mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-12-08 06:09:58 +00:00
LibWeb: Avoid invoking Trusted Types where avoidable
Prevents observably calling Trusted Types, which can run arbitrary JS, cause crashes due to use of MUST and allow arbitrary JS to modify internal elements.
This commit is contained in:
Luke Wilde
Tim Flynn
parent
fb9406ddcd
commit
82bd3d3891
Notes:
github-actions[bot]
2025-11-06 16:46:00 +00:00
Author: https://github.com/Lubrsi
Commit: 82bd3d3891
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/6632
Reviewed-by: https://github.com/AtkinsSJ
83 changed files with 407 additions and 366 deletions
|
|
@ -296,7 +296,7 @@ static WebIDL::ExceptionOr<GC::Ref<DOM::Document>> load_media_document(HTML::Nav
|
|||
};
|
||||
|
||||
auto style_element = TRY(DOM::create_element(document, HTML::TagNames::style, Namespace::HTML));
|
||||
MUST(style_element->set_text_content(R"~~~(
|
||||
style_element->string_replace_all(R"~~~(
|
||||
:root {
|
||||
background-color: #222;
|
||||
}
|
||||
|
|
@ -310,29 +310,29 @@ static WebIDL::ExceptionOr<GC::Ref<DOM::Document>> load_media_document(HTML::Nav
|
|||
img {
|
||||
background-color: #fff;
|
||||
}
|
||||
)~~~"_utf16));
|
||||
)~~~"_utf16);
|
||||
TRY(document->head()->append_child(style_element));
|
||||
|
||||
auto url_string = document->url_string();
|
||||
if (type.is_image()) {
|
||||
auto img_element = TRY(DOM::create_element(document, HTML::TagNames::img, Namespace::HTML));
|
||||
TRY(img_element->set_attribute(HTML::AttributeNames::src, url_string));
|
||||
img_element->set_attribute_value(HTML::AttributeNames::src, url_string);
|
||||
TRY(document->body()->append_child(img_element));
|
||||
TRY(insert_title(document, url_string));
|
||||
|
||||
} else if (type.type() == "video"sv) {
|
||||
auto video_element = TRY(DOM::create_element(document, HTML::TagNames::video, Namespace::HTML));
|
||||
TRY(video_element->set_attribute(HTML::AttributeNames::src, url_string));
|
||||
TRY(video_element->set_attribute(HTML::AttributeNames::autoplay, String {}));
|
||||
TRY(video_element->set_attribute(HTML::AttributeNames::controls, String {}));
|
||||
video_element->set_attribute_value(HTML::AttributeNames::src, url_string);
|
||||
video_element->set_attribute_value(HTML::AttributeNames::autoplay, String {});
|
||||
video_element->set_attribute_value(HTML::AttributeNames::controls, String {});
|
||||
TRY(document->body()->append_child(video_element));
|
||||
TRY(insert_title(document, url_string));
|
||||
|
||||
} else if (type.type() == "audio"sv) {
|
||||
auto audio_element = TRY(DOM::create_element(document, HTML::TagNames::audio, Namespace::HTML));
|
||||
TRY(audio_element->set_attribute(HTML::AttributeNames::src, url_string));
|
||||
TRY(audio_element->set_attribute(HTML::AttributeNames::autoplay, String {}));
|
||||
TRY(audio_element->set_attribute(HTML::AttributeNames::controls, String {}));
|
||||
audio_element->set_attribute_value(HTML::AttributeNames::src, url_string);
|
||||
audio_element->set_attribute_value(HTML::AttributeNames::autoplay, String {});
|
||||
audio_element->set_attribute_value(HTML::AttributeNames::controls, String {});
|
||||
TRY(document->body()->append_child(audio_element));
|
||||
TRY(insert_title(document, url_string));
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue