Moves the cleanup logic to a separate helper struct to comply with the
prohibition of manual `Drop` implementations for DOM types.
Testing: WebGL tests just cover its parts
Fixes: Partially #26488
Signed-off-by: Domenico Rizzo <domenico.rizzo@gmail.com>
Remove `referrer` field from `ScriptFetchOptions` and pass it directly
to `script_fetch_request`.
This keeps ScriptFetchOptions aligned with the HTML
fixes#42875
---------
Signed-off-by: Kelechi Ebiri <ebiritg@gmail.com>
Fixes: #43360
This PR makes `<select>` behave like other browsers by only opening the
picker for trusted user clicks, and adds a regression test to ensure
synthetic `.click()/dispatchEvent('click')` won’t open it.
---------
Signed-off-by: SharanRP <z8903830@gmail.com>
The CSP crate was incorrectly using the request URL for both checking if
policies were matching, as well as reporting that URL. However, the CSP
specification uses the current URL to check for policies and the url for
reporting a violation.
Therefore, set the new current_url field for these requests, leaving the
ws scheme URLs as a special case. We also should take redirects into
account for navigations (which is only relevant for forms), but LoadData
currently has no notion of keeping track of that.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Pass `&mut JSContext` to `CustomElementReaction::invoke` and
`upgrade_element` algorithm.
Testing: A successful build is enough
Part of #40600
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Modern Algorithms in WebCrypto API specification was updated to rename
the `length` parameter of the `CShakeParams` dictionary to
`outputLength`. We update our implementation accordingly.
Specification update:
41434899e8
WPT update:
0acea989ac
The final step of the "digest" operation of cSHAKE was also updated to
clarify that it outputs a byte sequence, rather than a bit sequence.
This matches our current implementation. No change in our implementation
is needed. The specification text in our code is updated.
Specification update:
5dd19e3a9f
Testing: Pass updated WPT tests.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
script: Add navigation and traversal task source
Testing: This shouldn't be something that's observable through tests, so
a successful build is enough to verify the change.
Fixes: #43497
---------
Signed-off-by: Jayanta Pradhan <pradhanjayanta91@gmail.com>
Parse form action URLs using the document's encoding-aware URL parser.
Testing: Verified with the WPT form-action tests `./mach test-wpt
tests/wpt/tests/html/semantics/forms/the-form-element`, all relevant
tests passed.
Fixes: #43507
Signed-off-by: SharanRP <z8903830@gmail.com>
This pulls one bit of navigation logic out into a method that is easier
to cross-reference against the spec, and drops a bunch of custom logic
that is better served by the existing LoadOrigin infrastructure.
Testing: Existing WPT coverage is sufficient.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
script: Add longdesc reflection to HTMLIFrameElement and
HTMLFrameElement
Also corrects the reflection for HTMLImageElement to use USVString.
Testing: Covered by WPTs
Signed-off-by: Luke Warlow <lwarlow@igalia.com>
Add a check for a valid key path when create index on idb object store
Testing: `./mach test-wpt
tests/wpt/tests/IndexedDB/keypath_invalid.any.js`
Fixes: #42434
---------
Signed-off-by: Jerens Lensun <jerensslensun@gmail.com>
Our existing `SubtleCrypto::normalize_algorithm` implementation converts
the input dictionary from a JavaScript object to a Rust struct twice.
The first conversion (Step 2 to 4) under WebIDL dictionary `Algorithm`
is for retrieving the `name` property to determine the desired
dictionary type, and the second conversion (Step 9 to 10) is for
retrieving the whole dictionary of desired WebIDL dictionary type.
If the `name` property of the input dictionary is a JavaScript getter
method, the getter will be triggered twice and leads to some undesired
side effects. For example, WPT contains some tests that the `name`
property is a getter method which transfers a buffer source. Triggering
it twice leads to a TypeError of accessing detached buffer at the second
time. Those tests then fail.
5bb4f9f103/tests/wpt/tests/WebCryptoAPI/digest/cshake.tentative.https.any.js (L215-L219)
This patch includes two changes to fix this problem.
First, the algorithm name retrieved in Step 2 to 4 is now passed to
`Op::RegisteredAlgorithm::from_object` in Step 9 to 10 so that we don't
need to read the `name` property and trigger the getter method again.
Second, we no longer use `dictionary_from_jsval` for converting the
dictionary, since it reads the whole dictionary including the `name`
property, triggering the getter method again. Instead, we add some
custom helper functions (`get_optional_parameter`,
`get_required_parameter`, `get_optional_parameter_in_box`,
`get_required_parameter_in_box`, `get_optional_buffer_source`,
`get_required_buffer_source`) to manually read properties other the
`name` property one by one, in a way that matches the specification.
Hence, each property of the input dictionary will only be read once, to
avoid this issue.
Testing: Pass some WPT tests that were expected to fail.
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
## Summary
Fixes#43328
When `OsRng.try_fill_bytes` fails in `crypto.getRandomValues`, the code
previously returned `Error::JSFailed`. This error type asserts that a
JavaScript exception is already pending on the context — but `OsRng` is
a Rust library that never sets a JS exception, causing Servo to panic
with `assertion failed: JS_IsExceptionPending(*cx)`.
This PR replaces `Error::JSFailed` with `Error::Operation`, which throws
a proper `OperationError` DOMException instead of crashing. This is
consistent with how Servo's SubtleCrypto handles the same scenario
(e.g., `ed25519_operation.rs`).
## Testing
Tested by unconditionally taking the error branch (`if true`):
**Before (panic):**
<img width="960" alt="Screenshot From 2026-03-20 23-42-35"
src="https://github.com/user-attachments/assets/f15150ce-aa26-46c9-a381-985e6d850904"
/>
---
**After (fix):**
<img width="960" alt="Screenshot From 2026-03-20 23-43-05"
src="https://github.com/user-attachments/assets/99490b06-aeaa-4dcc-b10a-56336efad87d"
/>
Signed-off-by: rogerkorantenng <rogerkorantenng@gmail.com>
This fixes two assertions observed in Servo using debug mozjs builds:
* `Assertion failure: !IsInsideNursery(obj)` for every promise object
reflected into Rust code
* `Missing calls to JS::RemoveAssociatedMemory` when shutting down the
browser
Testing: Verified locally that WPT tests can run to completion in debug
mozjs builds, but we don't run those on CI.
Fixes: #43486
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
The spec has explicit steps for it, where we were calling a different
algorithm before. This passes more assertions in
`content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html`
but since line numbers aren't correct, the test isn't fully passing yet.
Testing: WPT
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This change implements the `scrollend` event. Since there is no support
for asynchronous / smooth scrolling, with this change all `scroll`
events simply send a `scrollend` event in a way that looks a bit like
what the specification says. Note that there are currently some serious
issues (w3c/csswg-drafts#8396) with specification, so things are still a
bit weird overall.
In addition, this organizes and reduces duplication in some of the
existing scroll event code.
Testing: This causes some WPT tests to start passing or to stop timing
out.
---------
Signed-off-by: abdelrahman1234567 <abdelrahman.hossameldin.awadalla@huawei.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: abdelrahman1234567 <abdelrahman.hossameldin.awadalla@huawei.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
This uses UnrootedSimpleNodeIterator in a couple of places, namely
- delete_cell_or_row
- children_changed
- move_fn
More importantly this implements upcast and downcast for `UnrootedDom`.
These methods work the same as the DomRoot methods except that they
carry the no_gc and, hence,
keep the lifetime.
Testing: WPT tests will see if this breaks something.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This is no longer present in the spec. Instead, the
`process_request_body` is the new way. These two
methods were called right after each other and there was only 1
implementation in `htmlvideoelement`. That implementation is now moved
to `process_request_body` and hence we can remove the unnecessary
method.
Testing: It compiles
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Pass `&mut JSContext` to `HTMLScriptElement::execute`, propagate it
inside `global_scope_script_execution.rs` and then switch to wrappers2
bindings.
Testing: A successful build is enough.
Part of #40600
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
This PR involves cleaning up the unused GlobalScope argument in
UnderlyingSourceContainer::call_pull_algorithm. This PR involves changes
across three files. Only removing the unused GlobalScope and suppressed
reference with underscore prefix.
Testing: This PR involves cleanup of the unused GlobalScope argument in
UnderlyingSourceContainer::call_pull_algorithm. The argument was
suppressed using underscore earlier. Thus it was not involved in any
runtime instances. Thus this PR does not require additional testing. I
was able to successfully build the repo after changes. There is no other
dependency of removed variable, thus no impact outside.
Fixes: #43460
Signed-off-by: Nishant-k-sagar <147799872+Nishant-k-sagar@users.noreply.github.com>
Previously arrays were falling back to Object previewer which was
showing indices as properties- which was not correct. This PR implements
dedicated `ArrayPreviewer` that follows Firefox's `ArrayLike` pattern.
Currently array preview support only length display, it does not
implement showing array items yet.
Now(Correct and follows Firefox pattern, Array items coming in a
follow-up PR):
<img width="510" height="167" alt="image"
src="https://github.com/user-attachments/assets/a51f04d4-333c-4d7c-8159-18121c967670"
/>
Before(We shouldn't see these values- it's incorrect):
<img width="1294" height="721" alt="image"
src="https://github.com/user-attachments/assets/2218a622-c791-4436-958e-1a5553de7864"
/>
Testing: Current tests are passing.
Fixes: Part of #36027
Signed-off-by: atbrakhi <atbrakhi@igalia.com>
This moves some easy elements in Script from IpcChannel and related
methods to GenericChannel and related methods and some callbacks.
Testing: This will be covered by WPT if the channels behave differently.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
The width and height should be guaranteed to be non-negative according
to CSSOM regardless of the writing mode.
Testing: Existing tests.
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
While we now pass a lot of worker tests, we still fail a bunch:
```
% fd '^worker-.*.html.ini'
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html.ini
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html.ini
tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html.ini
tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html.ini
tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html.ini
tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html.ini
tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html.ini
tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html.ini
tests/wpt/meta/content-security-policy/script-src/worker-data-set-timeout.sub.html.ini
tests/wpt/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini
tests/wpt/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini
tests/wpt/meta/fetch/metadata/generated/worker-dedicated-constructor.sub.html.ini
tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html.ini
tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.sub.html.ini
tests/wpt/meta/mixed-content/gen/top.http-rp/opt-in/worker-import-data.https.html.ini
tests/wpt/meta/mixed-content/gen/top.http-rp/opt-in/worker-import.https.html.ini
tests/wpt/meta/referrer-policy/generic/subresource-test/worker-messaging.html.ini
tests/wpt/meta/service-workers/service-worker/worker-client-id.https.html.ini
tests/wpt/meta/service-workers/service-worker/worker-in-sandboxed-iframe-by-csp-fetch-event.https.html.ini
tests/wpt/meta/service-workers/service-worker/worker-interception-redirect.https.html.ini
tests/wpt/meta/service-workers/service-worker/worker-interception.https.html.ini
tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic.http-rp/upgrade/worker-classic.https.html.ini
tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic.http-rp/upgrade/worker-module.https.html.ini
tests/wpt/meta/upgrade-insecure-requests/gen/worker-module.http-rp/upgrade/worker-classic.https.html.ini
tests/wpt/meta/upgrade-insecure-requests/gen/worker-module.http-rp/upgrade/worker-module.https.html.ini
tests/wpt/meta/wasm/webapi/esm-integration/worker-import-source-phase.tentative.html.ini
tests/wpt/meta/wasm/webapi/esm-integration/worker-import.tentative.html.ini
tests/wpt/meta/workers/Worker-creation-happens-in-parallel.https.html.ini
tests/wpt/meta/workers/Worker-postMessage-happens-in-parallel.https.html.ini
tests/wpt/meta/workers/Worker-terminate-forever-during-evaluation.html.ini
tests/wpt/meta/workers/worker-request-animation-frame.html.ini
```
Also, we are passing `Option<PolicyContainer>` down the call stack
through `LoadState`, which is more of a workaround. However, since
maintaining this long-lived branch is becoming a bit painful (merge
conflicts) and I was starting to lose momentum because of that, I would
like get this merged rather sooner than later.
We will address the failing tests and find the right place for
`PolicyContainer` in follow-ups, including the added
`#[allow(clippy::too_many_arguments)]`.
# See also
* https://html.spec.whatwg.org/multipage/#worker-processing-model
*
https://html.spec.whatwg.org/multipage/#fetch-a-module-worker-script-tree
---
Fixes: #23308
Testing: WPT tests
Signed-off-by: pylbrecht <pylbrecht@mailbox.org>
Co-authored-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Instead of always doing the newline fixup on the `<textarea>`
placeholder, only do it when the placeholder attribute itself changes.
This avoids doing string replacements when they are not necessary (such
as when a `<textarea>` switches from having text to only having the
placeholder and viceversa).
In addition make it so that `DOMString::clear` preserves the string
allocation when called.
Testing: This is just a small optimization so testing should not be
necessary. Existing behavior is verified via WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Pass `&mut JsContext` to `TransformStreamDefaultController::enqueue`, in
preparation of porting the remaining BlobMethods.
Testing: Just a refactor, ./mach test-unit still passes.
Fixes: Part of #42638
---------
Signed-off-by: Uiniel <174327181+uiniel@users.noreply.github.com>
On visual viewport scroll, fire the scroll event to the `VisualViewport`
instances. Incidentaly, fix a bug where the pinch zoom update should be
propagated to the script.
Testing: New unit test and manual WPT.
---------
Signed-off-by: Jo Steven Novaryo <steven.novaryo@gmail.com>
Added dedicated worker side handling, followed the same pattern used in
main script handling by wiring worker global scope to
`DebuggerGlobalScope` and invoking `fire_eval`
fixes: Part of #43317
Signed-off-by: SharanRP <z8903830@gmail.com>
On Windows and Linux the control key is expected to move the text caret
by word. In addition, it seems like the alt wasn't working properly on
Linux. This change makes the modifier key for word movement dependent on
the platform.
Testing: This change adds a Servo-specific keyboard motion test.
Keyboard motion events are not specified AFAIK.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This fixes a warning of `cargo publish`:
```
warning: manifest has no description, documentation, homepage or repository
```
Testing: Compiling. Manual testing of `cargo publish --dry-run` (with
some additional patches, and until the next error, shows this warning
has been fixed)
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
in #42336, we added a
[Servo](https://doc.servo.org/servo/struct.Servo.html)-global API for
controlling whether accessibility is active. the idea was that when the
embedder activates accessibility, all webviews and documents activate
accessibility and start sending AccessKit tree updates, and vice versa
when they deactivate.
we found a problem with this approach in #42338. global activation of
accessibility makes it too easy to accidentally cause a panic in
AccessKit, and harder than it needs to be for embedders to learn that
they are responsible for grafting each webview’s subtree into their main
AccessKit tree as soon as accessibility is activated. this is due to an
invariant of the AccessKit subtree API: if a subtree starts sending
updates before the graft node is created, the program panics.
this patch reworks accessibility activation to make it per-webview. by
requiring embedders to explicitly activate accessibility for a webview,
we can communicate the AccessKit invariant via our API docs.
Testing: this patch includes an initial accessibility test in libservo
Fixes: part of #4344, extracted from our work in #42338
---------
Signed-off-by: Alice Boxhall <alice@igalia.com>
Signed-off-by: delan azabani <dazabani@igalia.com>
Co-authored-by: Alice Boxhall <alice@igalia.com>
Add the cx parameter to `fn process_response` in the
`FetchResponseListener` trait and the traits that that interface change
requires. Chose to add it as the first parameter, following the same
order that `FetchResponseListener::process_response_eof` uses.
Testing: Checked that servo builds locally as well as `./mach fmt` and
`./mach test-tidy`. I don't think more tests are needed as we are not
introducing new functionality
Fixes: #42840
---------
Signed-off-by: Javier Olaechea <pirata@gmail.com>
Instead of using ASCII character to process the `accesskey` attribute
use the hardware key code that comes with the platform key event. This
aligns our implementation closer to the spec and allows `accesskey` to
work properly with lowercase letters on Linux machines (where shift is
part of the access key sequence). This might introduce some issues with
non-US keyboards, but those issues are inherent in the specification --
one reason why `accesskey` is not recommended for use.
Testing: A Servo-specific accesskey test is extended to cover this case.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Elements with `visibility: hidden` or `visibility: collapse` could
receive focus via both sequential navigation and the JS `focus()` API,
and already-focused elements did not lose focus when becoming invisible.
Per the CSS Display spec, invisible elements ”are removed from
navigation”, which we can interpret to mean sequential focus navigation.
In practical terms, all popular user agents also prevent elements with
`visibility: hidden` from being focusable via click/the JS API, so this
PR makes servo match that behaviour as well.
Specifically, this adds a visibility check to
`Element::focusable_area_kind()` so that invisible elements are excluded
from all focusable area kinds.
Fixes#41312.
---------
Signed-off-by: Jacob Adam <software@jacobadam.net>
