LibWebView: Do not use AK::format to format search engine URLs

This is to prepare for custom search engines. If we use AK::format, it would be trivial for a user (or bad actor) to come up with a template search engine URL that ultimately crashes the browser due to internal assertions in AK::format. For example: https://example.com/crash={1} Rather than coming up with a complicated pre-format validator, let's just not use AK::format. Custom URLs will signify their template query parameters with "%s". So we can do the same with our built-in engines. When it comes time to format the URL, we will do a simple string replacement.
Author: https://github.com/trflynn89 Commit: https://github.com/LadybirdBrowser/ladybird/commit/dbf4b189a47 Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/4237
2026-04-26 01:35:08 +02:00 · 2025-04-04 17:32:04 -04:00 · 2025-04-06 11:46:09 +00:00
parent cbee476dac
commit dbf4b189a4
9 changed files with 44 additions and 56 deletions
--- a/Libraries/LibWebView/URL.cpp
+++ b/Libraries/LibWebView/URL.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023-2025, Tim Flynn <trflynn89@serenityos.org>
+ * Copyright (c) 2023-2025, Tim Flynn <trflynn89@ladybird.org>
 * Copyright (c) 2023, Cameron Youell <cameronyouell@gmail.com>
 * Copyright (c) 2025, Manuel Zahariev <manuel@duck.com>
 *
@@ -13,13 +13,13 @@

 namespace WebView {

-Optional<URL::URL> sanitize_url(StringView location, Optional<StringView> search_engine, AppendTLD append_tld)
+Optional<URL::URL> sanitize_url(StringView location, Optional<SearchEngine> const& search_engine, AppendTLD append_tld)
 {
    auto search_url_or_error = [&]() -> Optional<URL::URL> {
        if (!search_engine.has_value())
            return {};

-        return URL::Parser::basic_parse(MUST(String::formatted(*search_engine, URL::percent_encode(location))));
+        return URL::Parser::basic_parse(search_engine->format_search_query_for_navigation(location));
    };

    location = location.trim_whitespace();