I only wanted to get `&mut JSContext` in microtask chunk and checkpoint,
but this in turn needed `&mut JSContext` in servoparser, which then
caused need for even more changes in script.
I tried to limit the size by putting some `temp_cx` in:
- drops of `LoadBlocker`, `GenericAutoEntryScript`
- methods of `VirtualMethods`
- methods of `FetchResponseListener`
Testing: Just refactor, but should be covered by WPT tests.
Part of #40600
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
`process_response_eof` is the only method that needs cx at least right
now. This PR removes one temp_cx and introduces one, removing that one
will is hard (needs VirtualMethods and a lot of work)
Testing: Just refactor
Part of #40600
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
We populate the required field for all relevant entrypoints
and set it to `document.base_url` when the url is `about:blank`
or `about:srcdoc`. In all other cases, it uses
`document.about_base_url`.
Testing: WPT
Fixes#41836
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
*Describe the changes that this pull request makes here. This will be
the commit message.*
Move stream file to script/dom/stream
part of https://github.com/servo/servo/issues/38901
Testing: *Describe how this pull request is tested or why it doesn't
require tests*
Fixes: *Link to an issue this pull requests fixes or remove this line if
there is no issue*
---------
Signed-off-by: hyuraku <32809703+hyuraku@users.noreply.github.com>
Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com>
Co-authored-by: Taym Haddadi <haddadi.taym@gmail.com>
Rather than having each callside specifying the relevant
information from the GlobalScope, do this via a trait instead.
This would have saved us quite a bit of test debugging
since we would often forget to set relevant information
from the global context for a request.
Now, in the future when we need additional information from
the globalscope for a request, we only need to update this
method to make that happen.
Previously it would also sometimes use `document`, but
calling the relevant information on either `document` or
`globalscope` doesn't matter, since the `globalscope`
defers to the value from the `document` anyways.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
These keep-alive records live on the `CoreResourceManager` since the vec
of records must be modified by the fetch thread. The script thread
sometimes
requires this information as well, which is why it can send a message to
obtain the total size.
The keep-alive records must be tracked per global. That's why all code
needs
to specify the `pipeline_id`. Requests optionally have this field, which
is why
the code expects it to be present. The relevant information is added to
the
navigator request to ensure it can compute it.
Fixes#41230
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This implements waiting for pending preloads, where the preload request
is still fetching the result when the second "real" request is started.
It is
implemented by storing responses in the `SharedPreloadedResources`
which is communicated via `PreloadId` send to the `CoreResourceManager`.
Part of #35035
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Changed most #[allow]s to #[expect]s, mainly for
clippy::too_many_arguments
Removed unfulfilled expectations
This is my first opensource contribution, so please let me know if
anything should
be done differently.
Testing: Refactor
Part of: #40838
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: TimurBora <timurborisov5561@gmail.com>
Co-authored-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
At the start of the script we create first (and only[^1]) safe
`JSContext`, from where we should pass it down to every code that needs
the cx. This PR brings it all the way down to message handlers. There is
clear separation between functions that use new model `&mut JSContext`
and the ones that use the old model (usually they take can_gc).
[^1]: Another place of construction are SM hooks (that pass us down raw
JSContext), but to reach that point we already needed to call another
function that takes `&mut JSContext`, so one can look at this case as
reentering/reborrowing (we derive new shorter `&mut JSContext` from the
old one).
Testing: This is just refactor, but should covered by WPT tests.
Part of #40600
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
In preparation for adding preload support for all requests, we need to
add relevant client information to all these entrypoints. Additionally,
for links we now also set the referrer correctly and initialize
documents. All of which are required to start loading preload
information when processing requests.
Part of #35035
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Servo currently completely ignores `<meta charset>` tags. When we find
one with an encoding that is incompatible to the current one, then we
should reload the page and start over with the new encoding. A common
optimization that has even made its way into the specification is to
wait for a few bytes to arrive and inspect them for `meta` tags, so the
browser is able to use the correct encoding from the very beginng.
In practice, I've run into problems with our WPT harness when reloading
the page after `meta` tags. Therefore, this change implement the
optimization first, so we never have to reload when running WPT. I've
implemented prescanning in a way where we wait for 1024 bytes to arrive
or for one second to pass, whichever one happens first.
This causes a large number of web platform tests to flip around. I've
looked at most of the new failures and I believe they're reasonable.
Testing: New tests start to pass.
Part of https://github.com/servo/servo/issues/6414
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This is checked if the body is a stream, but the payload calculation
needs to be in a follow-up PR.
Part of #38302
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This implements the required plumbing for the keep-alive flag on
requests. The flag already exists on the request object, but now also
exists on the builder itself.
The flag is then passed into a canceller. While we could make canceller
optional, in many cases it isn't and would require a whole lot more
changes. To follow the spec more closely, opted to put the keep_alive
flag on the canceller as well.
Note that this doesn't pass any extra fetch-later tests since we are not
correctly unloading iframe documents. That will be fixed in a follow-up
PR.
Part of #41230
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
There are two flavours of the mozjs `TypedArray<T>` wrapper for typed
array objects: one stores a `Box<Heap<*mut JSObject>>`, while the other
just has a bare `*mut JSObject`. The second one must only be stored
inside the `CustomAutoRoot` rooting values, but we were using it in many
other places like WebIDL dictionaries without rooting it safely. These
changes make our typed array APIs always use
`RootedTraceableBox<TypedArray<T>>` with the `Box<Heap<*mut JSObject>>`
flavour, which ensures that the JS object stored inside the typed array
wrapper is always visible to the SpiderMonkey GC.
Testing: Adds a new test that crashes without these changes.
Fixes: #41206
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
I used find and replace to finish the job. All this PR does is replace
all `Error::<error_name>` occurrences with `Error::<error_name>(None)`.
Testing: Refactor
Fixes: #39053
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
XML and HTML serialization routines relied on a single, shared
implementation of the `markup5ever::Serialize` trait for the DOM Node
type.
These changes introduce the HtmlSerialize type to make it possible to
support XML serialization and fix other issues.
Testing: It does not change any behavior and it builds.
Fixes: #40552
---------
Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>
The goal of this change is to prevent having to copy so much data out of
listeners when a fetch completes, which will be particularly important
for off-the-main thread parsing of CSS (see #22478). This change has
pros and cons:
Pros:
- This makes the design of the `FetchResponseListener` a great deal
simpler.
They no longer individually store a dummy `ResourceFetchTiming` that is
only replaced right before `process_response_eof`.
- The creation of the `Arc<Mutex<FetchResponseListener>>` in the
`NetworkListener` is abstracted away from clients and now they just
pass the `FetchResponseListener` to the fetch methods in the global.
Cons:
- Now each `FetchResponseListener` must explicitly call `submit_timing`
instead of having the `NetworkListener` do it. This is arguably a bit
easier to follow in the code.
- Since the internal data of the `NetworkListener` is now an
`Arc<Mutex<Option<FetchResponseListener>>>`, when the fetching code
needs to share state with the `NetworkListener` it either needs to
share an `Option` or some sort of internal state. In one case I've
stored the `Option` and in another case, I've stored a new inner
shared value.
Testing: This should not change observable behavior and is thus covered
by existing tests.
Fixes: #22550
---------
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
`FetchReponseListener` has traditionally lived in `net` even though it
is only used in `script` currently. Because of the two way dependency,
it has also use a lot of templating to implement something pretty basic
(call methods on a trait object).
This change moves the trait to `script` and removes several levels of
templating, making the code quite a bit shorter and easier to
understand.
This change is preparation for fixing #22550 and implementing
off-the-main-thread CSS parsing.
Testing: This should not change any behavior so is covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Removes some unneeded lints, especially `#[allow(unsafe_code)]`.
Testing: Refactor
Part of: #40383
Signed-off-by: WaterWhisperer <waterwhisperer24@qq.com>
Moves interfaces defined by the performance spec to the
`script/dom/performance/` module from `script/dom/`.
Testing: Just a refactor shouldn't need any testing
Fixes: Partially #38901
Signed-off-by: WaterWhisperer <waterwhisperer24@qq.com>
Previously the `<input type=file>` would wait synchronously for file
selection
results from the embedder. This change moves that synchronous wait to
the
`FileManager` worker thread. The main benefit is that script is not
blocked waiting
for the embedder. The synchronous wait on the worker thread is not a
large issue
because it is run from a thread pool, though a later change could also
remove
that synchronous wait.
In addition, the API surface for file selection changes a bit as there
is now a `dismiss`
method which differentiates between selecting no file and not making a
choice at
all.
Testing: Covered by exiting WPT, WebDriver conformance, and unit tests.
---------
Signed-off-by: delan azabani <dazabani@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
This implements LazyDOMString (from now on DOMString) as outlined in
https://github.com/servo/servo/issues/39479.
Constructing from a *mut JSString we keep the in a
RootedTraceableBox<Heap<*mut JSString>> and transform
the string into a rust string if necessary via the `make_rust_string`
method.
Methods used in script are implemented on this string. Currently we
transform the string at all times.
But in the future more efficient implementations are possible.
We implement the safety critical sections in a separate module
DOMStringInner which allows simple constructors, `make_rust_string` and
the `bytes` method.
This method returns the new type `EncodedBytes` which contains the
reference to the underlying string in either format.
Testing: WPT tests still seem to work, so this should test this
functionality.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This change makes it so that `<iframe>` sanboxing is equivalent to the
one used for Content Security Policy, which is how the specification is
written. In addition, these sandboxing flags are passed through to
`<iframe>` `Document`s via `LoadData` and stored as
`Document::creation_sandboxing_flag_set`. The flags are used to
calculate the final `Document::active_sandboxing_flag_set` when loading
a `Document`.
This change makes it so that `<iframe>`s actually behave in a sandboxed
way, the same way that `Document`s with CSP configurations do. For
instance, now scripts and popups are blocked by default in `<iframe>`s
with the
`sandbox` attribute.
Testing: This causes many WPT tests to start to pass or to move from
ERROR to TIMEOUT or failing later. Some tests start to fail:
-
`/html/semantics/embedded-content/the-canvas-element/canvas-descendants-focusability-005.html`:
This test uses a combination of `<iframe allow>` and Canvas fallback
content, which we do not support.
-
`/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_other_frame_popup.sub.html`:
This test is now failing because the iframe is sanboxed but in the
ScriptThread now due to `allow-same-origin`. More implementation is
needed to add support for the "one permitted sandbox navigator concept."
Fixes: This is part of #31973.
---------
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
Adding an optional message to be attached to an InvalidStateError.
Testing: Only a refactor, no behavior change
Fixes: Partially #39053
Signed-off-by: Excitable Snowball <excitablesnowball@gmail.com>
This is part of the future work of implementing LazyDOMString as
outlined in issue #39479.
We use str() method or direct implementations on DOMString for these
methods. We also change some types.
This is independent of https://github.com/servo/servo/pull/39480
Signed-off-by: Narfinger Narfinger@users.noreply.github.com
Testing: This is essentially just renaming a method and a type and
should not change functionality.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Adding an optional message to be attached to a SyntaxError. Unblocks
#39050.
The enum definition of Syntax is now `Syntax(Option<String>)`. Future
PRs should probably add more appropriate messages to some of the
`Syntax(None)`s.
Testing: Just a refactor
Fixes: Partially #39053
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
We store a pointer to the ScriptThread singleton for a thread in
thread-local storage. While we don't have yet have profiles pointing to
this TLS access as a hot spot, we can remove a potential performance
footgun without a lot of effort by passing around small pieces of data
that we otherwise need to fetch from the ScriptThread.
Testing: Existing WPT is sufficient
Fixes: part of #37969
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This shows up sometimes in code reviews, so it makes sense that tidy
enforces it. `rustfmt` supports this via comment normalization, but it
does many other things and is still an unstable feature (with bugs).
Testing: There are new tidy tests for this change.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
In single process mode, there is a race condition on the initialization
of the global fetch thread: once initialized the global fetch thread
will always use a given core resource thread, and this will be
determined by the component who first initializes it. For example, if
the canvas paint thread first does an async fetch, then this will set
the public core resource as used for all future fetches, including those
coming from a pipeline in private mode.
In multi-process mode, there is a race condition per window event-loop:
the first pipeline to use the fetch will set the core resource thread
for all others.
To ensure the fetch thread uses the correct core resource thread(private
vs public), we need to
pass the core resource thread to each fetch thread operation for which
is it needed.
Testing: It should not break existing fetch WPT tests. The race
condition is not something that can be tested reliably, but it seems to
be based on solid logic.
Fixes: follow-up from
https://github.com/servo/servo/pull/38421/files#r2248950924
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
Remove size bound from safe to jsval trait, apply to script/dom, with
the exception of windowproxy.
Second part of https://github.com/servo/servo/issues/37951
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
*Describe the changes that this pull request makes here. This will be
the commit message.*
Testing: *Describe how this pull request is tested or why it doesn't
require tests*
Fixes: *Link to an issue this pull requests fixes or remove this line if
there is no issue*
The scripted_caller only has information if the context is coming
from a script. If an element fetch listener processes CSP
violations, then this information doesn't exist. Instead, we should
use the global URL and the line number. WPT tests don't appear
to expect a column number, as they are all zero. Not all elements
are updated, as I am not actually sure all of them need it.
The source position remains an Option, since there are also code
paths that don't correspond to element or script sources. Maybe
in the future we can always determine the source position, but
let's take small steps towards that.
Part of #4577
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This refactoring moves various CSP-related methods away from GlobalScope
and Document into a dedicated entrypoint. It also reduces the amount of
imports of the CSP crate, so that types are consolidated into this one
entrypoint. That way, we control how CSP code interacts with the script
crate.
For reviewing purposes, I split up the refactoring into separate
distinct commits that all move 1 method(group) into the new file.
Testing: no change in behavior, only a build improvement + code cleanup
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Correctly set status when aborting a XMLHttpRequest.
Testing: WPT test xhr/abort-during-done.window.html
---------
Signed-off-by: Tunahan Karlibas <dvt.tnhn.krlbs@icloud.com>
This changes includes two semi-related things:
1. Fixes some specification compliance issues when parsing mime
types and charsets for `XMLHttpRequest`.
2. Implements a `<stylesheet>` parsing quirk involving mime types.
Testing: There are tests for these changes.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.
Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).
Fixes#36806
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
The data_url Mime parser has a more conformant behavior in most cases,
including dealing with charsets.
Testing: wpt expectations with new passes are updated.
Signed-off-by: webbeef <me@webbeef.org>
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.
However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].
[1]: https://github.com/servo/servo/issues/35028
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This is the last big change necessary to create the
`constellation_traits` crate. This moves the data structure for messages
that originate from the `ScriptThread` and are sent to the
`Contellation` to `constellation_traits`, effectively splitting
`script_traits` in half. Before, `script_traits` was responsible for
exposing the API of both the `ScriptThread` and the `Constellation` to
the rest of Servo.
- Data structures that are used by `ScriptToConstellationMsg` are moved
to `constellation_traits`. The dependency graph looks a bit like this:
`script_layout_interface` depends on `script_traits` depends on
`constellation_traits` depends on `embedder_traits`.
- Data structures that are used in the embedding layer
(`UntrustedNodeAddress`, `CompositorHitTestResult`, `TouchEventResult`
and `AnimationState`) are moved to embedder_traits, to avoid a
dependency cycle between `webrender_traits` and
`constellation_traits`.
- Types dealing with MessagePorts and serialization are moved to
`constellation_traits::message_port`.
Testing: This is covered by existing tests as it just moves types
around.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.
The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.
The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#36108
<!-- Either: -->
- [X] There are tests for these changes
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
