From b43b3d2f8dfb20fba1b42df63c1272d9afc7f463 Mon Sep 17 00:00:00 2001
From: Aliaksandr Kalenik <kalenik.aliaksandr@gmail.com>
Date: Thu, 28 Sep 2023 02:12:06 +0200
Subject: [PATCH] LibWeb: Null check container while creating srcdoc navigation
 params

Fixes https://github.com/SerenityOS/serenity/issues/21205
Fixes https://github.com/SerenityOS/serenity/issues/21240
---
 Userland/Libraries/LibWeb/HTML/Navigable.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibWeb/HTML/Navigable.cpp b/Userland/Libraries/LibWeb/HTML/Navigable.cpp
index b44dee852f..a207e85d7f 100644
--- a/Userland/Libraries/LibWeb/HTML/Navigable.cpp
+++ b/Userland/Libraries/LibWeb/HTML/Navigable.cpp
@@ -502,7 +502,13 @@ static WebIDL::ExceptionOr<NavigationParams> create_navigation_params_from_a_src
     Optional<PolicyContainer> history_policy_container = entry->document_state->history_policy_container().visit(
         [](PolicyContainer const& c) -> Optional<PolicyContainer> { return c; },
         [](DocumentState::Client) -> Optional<PolicyContainer> { return {}; });
-    auto policy_container = determine_navigation_params_policy_container(*response->url(), history_policy_container, {}, navigable->container_document()->policy_container(), {});
+    PolicyContainer policy_container;
+    if (navigable->container()) {
+        // NOTE: Specification assumes that only navigables corresponding to iframes can be navigated to about:srcdoc.
+        //       We also use srcdoc to implement load_html() for top level navigables so we need to null check container
+        //       because it might be null.
+        policy_container = determine_navigation_params_policy_container(*response->url(), history_policy_container, {}, navigable->container_document()->policy_container(), {});
+    }
 
     // 7. Return a new navigation params, with
     //    id: navigationId