LibWeb: Make PolicyContainer GC allocated

This is required to store Content Security Policies, as their
Directives are implemented as subclasses with overridden virtual
functions. Thus, they cannot be stored as generic Directive classes, as
it'll lose the ability to call overridden functions when they are
copied.

Libraries/LibWeb/HTML/Scripting/EnvironmentSettingsSnapshot.cpp

@@ -10,12 +10,12 @@ namespace Web::HTML {
 
 GC_DEFINE_ALLOCATOR(EnvironmentSettingsSnapshot);
 
-EnvironmentSettingsSnapshot::EnvironmentSettingsSnapshot(NonnullOwnPtr<JS::ExecutionContext> execution_context, SerializedEnvironmentSettingsObject const& serialized_settings)
+EnvironmentSettingsSnapshot::EnvironmentSettingsSnapshot(JS::Realm& realm, NonnullOwnPtr<JS::ExecutionContext> execution_context, SerializedEnvironmentSettingsObject const& serialized_settings)
     : EnvironmentSettingsObject(move(execution_context))
     , m_api_url_character_encoding(serialized_settings.api_url_character_encoding)
     , m_url(serialized_settings.api_base_url)
     , m_origin(serialized_settings.origin)
-    , m_policy_container(serialized_settings.policy_container)
+    , m_policy_container(create_a_policy_container_from_serialized_policy_container(realm, serialized_settings.policy_container))
     , m_time_origin(serialized_settings.time_origin)
 {
     // Why can't we put these in the init list? grandparent class members are strange it seems
@@ -27,4 +27,10 @@ EnvironmentSettingsSnapshot::EnvironmentSettingsSnapshot(NonnullOwnPtr<JS::Execu
 // Out of line to ensure this class has a key function
 EnvironmentSettingsSnapshot::~EnvironmentSettingsSnapshot() = default;
 
+void EnvironmentSettingsSnapshot::visit_edges(Cell::Visitor& visitor)
+{
+    Base::visit_edges(visitor);
+    visitor.visit(m_policy_container);
+}
+
 }

Libraries/LibWeb/HTML/Scripting/EnvironmentSettingsSnapshot.h

@@ -18,7 +18,7 @@ class EnvironmentSettingsSnapshot final
     GC_DECLARE_ALLOCATOR(EnvironmentSettingsSnapshot);
 
 public:
-    EnvironmentSettingsSnapshot(NonnullOwnPtr<JS::ExecutionContext>, SerializedEnvironmentSettingsObject const&);
+    EnvironmentSettingsSnapshot(JS::Realm&, NonnullOwnPtr<JS::ExecutionContext>, SerializedEnvironmentSettingsObject const&);
 
     virtual ~EnvironmentSettingsSnapshot() override;
 
@@ -26,15 +26,18 @@ public:
     String api_url_character_encoding() const override { return m_api_url_character_encoding; }
     URL::URL api_base_url() const override { return m_url; }
     URL::Origin origin() const override { return m_origin; }
-    PolicyContainer policy_container() const override { return m_policy_container; }
+    GC::Ref<PolicyContainer> policy_container() const override { return m_policy_container; }
     CanUseCrossOriginIsolatedAPIs cross_origin_isolated_capability() const override { return CanUseCrossOriginIsolatedAPIs::No; }
     double time_origin() const override { return m_time_origin; }
 
+protected:
+    virtual void visit_edges(Cell::Visitor&) override;
+
 private:
     String m_api_url_character_encoding;
     URL::URL m_url;
     URL::Origin m_origin;
-    HTML::PolicyContainer m_policy_container;
+    GC::Ref<PolicyContainer> m_policy_container;
     double m_time_origin { 0 };
 };
 

Libraries/LibWeb/HTML/Scripting/Environments.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, Luke Wilde <lukew@serenityos.org>
+ * Copyright (c) 2021-2025, Luke Wilde <luke@ladybird.org>
  * Copyright (c) 2022, Linus Groh <linusg@serenityos.org>
  * Copyright (c) 2022, networkException <networkexception@serenityos.org>
  * Copyright (c) 2024, Shannon Booth <shannon@serenityos.org>
@@ -565,7 +565,7 @@ SerializedEnvironmentSettingsObject EnvironmentSettingsObject::serialize()
     object.api_url_character_encoding = api_url_character_encoding();
     object.api_base_url = api_base_url();
     object.origin = origin();
-    object.policy_container = policy_container();
+    object.policy_container = policy_container()->serialize();
     object.cross_origin_isolated_capability = cross_origin_isolated_capability();
 
     return object;

Libraries/LibWeb/HTML/Scripting/Environments.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, Luke Wilde <lukew@serenityos.org>
+ * Copyright (c) 2021-2025, Luke Wilde <luke@ladybird.org>
  * Copyright (c) 2022, Linus Groh <linusg@serenityos.org>
  * Copyright (c) 2024, Shannon Booth <shannon@serenityos.org>
  *
@@ -83,7 +83,7 @@ public:
     virtual URL::Origin origin() const = 0;
 
     // A policy container https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-policy-container
-    virtual PolicyContainer policy_container() const = 0;
+    virtual GC::Ref<PolicyContainer> policy_container() const = 0;
 
     // https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-cross-origin-isolated-capability
     virtual CanUseCrossOriginIsolatedAPIs cross_origin_isolated_capability() const = 0;

Libraries/LibWeb/HTML/Scripting/SerializedEnvironmentSettingsObject.cpp

@@ -39,7 +39,7 @@ ErrorOr<Web::HTML::SerializedEnvironmentSettingsObject> decode(Decoder& decoder)
     object.api_url_character_encoding = TRY(decoder.decode<String>());
     object.api_base_url = TRY(decoder.decode<URL::URL>());
     object.origin = TRY(decoder.decode<URL::Origin>());
-    object.policy_container = TRY(decoder.decode<Web::HTML::PolicyContainer>());
+    object.policy_container = TRY(decoder.decode<Web::HTML::SerializedPolicyContainer>());
     object.cross_origin_isolated_capability = TRY(decoder.decode<Web::HTML::CanUseCrossOriginIsolatedAPIs>());
     object.time_origin = TRY(decoder.decode<double>());
 

Libraries/LibWeb/HTML/Scripting/SerializedEnvironmentSettingsObject.h

@@ -10,7 +10,7 @@
 #include <LibIPC/Forward.h>
 #include <LibURL/Origin.h>
 #include <LibURL/URL.h>
-#include <LibWeb/HTML/PolicyContainers.h>
+#include <LibWeb/HTML/SerializedPolicyContainer.h>
 
 namespace Web::HTML {
 
@@ -28,7 +28,7 @@ struct SerializedEnvironmentSettingsObject {
     String api_url_character_encoding;
     URL::URL api_base_url;
     URL::Origin origin;
-    PolicyContainer policy_container;
+    SerializedPolicyContainer policy_container;
     CanUseCrossOriginIsolatedAPIs cross_origin_isolated_capability;
     double time_origin;
 };

Libraries/LibWeb/HTML/Scripting/WindowEnvironmentSettingsObject.cpp

@@ -111,7 +111,7 @@ URL::Origin WindowEnvironmentSettingsObject::origin() const
 }
 
 // https://html.spec.whatwg.org/multipage/window-object.html#script-settings-for-window-objects:concept-settings-object-policy-container
-PolicyContainer WindowEnvironmentSettingsObject::policy_container() const
+GC::Ref<PolicyContainer> WindowEnvironmentSettingsObject::policy_container() const
 {
     // Return the policy container of window's associated Document.
     return m_window->associated_document().policy_container();

Libraries/LibWeb/HTML/Scripting/WindowEnvironmentSettingsObject.h

@@ -24,7 +24,7 @@ public:
     virtual String api_url_character_encoding() const override;
     virtual URL::URL api_base_url() const override;
     virtual URL::Origin origin() const override;
-    virtual PolicyContainer policy_container() const override;
+    virtual GC::Ref<PolicyContainer> policy_container() const override;
     virtual CanUseCrossOriginIsolatedAPIs cross_origin_isolated_capability() const override;
     virtual double time_origin() const override;
 

Libraries/LibWeb/HTML/Scripting/WorkerEnvironmentSettingsObject.cpp

@@ -66,7 +66,7 @@ URL::Origin WorkerEnvironmentSettingsObject::origin() const
     return m_origin;
 }
 
-PolicyContainer WorkerEnvironmentSettingsObject::policy_container() const
+GC::Ref<PolicyContainer> WorkerEnvironmentSettingsObject::policy_container() const
 {
     // Return worker global scope's policy container.
     return m_global_scope->policy_container();

Libraries/LibWeb/HTML/Scripting/WorkerEnvironmentSettingsObject.h

@@ -33,7 +33,7 @@ public:
     String api_url_character_encoding() const override { return m_api_url_character_encoding; }
     URL::URL api_base_url() const override;
     URL::Origin origin() const override;
-    PolicyContainer policy_container() const override;
+    GC::Ref<PolicyContainer> policy_container() const override;
     CanUseCrossOriginIsolatedAPIs cross_origin_isolated_capability() const override;
     double time_origin() const override;