This modifies the Document class to use Optional<String> for the
encoding. If the encoding is unknown, the Optional will not have a
value. It also implements the has_encoding() and encoding_or_default()
instance methods, the latter of which will return "UTF-8" as a fallback
if no encoding is present.
The usage of Optional<String> instead of the null string is part of an
effort to explicitly indicate that a string could not have a value.
This also modifies the former callers of encoding() to use
encoding_or_default(). Furthermore, the encoding will now only be set if
it is actually known, rather than just guessed by earlier code.
This modifies the Resource class to use Optional<String> for the
encoding. If the encoding is unknown, the Optional will not have a
value (instead of using the null state of the String class). It also
implements a has_encoding() instance method and modifies the callers
of Resource::encoding() to use the new API.
This prevents the browser from crashing when trying to load an infinite
redirects loop. The chosen limit is based on the fetch specification:
"If request's redirect count is twenty, return a network error."
A Frame now knows about its nesting-level.
The FrameLoader checks whether the recursion level of the current
frame allows it to be displayed and if not doesn't even load the
requested resource.
The nesting-check is done on a per-URL-basis, so there can be many many
nested Frames as long as they have different URLs.
If there are however Frames with the same URL nested inside each other
we only allow this to happen 3 times.
This mitigates infinetely recursing <iframe>s in an HTML-document
crashing the browser with an OOM.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
This error page template is slightly hilarious and should probably
be replaced with AK::SourceGenerator or some such, but for now let's
just get rid of the call to String::format().
To implement the HttpOnly attribute, the CookieJar needs to know where a
request originated from. Namely, it needs to distinguish between HTTP /
non-HTTP (i.e. JavaScript) requests. When the HttpOnly attribute is set,
requests from JavaScript are to be blocked.
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)
Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.
We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
