LibWebView: Fix sanitizing about scheme URLs

Author: https://github.com/bplaat Commit: https://github.com/SerenityOS/serenity/commit/63c6eae918 Pull-request: https://github.com/SerenityOS/serenity/pull/22708 Reviewed-by: https://github.com/ADKaster Reviewed-by: https://github.com/skyrising Reviewed-by: https://github.com/trflynn89
2024-01-12 19:41:53 +01:00 · 2024-01-12 19:41:53 +01:00 · 63c6eae918 · 2024-07-17 04:57:23 +09:00
commit 63c6eae918
parent cde14901bc
2 changed files with 18 additions and 1 deletions
--- a/Tests/LibWebView/TestWebViewURL.cpp
+++ b/Tests/LibWebView/TestWebViewURL.cpp
@ -79,3 +79,20 @@ TEST_CASE(http_url)
    compare_url_parts("http://abc.def.com#anchor"sv, { "http://abc."sv, "def.com"sv, "#anchor"sv });
    compare_url_parts("http://abc.def.com?query"sv, { "http://abc."sv, "def.com"sv, "?query"sv });
 }
+
+TEST_CASE(about_url)
+{
+    auto is_sanitized_url_the_same = [](StringView url) {
+        auto sanitized_url = WebView::sanitize_url(url);
+        if (!sanitized_url.has_value())
+            return false;
+        return sanitized_url->to_string().value() == url;
+    };
+
+    EXPECT(!is_sanitized_url_the_same("about"sv));
+    EXPECT(!is_sanitized_url_the_same("about blabla:"sv));
+    EXPECT(!is_sanitized_url_the_same("blabla about:"sv));
+
+    EXPECT(is_sanitized_url_the_same("about:about"sv));
+    EXPECT(is_sanitized_url_the_same("about:version"sv));
+}
--- a/Userland/Libraries/LibWebView/URL.cpp
+++ b/Userland/Libraries/LibWebView/URL.cpp
@ -35,7 +35,7 @@ static Optional<URL> create_url_with_url_or_path(String const& url_or_path)
 static Optional<URL> query_public_suffix_list(StringView url_string)
 {
    auto out = MUST(String::from_utf8(url_string));
-    if (!out.contains("://"sv))
+    if (!out.starts_with_bytes("about:"sv) && !out.contains("://"sv))
        out = MUST(String::formatted("https://{}"sv, out));

    auto maybe_url = create_url_with_url_or_path(out);