From c7f8c20f8b7f4af2e149e0f91408f3f2e43539e0 Mon Sep 17 00:00:00 2001 From: Linus Groh Date: Wed, 16 Feb 2022 22:51:25 +0000 Subject: [PATCH] LibWeb: Omit origin check for content document in FrameBox::paint() Once we paint, it's way too late for this check to happen anyway. Additionally, the spec's steps for retrieving the content document assume that both the browsing context's active document and the container's node document are non-null, which evidently isn't always the case here, as seen by crashes on the SerenityOS 2nd and 3rd birthday pages (I'm not sure about the details though). Fixes #12565. --- .../Libraries/LibWeb/HTML/BrowsingContextContainer.cpp | 7 +++++++ Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.h | 1 + Userland/Libraries/LibWeb/Layout/FrameBox.cpp | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.cpp b/Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.cpp index 95b354d98d..0b20d84290 100644 --- a/Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.cpp +++ b/Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.cpp @@ -60,4 +60,11 @@ const DOM::Document* BrowsingContextContainer::content_document() const return document; } +DOM::Document const* BrowsingContextContainer::content_document_without_origin_check() const +{ + if (!m_nested_browsing_context) + return nullptr; + return m_nested_browsing_context->active_document(); +} + } diff --git a/Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.h b/Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.h index 43f17da1a4..11f64a00c9 100644 --- a/Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.h +++ b/Userland/Libraries/LibWeb/HTML/BrowsingContextContainer.h @@ -19,6 +19,7 @@ public: const BrowsingContext* nested_browsing_context() const { return m_nested_browsing_context; } const DOM::Document* content_document() const; + DOM::Document const* content_document_without_origin_check() const; virtual void inserted() override; diff --git a/Userland/Libraries/LibWeb/Layout/FrameBox.cpp b/Userland/Libraries/LibWeb/Layout/FrameBox.cpp index 7adf602918..21c4bf2ff0 100644 --- a/Userland/Libraries/LibWeb/Layout/FrameBox.cpp +++ b/Userland/Libraries/LibWeb/Layout/FrameBox.cpp @@ -36,7 +36,7 @@ void FrameBox::paint(PaintContext& context, PaintPhase phase) ReplacedBox::paint(context, phase); if (phase == PaintPhase::Foreground) { - auto* hosted_document = dom_node().content_document(); + auto* hosted_document = dom_node().content_document_without_origin_check(); if (!hosted_document) return; auto* hosted_layout_tree = hosted_document->layout_node();