From 7561a48ec6e9b9f6d49ba8ed38bf684e28a8fc40 Mon Sep 17 00:00:00 2001
From: Tim Ledbetter <timledbetter@gmail.com>
Date: Mon, 10 Jun 2024 08:40:25 +0100
Subject: [PATCH] LibWebView: Don't query public suffix list when sanitizing
 URLs

Previously, part of the procedure we used to sanitize URLs entered via
the command line would check the host against the public suffix
database. This led to some valid, but not publicly accessible URLs
being treated as invalid.

(cherry picked from commit e9f34c7bd1e72da9a57a721d4ad501e8208cc986)
---
 Userland/Libraries/LibWebView/URL.cpp | 39 +++++----------------------
 1 file changed, 7 insertions(+), 32 deletions(-)

diff --git a/Userland/Libraries/LibWebView/URL.cpp b/Userland/Libraries/LibWebView/URL.cpp
index 1178bc4e16..5b75e0dcab 100644
--- a/Userland/Libraries/LibWebView/URL.cpp
+++ b/Userland/Libraries/LibWebView/URL.cpp
@@ -16,35 +16,6 @@
 
 namespace WebView {
 
-static Optional<URL::URL> query_public_suffix_list(StringView url_string)
-{
-    auto out = MUST(String::from_utf8(url_string));
-    if (!out.starts_with_bytes("about:"sv) && !out.contains("://"sv))
-        out = MUST(String::formatted("https://{}"sv, out));
-
-    auto url = URL::create_with_url_or_path(out.to_byte_string());
-    if (!url.is_valid())
-        return {};
-
-    if (url.host().has<URL::IPv4Address>() || url.host().has<URL::IPv6Address>())
-        return url;
-
-    if (url.scheme() != "http"sv && url.scheme() != "https"sv)
-        return url;
-
-    if (url.host().has<String>()) {
-        auto const& host = url.host().get<String>();
-
-        if (auto public_suffix = get_public_suffix(host); public_suffix.has_value())
-            return url;
-
-        if (host.ends_with_bytes(".local"sv) || host.ends_with_bytes("localhost"sv))
-            return url;
-    }
-
-    return {};
-}
-
 bool is_public_suffix([[maybe_unused]] StringView host)
 {
 #if defined(ENABLE_PUBLIC_SUFFIX)
@@ -90,11 +61,15 @@ Optional<URL::URL> sanitize_url(StringView url, Optional<StringView> search_engi
         }
     }
 
-    auto result = query_public_suffix_list(url);
-    if (!result.has_value())
+    ByteString url_with_scheme = url;
+    if (!(url_with_scheme.starts_with("about:"sv) || url_with_scheme.contains("://"sv)))
+        url_with_scheme = ByteString::formatted("https://{}"sv, url_with_scheme);
+
+    auto result = URL::create_with_url_or_path(url_with_scheme);
+    if (!result.is_valid())
         return format_search_engine();
 
-    return result.release_value();
+    return result;
 }
 
 static URLParts break_file_url_into_parts(URL::URL const& url, StringView url_string)