From 6f941433d6403d45a71036b77de7e1a0e762c923 Mon Sep 17 00:00:00 2001
From: Linus Groh <mail@linusgroh.de>
Date: Tue, 8 Mar 2022 19:32:35 +0100
Subject: [PATCH] LibWeb: Stub out 'check if access between two BCs should be
 reported'

I put this is a CrossOrigin/ subdirectory in anticipation of a lot more
cross-origin related ground to cover. :^)
---
 Userland/Libraries/LibWeb/CMakeLists.txt      |  1 +
 .../LibWeb/HTML/CrossOrigin/Reporting.cpp     | 44 +++++++++++++++++++
 .../LibWeb/HTML/CrossOrigin/Reporting.h       | 23 ++++++++++
 3 files changed, 68 insertions(+)
 create mode 100644 Userland/Libraries/LibWeb/HTML/CrossOrigin/Reporting.cpp
 create mode 100644 Userland/Libraries/LibWeb/HTML/CrossOrigin/Reporting.h

diff --git a/Userland/Libraries/LibWeb/CMakeLists.txt b/Userland/Libraries/LibWeb/CMakeLists.txt
index 5702c3ae5d..dd9444e99f 100644
--- a/Userland/Libraries/LibWeb/CMakeLists.txt
+++ b/Userland/Libraries/LibWeb/CMakeLists.txt
@@ -111,6 +111,7 @@ set(SOURCES
     HTML/BrowsingContextContainer.cpp
     HTML/CanvasGradient.cpp
     HTML/CanvasRenderingContext2D.cpp
+    HTML/CrossOrigin/Reporting.cpp
     HTML/DOMParser.cpp
     HTML/DOMStringMap.cpp
     HTML/EventLoop/EventLoop.cpp
diff --git a/Userland/Libraries/LibWeb/HTML/CrossOrigin/Reporting.cpp b/Userland/Libraries/LibWeb/HTML/CrossOrigin/Reporting.cpp
new file mode 100644
index 0000000000..ab801138af
--- /dev/null
+++ b/Userland/Libraries/LibWeb/HTML/CrossOrigin/Reporting.cpp
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2022, Linus Groh <linusg@serenityos.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#include <LibJS/Runtime/PropertyKey.h>
+#include <LibWeb/Bindings/CrossOriginAbstractOperations.h>
+#include <LibWeb/HTML/BrowsingContext.h>
+#include <LibWeb/HTML/CrossOrigin/Reporting.h>
+
+namespace Web::HTML {
+
+// https://html.spec.whatwg.org/multipage/origin.html#coop-check-access-report
+void check_if_access_between_two_browsing_contexts_should_be_reported(BrowsingContext const& accessor, BrowsingContext const& accessed, JS::PropertyKey const& property_key, EnvironmentSettingsObject const& environment)
+{
+    // 1. If P is not a cross-origin accessible window property name, then return.
+    if (!Bindings::is_cross_origin_accessible_window_property_name(property_key))
+        return;
+
+    // FIXME: 2. If accessor's active document's origin or any of its ancestors' active document's origins are not same origin with accessor's top-level browsing context's active document's origin, or if accessed's active document's origin or any of its ancestors' active document's origins are not same origin with accessed's top-level browsing context's active document's origin, then return.
+    // NOTE: This avoids leaking information about cross-origin iframes to a top level frame with cross-origin opener policy reporting.
+
+    // FIXME: 3. If accessor's top-level browsing context's virtual browsing context group ID is accessed's top-level browsing context's virtual browsing context group ID, then return.
+
+    // 4. Let accessorAccessedRelationship be a new accessor-accessed relationship with value none.
+    auto accessor_accessed_relationship = AccessorAccessedRelationship::None;
+
+    // FIXME: 5. If accessed's top-level browsing context's opener browsing context is accessor or an ancestor of accessor, then set accessorAccessedRelationship to accessor is opener.
+    if (false)
+        accessor_accessed_relationship = AccessorAccessedRelationship::AccessorIsOpener;
+
+    // FIXME: 6. If accessor's top-level browsing context's opener browsing context is accessed or an ancestor of accessed, then set accessorAccessedRelationship to accessor is openee.
+    if (false)
+        accessor_accessed_relationship = AccessorAccessedRelationship::AccessorIsOpenee;
+
+    // FIXME: 7. Queue violation reports for accesses, given accessorAccessedRelationship, accessor's top-level browsing context's active document's cross-origin opener policy, accessed's top-level browsing context's active document's cross-origin opener policy, accessor's active document's URL, accessed's active document's URL, accessor's top-level browsing context's initial URL, accessed's top-level browsing context's initial URL, accessor's active document's origin, accessed's active document's origin, accessor's top-level browsing context's opener origin at creation, accessed's top-level browsing context's opener origin at creation, accessor's top-level browsing context's active document's referrer, accessed's top-level browsing context's active document's referrer, P, and environment.
+    (void)accessor;
+    (void)accessed;
+    (void)environment;
+    (void)accessor_accessed_relationship;
+}
+
+}
diff --git a/Userland/Libraries/LibWeb/HTML/CrossOrigin/Reporting.h b/Userland/Libraries/LibWeb/HTML/CrossOrigin/Reporting.h
new file mode 100644
index 0000000000..a7729f5751
--- /dev/null
+++ b/Userland/Libraries/LibWeb/HTML/CrossOrigin/Reporting.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright (c) 2022, Linus Groh <linusg@serenityos.org>
+ *
+ * SPDX-License-Identifier: BSD-2-Clause
+ */
+
+#pragma once
+
+#include <LibJS/Forward.h>
+#include <LibWeb/Forward.h>
+
+namespace Web::HTML {
+
+// https://html.spec.whatwg.org/multipage/origin.html#accessor-accessed-relationship
+enum class AccessorAccessedRelationship {
+    AccessorIsOpener,
+    AccessorIsOpenee,
+    None,
+};
+
+void check_if_access_between_two_browsing_contexts_should_be_reported(BrowsingContext const& accessor, BrowsingContext const& accessed, JS::PropertyKey const&, EnvironmentSettingsObject const&);
+
+}