From 5ace7122823d0c17517a1d4a218fba9e77efb6b4 Mon Sep 17 00:00:00 2001
From: Andrew Kaster <akaster@serenityos.org>
Date: Fri, 5 Jan 2024 14:50:01 -0700
Subject: [PATCH] LibWeb: Reset message port receive state before dispatching
 events

Dispatching events can cause arbitrary JS to run, which could cause the
event loop to be re-entered, or even post another message to the same
message port.
---
 Userland/Libraries/LibWeb/HTML/MessagePort.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibWeb/HTML/MessagePort.cpp b/Userland/Libraries/LibWeb/HTML/MessagePort.cpp
index 1fbee5908c..a66850f95b 100644
--- a/Userland/Libraries/LibWeb/HTML/MessagePort.cpp
+++ b/Userland/Libraries/LibWeb/HTML/MessagePort.cpp
@@ -297,8 +297,11 @@ void MessagePort::read_from_socket()
 
         auto serialize_with_transfer_result = MUST(decoder.decode<SerializedTransferRecord>());
 
-        post_message_task_steps(serialize_with_transfer_result);
+        // Make sure to advance our state machine before dispatching the MessageEvent,
+        // as dispatching events can run arbitrary JS (and cause us to receive another message!)
         m_socket_state = SocketState::Header;
+
+        post_message_task_steps(serialize_with_transfer_result);
         break;
     }
     case SocketState::Error: