From d471b52b0e51f1969735ab1ab82b4c58687c6770 Mon Sep 17 00:00:00 2001
From: Timothy Flynn <trflynn89@pm.me>
Date: Thu, 17 Jul 2025 19:51:09 -0400
Subject: [PATCH] LibWeb: Assume structured deserialization creates the correct
 type

Most locations already make this assumption, but we had a few that would
silently ignore data mismatches. Let's just always assume the type is
correct for now. If a bad actor has a hold of our transport socket, it's
probably better to crash WebContent than to continue on with incorrect
data.

In the future, maybe we will want to throw an exception instead.
---
 Libraries/LibWeb/FileAPI/FileList.cpp | 4 +---
 Libraries/LibWeb/Geometry/DOMQuad.cpp | 5 +----
 Libraries/LibWeb/HTML/ImageData.cpp   | 4 +---
 3 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/Libraries/LibWeb/FileAPI/FileList.cpp b/Libraries/LibWeb/FileAPI/FileList.cpp
index 486525f1f8e..78ff8bda96b 100644
--- a/Libraries/LibWeb/FileAPI/FileList.cpp
+++ b/Libraries/LibWeb/FileAPI/FileList.cpp
@@ -72,9 +72,7 @@ WebIDL::ExceptionOr<void> FileList::deserialization_steps(HTML::TransferDataDeco
 
     for (size_t i = 0; i < size; ++i) {
         auto deserialized = TRY(HTML::structured_deserialize_internal(vm, serialized, realm, memory));
-
-        if (auto* file = as_if<File>(deserialized.as_object()))
-            m_files.append(*file);
+        m_files.append(as<File>(deserialized.as_object()));
     }
 
     return {};
diff --git a/Libraries/LibWeb/Geometry/DOMQuad.cpp b/Libraries/LibWeb/Geometry/DOMQuad.cpp
index 5ded9e38a1f..758950fc1d3 100644
--- a/Libraries/LibWeb/Geometry/DOMQuad.cpp
+++ b/Libraries/LibWeb/Geometry/DOMQuad.cpp
@@ -130,10 +130,7 @@ WebIDL::ExceptionOr<void> DOMQuad::deserialization_steps(HTML::TransferDataDecod
 
     auto deserialize_dom_point = [&](GC::Ref<DOMPoint>& storage) -> WebIDL::ExceptionOr<void> {
         auto deserialized = TRY(HTML::structured_deserialize_internal(vm, serialized, realm, memory));
-
-        if (auto* dom_point = as_if<DOMPoint>(deserialized.as_object()))
-            storage = *dom_point;
-
+        storage = as<DOMPoint>(deserialized.as_object());
         return {};
     };
 
diff --git a/Libraries/LibWeb/HTML/ImageData.cpp b/Libraries/LibWeb/HTML/ImageData.cpp
index 43327f9617c..fd6d8c080bd 100644
--- a/Libraries/LibWeb/HTML/ImageData.cpp
+++ b/Libraries/LibWeb/HTML/ImageData.cpp
@@ -210,9 +210,7 @@ WebIDL::ExceptionOr<void> ImageData::deserialization_steps(HTML::TransferDataDec
 
     // 1. Initialize value's data attribute to the sub-deserialization of serialized.[[Data]].
     auto deserialized = TRY(structured_deserialize_internal(vm, serialized, realm, memory));
-
-    if (auto* data = as_if<JS::Uint8ClampedArray>(deserialized.as_object()))
-        m_data = *data;
+    m_data = as<JS::Uint8ClampedArray>(deserialized.as_object());
 
     // 2. Initialize value's width attribute to serialized.[[Width]].
     auto width = serialized.decode<int>();