LibWeb: Fix some GCVerifier warnings

Userland/Libraries/LibWeb/Animations/KeyframeEffect.cpp

@@ -779,7 +779,7 @@ Optional<CSS::Selector::PseudoElement::Type> KeyframeEffect::pseudo_element_type
 }
 
 // https://www.w3.org/TR/web-animations-1/#dom-keyframeeffect-getkeyframes
-WebIDL::ExceptionOr<Vector<JS::Object*>> KeyframeEffect::get_keyframes()
+WebIDL::ExceptionOr<JS::MarkedVector<JS::Object*>> KeyframeEffect::get_keyframes()
 {
     if (m_keyframe_objects.size() != m_keyframes.size()) {
         auto& vm = this->vm();
@@ -814,7 +814,10 @@ WebIDL::ExceptionOr<Vector<JS::Object*>> KeyframeEffect::get_keyframes()
         }
     }
 
-    return m_keyframe_objects;
+    JS::MarkedVector<JS::Object*> keyframes { heap() };
+    for (auto const& keyframe : m_keyframe_objects)
+        keyframes.append(keyframe);
+    return keyframes;
 }
 
 // https://www.w3.org/TR/web-animations-1/#dom-keyframeeffect-setkeyframes

Userland/Libraries/LibWeb/Animations/KeyframeEffect.h

@@ -97,7 +97,7 @@ public:
     Bindings::CompositeOperation composite() const { return m_composite; }
     void set_composite(Bindings::CompositeOperation value) { m_composite = value; }
 
-    WebIDL::ExceptionOr<Vector<JS::Object*>> get_keyframes();
+    WebIDL::ExceptionOr<JS::MarkedVector<JS::Object*>> get_keyframes();
     WebIDL::ExceptionOr<void> set_keyframes(Optional<JS::Handle<JS::Object>> const&);
 
     KeyFrameSet const* key_frame_set() { return m_key_frame_set; }
@@ -130,7 +130,7 @@ private:
     Vector<BaseKeyframe> m_keyframes {};
 
     // A cached version of m_keyframes suitable for returning from get_keyframes()
-    Vector<JS::Object*> m_keyframe_objects {};
+    Vector<JS::NonnullGCPtr<JS::Object>> m_keyframe_objects {};
 
     RefPtr<KeyFrameSet const> m_key_frame_set {};
 

Userland/Libraries/LibWeb/CSS/SelectorEngine.cpp

@@ -714,7 +714,7 @@ bool fast_matches(CSS::Selector const& selector, Optional<CSS::CSSStyleSheet con
     // NOTE: If we fail after following a child combinator, we may need to backtrack
     //       to the last matched descendant. We store the state here.
     struct {
-        DOM::Element const* element = nullptr;
+        JS::GCPtr<DOM::Element const> element;
         ssize_t compound_selector_index = 0;
     } backtrack_state;
 

Userland/Libraries/LibWeb/CSS/StyleProperties.h

@@ -11,6 +11,7 @@
 #include <LibGfx/Font/Font.h>
 #include <LibGfx/FontCascadeList.h>
 #include <LibGfx/Forward.h>
+#include <LibJS/Heap/GCPtr.h>
 #include <LibWeb/CSS/ComputedValues.h>
 #include <LibWeb/CSS/LengthBox.h>
 #include <LibWeb/CSS/PropertyID.h>
@@ -44,7 +45,7 @@ public:
 
     struct StyleAndSourceDeclaration {
         RefPtr<StyleValue const> style;
-        CSS::CSSStyleDeclaration const* declaration = nullptr;
+        JS::GCPtr<CSS::CSSStyleDeclaration const> declaration;
         Important important { Important::No };
         Inherited inherited { Inherited::No };
     };

Userland/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp

@@ -384,7 +384,7 @@ JS::ThrowCompletionOr<NonnullOwnPtr<AlgorithmParams>> EcKeyGenParams::from_value
 // https://w3c.github.io/webcrypto/#rsa-oaep-operations
 WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> RSAOAEP::encrypt(AlgorithmParams const& params, JS::NonnullGCPtr<CryptoKey> key, ByteBuffer const& plaintext)
 {
-    auto& realm = m_realm;
+    auto& realm = *m_realm;
     auto& vm = realm.vm();
     auto const& normalized_algorithm = static_cast<RsaOaepParams const&>(params);
 
@@ -412,7 +412,7 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> RSAOAEP::encrypt(Algorith
 // https://w3c.github.io/webcrypto/#rsa-oaep-operations
 WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> RSAOAEP::decrypt(AlgorithmParams const& params, JS::NonnullGCPtr<CryptoKey> key, AK::ByteBuffer const& ciphertext)
 {
-    auto& realm = m_realm;
+    auto& realm = *m_realm;
     auto& vm = realm.vm();
     auto const& normalized_algorithm = static_cast<RsaOaepParams const&>(params);
 
@@ -508,7 +508,7 @@ WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<Crypto
 // https://w3c.github.io/webcrypto/#rsa-oaep-operations
 WebIDL::ExceptionOr<JS::NonnullGCPtr<CryptoKey>> RSAOAEP::import_key(Web::Crypto::AlgorithmParams const& params, Bindings::KeyFormat key_format, CryptoKey::InternalKeyData key_data, bool extractable, Vector<Bindings::KeyUsage> const& usages)
 {
-    auto& realm = m_realm;
+    auto& realm = *m_realm;
 
     // 1. Let keyData be the key data to be imported.
 
@@ -678,7 +678,7 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<CryptoKey>> RSAOAEP::import_key(Web::Crypto
             // 2. If normalizedHash is not equal to the hash member of normalizedAlgorithm, throw a DataError.
             if (normalized_hash.parameter->name != TRY(normalized_algorithm.hash.visit([](String const& name) -> JS::ThrowCompletionOr<String> { return name; }, [&](JS::Handle<JS::Object> const& obj) -> JS::ThrowCompletionOr<String> {
                         auto name_property = TRY(obj->get("name"));
-                        return name_property.to_string(m_realm.vm()); })))
+                        return name_property.to_string(m_realm->vm()); })))
                 return WebIDL::DataError::create(m_realm, "Invalid hash"_fly_string);
         }
 
@@ -771,7 +771,7 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<CryptoKey>> RSAOAEP::import_key(Web::Crypto
 // https://w3c.github.io/webcrypto/#rsa-oaep-operations
 WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::Object>> RSAOAEP::export_key(Bindings::KeyFormat format, JS::NonnullGCPtr<CryptoKey> key)
 {
-    auto& realm = m_realm;
+    auto& realm = *m_realm;
     auto& vm = realm.vm();
 
     // 1. Let key be the key to be exported.
@@ -1104,7 +1104,7 @@ WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<Crypto
 // https://w3c.github.io/webcrypto/#ecdsa-operations
 WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> ECDSA::sign(AlgorithmParams const& params, JS::NonnullGCPtr<CryptoKey> key, ByteBuffer const& message)
 {
-    auto& realm = m_realm;
+    auto& realm = *m_realm;
     auto& vm = realm.vm();
     auto const& normalized_algorithm = static_cast<EcdsaParams const&>(params);
 
@@ -1142,7 +1142,7 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> ECDSA::sign(AlgorithmPara
 // https://w3c.github.io/webcrypto/#ecdsa-operations
 WebIDL::ExceptionOr<JS::Value> ECDSA::verify(AlgorithmParams const& params, JS::NonnullGCPtr<CryptoKey> key, ByteBuffer const& signature, ByteBuffer const& message)
 {
-    auto& realm = m_realm;
+    auto& realm = *m_realm;
     auto const& normalized_algorithm = static_cast<EcdsaParams const&>(params);
 
     // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
@@ -1154,7 +1154,7 @@ WebIDL::ExceptionOr<JS::Value> ECDSA::verify(AlgorithmParams const& params, JS::
         [](String const& name) -> JS::ThrowCompletionOr<String> { return name; },
         [&](JS::Handle<JS::Object> const& obj) -> JS::ThrowCompletionOr<String> {
                         auto name_property = TRY(obj->get("name"));
-                        return name_property.to_string(m_realm.vm()); }));
+                        return name_property.to_string(m_realm->vm()); }));
 
     // 3. Let M be the result of performing the digest operation specified by hashAlgorithm using message.
     ::Crypto::Hash::HashKind hash_kind;
@@ -1314,7 +1314,7 @@ WebIDL::ExceptionOr<Variant<JS::NonnullGCPtr<CryptoKey>, JS::NonnullGCPtr<Crypto
 
 WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> ED25519::sign([[maybe_unused]] AlgorithmParams const& params, JS::NonnullGCPtr<CryptoKey> key, ByteBuffer const& message)
 {
-    auto& realm = m_realm;
+    auto& realm = *m_realm;
     auto& vm = realm.vm();
 
     // 1. If the [[type]] internal slot of key is not "private", then throw an InvalidAccessError.
@@ -1348,7 +1348,7 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> ED25519::sign([[maybe_unu
 
 WebIDL::ExceptionOr<JS::Value> ED25519::verify([[maybe_unused]] AlgorithmParams const& params, JS::NonnullGCPtr<CryptoKey> key, ByteBuffer const& signature, ByteBuffer const& message)
 {
-    auto& realm = m_realm;
+    auto& realm = *m_realm;
 
     // 1. If the [[type]] internal slot of key is not "public", then throw an InvalidAccessError.
     if (key->type() != Bindings::KeyType::Public)
@@ -1378,7 +1378,7 @@ WebIDL::ExceptionOr<JS::Value> ED25519::verify([[maybe_unused]] AlgorithmParams
 
 WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> PBKDF2::derive_bits(AlgorithmParams const& params, JS::NonnullGCPtr<CryptoKey> key, Optional<u32> length_optional)
 {
-    auto& realm = m_realm;
+    auto& realm = *m_realm;
     auto const& normalized_algorithm = static_cast<PBKDF2Params const&>(params);
 
     // 1. If length is null or zero, or is not a multiple of 8, then throw an OperationError.
@@ -1396,7 +1396,7 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> PBKDF2::derive_bits(Algor
         [](String const& name) -> JS::ThrowCompletionOr<String> { return name; },
         [&](JS::Handle<JS::Object> const& obj) -> JS::ThrowCompletionOr<String> {
                         auto name_property = TRY(obj->get("name"));
-                        return name_property.to_string(m_realm.vm()); }));
+                        return name_property.to_string(m_realm->vm()); }));
 
     // 4. Let result be the result of performing the PBKDF2 operation defined in Section 5.2 of [RFC8018]
     // using prf as the pseudo-random function, PRF,

Userland/Libraries/LibWeb/Crypto/CryptoAlgorithms.h

@@ -210,7 +210,7 @@ protected:
     {
     }
 
-    JS::Realm& m_realm;
+    JS::NonnullGCPtr<JS::Realm> m_realm;
 };
 
 class RSAOAEP : public AlgorithmMethods {

Userland/Libraries/LibWeb/Crypto/KeyAlgorithms.h

@@ -38,7 +38,7 @@ private:
     JS_DECLARE_NATIVE_FUNCTION(name_getter);
 
     String m_name;
-    JS::Realm& m_realm;
+    JS::NonnullGCPtr<JS::Realm> m_realm;
 };
 
 // https://w3c.github.io/webcrypto/#RsaKeyAlgorithm-dictionary

Userland/Libraries/LibWeb/HTML/HTMLFormElement.cpp

@@ -888,7 +888,7 @@ void HTMLFormElement::plan_to_navigate_to(URL::URL url, Variant<Empty, String, P
     // NOTE: `this`, `actual_resource` and `target_navigable` are protected by JS::SafeFunction.
     queue_an_element_task(Task::Source::DOMManipulation, [this, url, post_resource, target_navigable, history_handling, referrer_policy, user_involvement]() {
         // 1. Set the form's planned navigation to null.
-        m_planned_navigation = nullptr;
+        m_planned_navigation = {};
 
         // 2. Navigate targetNavigable to url using the form element's node document, with historyHandling set to historyHandling,
         //    referrerPolicy set to referrerPolicy, documentResource set to postResource, and cspNavigationType set to "form-submission".

Userland/Libraries/LibWeb/HTML/HTMLFormElement.h

@@ -142,7 +142,7 @@ private:
     // https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#planned-navigation
     // Each form element has a planned navigation, which is either null or a task; when the form is first created,
     // its planned navigation must be set to null.
-    Task const* m_planned_navigation { nullptr };
+    JS::GCPtr<Task const> m_planned_navigation;
 };
 
 }

Userland/Libraries/LibWeb/HTML/Scripting/TemporaryExecutionContext.cpp

@@ -13,16 +13,16 @@ TemporaryExecutionContext::TemporaryExecutionContext(EnvironmentSettingsObject&
     : m_environment_settings(environment_settings)
     , m_callbacks_enabled(callbacks_enabled)
 {
-    m_environment_settings.prepare_to_run_script();
+    m_environment_settings->prepare_to_run_script();
     if (m_callbacks_enabled == CallbacksEnabled::Yes)
-        m_environment_settings.prepare_to_run_callback();
+        m_environment_settings->prepare_to_run_callback();
 }
 
 TemporaryExecutionContext::~TemporaryExecutionContext()
 {
-    m_environment_settings.clean_up_after_running_script();
+    m_environment_settings->clean_up_after_running_script();
     if (m_callbacks_enabled == CallbacksEnabled::Yes)
-        m_environment_settings.clean_up_after_running_callback();
+        m_environment_settings->clean_up_after_running_callback();
 }
 
 }

Userland/Libraries/LibWeb/HTML/Scripting/TemporaryExecutionContext.h

@@ -24,7 +24,7 @@ public:
     ~TemporaryExecutionContext();
 
 private:
-    EnvironmentSettingsObject& m_environment_settings;
+    JS::NonnullGCPtr<EnvironmentSettingsObject> m_environment_settings;
     CallbacksEnabled m_callbacks_enabled { CallbacksEnabled::No };
 };
 

Userland/Libraries/LibWeb/Layout/BlockFormattingContext.cpp

@@ -1128,7 +1128,7 @@ BlockFormattingContext::SpaceUsedAndContainingMarginForFloats BlockFormattingCon
                 + floating_box.used_values.content_width()
                 + floating_box.used_values.margin_box_right();
             space_and_containing_margin.left_total_containing_margin = offset_from_containing_block_chain_margins_between_here_and_root;
-            space_and_containing_margin.matching_left_float_box = floating_box.box.ptr();
+            space_and_containing_margin.matching_left_float_box = floating_box.box;
             break;
         }
     }

Userland/Libraries/LibWeb/Layout/FormattingContext.h

@@ -128,7 +128,7 @@ protected:
         // Each block in the containing chain adds its own margin and we store the total here.
         CSSPixels left_total_containing_margin;
         CSSPixels right_total_containing_margin;
-        Box const* matching_left_float_box { nullptr };
+        JS::GCPtr<Box const> matching_left_float_box;
     };
 
     struct ShrinkToFitResult {

Userland/Libraries/LibWeb/Layout/LayoutState.cpp

@@ -31,14 +31,14 @@ LayoutState::~LayoutState()
 
 LayoutState::UsedValues& LayoutState::get_mutable(NodeWithStyle const& node)
 {
-    if (auto* used_values = used_values_per_layout_node.get(&node).value_or(nullptr))
+    if (auto* used_values = used_values_per_layout_node.get(node).value_or(nullptr))
         return *used_values;
 
     for (auto const* ancestor = m_parent; ancestor; ancestor = ancestor->m_parent) {
-        if (auto* ancestor_used_values = ancestor->used_values_per_layout_node.get(&node).value_or(nullptr)) {
+        if (auto* ancestor_used_values = ancestor->used_values_per_layout_node.get(node).value_or(nullptr)) {
             auto cow_used_values = adopt_own(*new UsedValues(*ancestor_used_values));
             auto* cow_used_values_ptr = cow_used_values.ptr();
-            used_values_per_layout_node.set(&node, move(cow_used_values));
+            used_values_per_layout_node.set(node, move(cow_used_values));
             return *cow_used_values_ptr;
         }
     }
@@ -48,17 +48,17 @@ LayoutState::UsedValues& LayoutState::get_mutable(NodeWithStyle const& node)
     auto new_used_values = adopt_own(*new UsedValues);
     auto* new_used_values_ptr = new_used_values.ptr();
     new_used_values->set_node(const_cast<NodeWithStyle&>(node), containing_block_used_values);
-    used_values_per_layout_node.set(&node, move(new_used_values));
+    used_values_per_layout_node.set(node, move(new_used_values));
     return *new_used_values_ptr;
 }
 
 LayoutState::UsedValues const& LayoutState::get(NodeWithStyle const& node) const
 {
-    if (auto const* used_values = used_values_per_layout_node.get(&node).value_or(nullptr))
+    if (auto const* used_values = used_values_per_layout_node.get(node).value_or(nullptr))
         return *used_values;
 
     for (auto const* ancestor = m_parent; ancestor; ancestor = ancestor->m_parent) {
-        if (auto const* ancestor_used_values = ancestor->used_values_per_layout_node.get(&node).value_or(nullptr))
+        if (auto const* ancestor_used_values = ancestor->used_values_per_layout_node.get(node).value_or(nullptr))
             return *ancestor_used_values;
     }
 
@@ -67,7 +67,7 @@ LayoutState::UsedValues const& LayoutState::get(NodeWithStyle const& node) const
     auto new_used_values = adopt_own(*new UsedValues);
     auto* new_used_values_ptr = new_used_values.ptr();
     new_used_values->set_node(const_cast<NodeWithStyle&>(node), containing_block_used_values);
-    const_cast<LayoutState*>(this)->used_values_per_layout_node.set(&node, move(new_used_values));
+    const_cast<LayoutState*>(this)->used_values_per_layout_node.set(node, move(new_used_values));
     return *new_used_values_ptr;
 }
 

Userland/Libraries/LibWeb/Layout/LayoutState.h

@@ -176,7 +176,7 @@ struct LayoutState {
     // NOTE: get() will not CoW the UsedValues.
     UsedValues const& get(NodeWithStyle const&) const;
 
-    HashMap<Layout::Node const*, NonnullOwnPtr<UsedValues>> used_values_per_layout_node;
+    HashMap<JS::NonnullGCPtr<Layout::Node const>, NonnullOwnPtr<UsedValues>> used_values_per_layout_node;
 
     // We cache intrinsic sizes once determined, as they will not change over the course of a full layout.
     // This avoids computing them several times while performing flex layout.

Userland/Libraries/LibWeb/Layout/TableFormattingContext.h

@@ -138,7 +138,7 @@ private:
     };
 
     struct ConflictingEdge {
-        Node const* element;
+        JS::GCPtr<Node const> element;
         Painting::PaintableBox::ConflictingElementKind element_kind;
         ConflictingSide side;
         Optional<size_t> row;
@@ -166,12 +166,12 @@ private:
         void collect_table_box_conflicting_edges(Vector<ConflictingEdge>&, Cell const&, ConflictingSide) const;
 
         struct RowGroupInfo {
-            Node const* row_group;
+            JS::GCPtr<Node const> row_group;
             size_t start_index;
             size_t row_count;
         };
 
-        Vector<Node const*> m_col_elements_by_index;
+        Vector<JS::GCPtr<Node const>> m_col_elements_by_index;
         Vector<Optional<RowGroupInfo>> m_row_group_elements_by_index;
         TableFormattingContext const* m_context;
     };

Userland/Libraries/LibWeb/Painting/StackingContext.cpp

@@ -207,15 +207,15 @@ void StackingContext::paint_internal(PaintContext& context) const
     // Draw positioned descendants with z-index `0` or `auto` in tree order. (step 8)
     // FIXME: There's more to this step that we have yet to understand and implement.
     for (auto const& paintable : m_positioned_descendants_with_stack_level_0_and_stacking_contexts) {
-        if (!paintable.is_positioned())
+        if (!paintable->is_positioned())
             continue;
 
         // At this point, `paintable_box` is a positioned descendant with z-index: auto.
         // FIXME: This is basically duplicating logic found elsewhere in this same function. Find a way to make this more elegant.
-        auto* parent_paintable = paintable.parent();
+        auto* parent_paintable = paintable->parent();
         if (parent_paintable)
             parent_paintable->before_children_paint(context, PaintPhase::Foreground);
-        if (auto* child = paintable.stacking_context()) {
+        if (auto* child = paintable->stacking_context()) {
             paint_child(context, *child);
         } else {
             paint_node_as_stacking_context(paintable, context);
@@ -354,11 +354,11 @@ TraversalDecision StackingContext::hit_test(CSSPixelPoint position, HitTestType
 
     // 6. the child stacking contexts with stack level 0 and the positioned descendants with stack level 0.
     for (auto const& paintable : m_positioned_descendants_with_stack_level_0_and_stacking_contexts.in_reverse()) {
-        if (paintable.stacking_context()) {
-            if (paintable.stacking_context()->hit_test(transformed_position, type, callback) == TraversalDecision::Break)
+        if (paintable->stacking_context()) {
+            if (paintable->stacking_context()->hit_test(transformed_position, type, callback) == TraversalDecision::Break)
                 return TraversalDecision::Break;
         } else {
-            if (paintable.hit_test(transformed_position, type, callback) == TraversalDecision::Break)
+            if (paintable->hit_test(transformed_position, type, callback) == TraversalDecision::Break)
                 return TraversalDecision::Break;
         }
     }
@@ -375,7 +375,7 @@ TraversalDecision StackingContext::hit_test(CSSPixelPoint position, HitTestType
 
     // 4. the non-positioned floats.
     for (auto const& paintable : m_non_positioned_floating_descendants.in_reverse()) {
-        if (paintable.hit_test(transformed_position, type, callback) == TraversalDecision::Break)
+        if (paintable->hit_test(transformed_position, type, callback) == TraversalDecision::Break)
             return TraversalDecision::Break;
     }
 

Userland/Libraries/LibWeb/Painting/StackingContext.h

@@ -52,8 +52,8 @@ private:
     Vector<StackingContext*> m_children;
     size_t m_index_in_tree_order { 0 };
 
-    Vector<Paintable const&> m_positioned_descendants_with_stack_level_0_and_stacking_contexts;
-    Vector<Paintable const&> m_non_positioned_floating_descendants;
+    Vector<JS::NonnullGCPtr<Paintable const>> m_positioned_descendants_with_stack_level_0_and_stacking_contexts;
+    Vector<JS::NonnullGCPtr<Paintable const>> m_non_positioned_floating_descendants;
 
     static void paint_child(PaintContext&, StackingContext const&);
     void paint_internal(PaintContext&) const;

Userland/Libraries/LibWeb/Painting/ViewportPaintable.cpp

@@ -72,7 +72,7 @@ void ViewportPaintable::assign_scroll_frames()
         if (paintable_box.has_scrollable_overflow()) {
             auto scroll_frame = adopt_ref(*new ScrollFrame());
             scroll_frame->id = next_id++;
-            scroll_state.set(&paintable_box, move(scroll_frame));
+            scroll_state.set(paintable_box, move(scroll_frame));
         }
         return TraversalDecision::Continue;
     });
@@ -102,7 +102,7 @@ void ViewportPaintable::assign_clip_frames()
         auto has_hidden_overflow = overflow_x != CSS::Overflow::Visible && overflow_y != CSS::Overflow::Visible;
         if (has_hidden_overflow || paintable_box.get_clip_rect().has_value()) {
             auto clip_frame = adopt_ref(*new ClipFrame());
-            clip_state.set(&paintable_box, move(clip_frame));
+            clip_state.set(paintable_box, move(clip_frame));
         }
         return TraversalDecision::Continue;
     });

Userland/Libraries/LibWeb/Painting/ViewportPaintable.h

@@ -20,11 +20,11 @@ public:
     void paint_all_phases(PaintContext&);
     void build_stacking_context_tree_if_needed();
 
-    HashMap<PaintableBox const*, RefPtr<ScrollFrame>> scroll_state;
+    HashMap<JS::GCPtr<PaintableBox const>, RefPtr<ScrollFrame>> scroll_state;
     void assign_scroll_frames();
     void refresh_scroll_state();
 
-    HashMap<PaintableBox const*, RefPtr<ClipFrame>> clip_state;
+    HashMap<JS::GCPtr<PaintableBox const>, RefPtr<ClipFrame>> clip_state;
     void assign_clip_frames();
     void refresh_clip_state();
 

Userland/Libraries/LibWeb/SVG/SVGDecodedImageData.h

@@ -61,16 +61,16 @@ public:
 
     virtual ~SVGPageClient() override = default;
 
-    Page& m_host_page;
-    Page* m_svg_page { nullptr };
+    JS::NonnullGCPtr<Page> m_host_page;
+    JS::GCPtr<Page> m_svg_page;
 
     virtual Page& page() override { return *m_svg_page; }
     virtual Page const& page() const override { return *m_svg_page; }
     virtual bool is_connection_open() const override { return false; }
-    virtual Gfx::Palette palette() const override { return m_host_page.client().palette(); }
+    virtual Gfx::Palette palette() const override { return m_host_page->client().palette(); }
     virtual DevicePixelRect screen_rect() const override { return {}; }
     virtual double device_pixels_per_css_pixel() const override { return 1.0; }
-    virtual CSS::PreferredColorScheme preferred_color_scheme() const override { return m_host_page.client().preferred_color_scheme(); }
+    virtual CSS::PreferredColorScheme preferred_color_scheme() const override { return m_host_page->client().preferred_color_scheme(); }
     virtual void request_file(FileRequest) override { }
     virtual void paint(DevicePixelRect const&, Gfx::Bitmap&, Web::PaintOptions = {}) override { }
     virtual void schedule_repaint() override { }

Userland/Libraries/LibWeb/Streams/ReadableStreamBYOBReader.cpp

@@ -100,7 +100,7 @@ private:
     }
 
     JS::NonnullGCPtr<JS::Realm> m_realm;
-    WebIDL::Promise& m_promise;
+    JS::NonnullGCPtr<WebIDL::Promise> m_promise;
 };
 
 // https://streams.spec.whatwg.org/#byob-reader-read

Userland/Libraries/LibWeb/Streams/ReadableStreamDefaultReader.cpp

@@ -148,7 +148,7 @@ private:
     }
 
     JS::NonnullGCPtr<JS::Realm> m_realm;
-    WebIDL::Promise& m_promise;
+    JS::NonnullGCPtr<WebIDL::Promise> m_promise;
 };
 
 // https://streams.spec.whatwg.org/#default-reader-read