LibWeb: Avoid invoking Trusted Types where avoidable

Prevents observably calling Trusted Types, which can run arbitrary JS, cause crashes due to use of MUST and allow arbitrary JS to modify internal elements.
Author: https://github.com/Lubrsi Commit: https://github.com/LadybirdBrowser/ladybird/commit/82bd3d38911 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/6632 Reviewed-by: https://github.com/AtkinsSJ
2026-04-26 01:35:08 +02:00 · 2025-10-31 12:30:47 +00:00 · 2025-11-06 16:46:00 +00:00
parent fb9406ddcd
commit 82bd3d3891
83 changed files with 407 additions and 366 deletions
--- a/Libraries/LibWeb/HTML/HTMLFormElement.cpp
+++ b/Libraries/LibWeb/HTML/HTMLFormElement.cpp
@@ -692,10 +692,10 @@ GC::Ref<DOM::DOMTokenList> HTMLFormElement::rel_list()
 }

 // https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#dom-fs-method
-WebIDL::ExceptionOr<void> HTMLFormElement::set_method(String const& method)
+void HTMLFormElement::set_method(String const& method)
 {
    // The method and enctype IDL attributes must reflect the respective content attributes of the same name, limited to only known values.
-    return set_attribute(AttributeNames::method, method);
+    set_attribute_value(AttributeNames::method, method);
 }

 // https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#dom-fs-action
@@ -715,9 +715,9 @@ String HTMLFormElement::action() const
 }

 // https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#dom-fs-action
-WebIDL::ExceptionOr<void> HTMLFormElement::set_action(String const& value)
+void HTMLFormElement::set_action(String const& value)
 {
-    return set_attribute(AttributeNames::action, value);
+    set_attribute_value(AttributeNames::action, value);
 }

 void HTMLFormElement::attribute_changed(FlyString const& name, Optional<String> const& old_value, Optional<String> const& value, Optional<FlyString> const& namespace_)