"sv, "preload"sv, "dns-prefetch"sv, "preconnect"sv, "icon"sv } }, + { HTML::AttributeNames::sandbox, { "allow-downloads"sv, "allow-forms"sv, "allow-modals"sv, "allow-orientation-lock"sv, "allow-pointer-lock"sv, "allow-popups"sv, "allow-popups-to-escape-sandbox"sv, "allow-presentation"sv, "allow-same-origin"sv, "allow-scripts"sv, "allow-top-navigation"sv, "allow-top-navigation-by-user-activation"sv, "allow-top-navigation-to-custom-protocols"sv } }, }; // 1. If the associated attribute’s local name does not define supported tokens, throw a TypeError. diff --git a/Tests/LibWeb/Text/expected/wpt-import/html/semantics/embedded-content/the-iframe-element/sandbox-ascii-case-insensitive.txt b/Tests/LibWeb/Text/expected/wpt-import/html/semantics/embedded-content/the-iframe-element/sandbox-ascii-case-insensitive.txt index 3b538906604..d1c5e6b5a0f 100644 --- a/Tests/LibWeb/Text/expected/wpt-import/html/semantics/embedded-content/the-iframe-element/sandbox-ascii-case-insensitive.txt +++ b/Tests/LibWeb/Text/expected/wpt-import/html/semantics/embedded-content/the-iframe-element/sandbox-ascii-case-insensitive.txt @@ -2,6 +2,7 @@ Harness status: OK Found 2 tests -2 Fail -Fail iframe 'sandbox' ASCII case insensitive, allow-same-orİgin +1 Pass +1 Fail +Pass iframe 'sandbox' ASCII case insensitive, allow-same-orİgin Fail iframe 'sandbox' ASCII case insensitive, allow-ſcripts \ No newline at end of file