LadybirdBrowser · ADKaster · Apr 28, 2025 · Apr 28, 2025 · Apr 28, 2025 · ADKaster
diff --git a/Libraries/LibWeb/HTML/Navigable.cpp b/Libraries/LibWeb/HTML/Navigable.cpp
diff --git a/Libraries/LibWeb/HTML/Navigable.h b/Libraries/LibWeb/HTML/Navigable.h
@@ -132,7 +132,7 @@ class Navigable : public JS::Cell
 
     struct NavigateParams {
         URL::URL url;
-        GC::Ref<DOM::Document> source_document;
+        GC::Ptr<DOM::Document> source_document = nullptr;
         Variant<Empty, String, POSTResource> document_resource = Empty {};
         GC::Ptr<Fetch::Infrastructure::Response> response = nullptr;
         bool exceptions_enabled = false;

diff --git a/Libraries/LibWeb/MixedContent/AbstractOperations.cpp b/Libraries/LibWeb/MixedContent/AbstractOperations.cpp
@@ -14,6 +14,10 @@ namespace Web::MixedContent {
 // https://w3c.github.io/webappsec-mixed-content/#upgrade-algorithm
 void upgrade_a_mixed_content_request_to_a_potentially_trustworthy_url_if_appropriate(Fetch::Infrastructure::Request& request)
 {
+    // AD-HOC: Browser-UI initiated navigations should not be upgraded.
+    if (!request.client())
+        return;
+
     // 1. If one or more of the following conditions is met, return without modifying request:
     if (
         // 1. request’s URL is a potentially trustworthy URL.
@@ -22,7 +26,7 @@ void upgrade_a_mixed_content_request_to_a_potentially_trustworthy_url_if_appropr
         // 2. request’s URL’s host is an IP address.
         || (request.url().host().has_value() && (request.url().host()->has<URL::IPv4Address>() || request.url().host()->has<URL::IPv6Address>()))
 
-        // 3. § 4.3 Does settings prohibit mixed security contexts? returns "Does Not Restrict Mixed Security Contents" when applied to request’s client.
+        // 3. § 4.3 Does settings prohibit mixed security contexts? returns "Does Not Restrict Mixed Security Contents" when applied to request’s client.
         || does_settings_prohibit_mixed_security_contexts(request.client()) == ProhibitsMixedSecurityContexts::DoesNotRestrictMixedSecurityContexts
 
         // 4. request’s destination is not "image", "audio", or "video".
@@ -68,6 +72,10 @@ ProhibitsMixedSecurityContexts does_settings_prohibit_mixed_security_contexts(GC
 // https://w3c.github.io/webappsec-mixed-content/#should-block-fetch
 Fetch::Infrastructure::RequestOrResponseBlocking should_fetching_request_be_blocked_as_mixed_content(Fetch::Infrastructure::Request& request)
 {
+    // AD-HOC: Browser-UI initiated navigations should not be blocked.
+    if (!request.client())
+        return Fetch::Infrastructure::RequestOrResponseBlocking::Allowed;
+
     // 1. Return allowed if one or more of the following conditions are met:
     if (
         // 1. § 4.3 Does settings prohibit mixed security contexts? returns "Does Not Restrict Mixed Security Contexts" when applied to request’s client.
@@ -93,6 +101,10 @@ Fetch::Infrastructure::RequestOrResponseBlocking should_fetching_request_be_bloc
 // https://w3c.github.io/webappsec-mixed-content/#should-block-response
 Web::Fetch::Infrastructure::RequestOrResponseBlocking should_response_to_request_be_blocked_as_mixed_content(Fetch::Infrastructure::Request& request, GC::Ref<Fetch::Infrastructure::Response>& response)
 {
+    // AD-HOC: Browser-UI initiated navigations should not be blocked.
+    if (!request.client())
+        return Fetch::Infrastructure::RequestOrResponseBlocking::Allowed;
+
     // 1. Return allowed if one or more of the following conditions are met:
     if (
         // 1. § 4.3 Does settings prohibit mixed security contexts? returns Does Not Restrict Mixed Content when applied to request’s client.

diff --git a/Libraries/LibWeb/Page/Page.cpp b/Libraries/LibWeb/Page/Page.cpp
@@ -71,7 +71,7 @@ void Page::navigable_document_destroyed(Badge<DOM::Document>, HTML::Navigable& n
 
 void Page::load(URL::URL const& url)
 {
-    (void)top_level_traversable()->navigate({ .url = url, .source_document = *top_level_traversable()->active_document(), .user_involvement = HTML::UserNavigationInvolvement::BrowserUI });
+    (void)top_level_traversable()->navigate({ .url = url, .source_document = nullptr, .user_involvement = HTML::UserNavigationInvolvement::BrowserUI });
 }
 
 void Page::load_html(StringView html)
@@ -80,7 +80,7 @@ void Page::load_html(StringView html)
     heap().collect_garbage();
 
     (void)top_level_traversable()->navigate({ .url = URL::about_srcdoc(),
-        .source_document = *top_level_traversable()->active_document(),
+        .source_document = nullptr,
         .document_resource = String::from_utf8(html).release_value_but_fixme_should_propagate_errors(),
         .user_involvement = HTML::UserNavigationInvolvement::BrowserUI });
 }

diff --git a/Tests/LibWeb/Text/expected/HTML/Navigation-object-properties.txt b/Tests/LibWeb/Text/expected/HTML/Navigation-object-properties.txt
@@ -1,5 +1,10 @@
 entries[length - 1] is current entry: true
 currentEntry is a [object NavigationHistoryEntry]
 transition is null: true
+canGoBack: false
+canGoForward: true
+entries[length - 1] is current entry: false
+currentEntry is a [object NavigationHistoryEntry]
+transition is null: true
 canGoBack: true
 canGoForward: true
diff --git a/Tests/LibWeb/Text/input/HTML/Navigation-object-properties.html b/Tests/LibWeb/Text/input/HTML/Navigation-object-properties.html
@@ -11,6 +11,15 @@
 
         println(`transition is null: ${n.transition == null}`);
         println(`canGoBack: ${n.canGoBack}`);
-        println(`canGoForward: ${n.canGoForward}`);       
+        println(`canGoForward: ${n.canGoForward}`);
+
+        history.pushState({}, "", "#foo");
+
+        println(`entries[length - 1] is current entry: ${n.entries()[len - 1] === n.currentEntry}`);
+        println(`currentEntry is a ${n.currentEntry}`);
+
+        println(`transition is null: ${n.transition == null}`);
+        println(`canGoBack: ${n.canGoBack}`);
+        println(`canGoForward: ${n.canGoForward}`);
     });
 </script>