[Origin API] .from() should throw on <a> and <area>.

When extracting an origin from `<a>` and `<area>` elements without an
`href` attribute, we're currently returning an opaque `Origin`. We
should throw instead, as there's not an origin to extract from these
elements (see [1]). Thanks to @annevk for pointing this out in [2].


[1]: https://html.spec.whatwg.org/multipage/links.html#api-for-a-and-area-elements:extract-an-origin
[2]: whatwg/url#892 (comment)

Bug: 434131026
Change-Id: I136cc0ff24355e29418e060ab384938f3615a60e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7231346
Commit-Queue: Mike West <[email protected]>
Reviewed-by: Antonio Sartori <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1554582}

Author: mikewest

third_party/blink/renderer/core/html/html_anchor_element.cc

@@ -380,7 +380,10 @@ void HTMLAnchorElementBase::SetURL(const KURL& url) {
 DOMOrigin* HTMLAnchorElementBase::GetDOMOrigin(LocalDOMWindow*) const {
   // No access check is necessary, as anchor elements are not accessible
   // cross-origin.
-  return DOMOrigin::Create(SecurityOrigin::Create(Url()));
+  if (FastHasAttribute(html_names::kHrefAttr)) {
+    return DOMOrigin::Create(SecurityOrigin::Create(Url()));
+  }
+  return nullptr;
 }
 
 String HTMLAnchorElementBase::Input() const {

third_party/blink/web_tests/external/wpt/html/browsers/origin/api/origin-from-htmlhyperlinkelementutils.window.js

@@ -1,6 +1,16 @@
 // META: title=`Origin.from(HTMLHyperlinkElementUtils)`
 // META: script=resources/serializations.js
 
+test(t => {
+  const invalid = document.createElement("a");
+  assert_throws_js(TypeError, _ => Origin.from(invalid));
+}, `Origin.from(<a>) throws.`);
+
+test(t => {
+  const invalid = document.createElement("area");
+  assert_throws_js(TypeError, _ => Origin.from(invalid));
+}, `Origin.from(<area>) throws.`);
+
 for (const opaque of urls.opaque) {
   // <a>
   test(t => {