diff --git a/Libraries/LibWeb/HTML/HTMLFormElement.cpp b/Libraries/LibWeb/HTML/HTMLFormElement.cpp
index d026ea6a20..ebafd9a465 100644
--- a/Libraries/LibWeb/HTML/HTMLFormElement.cpp
+++ b/Libraries/LibWeb/HTML/HTMLFormElement.cpp
@@ -50,16 +50,37 @@ void HTMLFormElement::submit(RefPtr submitter)
}
auto effective_method = method().to_lowercase();
+
+ if (effective_method == "dialog") {
+ dbg() << "Failed to submit form: Unsupported form method '" << method() << "'";
+ return;
+ }
+
if (effective_method != "get" && effective_method != "post") {
- if (effective_method == "dialog") {
- dbg() << "Unsupported form method '" << method() << "'";
- return;
- }
effective_method = "get";
}
URL url(document().complete_url(action()));
+ if (!url.is_valid()) {
+ dbg() << "Failed to submit form: Invalid URL: " << action();
+ return;
+ }
+
+ if (url.protocol() == "file") {
+ if (document().url().protocol() != "file") {
+ dbg() << "Failed to submit form: Security violation: " << document().url() << " may not submit to " << url;
+ return;
+ }
+ if (effective_method != "get") {
+ dbg() << "Failed to submit form: Unsupported form method '" << method() << "' for URL: " << url;
+ return;
+ }
+ } else if (url.protocol() != "http" && url.protocol() != "https") {
+ dbg() << "Failed to submit form: Unsupported protocol for URL: " << url;
+ return;
+ }
+
Vector parameters;
for_each_in_subtree_of_type([&](auto& node) {
@@ -73,8 +94,6 @@ void HTMLFormElement::submit(RefPtr submitter)
url.set_query(urlencode(parameters));
}
- // FIXME: We shouldn't let the form just do this willy-nilly.
-
LoadRequest request;
request.set_url(url);