mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-08-09 09:39:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibWebView: Do not use AK::format to format search engine URLs

Browse source 
This is to prepare for custom search engines. If we use AK::format, it
would be trivial for a user (or bad actor) to come up with a template
search engine URL that ultimately crashes the browser due to internal
assertions in AK::format. For example:

    https://example.com/crash={1}

Rather than coming up with a complicated pre-format validator, let's
just not use AK::format. Custom URLs will signify their template query
parameters with "%s". So we can do the same with our built-in engines.
When it comes time to format the URL, we will do a simple string
replacement.
This commit is contained in:
Timothy Flynn 2025-04-04 17:32:04 -04:00 committed by Andreas Kling
commit dbf4b189a4
Notes: github-actions[bot] 2025-04-06 11:46:09 +00:00
9 changed files with 44 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Libraries/LibWebView/SearchEngine.h
View file

@ -13,13 +13,14 @@
namespace WebView {
struct SearchEngine {
String format_search_query_for_display(StringView query) const;
String format_search_query_for_navigation(StringView query) const;
String name;
String query_url;
};
ReadonlySpan<SearchEngine> search_engines();
Optional<SearchEngine> find_search_engine_by_name(StringView name);
Optional<SearchEngine const&> find_search_engine_by_query_url(StringView query_url);
String format_search_query_for_display(StringView query_url, StringView query);
}