LibWebView: Do not use AK::format to format search engine URLs

This is to prepare for custom search engines. If we use AK::format, it would be trivial for a user (or bad actor) to come up with a template search engine URL that ultimately crashes the browser due to internal assertions in AK::format. For example: https://example.com/crash={1} Rather than coming up with a complicated pre-format validator, let's just not use AK::format. Custom URLs will signify their template query parameters with "%s". So we can do the same with our built-in engines. When it comes time to format the URL, we will do a simple string replacement.
Author: https://github.com/trflynn89 Commit: dbf4b189a4 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/4237
2025-08-09 17:49:40 +00:00 · 2025-04-04 17:32:04 -04:00 · 2025-04-04 17:32:04 -04:00 · dbf4b189a4 · 2025-04-06 11:46:09 +00:00
commit dbf4b189a4
parent cbee476dac
9 changed files with 44 additions and 56 deletions
--- a/Libraries/LibWebView/URL.h
+++ b/Libraries/LibWebView/URL.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023, Tim Flynn <trflynn89@serenityos.org>
+ * Copyright (c) 2023-2025, Tim Flynn <trflynn89@ladybird.org>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */
@ -9,6 +9,7 @@
 #include <AK/Optional.h>
 #include <AK/StringView.h>
 #include <LibURL/URL.h>
+#include <LibWebView/SearchEngine.h>

 namespace WebView {

@ -16,7 +17,7 @@ enum class AppendTLD {
    No,
    Yes,
 };
-Optional<URL::URL> sanitize_url(StringView, Optional<StringView> search_engine = {}, AppendTLD = AppendTLD::No);
+Optional<URL::URL> sanitize_url(StringView, Optional<SearchEngine> const& search_engine = {}, AppendTLD = AppendTLD::No);
 Vector<URL::URL> sanitize_urls(ReadonlySpan<ByteString> raw_urls, URL::URL const& new_tab_page_url);

 struct URLParts {