From d1a5b4d9062e80753767aa27b9fad24f6a0789dc Mon Sep 17 00:00:00 2001
From: AnotherTest <ali.mpfard@gmail.com>
Date: Wed, 2 Dec 2020 12:09:24 +0330
Subject: [PATCH] LibWeb: Complete the URL in href_setter() before trying to
 load it

Also note that setting an invalid URL here should raise a JS exception
(and not navigate away).
Fixes #4301.
---
 Libraries/LibWeb/Bindings/LocationObject.cpp | 7 ++++++-
 Libraries/LibWeb/DOM/Window.cpp              | 2 +-
 Libraries/LibWeb/DOM/Window.h                | 2 +-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/Libraries/LibWeb/Bindings/LocationObject.cpp b/Libraries/LibWeb/Bindings/LocationObject.cpp
index 4826209981..93d00d8af7 100644
--- a/Libraries/LibWeb/Bindings/LocationObject.cpp
+++ b/Libraries/LibWeb/Bindings/LocationObject.cpp
@@ -70,7 +70,12 @@ JS_DEFINE_NATIVE_SETTER(LocationObject::href_setter)
     auto new_href = value.to_string(global_object);
     if (vm.exception())
         return;
-    window.impl().did_set_location_href({}, new_href);
+    auto href_url = window.impl().document().complete_url(new_href);
+    if (!href_url.is_valid()) {
+        vm.throw_exception<JS::URIError>(global_object, String::formatted("Invalid URL '{}'", new_href));
+        return;
+    }
+    window.impl().did_set_location_href({}, href_url);
 }
 
 JS_DEFINE_NATIVE_GETTER(LocationObject::pathname_getter)
diff --git a/Libraries/LibWeb/DOM/Window.cpp b/Libraries/LibWeb/DOM/Window.cpp
index 615d0ca679..85fdf89169 100644
--- a/Libraries/LibWeb/DOM/Window.cpp
+++ b/Libraries/LibWeb/DOM/Window.cpp
@@ -148,7 +148,7 @@ void Window::cancel_animation_frame(i32 id)
     GUI::DisplayLink::unregister_callback(id);
 }
 
-void Window::did_set_location_href(Badge<Bindings::LocationObject>, const String& new_href)
+void Window::did_set_location_href(Badge<Bindings::LocationObject>, const URL& new_href)
 {
     auto* frame = document().frame();
     if (!frame)
diff --git a/Libraries/LibWeb/DOM/Window.h b/Libraries/LibWeb/DOM/Window.h
index 7de6cbacf5..4339a1dfda 100644
--- a/Libraries/LibWeb/DOM/Window.h
+++ b/Libraries/LibWeb/DOM/Window.h
@@ -65,7 +65,7 @@ public:
     void clear_timeout(i32);
     void clear_interval(i32);
 
-    void did_set_location_href(Badge<Bindings::LocationObject>, const String& new_href);
+    void did_set_location_href(Badge<Bindings::LocationObject>, const URL& new_href);
     void did_call_location_reload(Badge<Bindings::LocationObject>);
 
     Bindings::WindowObject* wrapper() { return m_wrapper; }