The current code has snippets like
`self.convert_string_to_number(&DOMString::from(attr.summarize().value))`
in various places.
The snippet wants to take the value of an attribute and parse it as a
number. In theory this is an easy problem, the attribute internally
stores a `AttrValue` (which can be treated as `str`) and the conversion
code wants a `str` - no conversions or copies necessary!
But the reality of what happens is less ideal:
`attr.summarize` allocates a `AttrInfo` containing owned copies of the
attributes namespace, name and value. The name and value are also
converted from the `AttrValue` to a `DOMString` and then back to a
`String` in the process. And then we take the value field from
`AttrInfo` and create a new DOMString from it, passing that to
`self.self.convert_string_to_number` - which ends up internally calling
`str()` on it.
All in all this is not a big issue, because this code doesn't run often.
But it's also not hard to fix, and we end up with cleaner code in the
process.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
In some situations, web content may need to hide embedder controls. For
example, when focus shifts when a `<select>` box is open or when the
element showing the control is removed from the DOM. This change adds a
new API to hide embedder controls when that happens.
Testing: This change adds a new API test.
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
The WebCrypto API specification was updated
(https://github.com/w3c/webcrypto/pull/380) to allow zero length in
deriveBits operation of HKDF and PBKDF2. This patch updates our
implementation accordingly.
Testing: Pass some WPT tests that were expected to fail.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
We have already implemented the "get key length" operation for AES-KW in
`components/script/dom/subtlecrypto/aes_operation.rs`. Registering it to
`registeredAlgorithms` in the algorithm normalization makes it
functional.
Testing: Pass some WPT tests that were expected to fail.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
CryptoKey interface has an internal slot named [[algorithm]], which
store a WebIDL dictionary [1]. CryptoKey also stores a cached ECMAScript
Object associated with the [[algorithm]] internal slot, and returns this
object when the interface member `algorithm` is called [2].
In our current implementation, when we create a new `CryptoKey`, we need
to manually construct an ECMAScript Object for the [[algorithm]]
internal slot, and provide it to `CryptoKey::new`. Then, the provided
object directly is stored in `CryptoKey`.
There are several issues with this design.
- `CryptoKey::new` accepts arbitrary ECMAScript Object via a
`HandleObject` value. It basically relies on the caller to provide a
correct object.
- When we want to access the dictionary members of the [[algorithm]]
internal slot, we need to first convert the ECMAScript Object back to a
WebIDL dictionary. Although we have a separate field in the `CryptoKey`
struct to store the `name` member of the dictionary for convenience, it
is still not easy to access other members.
This patch makes the following change: Instead of storing an ECMAScript
Object provided by the caller and a separate name for convenience, we
store (our "subtle" struct of) WebIDL dictionary type in Rust, generated
by codegen, in the [[algorithm]] internal slot. Moreover, the cached
ECMAScript Object associated with the [[algorithm]] internal slot is
constructed from the [[algorithm]] internal slot internally, and we
store it in the [[algorithm_cached]] internal slot.
The benefits of this new design are:
- The caller can directly provide the WebIDL dictionary in Rust to
`CryptoKey`, without manually creating an ECMAScript Object.
- When we want to access the [[algorithm]] internal slot, we don't need
to do a ECMAScript-Object-to-dictionary conversion.
- The Rust type system with an implementation of the
`SafeToJSValConversion` trait can guarantee the cached ECMAScript Object
associated with the [[algorithm]] internal slot is in good shape.
[1] https://w3c.github.io/webcrypto/#dfn-CryptoKey-slot-algorithm
[2] https://w3c.github.io/webcrypto/#dom-cryptokey-algorithm
Testing: Refatoring. No behavioral change. Existing WPT test suffices.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
In preparation of adding a client to a request, we first need to add a
policy container to all requests. Some where missing and relying on
fallbacks (that need to be removed).
For worklets this adds the appropriate policy container from the
containing global, but since that's still behind a pref, no tests are
affected.
For font contexts I tried to pass through the relevant information, but
it is a tad too much. Once fontcontext knows more information about its
containing global (as the TODO also points to referrer), we should clean
this up.
Part of #35035
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
The `WebViewDelegate::notify_input_event_handled` method is called for
the
embedder when an input event's processing has finished within Servo.
This allows the embedder to chain the event up to parent widgets or do
some kind of post-processing such as the implementation of overridable
keybindings.
This change makes it so that this method is called even when an input
event cannot successfully be sent to a pipeline. This could happen when
an event is handled during navigation or perhaps during shutdown. In any
case, Servo should *always* tell the embedder when the event is done
processing so that they don't get eaten by the Servo widget.
Testing: This is very difficult to test as it only happens in very
specific
time-sensitive sitautions.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
The current XPath AST is tightly tied to the parser grammar. To address
issues like https://github.com/servo/servo/issues/39739, we'll want to
do optimization passes on the AST in the future, which requires relaxing
it's structure first.
This PR moves the AST structure into a separate module and flattens it
into a shape where most expressions are variants of the core
`Expression` enum.
This also has the nice side effect of being a net reduction in LoC and
making the AST *significantly* easier to read.
I think the difference between the old and new structure is best
explained by example.
One of our unit tests parses `concat('hello', ' ', 'world')`, and the
current AST looks like this:
```rust
Expr::Path(PathExpr {
is_absolute: false,
is_descendant: false,
steps: vec![StepExpr::Filter(FilterExpr {
primary: PrimaryExpr::Function(CoreFunction::Concat(vec![
Expr::Path(PathExpr {
is_absolute: false,
is_descendant: false,
steps: vec![StepExpr::Filter(FilterExpr {
primary: PrimaryExpr::Literal(Literal::String(
"hello".to_string(),
)),
predicates: PredicateListExpr { predicates: vec![] },
})],
}),
Expr::Path(PathExpr {
is_absolute: false,
is_descendant: false,
steps: vec![StepExpr::Filter(FilterExpr {
primary: PrimaryExpr::Literal(Literal::String(" ".to_string())),
predicates: PredicateListExpr { predicates: vec![] },
})],
}),
Expr::Path(PathExpr {
is_absolute: false,
is_descendant: false,
steps: vec![StepExpr::Filter(FilterExpr {
primary: PrimaryExpr::Literal(Literal::String(
"world".to_string(),
)),
predicates: PredicateListExpr { predicates: vec![] },
})],
}),
])),
predicates: PredicateListExpr { predicates: vec![] },
})],
}),
```
After this change, the AST looks like this:
```rust
Expression::Function(CoreFunction::Concat(vec![
Expression::Literal(Literal::String("hello".to_string())),
Expression::Literal(Literal::String(" ".to_string())),
Expression::Literal(Literal::String("world".to_string())),
])),
```
Testing: No behaviour change intended, covered by existing tests.
Part of #34527
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Refactoring of the algorithm normalization in #39431 introduces a new
algorithm normalization procedure to replace the existing one, and we
continue the migration here. This patch is the last piece of this
migration.
In this patch:
- The `SubtleCrypto.deriveKey` and `SubtleCrypto.deriveBits` method are
migrated from using existing `normalize_algorithm_for_derive_bits`,
`normalize_algorithm_for_import_key` and
`normalize_algorithm_for_get_key_length` functions to using the new
`normalize_algorithm` function.
- The custom types `DeriveBitsAlgorithm`, `ImportKeyAlgorithm` and
`GetKeyLengthAlgorithm` used by `normalize_algorithm_for_derive_bits`,
`normalize_algorithm_for_import_key` and
`normalize_algorithm_for_get_key_length` are removed.
- The custom type `DigestAlgorithm` is also removed.
- The `SubtleHkdfParams::derive_bits` function is moved to sub-module
`hkdf_operation`.
- The `Subtlepkdf2Params::derive_bits` function is moved to sub-module
`pbkdf2_operation`.
- The `SubtleHmacImportParams::get_key_length` function is moved to
sub-module `hmac_operation`.
- The `get_key_length_for_aes` function is moved to sub-module
`aes_operation`.
- The `import_key_aes`, `import_key_hkdf`, `import_key_hmac` and
`import_key_pbkdf2` are removed since they are no longer in use.
Testing: Refactoring. Existing WPT tests suffice.
Fixes: Part of #39368
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Refactoring of the algorithm normalization in #39431 introduces a new
algorithm normalization procedure to replace the existing one, and we
continue the migration here.
In this patch:
- The `SubtleCrypto.wrapKey` and `SubtleCrypto.unwrapKey` method is
migrated from using existing `normalize_algorithm_for_key_wrap` function
to using the new `normalize_algorithm` function.
- `SubtleCrypto::wrap_key_aes_kw` and `SubtleCrypto::unwrap_key_aes_kw`
are moved to the sub-module `aes_operation`.
- The custom type `KeyWrapAlgorithm` used by
`normalize_algorithm_for_key_wrap` is also removed.
- The following algorithm that had been copied to `aes_operation`
sub-module are removed in this patch since they are no longer used.
- `SubtleCrypto::encrypt_decrypt_aes_ctr`
- `SubtleCrypto::encrypt_aes_gcm`
- `SubtleCrypto::decrypt_aes_gcm`
- `SubtleCrypto::export_aes_aes`
Testing: Refactoring. Existing WPT tests suffice.
Fixes: Part of #39368
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
This makes the management of flags conceptually simpler and reduces the
number of instance variables in the `Event` data structure.
Testing: This should not change behavior so should be covered by
existing tests.
---------
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
## Motivations
This PR improves fallback font algorithm for Japanese documents on macos
and Linux.
For Japanese documents, we generally use a same font for
Hiragana/Katakana/Kanji(Han).
Since their is a fallback algorithm to render serif fonts for
`Script::Han`in current implementation, it gives unnatural reading
experience for Japanese users.
## Changes
To achieve above,
- added `lang` field to `FallbackFontSelectionOptions` struct
- pass `_x_lang` from text_run in layout component
## Screenshots
rendering https://ja.wikipedia.org/wiki/Servo
<table>
<thead>
<tr>
<th>before fixed</th>
<th>after fixed</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<!-- before fixed -->
<img width="545" height="168" alt="CleanShot 2025-10-01 at 23 08 24"
src="https://github.com/user-attachments/assets/9ad7ccb0-729a-49ad-b8ce-88b1d78a2705"
/>
</td>
<td>
<!-- after fixed -->
<img width="474" height="139" alt="CleanShot 2025-10-01 at 23 07 16"
src="https://github.com/user-attachments/assets/010e8052-5a10-48e1-8367-ff29a5632d0f"
/>
</td>
</tr>
</tbody>
</table>
---------
Signed-off-by: araya <araya@araya.dev>
Refactoring of the algorithm normalization in #39431 introduces a new
algorithm normalization procedure to replace the existing one, and we
continue the migration here.
In this patch:
- The `SubtleCrypto.importKey` method is migrated from using existing
`normalize_algorithm_for_import_key` function to using the new
`normalize_algorithm` function.
- The `import_key_aes`, `import_key_hkdf`, `import_key_hmac` and
`import_key_pbkdf2` are copied to the `aes_operation`, `hkdf_operation`,
`hmac_operation`, `pbkdf2_operation` submodules, according to their
types of cryptographic algorithms.
- The above `import_key_xxx` methods are supposed to move the
submodules, but they are copied without removal in this patch. It is
because they are used by the `wrapKey` and `unwrapKey` operations which
have not migrated at this moment. Once `wrapKey` and `unwrapKey` are
migrated, they can be removed.
- The custom type `ImportKeyAlgorithm` and
`normalize_algorithm_for_import_key` are supposed to be removed, but
they are not removed at this moment since they are used by the `wrapKey`
and `unwrapKey` operations which have not migrated. Once `wrapKey` and
`unwrapKey` are migrated, they can be removed.
Remarks: According to the spec, the `SubtleCrypto.exportKey` method does
not use the algorithm normalization. However, we move the "export"
counterpart of the above `import_key_xxx` functions all together. So,
some refactoring is also made to the `ExportKey` method.
Testing: Refactoring. Existing WPT tests suffice.
Fixes: Part of #39368
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
This change merges the WebDriver only `WebDriverJSError` with the API
`JavaScriptEvaluationError` and also allows passing `ErrorInfo`
information through to the API layer when possible. In addition, the
stack is added to `ErrorInfo` (but only in situations when evaluating
JavaScript code for WebDriver or via the API for performance reasons).
These changes allow much more useful error output when script execution
fails via WebDriver. Now the error message and source file line numbers
are printed by the test executor.
Testing: These changes should be reflected in the testing output.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
AES-KW algorithm does not support encryption and decryption
(https://w3c.github.io/webcrypto/#aes-kw-registration), but it was
wrongly registered with these two operations in our implementation.
Luckily, our implementation can catch this mistake and throw
NotSupportedError in later steps, by `NormalizedAlgorithm::encrypt` and
`NormalizedAlgorithm::decrypt`. However, we should remove the wrong
registration.
Testing: No behavioral change. Existing WPT tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Servo currently has three ways of notifying the embedder that input
events have been processed.
1. `WebViewDelegate::notify_keyboard_event`: This is used to implement
overridable keybindings in servoshell. It notifies the embedder when
a keyboard event has been processed, but not "handled" by the engine.
2. WebDriver's command message senders and receivers, this is used to
let WebDriver wait until events have been handled to continue with
script execution.
3. Touch event processing notifications: This is used to serialize touch
event processing.
This change unifies the first two things with a new
`WebViewDelegate::notify_input_event_handled` API. This API informs the
embedder (via a generated id) that an input event has finished
processing and what the result of the processing was.
This allows embedders to do other things with events once they have been
processed. For example, embedders might want to chain unconsumed events
up to parent widgets or to add support for overridable keybindings.
As part of this the `canceled` flag in script's `Event` data structure
is turned into a `bitflags` mirror of the new API type to describe the
result of event handling.
Testing: This shouldn't change observable behavior and is thus covered
by existing tests.
The new API is consumed by servoshell, which uses it for tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
WebCrypto API allows user to input case-insensitive algorithm name, and
overwrites it with standardized algorithm name internally, by Step 7 of
<https://w3c.github.io/webcrypto/#dfn-normalize-an-algorithm>.
This step is missing for some cases. This patch brings it back.
Testing: Existing tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
For `@import` we already had a `Arc<Locked<MediaList>>`, so now we will
no longer pointlessly clone it into a `MediaList` in order to pass it to
`Stylesheet::from_bytes()`, just for it to be wrapped again into an
`Arc<Locked<MediaList>>`.
Testing: Unneeded, no change in behavior
Stylo PR: https://github.com/servo/stylo/pull/251
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
Refactoring of the algorithm normalization in #39431 introduces a new
algorithm normalization procedure to replace the existing one, and we
continue the migration here.
In this patch:
- The `SubtleCrypto.generateKey` method is migrated from using existing
`normalize_algorithm_for_generate_key` function to using the new
`normalize_algorithm` function.
- The custom type `KeyGenerationAlgorithm` used by
`normalize_algorithm_for_generate_key` is removed.
- The functions `generate_key_aes` and `generate_key_hmac` are moved to
the sub-module `aes_operation` and `hmac_operation`, respectively.
Testing: Refactoring. Existing WPT tests suffice.
Fixes: Part of #39368
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
This implements LazyDOMString (from now on DOMString) as outlined in
https://github.com/servo/servo/issues/39479.
Constructing from a *mut JSString we keep the in a
RootedTraceableBox<Heap<*mut JSString>> and transform
the string into a rust string if necessary via the `make_rust_string`
method.
Methods used in script are implemented on this string. Currently we
transform the string at all times.
But in the future more efficient implementations are possible.
We implement the safety critical sections in a separate module
DOMStringInner which allows simple constructors, `make_rust_string` and
the `bytes` method.
This method returns the new type `EncodedBytes` which contains the
reference to the underlying string in either format.
Testing: WPT tests still seem to work, so this should test this
functionality.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
The HTML specification defines the 'width' and 'height' attributes as
dimension attributes for the embedded content and images (img, iframe,
embed, object, video, source, input with image type)
https://html.spec.whatwg.org/multipage/#dimension-attributes and for the
tables (table, col, colgroup, thead, tbody, tfoot, tr, td, th) even
these attributes are marked as obsolete.
And UA are expected to use these 'width' and 'height' attributes as
style presentational hints for the rendering.
The embedded content and images:
https://html.spec.whatwg.org/multipage/#dimRendering
The tables:
https://html.spec.whatwg.org/multipage/#tables-2:the-table-element-4
Added missing 'width' and/or 'height' reflected IDL attributes:
- conformant 'unsigned long' IDL attributes for the 'img, source, video'
(with new macro 'make_dimension_uint*)
- obsolete 'DOMString' IDL attributes for the 'td, th, col, colgroup'
Moved the `fn attribute_affects_presentational_hints()` from Element to
specific HTML and SVG elements with attributes which affects
presentational hints for rendering.
Testing: Improvements in the following tests
- html/dom/idlharness.https.html
- html/dom/reflection-embedded.html
- html/dom/reflection-tabular.html
-
html/rendering/replaced-elements/attributes-for-embedded-content-and-images/picture-aspect-ratio.html
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
Follow the HTML implemetation and support selection of the 'media'
element loading source from 'source' children elements with validation
processing over their 'media/src/type' attributes.
See https://html.spec.whatwg.org/multipage/#concept-media-load-algorithm
To handle loading with multiple 'source' children was introduced source
children pointer to track the remaining unprocessed 'source' elements
after the resource selection algorithm was invoked.
Testing: Changes in the following tests
with improvements:
-
html/semantics/embedded-content/media-elements/loading-the-media-resource/*
- webgl/tests/conformance/textures/misc/texture-video-transparent.html
with regressions (after enabled 'source' type attribute validation):
- content-security-policy/media-src/media-src*
- mixed-content/gen/top\*audio|video-tag*
- resource-timing/initiator-type/*
Fixes: https://github.com/servo/servo/issues/21481
Fixes: https://github.com/servo/servo/issues/34127
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
The investigation in #37745 revealed that `Element::create` spends ~39%
of its runtime in `set_custom_element_state`. For uncustomized built-in
elements, this overhead is unnecessary as according to the spec, they
are equivalent to being initialized in the "uncustomized" state.
Although our rust implemention also initializes the elements in
"uncustomized" state, this particular call to `set_custom_element_state`
can't simply be removed as this call also ensures that the element's
DEFINED state is set to 'true', to match the `:defined` selector, based
on the custom element state.
So, introduce a new method that will only set the
`ElementState::DEFINED` flag by manipulating the state directly and call
it from `Element::create` when creating uncustomized, built-ins.
For more information about the peformance improvements, please refer to
[this comment][1].
[1]: https://github.com/servo/servo/issues/37745#issuecomment-3305477287
Testing: There should be no functional change, so this is covered by WPT
suite.
---------
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
We were previously using the unsound `StylesheetContents::from_data()`
to create a dummy stylesheet, which we were later replacing with the
actual imported stylesheet once it loaded.
This patch changes that to use `ImportSheet::Pending` instead. But then:
- We need to store the `MediaList` in `StylesheetContextSource`.
Previosuly we stored it in the dummy stylesheet.
- We also need to store an Arc pointer to the `ImportRule`, in order to
update its stylesheet to `ImportSheet::Sheet(stylesheet)` later on.
Testing: Unnecessary, there should be no behavior change
Fixes: #39710
Stylo PR: https://github.com/servo/stylo/pull/250
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
Now that we do not need to call `Node::dirty` when an image frame
changes, we no longer have to keep a map of rooted nodes. Instead,
expose a new `AnimatingImages` type that also tracks when the set of
animating images is diryt and new image animation update should maybe be
scheduled.
In addition, cancel any ongoing image animations eagerly when they are
removed from the DOM like we do for CSS animations.
Testing: This should not change behavior and thus is covered by existing
WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Refactoring of the algorithm normalization in #39431 introduces a new
algorithm normalization procedure to replace the existing one, and we
continue the migration here.
This patch migrates the `encrypt` and `decrypt` operation from using
existing `normalize_algorithm_for_encrypt_or_decrypt` function to using
the new `normalize_algorithm` function.
The functions
- `SubtleCrypto::encrypt_aes_cbc`,
- `SubtleCrypto::decrypt_aes_cbc`,
- `SubtleCrypto::encrypt_decrypt_aes_ctr`,
- `SubtleCrypto::encrypt_aes_gcm` and
- `SubtleCrypto::decrypt_aes_gcm`
should be moved to the sub-module `aes_operation`, but, they are only
copied to the sub-module without being removed. This is because the
`wrapKey` and `unwrapKey` operation (not yet migrated) depend on them.
When the two operations are also migrated, we can remove them.
Testing: Refactoring. Existing WPT tests are enough.
Fixes: Part of #39368
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Refactoring of the algorithm normalization in #39431 introduces a new
algorithm normalization procedure to replace the existing one, and we
continue the migration here.
In this patch:
- The `sign` and `verify` operation is migrated from using existing
`normalize_algorithm_for_sign_or_verify` function to using the new
`normalize_algorithm` function.
- The custom type `SignatureAlgorithm` used by
`normalize_algorithm_for_sign_or_verify` is removed.
- The functions `sign_hmac` and `verify_hmac` are moved to the
sub-module `hmac_operation`.
Testing: Refactoring. Existing WPT tests suffice.
Fixes: Part of #39368
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
The legacy 'image' constructor (new Image()) doesn't have any step in
specification which require to run `update the image data` algorithm.
See https://html.spec.whatwg.org/multipage/#dom-image
This non-conformant behavior was added in the PR #31269 to follow
https://html.spec.whatwg.org/multipage/#when-to-obtain-images (..
whenever that element is created or has experienced relevant mutations)
to handle the edge case of `decode()` with 'image' without "src" and
"srcset" attributes.
See
html/semantics/embedded-content/the-img-element/decode/image-decode.html#L87
Testing: No changes in test expectations
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
Before responses to `FormControl` requests were handled synchronous in
script (ie they would block the page). This change makes it so that they
are handled asynchronously, with their responses filtering back through
the Constellation. This should fix many WPT tests when run with
WebDriver.
Testing: There are some WebDriver-based test for this, but they do
not quite pass yet. More investigation is required, but this is
necessary to get them to pass.
Fixes: #39652Fixes: #37013
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Delan Azabani <dazabani@igalia.com>
Follow more closely spec, adding some missing steps.
Testing: should be covered by existing wpt tests
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
The embedder should never be responsible for triggering click events, so
this change removes that possibility from the API. In addition,
triggering of click events is simplified by moving the logic to the
`DocumentEventHandler`. This has the benefit of making behavior
consistent between in-process and out-of-process `<iframe>`s. Now click
events are never triggered when the button up and down cross frame
boundaries.
Testing: This should be covered by existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Before, `about: srcdoc` was only handled when loading `<iframe>`
contents in the same `ScriptThread` as the parent. This is not always
the case though with sandboxed `<iframe>`s. This change makes it so that
both code paths properly handle `about: srcdoc`.
Testing: This causes around 12 new WPT passes.
Fixes: #36529.
Fixes: #27791.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
This change makes it so that `<iframe>` sanboxing is equivalent to the
one used for Content Security Policy, which is how the specification is
written. In addition, these sandboxing flags are passed through to
`<iframe>` `Document`s via `LoadData` and stored as
`Document::creation_sandboxing_flag_set`. The flags are used to
calculate the final `Document::active_sandboxing_flag_set` when loading
a `Document`.
This change makes it so that `<iframe>`s actually behave in a sandboxed
way, the same way that `Document`s with CSP configurations do. For
instance, now scripts and popups are blocked by default in `<iframe>`s
with the
`sandbox` attribute.
Testing: This causes many WPT tests to start to pass or to move from
ERROR to TIMEOUT or failing later. Some tests start to fail:
-
`/html/semantics/embedded-content/the-canvas-element/canvas-descendants-focusability-005.html`:
This test uses a combination of `<iframe allow>` and Canvas fallback
content, which we do not support.
-
`/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_other_frame_popup.sub.html`:
This test is now failing because the iframe is sanboxed but in the
ScriptThread now due to `allow-same-origin`. More implementation is
needed to add support for the "one permitted sandbox navigator concept."
Fixes: This is part of #31973.
---------
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
This updates all Rc that were ignored for malloc_size_of to use
conditional_malloc_size_of, unless the type in the Rc itself doesn't
support malloc_size.
Regular expressions used to search for all occurrences:
```
ignore_malloc_size_of = "Rc.*"
ignore_malloc_size_of = "Arc.*"
```
There are a couple left since they have nested Rc, which I don't know
how to fix.
To be able to define these, several new implementations were added to
`malloc_size_of/lib.rs` as well as
`HashMapTracedValues`.
Testing: if it compiles, it's safe
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
The specification has a list of rules about when [simple dialogs cannot
be shown][u1]. This change implements that part of the specification and
also the bits that specify when to noramlize newlines in their messages.
In addition, it fills in the remaining specification step comments for
these methods.
[u1]: https://html.spec.whatwg.org/multipage/#cannot-show-simple-dialogs
Testing: This causes some CSP tests run via servodriver to start
passing.
Unexpected alert dialogs cause failures in servodriver.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Add a new super-lightweight layout mode that avoids any layout when
canvas is updated or animated images progress to the next frame. In the
future this can also be used for video elements.
Testing: This is a performance optimization, so shouldn't change any
WPT test results.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Before both canvas updates and layout had their own `Epoch`. This change
makes it so the `Epoch` is shared. This means that display lists might
have non-consecutive `Epoch`s, but will also allow for the `Epoch` in
the renderer to update even when no new display list is produced. This
is important for #38991. In that PR the display list step can be skipped
for canvas-only updates, but the `Epoch` in the renderer must still
advance.
Testing: This shouldn't change the user-observable behavior and is thus
covered
by existing tests. It should prevent flakiness once #38991 lands.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
