This moves Servo closer to the focus parts of the HTML specification.
The behavior should be the same as before, but now the code in `script`
matches the structure of the specification.
The main goal is to set us up for:
- Firing focus events in the right order on nested documents
- A proper implementation of the unfocusing steps.
Testing: This should not change behavior so is covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@fastmail.fm>
Co-authored-by: Martin Robinson <mrobinson@fastmail.fm>
This PR makes minor cleanup in the media crates:
- Switch dependencies to workspace dependencies if they are already
included in the main Cargo.toml
- Switch from crate serde_derive to serde with feature flag derive.
- Switch from the separate crate for OnceCell to the std provided
LazyLock.
- Update num_complex
Testing: The only functional changes are either slight version bumps,
the replacement to LazyLock which is conservative and the num_complex
update which also shouldn't have any behavior changes.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Implement sanitizer configuration validation algorithm, and complete the
"set a configuration" algorithm.
The steps related to processing instructions are marked as TODO. Support
for process instructions was recently added to the specification, and we
will implement it later when tests are ready.
Specification:
- https://wicg.github.io/sanitizer-api/#sanitizerconfig-valid
- https://wicg.github.io/sanitizer-api/#sanitizer-set-a-configuration
Testing: Covered by WPT tests in
`sanitizer-api/sanitizer-config.tentative.html`
Fixes: Part of #43948
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
This should make #44415, #44418, #44419
work in one PR without conflict in the future.
Testing: Will be tested in CI in future rounds of update.
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
As titled.
Testing: Manually tested with multiple real websites with viewbox in
svg.
It looked terrible before, but now looking good!
New passing in WPT.
Partially addresses: #38985
---------
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
By touching the crypto provider, we can force it to gather entropy.
On my linux VM, that moved ~60ms off the critical path (using aws-lc-rs,
but probably any other crypto provider would show similar behavior).
On my Linux workstation it was around ~30ms.
On Linux caching the rustls platform verifier cache optimizes another
50ms. On other platforms this will be cheaper, since
only on some systems all certificates are read. It might make sense to
explore
caching the whole tlsconfig (for websockets), since it looks like we are
just cloning
the same components and then constructing a new tlsconfig, which would
lead to
the same effective component. But that needs more investigation.
Testing: Doesn't change any visible behavior, covered by existing tests.
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Instead of readily adding a strut for text carets when processing a line
break, wait until a line is finished. This allows placing a strut on the
final line. In addition to fixing #41338 this will also make it possible
to handle line breaks as a separate kind of text run item so that we can
preserve shaping results between layouts.
In addition, some changes are made in script to ensure that these
placeholders
are never placed for non-textual input elements.
Testing: This change adds a Servo-specific WPT test. Caret rendering
isn't specified.
Fixes: #41338
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Bumps [bpaf](https://github.com/pacak/bpaf) from 0.9.24 to 0.9.25.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pacak/bpaf/blob/master/Changelog.md">bpaf's
changelog</a>.</em></p>
<blockquote>
<h2>bpaf [0.9.25] - 2026-04-15</h2>
<ul>
<li>Change rendering of an adjacent block in Markdown - this is no
longer a <code>###</code>
but a regular line item instead. Header messes up with generated
navigation on
some pages</li>
<li><code>app_name</code> - parser that extracts the executable
name</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/pacak/bpaf/commits/v0.9.25">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [glslopt](https://github.com/jamienicol/glslopt-rs) from 0.1.12 to
0.1.13.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/jamienicol/glslopt-rs/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This is a minor adjustment from #44276 that makes the way characters are
iterated easier to read.
Testing: This should not change behavior so should be covered by
existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
With these changes, we now fail the minimum set of tests. That is to
say: we don't fail any test that no other browser fails. All test
failures therefore match at least 1 other browser.
The one exception is the updated test expectation. That's because all
browsers fail this test in the exact same way, hence updating the
expectation. We fail it, since I don't know how browsers reach to that
point. I think it's related to traversal of the contained children and
the order that they are traversed in. Unfortunately my attempts at
fixing that have not been fruitful, so leaving that one for now.
Part of #25005
Testing: WPT
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Co-authored-by: Martin Robinson <martin@abandonedwig.info>
ResourceFetchTimings are set throughout the methods in http_loader.rs.
These methods are already very complicated, so having multiple times
`context.timings.lock().set_attribute()` can be quite distracting to
understanding.
This introduces ResourceFetchTimingsContainer structure which has the
lock inside and allows setting multiple attributes to clean up the code
in http_loader.
Testing: This is a refactor and does not change functionality.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Always pass `ownPropertiesLength` to devtools
Testing: All tests are passing
Fixes: part of #39858
Signed-off-by: atbrakhi <atbrakhi@igalia.com>
Co-authored-by: eri <eri@igalia.com>
Add the Storage Standard WebIDL for NavigatorStorage and StorageManager,
wire navigator.storage on Window and Worker, and implement persisted(),
persist(), and estimate().
Testing: covered by WP test.
part of #39100fixes#39101
---------
Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com>
Bumps orbclient from 0.3.51 to 0.3.53.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [atomic_refcell](https://github.com/mozilla/atomic_refcell) from
0.1.13 to 0.1.14.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/mozilla/atomic_refcell/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The tex-3d-size-limit.html test verifies that TexImage3D errors out with
gl.INVALID_VALUE if the width / height / depth parameters are greater
than gl.MAX_3D_TEXTURE_SIZE / 2 ** level, in accordance with the mipmap
levels definition.
This patch adds this checks, and fixes a s/depth/level/ typo, and should
stabilize tex-3d-size-limit.html: all its sub-tests will succeed until
the first call to (not implemented) TexSubImage3D, that will end the
test.
It's still possible for the test to fail on environments where
gl.MAX_3D_TEXTURE_SIZE is not 8192 (because the numbering of tests will
be different), and this will have to be until we make all sub-tests
pass, i.e. TexSubImage3D is implemented.
Testing: A bunch of expected failures are removed.
Fixes: https://github.com/servo/servo/issues/44280
Signed-off-by: Simon Martin <simon@nasilyan.com>
Switch the remaining `SafeJSContext` usages to `&mut JSContext` inside
script_module.rs
Testing: It compiles.
Part of #40600
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Several times, we first need to capture the relevant nodes, perform a
step and then iterate over the nodes. Previously, we would iterate over
it, but the iterator could have moved, hence we would jump over some
nodes.
Instead, capture these beforehand and then iterate over them.
Also fixes the issue where text-decoration wasn't properly checked,
since its a shorthand for 3 longhands. And a PropertyDeclarationBlock
only has longhands.
The two regressions are for tests that now generate the correct HTML,
but their ranges are incorrectly moved from the `a` to the `b`. I went
through the relevant algorithms and didn't spot the mistake. To keep on
making babysteps towards a full implementation, I will tackle these in a
follow-up. These algorithms are already difficult enough to reason
about.
Part of #25005
Testing: WPT
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This replaces dead firefox-source-docs.mozilla.org links in debugger.js
Testing: Not relevant for comments
Fixes: No issue
Signed-off-by: Freya Arbjerg <git@arbjerg.dev>
Helps with: https://github.com/servo/servo/issues/38776. Reduces total
Servo crate count by 7 (977 -> 970).
This PR simply:
- Disables the `server` feature in the `webdriver` crate
- Vendors the implementation of the server from the `webdriver` crate
- Updates dependencies + fixes code to work with new versions
Unfortunately `webdriver` depends on `http` even with the `server`
feature disabled, so we still end up with duplicate versions of `http`.
But at least the duplicate `hyper` is eliminated. Future work could
change the implementation to e.g. move away from `warp` or similar.
Testing: WPT tests use webdriver, so this should be exercised heavily by
those tests.
---------
Signed-off-by: Nico Burns <nico@nicoburns.com>
This brings up to date with the specification for declarative shadow
roots: https://github.com/whatwg/html/pull/12267.
The `shadowrootslotassignment` attribute on `<template>` elements
specifies the slot assignment mode used by the declarative shadow root
created by the template.
Testing: New tests start to pass
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Since 5634eab8cc, tex-3d-size-limit.html is not crashing anymore, and
even though I updated the test expectations and the test is consistently
passing locally at that commit, it's now failing some tests that should
have failed since the beginning (since there's no associated check in
the code).
I'm not sure why things seem to work with the previous test expectations
update and will follow-up, but in the meanwhile let's update them.
With this, things seem to be pretty good:
```
$ ./mach test-wpt --dev tests/wpt/webgl/tests/conformance2/textures/misc/tex-3d-size-limit.html --repeat 1000 [...]
web-platform-test
~~~~~~~~~~~~~~~~~
Ran 92000 checks (91000 subtests, 1000 tests)
Expected results: 92000
Unexpected results: 0
OK
```
Testing: Test seems to pass consistently with the updated expectations.
Fixes: https://github.com/servo/servo/issues/44280
Signed-off-by: Simon Martin <simon@nasilyan.com>
Our choice is to either override the user's locale or updated the
expected result to depend on the locale. Updating the expectation seemed
easier.
Testing: Unit tests pass locally, but CI runs with the en-US locale so
there's no observable difference.
Fixes: #43069
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Automated downstream sync of changes from upstream as of 19-04-2026
[no-wpt-sync]
Signed-off-by: WPT Sync Bot <ghbot+wpt-sync@servo.org>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
These dates were chosen 10 years ago, which I'm sure felt like a
reasonably far-future date for a very young web engine. Surprise! We're
still here, so we can be more bold this time.
Testing: Unit tests stop failing.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Use the full IP address as the cookie storage bucket key instead of
passing IP hosts through the public suffix registrable-domain helper.
This prevents unrelated IP hosts that share suffix-like address segments
from sharing a per-host eviction bucket.
Testing: Added `test_ip_cookie_bucket_collision_eviction`; ran `cargo
test -p servo-net --test main test_ip_cookie_bucket_collision_eviction
--locked`.
Fixes: #44097
---------
Signed-off-by: Asish Kumar <officialasishkumar@gmail.com>
This makes further steps to generate the correct HTML. Some tests now
have more appropriate HTML, but are not fully passing yet as they
require more fixes. I also missed the fact that there is actually an
algorithm to set the tag name, which I thought didn't exist. Therefore,
also correctly implement that.
Part of #25005
Testing: WPT
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Previously, when the `Document` element was removed, no further display
list updates would be sent to paint. This change makes it so that when
the `Document` element is removed a single new empty display list is
sent.
Testing: This change adds a new WPT test .
Fixes: #44101
---------
Signed-off-by: Rover track <rishan.pgowda@gmail.com>
Drop the `ModuleOwner` logic in favour of closures passed down by the
script fetching initiator.
When processing inline module scripts a task in now queued on the
networking task source. Since `Rc<ModuleTree>` is not `Send`, a `result`
field is now introduced to `HTMLScriptElement`, which is initialized
before queueing the task.
This slightly improves `inline-async-inserted-execorder.html`, which now
fails at the fourth assertion instead of stopping at the second one (the
inline module script with no dependencies still resolves after the one
that has a parse error).
Testing: Covered by existing tests.
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Previously absolutely positioned direct children of a CSS Grid had their
position (relative to their parent) hardcoded to (0, 0). This PR changes
that to correctly propagate the position computed by Taffy.
Testing: WPT tests.
---------
Signed-off-by: Nico Burns <nico@nicoburns.com>
This introduces a mechanism that let script threads register and
unregister themselves from receiving messages from the constellation.
This is useful when only globals with event listeners or callbacks will
process some message types.
The first migrated API is the webstorage 'storage' event. This patch
ensures that we only send IPC to same origin globals that have an event
handler set.
While we use it for an event here, this is also usable for DOM callbacks
such as the ones used in the Geolocation API.
Testing: optimization with no tests regression:
https://github.com/webbeef/servo/actions/runs/22880845745
---------
Signed-off-by: webbeef <me@webbeef.org>
I wanted to follow up to #43987, but don't know how to proceed
meaningfully :(
- Reduce visibility
- Add TODO for `Response::url`. This should be removed and determined by
`url_list` instead.
- Fix some spec link
Testing: Nothing should change as no code change.
---------
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
Instead of walking the entire fragment tree to find nodes for which
animations and image animations need to be cancelled, this change moves
that logic to `script`. Now, for each animating node the animation
managers will explicitly ask `layout` if the node is being rendered (or
delegating rendering in the case of CSS animations and transitions).
The main goal here is a performance improvement, elimating roughly 1% of
layout time from the profiler when running the
`flexbox-deeply-nested-column-flow.html` test case. This will almost
certainly be an even better improvement on more complex pages as we are
no longer doing things once per fragment tree entry, but once per
animating node.
There is also a subtle behavior improvement here. Before nodes with
`display: contents` had their animations canceled, but now they are not.
For instance, this test case now works properly:
```html
<!DOCTYPE html>
<style>
@keyframes anim {
from { color: cyan }
to { color: magenta }
}
div {
display: contents;
animation: anim 1s infinite alternate linear;
}
</style>
```
The new layout query will additionally be useful for other parts of
script that need to answer the same "being rendered" or "delegates
rendering to children" question.
Testing: This change adds a new test and gets one more subtest passing.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This removes some complains that clippy will have in 1.95.
As this is mostly just match guards, it doesn't update MSRV.
Testing: This is equivalent exchanges, so current WPT would find
anything.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
