Migrates all but one `CanGc::note()` to `cx`. The
last one requires `invoke_script_environment_preparer` to have a safe
hook in mozjs.
Part of #40600
Testing: It compiles
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
script: Add navigation and traversal task source
Testing: This shouldn't be something that's observable through tests, so
a successful build is enough to verify the change.
Fixes: #43497
---------
Signed-off-by: Jayanta Pradhan <pradhanjayanta91@gmail.com>
I've also refactored the relevant function a bit, because it was
unnecessarily nested and inside a huge `unsafe` block.
Testing: Regressions are covered by existing tests, but we can't test
for the presence of `log::error!` statements
Fixes (the most relevant) part of
https://github.com/servo/servo/issues/26667
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
For the longest time we've had a `dispatch_event` boolean flag in our
error reporting code that determines whether or not to fire an `error`
event. It was only set to `false` in the event handler code due to a
double borrow that would occur otherwise. It seems that this is no
longer a problem, so we can remove the flag and correctly fire the event
in that case too.
Testing: A new test starts to pass and
`html/webappapis/scripting/processing-model-2/runtime-error-in-body-onerror.html`
does not crash
Fixes: https://github.com/servo/servo/issues/13152
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This patch removes `js_*` preferences that are not currently wired up to
the SM engine. The `js_mem_gc_allocation_threshold_factor` was being
used previously but got that usage was commented out in #28092, so the
dead code is removed.
The `dom_worklet_blockingsleep` preference is also renamed to
`dom_worklet_blockingsleep_enabled` to match the declared name in
`PaintWorkletGlobalScope.idl` which also matches the naming convention
of the other the boolean preferences.
Finally, the `network_mime_sniff` is also unused and remmoved in this
patch.
Testing: Should be covered by existing tests.
Fixes: #42868
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
I only wanted to get `&mut JSContext` in microtask chunk and checkpoint,
but this in turn needed `&mut JSContext` in servoparser, which then
caused need for even more changes in script.
I tried to limit the size by putting some `temp_cx` in:
- drops of `LoadBlocker`, `GenericAutoEntryScript`
- methods of `VirtualMethods`
- methods of `FetchResponseListener`
Testing: Just refactor, but should be covered by WPT tests.
Part of #40600
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
This changes makes it so that tracing accesses the `ScriptThread` via a
weak reference set on the `Runtime` rather than thread local storage.
The idea is to use TLS less and less as time goes on. This is done by
creating a new data structure that holds all the data that is necessary
for SpiderMonkey callbacks in the `ScriptThread`.
Testing: This should not change behavior in a way that is observable
via testing.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Continuation of https://github.com/servo/servo/pull/42135, switch
Error::Type and Error::Range to also use CStrings internally, as they
are converted to CString for throwing JS exceptions (other get thrown as
DomException object, which uses rust string internally).
Changes in script crate are mechanical.
Testing: Should be covered by WPT tests.
Part of #42126
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
While working on #42138 I found out that import attributes are an opt-in
feature, which can be enabled by `ContextOptionsRef`'s
`compileOptions_`.
This is likely the reason why `GetRequestedModuleSpecifier` wouldn't
fail.
Now we catch any `GetRequestedModuleSpecifier` exception and pass it to
`load_state`.
Testing: Covered by existing tests
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
1. removed `ScriptThread::get_safe_cx` in favor of `Runtime::cx` (this
intentionally shadows
[RustRuntime::cx](https://doc.servo.org/mozjs/rust/struct.Runtime.html#method.cx),
which is not really safe with all other stuff that happen in servo).
2. passed down cx from `ScriptThread::new` to accommodate those changes
(we also need to pass cx for some other stuff).
3. we create JSContext in workers/worklets, so we can pass all the way
down to
6ccc47f4c9/components/script/dom/workers/workerglobalscope.rs (L1013)
(so we can get &mut JSContext in tasks).
So with this PR, we prepared all entry points of JSContext (or other
should actually be reentering via SM callback or passed down from the
root one in the thread).
Testing: No changes just safety, but it should be covered by WPT
Part of #40600
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Fixes the following warning:
```
warning[E0133]: call to unsafe function `js::jsapi::SetGCZeal` is unsafe and requires unsafe block
--> components/script/script_runtime.rs:1144:5
|
1144 | SetGCZeal(cx, level, frequency);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function
|
= note: for more information, see <https://doc.rust-lang.org/edition-guide/rust-2024/unsafe-op-in-unsafe-fn.html>
= note: consult the function's documentation for information on how to avoid undefined behavior
note: an unsafe function restricts its caller, but its body is safe by default
--> components/script/script_runtime.rs:1132:1
|
1132 | unsafe fn set_gc_zeal_options(cx: *mut RawJSContext) {
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
= note: `#[warn(unsafe_op_in_unsafe_fn)]` (part of `#[warn(rust_2024_compatibility)]`) on by default
```
Testing: Build-time only.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Instead of using a task source for SpiderMonkey runtime callbacks, use a
`ScriptEventLoopSender`. Task sources are associated with a particular
Pipeline, but the runtime callback is run indepenently of any particular
Pipeline and could theoretically happen when no Pipeline exists at all.
This reduces the dependency of the `ScriptThread` on the existence of
the first Pipeline.
Testing: This should not change observable behavior, so is covered by
existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
The thing that this message does is to spawn a pipeline in a
`ScriptThread`. I believe that the `AttachLayout` name is a relic of a
different time. The corresponding procedure in the `Constellation` is
already called `Pipeline::spawn`.
Testing: This is just a rename, so existing tests should cover this
change.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This is another step on the way toward enabling the default set
of rustc compiler warnings for `script`. This also renames two
functions according to Rust snake case guidelines.
Testing: This should not change behavior and is thus covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
The current implementation would transfer the script string to `mozjs`
without telling `mozjs` that the string is UTF-8 encoded, causing
problems when the script carries Chinese characters. This PR fixes this
by using a correct API `mozjs::jsapi::JS_NewStringCopyUTF8N`. Also
changed `TrustedXxx::data()` to return a `&DOMString` to reduce one
unnecessary cloning when transferring script string to `mozjs`
Testing: Manual testing. Would like to ask for community ideas on
introducing new test covering this
---------
Signed-off-by: minghuaw <michael.wu1107@gmail.com>
This allows measuring the size of these types conditionally rather than
ignoring them.
Testing: This modifies which things are measured by `MallocSizeOf` which
isn't covered by tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This aligns the implementation with the spec, where both input body and
init body are now set. In doing so, it fixes a fetch abort test, since
the stream was missing for the input body.
It also introduces the `unusable` method, as that's the one the spec
uses. The other two getters no longer exist in the spec.
Fixes#39448
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
It is possible to pass in objects that are not trusted scripts into the
Function constructor. Rather than crashing, we now treat these as
untrusted. `can_compile_string_with_trusted_type` doesn't need to know
the contents of a string, as it always marks it as untrusted.
We can make the same optimization in the string case, where we no longer
need to convert the string.
Testing: This change adds a WPT crash test.
Fixes#39436
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Also bumps mozjs to the latest version that has support for
`GStackVector` which is what this callback uses.
Part of #36258Fixes#38877
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This shows up sometimes in code reviews, so it makes sense that tidy
enforces it. `rustfmt` supports this via comment normalization, but it
does many other things and is still an unstable feature (with bugs).
Testing: There are new tidy tests for this change.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
It implements the new codeForEvalGets callback to retrieve the
value for a trusted script object. Additionally, it implements
the new logic in can-compile-strings to call the policy
factory if required.
Note that parameter and argument checks aren't implemented yet,
as they require updates to binding generation (see TODO in
script_runtime).
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
currently our devtools impl creates source actors in script, when
executing scripts in HTMLScriptElement or DedicatedWorkerGlobalScope.
this approach is cumbersome, and it means that many pathways to running
scripts are missed, such as imported ES modules.
with the [SpiderMonkey Debugger
API](https://firefox-source-docs.mozilla.org/js/Debugger/), we can pick
up all of the scripts and all of their sources without any extra code,
as long as we tell it about every global we create (#38333, #38551).
this patch adds a [Debugger#onNewScript()
hook](https://firefox-source-docs.mozilla.org/js/Debugger/Debugger.html#onnewscript-script-global)
to the debugger script, which calls
DebuggerGlobalScope#notifyNewSource() to notify our script system when a
new script runs. if the source is relevant to the file tree in the
Sources tab, script tells devtools to create a source actor.
Testing: adds several new automated devtools tests
Fixes: part of #36027
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
- [Dispatch Event](https://dom.spec.whatwg.org/#concept-event-dispatch)
should return a Boolean. This function is used frequently in spec and
the change makes things easier to follow.
- Remove `enum EventStatus` and related functions.
- Update some dead spec link.
- Update some steps.
This is intended as cleanup before working on #38435 and reduces binary
size by 488KB in Release profile.
Testing: No behaviour change.
---------
Signed-off-by: Euclid Ye <euclid.ye@huawei.com>
in the devtools protocol, [source
forms](https://firefox-source-docs.mozilla.org/devtools/backend/protocol.html#loading-script-sources)
announced in `resources-available-array` messages can include the
`introductionType`, which more or less mirrors the field of the same
name in SpiderMonkey’s CompileOptions.
this patch exposes `introductionType` accordingly, allowing us to check
for the correct values in automated tests.
Testing: new coverage in devtools tests
Fixes: part of #36027
---------
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
to use the [SpiderMonkey Debugger
API](https://firefox-source-docs.mozilla.org/js/Debugger/) as the single
source of truth about scripts and their sources for devtools purposes
(servo/servo#38334), the debugger script needs to be able to distinguish
inline scripts from other scripts, because inline scripts are a special
case where the source contents need to come from the Servo parser.
the mechanism for this is
[Debugger.Script.prototype.**introductionType**](https://firefox-source-docs.mozilla.org/js/Debugger/Debugger.Source.html#introductiontype),
which is `inlineScript` for inline scripts or a variety of other values
for other kinds of scripts, but only the embedder can provide this
information.
this patch bumps mozjs to servo/mozjs#603, which expands on
CompileOptionsWrapper, making it a safe wrapper around CompileOptions.
to construct one from safe code, use Runtime::new_compile_options().
then you can call `set_introduction_type(&'static CStr)` on the new
instance. we also make Runtime::evaluate_script() take a
CompileOptionsWrapper from the caller, instead of constructing one
internally.
in this patch, we set the introductionType to `c"inlineScript"` when
calling run_a_classic_script() and compile_module_script() for inline
scripts, and leave it unset all other cases.
Testing: will undergo automated tests in #38334
Fixes: part of #36027, part of servo/servo#38378
---------
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
With Rust 1.85 it is possible to const initialize Hashmaps if the hash
algorithm does not rely on a random seed.
Testing: No functional changes, covered by existing tests
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
This refactoring moves various CSP-related methods away from GlobalScope
and Document into a dedicated entrypoint. It also reduces the amount of
imports of the CSP crate, so that types are consolidated into this one
entrypoint. That way, we control how CSP code interacts with the script
crate.
For reviewing purposes, I split up the refactoring into separate
distinct commits that all move 1 method(group) into the new file.
Testing: no change in behavior, only a build improvement + code cleanup
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Adds indexeddb support to servo. At the moment heed is being used as the
backend, although this can be swapped out by implementing `KvsEngine`.
This PR adds a thread + a thread pool for Indexeddb related operations.
Also `database_access_task_source` is added for Indexeddb related
operations.
This is a partial rewrite of #25214. (Reopened due to branching issue)
Fixes#6963
---------
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Rasmus Viitanen <rasviitanen@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.
Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).
Fixes#36806
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This turned out to be a full rabbit hole. The new header
is parsed in the new `parse_csp_list_from_metadata` which
sets `disposition` to `report.
I was testing this with
`script-src-report-only-policy-works-with-external-hash-policy.html`
which was blocking the script incorrectly. Turns out that there
were multiple bugs in the CSP library, as well as a missing
check in `fetch` to report violations.
Additionally, in several locations we were manually reporting csp
violations, instead of the new `global.report_csp_violations`. As
a result of that, they would double report, since the report-only
header would be appended as a policy and now would report twice.
Now, all callsides use `global.report_csp_violations`. As a nice
side-effect, I added the code to set source file information,
since that was already present for the `eval` check, but nowhere
else.
Part of #36437
Requires servo/rust-content-security-policy#5
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
