Stowage/ladybird
2
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-12-07 21:59:54 +00:00
Code Issues Projects Releases Packages Wiki Activity

LibWebView: Do not use AK::format to format search engine URLs

Browse source 
This is to prepare for custom search engines. If we use AK::format, it
would be trivial for a user (or bad actor) to come up with a template
search engine URL that ultimately crashes the browser due to internal
assertions in AK::format. For example:

    https://example.com/crash={1}

Rather than coming up with a complicated pre-format validator, let's
just not use AK::format. Custom URLs will signify their template query
parameters with "%s". So we can do the same with our built-in engines.
When it comes time to format the URL, we will do a simple string
replacement.
This commit is contained in:
Timothy Flynn 2025-04-04 17:32:04 -04:00 committed by Andreas Kling
parent cbee476dac
commit dbf4b189a4
Notes: github-actions[bot] 2025-04-06 11:46:09 +00:00
9 changed files with 44 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

4
UI/AppKit/Interface/LadybirdWebView.mm
View file

@ -631,7 +631,7 @@ static void copy_data_to_clipboard(StringView data, NSPasteboardType pasteboard_
TemporaryChange change_url { m_context_menu_search_text, move(selected_text) };
if (m_context_menu_search_text.has_value()) {
auto action_text = WebView::format_search_query_for_display(search_engine->query_url, *m_context_menu_search_text);
auto action_text = search_engine->format_search_query_for_display(*m_context_menu_search_text);
[search_selected_text_menu_item setTitle:Ladybird::string_to_ns_string(action_text)];
[search_selected_text_menu_item setHidden:NO];
} else {
@ -1135,7 +1135,7 @@ static void copy_data_to_clipboard(StringView data, NSPasteboardType pasteboard_
if (!search_engine.has_value())
return;
auto url_string = MUST(String::formatted(search_engine->query_url, URL::percent_encode(*m_context_menu_search_text)));
auto url_string = search_engine->format_search_query_for_navigation(*m_context_menu_search_text);
auto url = URL::Parser::basic_parse(url_string);
VERIFY(url.has_value());
[self.observer onCreateNewTab:url.release_value() activateTab:Web::HTML::ActivateTab::Yes];

6
UI/AppKit/Interface/TabController.mm
View file

@ -301,11 +301,7 @@ static NSString* const TOOLBAR_TAB_OVERVIEW_IDENTIFIER = @"ToolbarTabOverviewIde
- (BOOL)navigateToLocation:(String)location
{
Optional<StringView> search_engine_url;
if (auto const& search_engine = WebView::Application::settings().search_engine(); search_engine.has_value())
search_engine_url = search_engine->query_url;
if (auto url = WebView::sanitize_url(location, search_engine_url); url.has_value()) {
if (auto url = WebView::sanitize_url(location, WebView::Application::settings().search_engine()); url.has_value()) {
[self loadURL:*url];
}

6
UI/Qt/LocationEdit.cpp
View file

@ -36,16 +36,12 @@ LocationEdit::LocationEdit(QWidget* parent)
clearFocus();
Optional<StringView> search_engine_url;
if (auto const& search_engine = WebView::Application::settings().search_engine(); search_engine.has_value())
search_engine_url = search_engine->query_url;
auto query = ak_string_from_qstring(text());
auto ctrl_held = QApplication::keyboardModifiers() & Qt::ControlModifier;
auto append_tld = ctrl_held ? WebView::AppendTLD::Yes : WebView::AppendTLD::No;
if (auto url = WebView::sanitize_url(query, search_engine_url, append_tld); url.has_value())
if (auto url = WebView::sanitize_url(query, WebView::Application::settings().search_engine(), append_tld); url.has_value())
set_url(url.release_value());
});

4
UI/Qt/Tab.cpp
View file

@ -459,7 +459,7 @@ Tab::Tab(BrowserWindow* window, RefPtr<WebView::WebContentClient> parent_client,
if (!search_engine.has_value())
return;
auto url_string = MUST(String::formatted(search_engine->query_url, URL::percent_encode(*m_page_context_menu_search_text)));
auto url_string = search_engine->format_search_query_for_navigation(*m_page_context_menu_search_text);
auto url = URL::Parser::basic_parse(url_string);
VERIFY(url.has_value());
@ -531,7 +531,7 @@ Tab::Tab(BrowserWindow* window, RefPtr<WebView::WebContentClient> parent_client,
TemporaryChange change_url { m_page_context_menu_search_text, AK::move(selected_text) };
if (m_page_context_menu_search_text.has_value()) {
auto action_text = WebView::format_search_query_for_display(search_engine->query_url, *m_page_context_menu_search_text);
auto action_text = search_engine->format_search_query_for_display(*m_page_context_menu_search_text);
search_selected_text_action->setText(qstring_from_ak_string(action_text));
search_selected_text_action->setVisible(true);
} else {