LibWeb: Limit `HTMLInputElement.size` to allowed values

Attempting to set `HTMLInputElement.size` to 0 via IDL now throws an
IndexSizeError DOMException. Attempting to set it to a value larger
than 2147483647 results in it being set to the default value.

Libraries/LibWeb/HTML/HTMLInputElement.cpp

@@ -1861,19 +1861,23 @@ WebIDL::ExceptionOr<void> HTMLInputElement::set_min_length(WebIDL::Long value)
 }
 
 // https://html.spec.whatwg.org/multipage/input.html#the-size-attribute
-unsigned HTMLInputElement::size() const
+WebIDL::UnsignedLong HTMLInputElement::size() const
 {
     // The size attribute, if specified, must have a value that is a valid non-negative integer greater than zero.
     // The size IDL attribute is limited to only positive numbers and has a default value of 20.
     if (auto size_string = get_attribute(HTML::AttributeNames::size); size_string.has_value()) {
-        if (auto size = parse_non_negative_integer(*size_string); size.has_value() && size.value() != 0)
+        if (auto size = parse_non_negative_integer(*size_string); size.has_value() && *size != 0 && *size <= 2147483647)
             return *size;
     }
     return 20;
 }
 
-WebIDL::ExceptionOr<void> HTMLInputElement::set_size(unsigned value)
+WebIDL::ExceptionOr<void> HTMLInputElement::set_size(WebIDL::UnsignedLong value)
 {
+    if (value == 0)
+        return WebIDL::IndexSizeError::create(realm(), "Size must be greater than zero"_string);
+    if (value > 2147483647)
+        value = 20;
     return set_attribute(HTML::AttributeNames::size, String::number(value));
 }
 

Libraries/LibWeb/HTML/HTMLInputElement.h

@@ -125,8 +125,8 @@ public:
     WebIDL::Long min_length() const;
     WebIDL::ExceptionOr<void> set_min_length(WebIDL::Long);
 
-    unsigned size() const;
-    WebIDL::ExceptionOr<void> set_size(unsigned value);
+    WebIDL::UnsignedLong size() const;
+    WebIDL::ExceptionOr<void> set_size(WebIDL::UnsignedLong value);
 
     struct SelectedCoordinate {
         int x { 0 };

Tests/LibWeb/Text/expected/HTML/unsigned-long-reflection.txt

@@ -14,6 +14,22 @@ img.getAttribute("hspace") after img.setAttribute("hspace", "4294967295"): 42949
 img.hspace after img.setAttribute("hspace", "4294967295"): 0
 img.getAttribute("hspace") after img.hspace = 4294967295: 0
 img.hspace after img.hspace = 4294967295: 0
+input.getAttribute("size") after input.setAttribute("size", "1"): 1
+input.size after input.setAttribute("size", "1"): 1
+input.getAttribute("size") after input.size = 1: 1
+input.size after input.size = 1: 1
+input.getAttribute("size") after input.setAttribute("size", "2147483647"): 2147483647
+input.size after input.setAttribute("size", "2147483647"): 2147483647
+input.getAttribute("size") after input.size = 2147483647: 2147483647
+input.size after input.size = 2147483647: 2147483647
+input.getAttribute("size") after input.setAttribute("size", "2147483648"): 2147483648
+input.size after input.setAttribute("size", "2147483648"): 20
+input.getAttribute("size") after input.size = 2147483648: 20
+input.size after input.size = 2147483648: 20
+input.getAttribute("size") after input.setAttribute("size", "4294967295"): 4294967295
+input.size after input.setAttribute("size", "4294967295"): 20
+input.getAttribute("size") after input.size = 4294967295: 20
+input.size after input.size = 4294967295: 20
 marquee.getAttribute("scrollamount") after marquee.setAttribute("scrollAmount", "1"): 1
 marquee.scrollAmount after marquee.setAttribute("scrollamount", "1"): 1
 marquee.getAttribute("scrollamount") after marquee.scrollAmount = 1: 1

Tests/LibWeb/Text/input/HTML/unsigned-long-reflection.html

@@ -23,6 +23,7 @@
         }
 
         testProperty("img", "hspace", (img) => img.hspace, (img, value) => img.hspace = value);
+        testProperty("input", "size", (input) => input.size, (input, value) => input.size = value);
         testProperty("marquee", "scrollAmount", (marquee) => marquee.scrollAmount, (marquee, value) => marquee.scrollAmount = value);
         testProperty("marquee", "scrollDelay", (marquee) => marquee.scrollDelay, (marquee, value) => marquee.scrollDelay = value);
         testProperty("textarea", "rows", (textarea) => textarea.rows, (textarea, value) => textarea.rows = value);