XML and HTML serialization routines relied on a single, shared
implementation of the `markup5ever::Serialize` trait for the DOM Node
type.
These changes introduce the HtmlSerialize type to make it possible to
support XML serialization and fix other issues.
Testing: It does not change any behavior and it builds.
Fixes: #40552
---------
Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>
The goal of this change is to prevent having to copy so much data out of
listeners when a fetch completes, which will be particularly important
for off-the-main thread parsing of CSS (see #22478). This change has
pros and cons:
Pros:
- This makes the design of the `FetchResponseListener` a great deal
simpler.
They no longer individually store a dummy `ResourceFetchTiming` that is
only replaced right before `process_response_eof`.
- The creation of the `Arc<Mutex<FetchResponseListener>>` in the
`NetworkListener` is abstracted away from clients and now they just
pass the `FetchResponseListener` to the fetch methods in the global.
Cons:
- Now each `FetchResponseListener` must explicitly call `submit_timing`
instead of having the `NetworkListener` do it. This is arguably a bit
easier to follow in the code.
- Since the internal data of the `NetworkListener` is now an
`Arc<Mutex<Option<FetchResponseListener>>>`, when the fetching code
needs to share state with the `NetworkListener` it either needs to
share an `Option` or some sort of internal state. In one case I've
stored the `Option` and in another case, I've stored a new inner
shared value.
Testing: This should not change observable behavior and is thus covered
by existing tests.
Fixes: #22550
---------
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This is last step toward enabling the default rustc
`unsafe_op_in_unsafe_fn` warning for the script crate. It wraps the
remaining unsafe code in `unsafe {}` and removes the line disabling this
warning from `script`'s `Cargo.toml`. In addition, two variables are
renamed from `v` to something slightly more descriptive.
Testing: This should not change behavior so is covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
`FetchReponseListener` has traditionally lived in `net` even though it
is only used in `script` currently. Because of the two way dependency,
it has also use a lot of templating to implement something pretty basic
(call methods on a trait object).
This change moves the trait to `script` and removes several levels of
templating, making the code quite a bit shorter and easier to
understand.
This change is preparation for fixing #22550 and implementing
off-the-main-thread CSS parsing.
Testing: This should not change any behavior so is covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Removes some unneeded lints, especially `#[allow(unsafe_code)]`.
Testing: Refactor
Part of: #40383
Signed-off-by: WaterWhisperer <waterwhisperer24@qq.com>
Remove the microtask queue from `GlobalScope`. The queue is moved inside
worker global scopes, while for window globals the script thread's queue
is accessed.
Testing: Covered by existing tests
Fixes: #20908
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Servo has a lot of comments like this:
```rust
// https://example-spec.com/#do-the-thing
fn do_the_thing() {}
```
and I keep turning these into doc comments whenever I'm working close to
one of them. Doing so allows me to hover over a function call in an IDE
and open its specification without having to jump to the function
definition first. This change fixes all of these comments at once.
This was done using `find components -name '*.rs' -exec perl -i -0777
-pe 's|^([ \t]*)// (https?://.*)\n\1(fn )|\1/// <$2>\n\1$3|mg' {} +`.
Note that these comments should be doc comments even within trait `impl`
blocks, because rustdoc will use them as fallback documentation when the
method definition on the trait does not have documentation.
Testing: Comments only, no testing required
Preparation for https://github.com/servo/servo/pull/39552
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Moves interfaces defined by the performance spec to the
`script/dom/performance/` module from `script/dom/`.
Testing: Just a refactor shouldn't need any testing
Fixes: Partially #38901
Signed-off-by: WaterWhisperer <waterwhisperer24@qq.com>
It would be useful for the Constellation is ever going to store data
per-WebView for the purposes of making cleanup and resource management
easier. If that's ever going to happen the `WebView` needs to be passed
with all messages that need it. This change makes it so that messages to
the Constellation that require a Pipeline also carry a WebViewId. This
eliminates one way in which message handling might go wrong.
This avoids making the Constelaltion look up the `WebViewId` for many
messages
that it receives.
Testing: This should not change observable behavior, so should be
covered by existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This implements LazyDOMString (from now on DOMString) as outlined in
https://github.com/servo/servo/issues/39479.
Constructing from a *mut JSString we keep the in a
RootedTraceableBox<Heap<*mut JSString>> and transform
the string into a rust string if necessary via the `make_rust_string`
method.
Methods used in script are implemented on this string. Currently we
transform the string at all times.
But in the future more efficient implementations are possible.
We implement the safety critical sections in a separate module
DOMStringInner which allows simple constructors, `make_rust_string` and
the `bytes` method.
This method returns the new type `EncodedBytes` which contains the
reference to the underlying string in either format.
Testing: WPT tests still seem to work, so this should test this
functionality.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This change makes it so that `<iframe>` sanboxing is equivalent to the
one used for Content Security Policy, which is how the specification is
written. In addition, these sandboxing flags are passed through to
`<iframe>` `Document`s via `LoadData` and stored as
`Document::creation_sandboxing_flag_set`. The flags are used to
calculate the final `Document::active_sandboxing_flag_set` when loading
a `Document`.
This change makes it so that `<iframe>`s actually behave in a sandboxed
way, the same way that `Document`s with CSP configurations do. For
instance, now scripts and popups are blocked by default in `<iframe>`s
with the
`sandbox` attribute.
Testing: This causes many WPT tests to start to pass or to move from
ERROR to TIMEOUT or failing later. Some tests start to fail:
-
`/html/semantics/embedded-content/the-canvas-element/canvas-descendants-focusability-005.html`:
This test uses a combination of `<iframe allow>` and Canvas fallback
content, which we do not support.
-
`/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_other_frame_popup.sub.html`:
This test is now failing because the iframe is sanboxed but in the
ScriptThread now due to `allow-same-origin`. More implementation is
needed to add support for the "one permitted sandbox navigator concept."
Fixes: This is part of #31973.
---------
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
The Link HTTP header can do the same as link elements,
in that they can preload/prefetch/etc... This implements
the basics of header parsing and hooks it up for preload.
Note that we use a new nom-rfc8288 crate that implements
the parsing behavior. However, that crate is too strict
in that empty attributes (;; as part of the header) are
discarded and resulting in a parsing failure. Therefore,
we use its lenient parsing mode.
Part of #35035
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This is part of the future work of implementing LazyDOMString as
outlined in issue #39479.
We use str() method or direct implementations on DOMString for these
methods. We also change some types.
This is independent of https://github.com/servo/servo/pull/39480
Signed-off-by: Narfinger Narfinger@users.noreply.github.com
Testing: This is essentially just renaming a method and a type and
should not change functionality.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Part of #39418. See that PR for a full description.
Moves:
- `read_json_from_file`
- `write_json_to_file`
- `IpcSendResult`
- `IpcSend`
Renames:
- `CoreResourceThreadPool` to `ThreadPool` (shorter and more
descriptive, as we use it for more than the core resource thread now)
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Creating elements by directly calling their interface constructors leads
to some state not being intialized correctly (see #39285). It is also
not in line with the specifications as many of them refer to the
[`create an element`][1] algorithm when an element needs to be created,
which directly maps to `Element::create` in the script crate.
So, switch all such places where elements are created by script to use
`Element::create`.
[1]: https://dom.spec.whatwg.org/#concept-create-element
Testing: Existing WPT tests.
Fixes: #39285
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This should be the final PR for the Hash Function series that is
trivial.
Of note: I decided to transform `HashMapTracedValues<Atom,..>` to use
FxBuildHasher. This is likely not going to improve performance as Atom's
already have a unique u32 that is used as the Hash but it safes a few
bytes for the RandomState that is normally in the HashMap.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Testing: Hash function changes should not change functionality, we
slightly decrease the size and unit tests still work.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
FxHash is faster than FnvHash and SipHash for simple types up to at
least 64 bytes. The cryptographic guarantees are not needed for any
types changed here because they are simple ids.
This changes the types in script and net crates.
In a future PR we will change the remaining Fnv to be also Fx unless
there is a reason to keep them as Fnv.
Testing: Should not change functionality but unit test and wpt will find
it.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
The concept of a "resource header" is not well specced, since it is
unclear what a "resource" is. That said, it most closely matches a
"response" as part of the navigation params.
With this change, we now delay loading the document until either two
things happen:
1. We reached the end of the file
2. We processed 1445 bytes (as defined by spec)
We initially store bytes in the resource header and then after loading
parse the stored bytes. Any subsequent loading will process as before.
Part of #14024
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This is in preparation of being able to do mime sniffing on the response
data. For that, we first need to introduce separate methods so that we
can decouple them from process_response. In doing so, we introduce a
NavigationParams which mimics what the spec intents. The spec stores
different data (policy container instead of csp list and response
instead of content-type), but it is similar enough.
Part of #14024
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Implements document's active sandboxing flags. These are currently
populated only from CSP-derived sandboxing flags for a new document,
when defined in the CSP.
Testing: 1 new pass, and some new wpt's are added to test points in the
spec where these flags influence behaviour.
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
While we don't perform any sniffing yet, it does now
check all relevant mime types. Before, we would only
check specific versions of specific mime types. However,
the specification is more elaborate, which MimeClassifier
already handles.
There are two new test failures, but they actually fail
in the same way in other browsers. These tests are still
being discussed what the correct behavior should be [1]
Part of #14024
[1]:
https://github.com/whatwg/mimesniff/issues/189#issuecomment-2081559661
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
We store a pointer to the ScriptThread singleton for a thread in
thread-local storage. While we don't have yet have profiles pointing to
this TLS access as a hot spot, we can remove a potential performance
footgun without a lot of effort by passing around small pieces of data
that we otherwise need to fetch from the ScriptThread.
Testing: Existing WPT is sufficient
Fixes: part of #37969
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Instead of running "update the rendering" at every IPC message, only run
it when a timeout has occured in script. In addition, avoid updating the
rendering if a rendering update isn't necessary. This should greatly
reduce the amount of processing that has to happen in script.
Because we are running many fewer calls to "update the rendering" it is
reasonable now to ensure that these always work the same way. In
particular, we always run rAF and update the animation timeline when
updating the ernder
In addition, pull the following things out of reflow:
- Code dealing with informing the Constellation that a Pipeline has
become Idle when waiting for a screenshot.
- Detecting when it is time to fulfill the `document.fonts.ready`
promise.
The latter means that reflow can never cause a garbage collection,
making timing of reflows more consistent and simplifying many callsites
that need to do script queries.
Followup changes will seek to simplify the way that ScriptThread-driven
animation timeouts happen even simpler.
Testing: In general, this should not change testable behavior so much,
though it
does seem to fix one test. The main improvement here should be that
the ScriptThread does less work.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
Workers created from Blobs inherit their CSP. Now we inherit the CSP and
set the correct base API url. The base API url should be used when
determining the
report-uri endpoint. Otherwise, the blob URL would be used as a base,
which is invalid and the report wouldn't be sent.
Also create a helper method to concatenate two optionals of CSPList,
which was used in several places.
Part of #4577
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
The scripted_caller only has information if the context is coming
from a script. If an element fetch listener processes CSP
violations, then this information doesn't exist. Instead, we should
use the global URL and the line number. WPT tests don't appear
to expect a column number, as they are all zero. Not all elements
are updated, as I am not actually sure all of them need it.
The source position remains an Option, since there are also code
paths that don't correspond to element or script sources. Maybe
in the future we can always determine the source position, but
let's take small steps towards that.
Part of #4577
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Does not yet handle failures of endpoints, which requires us to update
metadata. I don't see that metadata being used anywhere, so I am not
sure if there is WPT coverage for it.
Part of #37238
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
When parsing a html fragment, the initial parser state depends on
whether or not scripting is enabled. So far we've used the scripting
flag of the parser, but that is wrong - the parser's scripting flag is
always false, because the fragment document has no browsing context.
Instead we should use the scripting flag of the context element.
Testing: A new web platform test passes
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This refactoring moves various CSP-related methods away from GlobalScope
and Document into a dedicated entrypoint. It also reduces the amount of
imports of the CSP crate, so that types are consolidated into this one
entrypoint. That way, we control how CSP code interacts with the script
crate.
For reviewing purposes, I split up the refactoring into separate
distinct commits that all move 1 method(group) into the new file.
Testing: no change in behavior, only a build improvement + code cleanup
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
To show the contents of inline scripts in the Sources panel, we need to
send the whole HTML file from script to devtools, not just the script
code. This is trickier than the external script case, but we can look to
[how Firefox does
it](https://servo.zulipchat.com/#narrow/channel/263398-general/topic/Getting.20the.20original.20page.20HTML.20from.20script/near/524392861)
for some inspiration. The process is as follows:
- when we execute a script
- notify devtools to create the source actor
- if it’s an external script, send the script code to the devtools
server
- if it’s an inline script, don’t send any source contents yet
- devtools stores the contents in the source actor
- while loading a new document
- buffer the markup, so we can send it to devtools
- when we finish loading a new document
- send the buffered markup to the devtools server
- devtools stores the contents in any source actors with no contents yet
- when a source actor gets a `source` request
- if we have the contents, send those contents to the client
- if we don’t have the contents (inline script that loaded while
devtools was closed)
- FUTURE: try to fetch the markup out of cache
- otherwise send `<!-- not available; please reload! -->`
Testing: Several tests added to test the changes, also updates an
existing test with correct assertion
Fixes: https://github.com/servo/servo/issues/36874
---------
Signed-off-by: atbrakhi <atbrakhi@igalia.com>
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: Delan Azabani <dazabani@igalia.com>
Recently added WPT tests for this are now mostly passing. The remaining
tests fail on importmap support.
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.
Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).
Fixes#36806
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This patch ensures that the Servo HTML parser uses the appropriate
`TreeBuilderOpts` settings
as specified by the HTML specification.
Changes:
- **iframe_srcdoc:** Detect if the parsed document's URL scheme is
`about:srcdoc`, and set the parser’s iframe_srcdoc option accordingly.
- **quirks_mode:** Use the associated Document's quirks mode to set the
parser’s quirks mode flag, improving fragment parsing behavior.
- **scripting_enabled:** Add a `scripting_enabled` method to Document,
based on whether it has a browsing context, and set this flag for the
parser.
These updates align Servo's parsing behavior more closely with the
specification:
https://html.spec.whatwg.org/multipage/parsing.html#the-initial-insertion-mode
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#35478
<!-- Either: -->
- [ ] There are tests for these changes
Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
This makes sure that when workers are created, their global scope has
the correct policy-container set
so that we can do CSP-checks.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.
However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].
[1]: https://github.com/servo/servo/issues/35028
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
