Switch the remaining `SafeJSContext` usages to `&mut JSContext` inside
script_module.rs
Testing: It compiles.
Part of #40600
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Drop the `ModuleOwner` logic in favour of closures passed down by the
script fetching initiator.
When processing inline module scripts a task in now queued on the
networking task source. Since `Rc<ModuleTree>` is not `Send`, a `result`
field is now introduced to `HTMLScriptElement`, which is initialized
before queueing the task.
This slightly improves `inline-async-inserted-execorder.html`, which now
fails at the fourth assertion instead of stopping at the second one (the
inline module script with no dependencies still resolves after the one
that has a parse error).
Testing: Covered by existing tests.
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Removed ```introduction_type_override``` field from
```HTMLScriptElement``` & passed the new variable to
```fetch_inline_module_script```
Testing: No testing required, compiles successfully.
Fixes: #43980
Signed-off-by: Sabb <sarafaabbas@gmail.com>
Implement render-blocking option for script fetch and load events
## Testing:
### Test summary on main branch
```bash
▶ OK [expected CRASH] /html/semantics/scripting-1/the-script-element/moving-between-documents/move-back-createHTMLDocument-success-external-module.html
Ran 470 tests finished in 217.9 seconds.
• 453 ran as expected.
• 4 tests crashed unexpectedly
• 1 tests timed out unexpectedly
• 11 tests unexpectedly okay
• 2 tests had unexpected subtest results
/home/elomscansio/.local/share/uv/python/cpython-3.11.15-linux-x86_64-gnu/lib/python3.11/multiprocessing/resource_tracker.py:254: UserWarning: resource_tracker: There appear to be 3 leaked semaphore objects to clean up at shutdown
warnings.warn('resource_tracker: There appear to be %d '
```
### Test summary for this commits
```bash
Ran 470 tests finished in 488.0 seconds.
• 397 ran as expected.
• 15 tests crashed unexpectedly
• 27 tests timed out unexpectedly
• 11 tests unexpectedly okay
• 28 tests had unexpected subtest results
```
Fixes: #43697Fixes: #43354
---------
Signed-off-by: Emmanuel Paul Elom <elomemmanuel007@gmail.com>
Signed-off-by: elomscansio <163124154+elomscansio@users.noreply.github.com>
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Co-authored-by: Gae24 <96017547+Gae24@users.noreply.github.com>
A lot (and I mean, really a lot) depends on these constructors.
Therefore, this is the one spaghetti ball that I could extract and
convert all `can_gc` to `cx`. There are some new introductions of
`temp_cx` in the callbacks of the servo parser, but we already had some
in other callbacks.
Part of #40600
Testing: It compiles
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Follow up of #43526. This addresses Nico's comment:
https://github.com/servo/servo/pull/43526#issuecomment-4104953308
- `bluetooth_traits` -> `servo_bluetooth_traits`
- `base` -> `servo_base`
- `bluetooth` -> `servo_bluetooth`
- `background_hang_monitor` -> `servo_background_hang_monitor`
Testing: This should not change any behaviour.
---------
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
This is follow-up of #41459.
We replace some of these:
```rust
let mut cx = unsafe { script_bindings::script_runtime::temp_cx() };
```
..by passing a `cx: &mut JSContext` instead.
---
Testing: existing WPT tests
Fixes: #43453
Signed-off-by: pylbrecht <pylbrecht@mailbox.org>
Remove `referrer` field from `ScriptFetchOptions` and pass it directly
to `script_fetch_request`.
This keeps ScriptFetchOptions aligned with the HTML
fixes#42875
---------
Signed-off-by: Kelechi Ebiri <ebiritg@gmail.com>
This is no longer present in the spec. Instead, the
`process_request_body` is the new way. These two
methods were called right after each other and there was only 1
implementation in `htmlvideoelement`. That implementation is now moved
to `process_request_body` and hence we can remove the unnecessary
method.
Testing: It compiles
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Pass `&mut JSContext` to `HTMLScriptElement::execute`, propagate it
inside `global_scope_script_execution.rs` and then switch to wrappers2
bindings.
Testing: A successful build is enough.
Part of #40600
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
While we now pass a lot of worker tests, we still fail a bunch:
```
% fd '^worker-.*.html.ini'
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html.ini
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html.ini
tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html.ini
tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html.ini
tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html.ini
tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html.ini
tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html.ini
tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html.ini
tests/wpt/meta/content-security-policy/script-src/worker-data-set-timeout.sub.html.ini
tests/wpt/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini
tests/wpt/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini
tests/wpt/meta/fetch/metadata/generated/worker-dedicated-constructor.sub.html.ini
tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html.ini
tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.sub.html.ini
tests/wpt/meta/mixed-content/gen/top.http-rp/opt-in/worker-import-data.https.html.ini
tests/wpt/meta/mixed-content/gen/top.http-rp/opt-in/worker-import.https.html.ini
tests/wpt/meta/referrer-policy/generic/subresource-test/worker-messaging.html.ini
tests/wpt/meta/service-workers/service-worker/worker-client-id.https.html.ini
tests/wpt/meta/service-workers/service-worker/worker-in-sandboxed-iframe-by-csp-fetch-event.https.html.ini
tests/wpt/meta/service-workers/service-worker/worker-interception-redirect.https.html.ini
tests/wpt/meta/service-workers/service-worker/worker-interception.https.html.ini
tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic.http-rp/upgrade/worker-classic.https.html.ini
tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic.http-rp/upgrade/worker-module.https.html.ini
tests/wpt/meta/upgrade-insecure-requests/gen/worker-module.http-rp/upgrade/worker-classic.https.html.ini
tests/wpt/meta/upgrade-insecure-requests/gen/worker-module.http-rp/upgrade/worker-module.https.html.ini
tests/wpt/meta/wasm/webapi/esm-integration/worker-import-source-phase.tentative.html.ini
tests/wpt/meta/wasm/webapi/esm-integration/worker-import.tentative.html.ini
tests/wpt/meta/workers/Worker-creation-happens-in-parallel.https.html.ini
tests/wpt/meta/workers/Worker-postMessage-happens-in-parallel.https.html.ini
tests/wpt/meta/workers/Worker-terminate-forever-during-evaluation.html.ini
tests/wpt/meta/workers/worker-request-animation-frame.html.ini
```
Also, we are passing `Option<PolicyContainer>` down the call stack
through `LoadState`, which is more of a workaround. However, since
maintaining this long-lived branch is becoming a bit painful (merge
conflicts) and I was starting to lose momentum because of that, I would
like get this merged rather sooner than later.
We will address the failing tests and find the right place for
`PolicyContainer` in follow-ups, including the added
`#[allow(clippy::too_many_arguments)]`.
# See also
* https://html.spec.whatwg.org/multipage/#worker-processing-model
*
https://html.spec.whatwg.org/multipage/#fetch-a-module-worker-script-tree
---
Fixes: #23308
Testing: WPT tests
Signed-off-by: pylbrecht <pylbrecht@mailbox.org>
Co-authored-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Add the cx parameter to `fn process_response` in the
`FetchResponseListener` trait and the traits that that interface change
requires. Chose to add it as the first parameter, following the same
order that `FetchResponseListener::process_response_eof` uses.
Testing: Checked that servo builds locally as well as `./mach fmt` and
`./mach test-tidy`. I don't think more tests are needed as we are not
introducing new functionality
Fixes: #42840
---------
Signed-off-by: Javier Olaechea <pirata@gmail.com>
It pushes the `temp_cx` 1 level up to `element.rs` where the calling
chain begins. Other than that this was purely a mechanical change where
I used regexes to replace all patterns with the new ones.
Part of #42812
Testing: It compiles
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Add support to modulepreload link elements. Currently we only fetch the
root module, as I think it is needs to be discussed whether we should
always fetch module dependencies, or if it should be limited due to
network constraints.
Inside `bind_to_tree` I ended up calling
`fetch_and_process_modulepreload` inside a delayed task, since it would
cause a crash due to DOM not being in a stable state when firing an
event (queueing the event seems to also do the trick).
Remaining tests failures are due to not supporting CSS modules and
performance entries's `transfer_size` being 0.
Testing: Covered by existing tests
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
fixes#43280
This PR in lines the dispatch_load_event and dispatch_error_event
wrappers directly into their call sites and removes the unused function
definitions
Signed-off-by: SharanRP <z8903830@gmail.com>
Also rename the method and consolidate the sink to be consistent with
both `TrustedHTML` and `TrustedScript`
Part of #42638
Testing: It compiles
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Switch `VirtualMethods::children_changed` and
`VirtualMethods::adopting_steps` to `&mut JSContext`.
Testing: No behaviour change, a successful build is enough.
Part of #40600
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
The spec expects us to check for render blocking (among some other
state) before we start procesing a document. Therefore, add those checks
and also check in the
stylesheet loader that we should only do so when we are allowed to do
so.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Continuation of #43108, two new `temp_cx()` calls were required:
- inside `maybe_clone_an_option_into_selectedcontent` since it's part of
a markup5ever trait
- inside `serialize_and_cache_subtree` replacing a `CanGc::note()` call,
propagating it inside reflow code will require even more effort.
Testing: No behaviour change, a successful build is enough.
Part of #40600
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
- Use modern Rust conveniences such as `unwrap_or_default`
- Unabbreviate `attr`
- Unify the lowercase ASCII name assertion and make it a debug assertion
- Use `unreachable!` instead of panic
- Expose two attribute getters that follow the behavior of two
specification concepts and what we expect internally in Servo:
- One that takes a namespace, but does not require lowercase attribute
names. ([specification
concept](https://dom.spec.whatwg.org/#concept-element-attributes-get-by-namespace>))
- One that does not take a namespace, but does require lowercase
attribute names. ([specification
concept](https://dom.spec.whatwg.org/#concept-element-attributes-get-by-name))
Testing: This should not really change behavior so should be covered by
existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This PR fixes two related issues with Content Security Policy (CSP)
nonce validation for external scripts:
1. Missing nonce validation for external scripts with malformed
attributes
2. Incorrect violation event reporting for blocked external resources
This makes servo closer to passing the `nonce-enforce-blocked` wpt test.
The remaining failures are blocked by required changes in the html
parser.
1. Svg script support (https://github.com/servo/html5ever/issues/118)
```html
<svg xmlns="http://www.w3.org/2000/svg">
<script attribute attribute nonce="abc">
t.unreached_func("Duplicate attribute in SVG, no execution.")();
</script>
</svg>
```
2. Duplicate attrs check
the html parser needs to provide this flag, as mentioned on the original
commit message
(4821bc0ab0)
```html
<script attribute attribute nonce="abc">
t.unreached_func("Duplicate attribute, no execution.")();
</script>
<script attribute attribute=<style nonce="abc">
t.unreached_func("2# Duplicate attribute, no execution.")();
</script>
[...]
<script src="../support/nonce-should-be-blocked.js?5" attribute attribute nonce="abc"></script>
```
I've also created a PR to implement the duplicate attrs flag on
html5ever https://github.com/servo/html5ever/pull/695
Testing: doesn't fixes the aforementioned wpt test yet.
Fixes: part of #36437
---------
Signed-off-by: Dyego Aurélio <dyegoaurelio@gmail.com>
I only wanted to get `&mut JSContext` in microtask chunk and checkpoint,
but this in turn needed `&mut JSContext` in servoparser, which then
caused need for even more changes in script.
I tried to limit the size by putting some `temp_cx` in:
- drops of `LoadBlocker`, `GenericAutoEntryScript`
- methods of `VirtualMethods`
- methods of `FetchResponseListener`
Testing: Just refactor, but should be covered by WPT tests.
Part of #40600
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Unless the feature `preserve_order` is enabled, serde_json will sort the
map's entries in an alphanumerical order.
The specification instead expect the entries to be visited by the order
they are listed, a latter entry should replace a previous one when they
are resolved to the same url.
I've also removed a couple of `CanGc` introduced in #37405, unless I've
missed something there is not code that can trigger a GC.
Testing: A subtest now pass
Part of #37553
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Prerequisite for #40365.
Moving `run_a_module_script()` to `GlobalScope` will allow us to execute
module scripts on `WorkerGlobalScope`.
---
Relates to #23308
Signed-off-by: pylbrecht <pylbrecht@mailbox.org>
`process_response_eof` is the only method that needs cx at least right
now. This PR removes one temp_cx and introduces one, removing that one
will is hard (needs VirtualMethods and a lot of work)
Testing: Just refactor
Part of #40600
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Pass down `&mut JSContext` in `post_connection_steps`
Testing: No functionality change, a successful build is enough
Part of #40600
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
`ImportMap` _integrity_ entry was practically unused, since it is only
needed for [resolving a module integrity
metadata](https://html.spec.whatwg.org/multipage/#resolving-a-module-integrity-metadata).
Now, we correctly initialize `ScriptFetchOptions` when loading a
module's descendants.
I slightly modified `nonimport-integrity.html` test to run
`modulepreload` test cases at the end. Since we haven't an
implementation for it, the test timeout, making the test cases that
comes after them not run.
Testing: More tests start passing
Part of #37553
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Since we use `NetworkError` just for logging reasons, we don't really
need to pass it around; instead lets follow spec more closely and pass a
`None` on network failures.
Make more explicit if a `modulemap` entry is currently fetching or
ready.
Testing: No functional change, covered by existing tests
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Changed the return type of `ModuleObject::handle()` to the original type
of its contained handle by removing `.into()` call, as requested in the
linked issue.
Additional changes are due to temporary borrows now sharing lifetime
with returned handle reference.
Testing: No new tests needed, as the code is functionally the same after
the changes. Verified with running `./mach test-build` and `./mach
test-unit` successfully.
Fixes: https://github.com/servo/servo/issues/42051
Signed-off-by: Krzysztof Biedroń <arkendil@gmail.com>
This better reflects the intention of the code, which is that these
fields are set at most one time.
Testing: No behaviour change expected, so existing tests suffice.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This commit remove more unused code from `script_module`,
`inline_module_map` and `dynamic_modules` fields from `GlobalScope` and
the now unused custom interface `DynamicModuleOwner`.
Testing: No functional change, a successful build is enough.
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Rather than having each callside specifying the relevant
information from the GlobalScope, do this via a trait instead.
This would have saved us quite a bit of test debugging
since we would often forget to set relevant information
from the global context for a request.
Now, in the future when we need additional information from
the globalscope for a request, we only need to update this
method to make that happen.
Previously it would also sometimes use `document`, but
calling the relevant information on either `document` or
`globalscope` doesn't matter, since the `globalscope`
defers to the value from the `document` anyways.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Replace NetworkError::Internal with structured enum variants
- Adds
UnsupportedScheme,CorsViolation,ConnectionFailure,Timeout,RedirectError,InvalidMethod,ResourceError,SecurityBlock,MixedContent,CacheError,InvalidPort,
LocalDirectoryError, variants in NetworkError enum.
- Refactored the usage of NetworkError::Internal(String) to use the
appropriate new variant
Testing: Changes does not require test.
Fixes: https://github.com/servo/servo/issues/36434
---------
Signed-off-by: Uthman Yahaya Baba <uthmanyahayababa@gmail.com>
Signed-off-by: Usman Yahaya Baba <91813795+uthmaniv@users.noreply.github.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Tim van der Lippe <tvanderlippe@gmail.com>
In preparation for adding preload support for all requests, we need to
add relevant client information to all these entrypoints. Additionally,
for links we now also set the referrer correctly and initialize
documents. All of which are required to start loading preload
information when processing requests.
Part of #35035
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Inside `notify_owner_to_finish` we already retrieve the `ModuleTree`
tied to the corresponding `ModuleIdentity`, but we ended up retrieving
it a second time inside of `run_a_module_script` instead of simply
passing it.
Testing: Covered by existing tests, a simple cleanup.
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
