LibWeb: Implement more of the shared history push/replace state steps

Add the seralization and URL validation steps, but skip the actual
navigation for now. This might cause more pages to throw exceptions
when trying to push state that contains objects that we don't know how
to serialize.

Userland/Libraries/LibWeb/HTML/History.cpp

@@ -7,6 +7,7 @@
 #include <LibWeb/Bindings/Intrinsics.h>
 #include <LibWeb/DOM/Document.h>
 #include <LibWeb/HTML/History.h>
+#include <LibWeb/HTML/StructuredSerialize.h>
 
 namespace Web::HTML {
 
@@ -109,21 +110,94 @@ WebIDL::ExceptionOr<void> History::forward()
     return go(1);
 }
 
+// https://html.spec.whatwg.org/multipage/nav-history-apis.html#can-have-its-url-rewritten
+static bool can_have_its_url_rewritten(DOM::Document const& document, AK::URL const& target_url)
+{
+    // 1. Let documentURL be document's URL.
+    auto document_url = document.url();
+
+    // 2. If targetURL and documentURL differ in their scheme, username, password, host, or port components,
+    //    then return false.
+    if (target_url.scheme() != document_url.scheme()
+        || target_url.raw_username() != document_url.raw_username()
+        || target_url.raw_password() != document_url.raw_password()
+        || target_url.host() != document_url.host()
+        || target_url.port() != document_url.port())
+        return false;
+
+    // 3. If targetURL's scheme is an HTTP(S) scheme, then return true.
+    //    (Differences in path, query, and fragment are allowed for http: and https: URLs.)
+    if (target_url.scheme() == "http"sv || target_url.scheme() == "https"sv)
+        return true;
+
+    // 4. If targetURL's scheme is "file", and targetURL and documentURL differ in their path component,
+    //    then return false. (Differences in query and fragment are allowed for file: URLs.)
+    // FIXME: Don't create temporary strings to compare paths
+    auto target_url_path = target_url.serialize_path();
+    auto document_url_path = document_url.serialize_path();
+    if (target_url.scheme() == "file"sv
+        && target_url_path != document_url_path)
+        return false;
+
+    // 5. If targetURL and documentURL differ in their path component or query components, then return false.
+    //    (Only differences in fragment are allowed for other types of URLs.)
+    if (target_url_path != document_url_path
+        || target_url.query() != document_url.query())
+        return false;
+
+    // 6. Return true.
+    return true;
+}
+
 // https://html.spec.whatwg.org/multipage/history.html#shared-history-push/replace-state-steps
-WebIDL::ExceptionOr<void> History::shared_history_push_replace_state(JS::Value, DeprecatedString const&, IsPush)
+WebIDL::ExceptionOr<void> History::shared_history_push_replace_state(JS::Value value, DeprecatedString const& url, IsPush)
 {
-    // 1. Let document be history's associated Document. (NOTE: Not necessary)
+    // 1. Let document be history's associated Document.
+    auto& document = m_associated_document;
 
     // 2. If document is not fully active, then throw a "SecurityError" DOMException.
-    if (!m_associated_document->is_fully_active())
+    if (!document->is_fully_active())
         return WebIDL::SecurityError::create(realm(), "Cannot perform pushState or replaceState on a document that isn't fully active."sv);
 
     // 3. Optionally, return. (For example, the user agent might disallow calls to these methods that are invoked on a timer,
     //    or from event listeners that are not triggered in response to a clear user action, or that are invoked in rapid succession.)
+
+    // 4. Let serializedData be StructuredSerializeForStorage(data). Rethrow any exceptions.
+    //    FIXME: Actually rethrow exceptions here once we start using the serialized data.
+    //           Throwing here on data types we don't yet serialize will regress sites that use push/replaceState.
+    [[maybe_unused]] auto serialized_data_or_error = structured_serialize_for_storage(vm(), value);
+
+    // 5. Let newURL be document's URL.
+    auto new_url = document->url();
+
+    // 6. If url is not null or the empty string, then:
+    if (!url.is_empty() && !url.is_null()) {
+
+        // 1. Parse url, relative to the relevant settings object of history.
+        auto parsed_url = relevant_settings_object(*this).parse_url(url);
+
+        // 2. If that fails, then throw a "SecurityError" DOMException.
+        if (!parsed_url.is_valid())
+            return WebIDL::SecurityError::create(realm(), "Cannot pushState or replaceState to incompatible URL"sv);
+
+        // 3. Set newURL to the resulting URL record.
+        new_url = parsed_url;
+
+        // 4. If document cannot have its URL rewritten to newURL, then throw a "SecurityError" DOMException.
+        if (!can_have_its_url_rewritten(document, new_url))
+            return WebIDL::SecurityError::create(realm(), "Cannot pushState or replaceState to incompatible URL"sv);
+    }
+
+    // FIXME: 7. Let navigation be history's relevant global object's navigation API.
+    // FIXME: 8. Let continue be the result of firing a push/replace/reload navigate event at navigation
+    ///          with navigationType set to historyHandling, isSameDocument set to true, destinationURL set to newURL,
+    //           and classicHistoryAPIState set to serializedData.
+    // FIXME: 9. If continue is false, then return.
+    // FIXME: 10. Run the URL and history update steps given document and newURL, with serializedData set to
+    //            serializedData and historyHandling set to historyHandling.
+
     dbgln("FIXME: Implement shared_history_push_replace_state.");
     return {};
-
-    // FIXME: Add the rest of the spec steps once they're added.
 }
 
 }