In the case that initMessageEvent is called (even with the same
ports), we should return a new array object. This fixes an issue
where the cached m_ports_array was not cleared, causing the
attribute to return the old object identity.
This was causing GC-related crashes on various websites, most
prominently on any site that contains embedded YouTube videos. The issue
can be reproduced by going to any YouTube video, using the _Share_
button below it and pasting the embed code into an empty HTML file and
loading it through localhost.
This is technically a regression from
89dbdd3411 in that the problem became
visible with that commit. However, there is nothing wrong with the
commit by itself. It just happens that `Origin::is_same_origin_domain()`
prior to that commit was completely bogus and would mistakenly return
true in almost all cases, so the cross-origin code paths were not
exercised.
I am uncertain how to make a automatic test case for this problem, given
the nature of it being GC- and cross-origin-related. So there is no
regression test included in this commit.
It is not guaranteed that inherited classes have the same address as the
base of the derived class. In that case a reinterpret cast leads to
undefined behavior. This occured on msvc ABI. See:
https://godbolt.org/z/jGeEW3c48
Co-authored-by: ayeteadoe <ayeteadoe@gmail.com>
This function essentially performs a BFS traversal over document states.
With this change, we let `doc_states` grow instead of removing traversed
states, avoiding shifting elements on every iteration.
This reduces `./test-web -j 1` from ~7m to ~5m on my machine.
Now that we don't always honor requests to add tasks to a queue, we
can't rely on "last added task" as the place to find the task's ID.
Fortunately we can just get it from the task itself.
Documents that have never been associated with a browsing context will
never become "fully active" so we shouldn't schedule tasks in them since
they'll never run.
The inert temporary documents used for fragment parsing will never
become "fully active" and so any tasks associated with them will never
run. To avoid memory leaks, we now simply ignore any attempts to enqueue
tasks associated with such documents.
Previously `BroadcastChannelRepository` held strong references to
`BroadcastChannel` instances, which is removed only after `close()` on
corresponding `BroadcastChannel` was called, which might never happen.
This would have to be revisited once we will implement broadcast
channels messaging across different WebContent processes, but for now
using weak references in the repository saves us from leaking all
unclosed `BroadcastChannel`s.
We never want to capture GC::Roots in GC::Function lambdas, since that
very easily creates reference cycles and leak huge object graphs.
Capturing a raw pointer or GC::Ptr/Ref is fine, since that's exactly
what GC::Function is good at.
If we copy instead of move, the GC::Root source locations get
overwritten and we can't tell from a heap dump who created the roots.
(And it's also more efficient to move instead of copy ofc.)
Fixes crashing introduced in a610639 when `scroll_viewport_by_delta()`
is called from `EventHandler::handle_mousewheel()` and there's no
running execution context to grab current realm from to allocate a
promise.
Refactor the FFmpeg and Matroska demuxers to consume data through
`IncrementallyPopulatedStream::Cursor` instead of a pointer to fully
buffered.
This change establishes a new rule: each track must be initialized with
its own cursor. Data providers now explicitly create a per-track context
via `Demuxer::create_context_for_track(track, cursor)`, and own pointer
to that cursor. In the upcoming changes, holding the cursor in the
provider would allow to signal "cancel blocking reads" so an
in-flight seek can fail immediately when a newer seek request arrives.
:heading() now matches based on a computed heading level, which is based
on the level of the tag (h1, h2, etc) and then modified by these two new
attributes.
I'm caching this heading level on HTMLHeadingElement, based on the dom
tree version. That's more invalidation than is actually needed, but it
saves us calculating it over and over when the document hasn't changed.
The failing test cases are:
- Implicit headingreset for modal dialogs which is apparently unspecced
and controversial.
- Not walking the flat tree properly. A flat tree ancestor of a
slot-assigned element is its slot, which is something we don't do
anywhere that I could find. I've made a note to look into this later.
We also don't implement the `ReflectRange` IDL attribute yet, which
means we're not clamping the read value of `headingOffset`.
Corresponds to:
e774e8e318
Previously, the `preload`, `preconnect` and `dns-prefetch` keywords
took precedence over the others. When these keywords were present
the default fetch processing steps would not occur even when a relevant
keyword such as `stylesheet` or `icon` was present.
Introduce the HTMLSelectedContentElement and integrate it into
<select>, <option> and HTMLParser.
See whatwg/html#10548.
There are two bugs with WPT tests which causes the third subtest
in selectedcontent.html and selectedcontent-mutations.html fail.
See whatwg/html#11882, web-platform-tests/wpt#55849.
- Rename HTMLOptionElement's `owner_select_element()` to
`nearest_select_element()` to better match spec terminology.
- Update HTMLSelectElement's option list related algorithms.
This change is part of the customizable <select> spec work.
See whatwg/html#10548.
Previously, validation_message() always returned a hardcoded "Invalid
form" string, now it correctly returns the custom validity error
message when the element is suffering from a custom error.
Other validation errors still return the "Invalid form" message.
