There are two times that Servo needs to ask other `Document`s to either
focus or blur.
- During processing of the "focusing steps". When a new element gains
focus this may cause focus to be lost or gained in parent `<iframe>`s.
- When calling `focus()` on a DOM Window from another origin.
In both of these cases we need to request that a `Document` gain or lose
focus via the Constellation, but in the second case we may have a
`BrowsingContextId` of the `<iframe>` gaining focus and a
`FocusSequence`. This change splits those cases into two kinds of
messages.
Finally, run the entire focusing steps when calling `window.focus()`
instead of going to the constellation immediately. This will be
important in a followup changes where messaging order is made more
consistent.
Testing: This should not change behavior so is covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This set of changes introduces a type matching the spec's "target
snapshot params" and uses it as part of determining the origin of new
documents. This has a side benefit of making our sandbox flag
determination more accurate, which leads to a bunch of sandboxing tests
passing as well as some new failures due to spec confusion about
origins.
Testing: Many new passing tests.
Part of the long road to #43149
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Requires communication between the script thread and the constellation
to be able to retrieve the origin of a cross-origin document. However,
in the fast-path where the document resides in the same script-thread,
we use the `frame_element` instead.
If no CSP list is active, then we skip all this logic, to have a minimal
impact on document navigation.
Part of #4577Fixes#36468
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Also move the related `navigate_to_fragment` method next to it.
Part of #40600
Testing: It compiles
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Both `Window::load_url` and `ScriptThread::navigate` implement parts of
the same navigate algorithm from the HTML spec
(https://html.spec.whatwg.org/multipage/browsing-the-web.html#navigate).
`ScriptThread::navigate` had only one caller: `Window::load_url`.
This merges both methods into a single `navigate` function in
`navigation.rs`, which is the appropriate home for navigation logic. All
previous callers of `Window::load_url` now call `navigation::navigate`
directly.
Testing: This is a pure refactor with no behaviour changes, so no new
tests are needed. Existing tests cover the navigation paths affected.
Fixes: #43494
---------
Signed-off-by: thebabalola <t.babalolajoseph@gmail.com>
- canvas
- constellation_traits
- canvas_traits
- constellation
Testing: This should not change any behaviour.
---------
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
Follow up of #43526. This addresses Nico's comment:
https://github.com/servo/servo/pull/43526#issuecomment-4104953308
- `bluetooth_traits` -> `servo_bluetooth_traits`
- `base` -> `servo_base`
- `bluetooth` -> `servo_bluetooth`
- `background_hang_monitor` -> `servo_background_hang_monitor`
Testing: This should not change any behaviour.
---------
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
This fixes two assertions observed in Servo using debug mozjs builds:
* `Assertion failure: !IsInsideNursery(obj)` for every promise object
reflected into Rust code
* `Missing calls to JS::RemoveAssociatedMemory` when shutting down the
browser
Testing: Verified locally that WPT tests can run to completion in debug
mozjs builds, but we don't run those on CI.
Fixes: #43486
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This moves some easy elements in Script from IpcChannel and related
methods to GenericChannel and related methods and some callbacks.
Testing: This will be covered by WPT if the channels behave differently.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
I only wanted to get `&mut JSContext` in microtask chunk and checkpoint,
but this in turn needed `&mut JSContext` in servoparser, which then
caused need for even more changes in script.
I tried to limit the size by putting some `temp_cx` in:
- drops of `LoadBlocker`, `GenericAutoEntryScript`
- methods of `VirtualMethods`
- methods of `FetchResponseListener`
Testing: Just refactor, but should be covered by WPT tests.
Part of #40600
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
We previously clonsed the CSP list unnecessarily which consisted of
roughly 2.7%. 1.2% spend in Document::get_csp_list.
We can easily avoid it with Ref and cloning it deliberately when needed.
Testing: This is functionally identical to the previous code as it is a
change from clone to a Ref<>.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Since the steps for
https://html.spec.whatwg.org/multipage/parsing.html#the-end are
scattered throughout various pieces, it has been difficult to figure out
when to run what.
To remedy that, introduce the concept of phases. These phases are
checked in every method that needs to
"Spin the event loop" to know whether
1. It is the appropriate time to continue with #the-end
2. It has fully achieved its goal
For example, when processing deferred scripts, we need to do this after
a deferred script has finished loading. But we also need to do it at the
start of parsing, since we might not have any deferred scripts at all.
Therefore, each previous step sets the appropriate phase and calls the
corresponding next step. Each step then verifies its conditions and
continues if required.
Part of #41972
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Reviewable per commits:
As noted in
https://github.com/servo/servo/pull/42180#discussion_r2749861902
transmuting `&Reflector<AssociatedMemory>` to `&Reflector<()>` will
ignore AssociatedMemory information and thus it will not remove extra
associated memory. By returning `&Reflector<Self::ReflectorType>` from
`DomObject::reflector()` we will preserve this information and thus
correctly handle cases with associated memory. We also do not need
`overrideMemoryUsage` in bindings.conf anymore. 🎉
Instead of removing associated memory in drop code we should do it as
part of finalizers, otherwise we have problems in nested (inherited)
structs, where drop is run for both parent and child, but we only added
associated memory for child (on init_reflector) which already included
size of parent. The only exception here is promise, because it is RCed
and not finalized.
Testing: Tested locally that it fixes speedometer.
Fixes#42269
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
By reporting memory usage of rust objects back to SM it can trigger GC
sooner and release more memory (I hope that we could use this to avoid
OOB in webgpu in the future).
Currently we use simple `size_of::<DomStruct>() +
size_of::<Box<DomStruct>>()` but it's possible to override reported
memory with `update_memory_size(self, nbytes);` on reflector. This is
mostly useful for canvases and buffers which usually have large
associated data.
Testing: None, but I am wondering if we can connect this to
`about:memory`.
Fixes: #42168
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
We populate the required field for all relevant entrypoints
and set it to `document.base_url` when the url is `about:blank`
or `about:srcdoc`. In all other cases, it uses
`document.about_base_url`.
Testing: WPT
Fixes#41836
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
These changes introduce a new OriginSnapshot type, which is an immutable
version of MutableOrigin (ie. an origin that includes an optional domain
modifier). This is now propagated as part of LoadData's origin, allowing
us to perform the same-origin-domain check for javascript: URLs as
needed.
Testing: Newly-passing tests.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Methods were unused and removed from the HTML spec.
Testing: Verified with ./mach build and ./mach test-unit. Without errors
or warnings.
Fixes: #41835
Signed-off-by: TimurBora <timurborisov5561@gmail.com>
This change moves the `UserContentManager` abstraction from the
`ServoBuilder` to `WebViewBuilder` so that embedders can inject content
for each `WebView` independently. It also adds basic support for runtime
mutations to the `UserContentManager` API. Only adding new scripts is
currently supported, but future changes will add support for both other
mutations such as removal of scripts and addition & removal of
stylesheets. Future changes could also optimize the way mutations are
propagated to `ScriptThread`s by sending just the "delta" rather than
the whole `UserContents` structure for each mutation.
The `UserContentManager` now becomes just a convenient handle for the
embedders to invoke the mutation API while the actual management of the
manager's content is handled by the Constellation. The mutations are
relayed to the constellation via messages. The change also separates the
serialized version containg the user contents into a new `UserContent`
structure so that the API cannot be misused.
Testing: New unit tests have been added for the different scenarios
involving UserContentManager.
---------
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Changed some allow to expects and removed the unfulfilled expectations.
Testing: Refactor
Part of: #40383
Signed-off-by: anonmiraj <nabilmalek48@gmail.com>
Previously, when window.open() was called with a javascript: URL, the
script would execute unconditionally without any CSP enforcement. The
CSP list was not propagated from the opener to the newly opened
document.
This commit fixes two issues:
1. Propagate CSP from opener to new document The CSP list from the
existing (opener) document is now copied to the target document before
navigation, ensuring CSP policies are enforced.
2. Report CSP violations to the correct window Per the CSP spec,
violations should be reported to the navigation request's client (the
opener window), not the target window. To achieve this, we check CSP
early in window.open() while both windows are accessible, before
entering the normal navigation flow where only the target window is
available.
Testing: new wpt successes:
-
`content-security-policy/script-src/javascript-window-open-blocked.html`
-
`content-security-policy/unsafe-hashes/javascript_src_denied_missing_unsafe_hashes-window_open.html`
-
`content-security-policy/unsafe-hashes/javascript_src_denied_wrong_hash-window_open.html`
Fixes: part of #36437
Signed-off-by: Dyego Aurélio <dyegoaurelio@gmail.com>
I used find and replace to finish the job. All this PR does is replace
all `Error::<error_name>` occurrences with `Error::<error_name>(None)`.
Testing: Refactor
Fixes: #39053
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Have more of the code follow the same path calling
`ScriptThread::spawn_pipeline`. Somewhat tricky was that the `origin` of
the new Pipeline was being determined in several different places, but
all in a consistent way for different types of page loads. This change
makes it is so that the origin is always determined in the same place.
This change is preparation for splitting out the creation of a new
`ScriptThread` and the spawning of its first pipeline.
Testing: This should not change observable behavior, so is covered by
existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
The thing that this message does is to spawn a pipeline in a
`ScriptThread`. I believe that the `AttachLayout` name is a relic of a
different time. The corresponding procedure in the `Constellation` is
already called `Pipeline::spawn`.
Testing: This is just a rename, so existing tests should cover this
change.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This is another step on the way toward enabling the default set
of rustc compiler warnings for `script`. This also renames two
functions according to Rust snake case guidelines.
Testing: This should not change behavior and is thus covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Removes some unneeded lints, especially `#[allow(unsafe_code)]`.
Testing: Refactor
Part of: #40383
Signed-off-by: WaterWhisperer <waterwhisperer24@qq.com>
Servo has a lot of comments like this:
```rust
// https://example-spec.com/#do-the-thing
fn do_the_thing() {}
```
and I keep turning these into doc comments whenever I'm working close to
one of them. Doing so allows me to hover over a function call in an IDE
and open its specification without having to jump to the function
definition first. This change fixes all of these comments at once.
This was done using `find components -name '*.rs' -exec perl -i -0777
-pe 's|^([ \t]*)// (https?://.*)\n\1(fn )|\1/// <$2>\n\1$3|mg' {} +`.
Note that these comments should be doc comments even within trait `impl`
blocks, because rustdoc will use them as fallback documentation when the
method definition on the trait does not have documentation.
Testing: Comments only, no testing required
Preparation for https://github.com/servo/servo/pull/39552
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
It would be useful for the Constellation is ever going to store data
per-WebView for the purposes of making cleanup and resource management
easier. If that's ever going to happen the `WebView` needs to be passed
with all messages that need it. This change makes it so that messages to
the Constellation that require a Pipeline also carry a WebViewId. This
eliminates one way in which message handling might go wrong.
This avoids making the Constelaltion look up the `WebViewId` for many
messages
that it receives.
Testing: This should not change observable behavior, so should be
covered by existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
When one unbinds an iframe from the tree, its browsing context is
destroyed, however if script keeps a reference to the window, it can
still try to open an auxiliary, resulting in a crash because the
constellation has already removed the browsing context. This adds a
non-intermittent test for the problem, and addresses it in a seemingly
ad-hoc way by checking whether the browsing context has already been
discarded, and if so doing an early return, as part of the window open
steps.
Testing: Added a crash test in the mozilla wpt folder.
Fixes: https://github.com/servo/servo/issues/39716
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
This implements LazyDOMString (from now on DOMString) as outlined in
https://github.com/servo/servo/issues/39479.
Constructing from a *mut JSString we keep the in a
RootedTraceableBox<Heap<*mut JSString>> and transform
the string into a rust string if necessary via the `make_rust_string`
method.
Methods used in script are implemented on this string. Currently we
transform the string at all times.
But in the future more efficient implementations are possible.
We implement the safety critical sections in a separate module
DOMStringInner which allows simple constructors, `make_rust_string` and
the `bytes` method.
This method returns the new type `EncodedBytes` which contains the
reference to the underlying string in either format.
Testing: WPT tests still seem to work, so this should test this
functionality.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This change makes it so that `<iframe>` sanboxing is equivalent to the
one used for Content Security Policy, which is how the specification is
written. In addition, these sandboxing flags are passed through to
`<iframe>` `Document`s via `LoadData` and stored as
`Document::creation_sandboxing_flag_set`. The flags are used to
calculate the final `Document::active_sandboxing_flag_set` when loading
a `Document`.
This change makes it so that `<iframe>`s actually behave in a sandboxed
way, the same way that `Document`s with CSP configurations do. For
instance, now scripts and popups are blocked by default in `<iframe>`s
with the
`sandbox` attribute.
Testing: This causes many WPT tests to start to pass or to move from
ERROR to TIMEOUT or failing later. Some tests start to fail:
-
`/html/semantics/embedded-content/the-canvas-element/canvas-descendants-focusability-005.html`:
This test uses a combination of `<iframe allow>` and Canvas fallback
content, which we do not support.
-
`/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_other_frame_popup.sub.html`:
This test is now failing because the iframe is sanboxed but in the
ScriptThread now due to `allow-same-origin`. More implementation is
needed to add support for the "one permitted sandbox navigator concept."
Fixes: This is part of #31973.
---------
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
This updates all Rc that were ignored for malloc_size_of to use
conditional_malloc_size_of, unless the type in the Rc itself doesn't
support malloc_size.
Regular expressions used to search for all occurrences:
```
ignore_malloc_size_of = "Rc.*"
ignore_malloc_size_of = "Arc.*"
```
There are a couple left since they have nested Rc, which I don't know
how to fix.
To be able to define these, several new implementations were added to
`malloc_size_of/lib.rs` as well as
`HashMapTracedValues`.
Testing: if it compiles, it's safe
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Add the prefix of "WebStorage" instead of "Storage" for all webstorage
spec related things. For example, a `struct` called `StorageManager`:
this could refer to either webstorage's thread manager or to the backend
for [the storage manager
interface](https://storage.spec.whatwg.org/#storagemanager). webstorage
is the full name of the spec, so I chose to keep that in the names of
files/structs to prevent confusion when storage manager is implemented.
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Split the window_proxies in script thread into its own struct with
appropiate methods. ScriptThread allows to get an Rc to it.
HtmlIFrameElement, Window and WindowProxy now get the Rc on construction
from ScriptThread.
Testing: Just a refactor so should not change any behavior.
Fixes: Addresses part of https://github.com/servo/servo/issues/37969
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This is part of the future work of implementing LazyDOMString as
outlined in issue #39479.
We use str() method or direct implementations on DOMString for these
methods. We also change some types.
This is independent of https://github.com/servo/servo/pull/39480
Signed-off-by: Narfinger Narfinger@users.noreply.github.com
Testing: This is essentially just renaming a method and a type and
should not change functionality.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
When an `<iframe>` cannot scroll because the size of the frame is
greater than or
equal to the size of page contents, chain up the keyboard scroll
operation to the parent frame.
Testing: A new Servo-only WPT tests is added, though needs to be
manually
run with `--product servodriver`.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Delan Azabani <dazabani@igalia.com>
Adding an optional message to be attached to a SyntaxError. Unblocks
#39050.
The enum definition of Syntax is now `Syntax(Option<String>)`. Future
PRs should probably add more appropriate messages to some of the
`Syntax(None)`s.
Testing: Just a refactor
Fixes: Partially #39053
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Port the reply / back channels of StorageThreadMsg to GenericChannel.
Testing: No functional changes
Part of #38912
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
This change includes the following additions to GenericChannel:
- Add a GenericSend trait which is meant to replace the `IpcSend` trait
over time, as channels are migrated. For the time being this means, that
we often need to use `GenericSend::send()` to disambiguate from the
`IpcSend::send` function, until all usages of `IpcSend` have been
replaced.
- Add an OpaqueSender impl for GenericSender
- Add a profiled version of GenericChannel. The profiling is 1:1 the
same as for the existing profiled IPC channel, namely that only the
blocked time during `recv` is measured.
Testing: No functional changes, covered by existing tests
Part of #38912
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
The IpcSend trait defines a `send()` method, so doing .sender().send()
seems like it just adds a useless clone of the sender, when we could
just `send()` directly.
This only cleans up the direct usages of this pattern, there are more
instances, where a helper method is defined, which returns the
IpcSender, and the only usages also just directly call send.
Testing: No functional changes
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
This pull request introduces changes to the storage subsystem to:
- Isolate sessionStorage per top-level browsing context (WebViewId), in
addition to origin.
- Copy sessionStorage when creating a new auxiliary browsing context
without
noopener, as required by the corresponding spec
These changes bring Servo closer to spec compliance, matching expected
browser
behavior.
Testing: This work affects observable behavior. As a result, some
previously
failing WPT tests now pass. No new tests are added, since the behavior
is
already covered by existing web-platform-tests.
Fixes: #21291
---------
Signed-off-by: Jan Varga <jan.varga@gmail.com>
For Desktop port of `request_open_auxiliary_webview`, stay on the
original WebView if the request originates WebDriver.
This is to make sure `webdriver_server::handle_new_window` does not
focus the new window, according to spec. See
c7eba2dbba/tests/wpt/tests/webdriver/tests/classic/new_window/new_window.py (L31-L37)
**To clarify**: this won't change the behaviour when user interacts, but
only affects WebDriver [New
Window](https://w3c.github.io/webdriver/#new-window).
Testing: `./mach test-wpt -r --log-raw "D:/servo log/all.txt"
./tests/wpt/tests/webdriver/tests/classic --product servodriver` based
on 96b0973037
---------
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
Previously, when the theme was set it was only set on currently active
`Window`s. This change makes setting the `Theme` stateful. Now the
`Constellation` tracks what theme is applied to a `WebView` and properly
passes that value to new `Pipeline`s when they are constructed. In
addition, the value is passed to layout when that is constructed as
well.
Testing: this change adds a unit test.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This is the last big change necessary to create the
`constellation_traits` crate. This moves the data structure for messages
that originate from the `ScriptThread` and are sent to the
`Contellation` to `constellation_traits`, effectively splitting
`script_traits` in half. Before, `script_traits` was responsible for
exposing the API of both the `ScriptThread` and the `Constellation` to
the rest of Servo.
- Data structures that are used by `ScriptToConstellationMsg` are moved
to `constellation_traits`. The dependency graph looks a bit like this:
`script_layout_interface` depends on `script_traits` depends on
`constellation_traits` depends on `embedder_traits`.
- Data structures that are used in the embedding layer
(`UntrustedNodeAddress`, `CompositorHitTestResult`, `TouchEventResult`
and `AnimationState`) are moved to embedder_traits, to avoid a
dependency cycle between `webrender_traits` and
`constellation_traits`.
- Types dealing with MessagePorts and serialization are moved to
`constellation_traits::message_port`.
Testing: This is covered by existing tests as it just moves types
around.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
