From 65467021e2aa9739dd1173d93a613ec9516eb7b5 Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Mon, 12 Dec 2022 17:36:20 +0100 Subject: [PATCH] LibWeb: Add updated version of "determine the origin" AO from HTML spec The old version is still around since it has many users, so we can't remove it until everything has been updated to use the new version. --- .../Libraries/LibWeb/HTML/BrowsingContext.cpp | 29 +++++++++++++++++++ .../Libraries/LibWeb/HTML/BrowsingContext.h | 3 ++ 2 files changed, 32 insertions(+) diff --git a/Userland/Libraries/LibWeb/HTML/BrowsingContext.cpp b/Userland/Libraries/LibWeb/HTML/BrowsingContext.cpp index 39fb3c865b..84ccc211ed 100644 --- a/Userland/Libraries/LibWeb/HTML/BrowsingContext.cpp +++ b/Userland/Libraries/LibWeb/HTML/BrowsingContext.cpp @@ -45,6 +45,7 @@ static bool url_matches_about_blank(AK::URL const& url) && url.host().is_null(); } +// FIXME: This is an outdated older version of "determining the origin" and should be removed. // https://html.spec.whatwg.org/multipage/browsers.html#determining-the-origin HTML::Origin determine_the_origin(BrowsingContext const& browsing_context, Optional url, SandboxingFlagSet sandbox_flags, Optional invocation_origin) { @@ -73,6 +74,34 @@ HTML::Origin determine_the_origin(BrowsingContext const& browsing_context, Optio return URL::url_origin(*url); } +// https://html.spec.whatwg.org/multipage/document-sequences.html#determining-the-origin +HTML::Origin determine_the_origin(AK::URL const& url, SandboxingFlagSet sandbox_flags, Optional source_origin, Optional container_origin) +{ + // 1. If sandboxFlags has its sandboxed origin browsing context flag set, then return a new opaque origin. + if (sandbox_flags.flags & SandboxingFlagSet::SandboxedOrigin) { + return HTML::Origin {}; + } + + // FIXME: 2. If url is null, then return a new opaque origin. + // FIXME: There appears to be no way to get a null URL here, so it might be a spec bug. + + // 3. If url is about:srcdoc, then: + if (url == "about:srcdoc"sv) { + // 1. Assert: containerOrigin is non-null. + VERIFY(container_origin.has_value()); + + // 2. Return containerOrigin. + return container_origin.release_value(); + } + + // 4. If url matches about:blank and sourceOrigin is non-null, then return sourceOrigin. + if (url_matches_about_blank(url) && source_origin.has_value()) + return source_origin.release_value(); + + // 5. Return url's origin. + return URL::url_origin(url); +} + // https://html.spec.whatwg.org/multipage/browsers.html#creating-a-new-top-level-browsing-context JS::NonnullGCPtr BrowsingContext::create_a_new_top_level_browsing_context(Web::Page& page) { diff --git a/Userland/Libraries/LibWeb/HTML/BrowsingContext.h b/Userland/Libraries/LibWeb/HTML/BrowsingContext.h index 6e70d92187..833039a300 100644 --- a/Userland/Libraries/LibWeb/HTML/BrowsingContext.h +++ b/Userland/Libraries/LibWeb/HTML/BrowsingContext.h @@ -330,6 +330,9 @@ private: bool m_has_been_discarded { false }; }; +// FIXME: Remove this once everything is switched to the new overload. HTML::Origin determine_the_origin(BrowsingContext const& browsing_context, Optional url, SandboxingFlagSet sandbox_flags, Optional invocation_origin); +HTML::Origin determine_the_origin(AK::URL const& url, SandboxingFlagSet sandbox_flags, Optional source_origin, Optional container_origin); + }