Previously, the `ImageCache` would inform consumers of changes to image
availability by messaging an IPC channel. This isn't great, because it
requires serialization and deserialization. Nowadays, `ImageCache`s are
always owned by the same `Global` that uses them. This change replaces
the IPC channel with callback that implements `Send`.
For the case of normal HTML document images, the results are still sent
over the pre-existing Crossbeam channel that was connected via an IPC
route. A followup change might eliminate that channel entirely.
Testing: This should not change observable behavior so is covered by
existing tests.
Fixes: #24338.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
When updating the theme, ensure that it is also set on incomplete loads.
This is particularly necessary to make it so that a non-Light theme is
used when it is set before the page loads.
Testing: This adds a new WebView API test.
Fixes: #40437.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Instead of waiting for a reflow to update the `Device` in layout, update
it eagerly. This ensures that media queries can be answered correctly in
script before the next reflow. Also, it ensure that a new reflow is
triggered and reflects the change to the theme or viewport.
In addition, an unused viewport-related message from the Constellation
is removed. This would have needed to be updated by change, but since
it's unused I've just removed it.
This depends on https://github.com/servo/stylo/pull/260.
Testing: This fixes a WebView API test and improves
`/html/semantics/embedded-content/the-img-element/environment-changes/viewport-change.html`.
Fixes: #40395.
Fixes: #40129.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Every `ImageCache` should be assigned a `Pipeline` and a `WebView`, so
that it knows what WebRender instance to create image keys in. This
change accomplishes that by splitting the `ImageCache` trait into
`ImageCache` and `ImageCacheFactory`. There should only be one
`ImageCacheFactory` per process.
Testing: This should not change observable behavior and is thus covered
by
existing tests.
Fixes: This is part of #40261.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Remove the microtask queue from `GlobalScope`. The queue is moved inside
worker global scopes, while for window globals the script thread's queue
is accessed.
Testing: Covered by existing tests
Fixes: #20908
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
When resize observations are skipped, they get delayed until the next
turn of the event loop. In headless tests, we're not guaranteed that
this next turn occurs in time, unless some other event happens to run.
This leads to intermittent results unless we ensure that the event loop
will run again.
Testing: Newly passing test.
Fixes: #33599
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
You can copy the XPath selector from the inspector by right-clicking on
a node and selecting `Copy->XPath`.
Testing: I tried adding a test but the effort didn't seem worth it. The
devtools tests are currently very specifically tailored towards
source-list tests.
Part of https://github.com/servo/servo/issues/39862
Part of #34527
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Previously the `<input type=file>` would wait synchronously for file
selection
results from the embedder. This change moves that synchronous wait to
the
`FileManager` worker thread. The main benefit is that script is not
blocked waiting
for the embedder. The synchronous wait on the worker thread is not a
large issue
because it is run from a thread pool, though a later change could also
remove
that synchronous wait.
In addition, the API surface for file selection changes a bit as there
is now a `dismiss`
method which differentiates between selecting no file and not making a
choice at
all.
Testing: Covered by exiting WPT, WebDriver conformance, and unit tests.
---------
Signed-off-by: delan azabani <dazabani@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
It would be useful for the Constellation is ever going to store data
per-WebView for the purposes of making cleanup and resource management
easier. If that's ever going to happen the `WebView` needs to be passed
with all messages that need it. This change makes it so that messages to
the Constellation that require a Pipeline also carry a WebViewId. This
eliminates one way in which message handling might go wrong.
This avoids making the Constelaltion look up the `WebViewId` for many
messages
that it receives.
Testing: This should not change observable behavior, so should be
covered by existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This fixes a regression (likely from #39583) that made the result of
many font loading
tests intermittent. The issues here is that the count of fonts loading
is decremented synchronously in the `FontContext`, but the notification
to the `ScriptThread` happens asynchronously. In between the time the
decrement happens and the `ScriptThread` is notified, a rendering update
could happen which could mark a screenshot as ready to take too soon.
The solution here is to wait until the `fonts.ready` promise is
resolved, which is guaranteed to fire after all fonts have loaded. In
addition, a rendering update is queued after this happens. This means
that the screenshot will wait until that final rendering update to be
ready.
This should remove the flakiness of font load tests.
Testing: This should fix many flaky tests.
Fixes: #39953.
Fixes: #39951.
Fixes#38956.
Fixes#39408.
Fixes#39429.
Fixes#39592.
Fixes#39636.
Fixes#39650.
Fixes#39666.
Fixes#39667.
Fixes#39706.
Fixes#39750.
Fixes#39801.
Fixes#39853.
Fixes#39881.
Fixes#39950.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
For cross-document messaging, when the constellation forwards the
message, it can add the source browsing context and ancestry info to the
message. This saves a round-trip back to the constellation from script
later, and also allows for messages to be delivered when the source
pipeline is closed by the time of delivery(but not by the time of
forwarding by the constellation).
Testing: Updated various tests in
`/html/semantics/embedded-content/the-iframe-element/` WPT: from
TIMEOUT(because message was not delivered) or intermittent CRASH(because
the source pipeline would be closed by the time of attempted delivery.)
to FAIL.
Fixes: https://github.com/servo/servo/issues/39748
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
We were relying on `fn WebdriverWindow` to report `NoSuchWindow` during
script execution, regardless of the fact that it is never `Fallible`. I
was really hoping to refactor this to return `Fallible` to reduce one
RTT of IPC, but there is no easy way to convert between DOM exception
56b806b129/components/script_bindings/error.rs (L15)
and JavaScriptEvaluationError
56b806b129/components/shared/embedder/lib.rs (L1092).
We also migrate `element.rs` to `script_argument_extraction.rs` to
reflect the true purpose of the file.
Testing: 10 new subtests passing.
---------
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
in #39709, we introduced a single “form control” or “embedder control”
delegate that requests the embedder’s input for <select> and
<input type="color"> elements.
this patch partially merges <input type="file"> elements into that
new system, and renames “form controls” to “embedder controls” for
consistency.
internally we continue to use a separate code path where the embedder
directly communicates with the file manager thread. subsequent work will
make the messages asynchronous via the constellation and script thread,
like other embedder controls.
Testing: this is currently tricky to write an automated test for; we
expect to write a WebDriver test for this once we make the communication
asynchronous
---------
Signed-off-by: delan azabani <dazabani@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
Previously, we had a separate match block for script execution. The
motivation was to avoid runtime error due to persistent RefCell
immutable borrow, caused by mozjs mutation.
This PR merge blocks into one. This avoids wildcard match, helping us
identify arms that were never matched, which normally causes error.
Testing: Manually tested. This is one of two ways to avoid panic.
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
The `WebViewDelegate::notify_input_event_handled` method is called for
the
embedder when an input event's processing has finished within Servo.
This allows the embedder to chain the event up to parent widgets or do
some kind of post-processing such as the implementation of overridable
keybindings.
This change makes it so that this method is called even when an input
event cannot successfully be sent to a pipeline. This could happen when
an event is handled during navigation or perhaps during shutdown. In any
case, Servo should *always* tell the embedder when the event is done
processing so that they don't get eaten by the Servo widget.
Testing: This is very difficult to test as it only happens in very
specific
time-sensitive sitautions.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This change merges the WebDriver only `WebDriverJSError` with the API
`JavaScriptEvaluationError` and also allows passing `ErrorInfo`
information through to the API layer when possible. In addition, the
stack is added to `ErrorInfo` (but only in situations when evaluating
JavaScript code for WebDriver or via the API for performance reasons).
These changes allow much more useful error output when script execution
fails via WebDriver. Now the error message and source file line numbers
are printed by the test executor.
Testing: These changes should be reflected in the testing output.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Before responses to `FormControl` requests were handled synchronous in
script (ie they would block the page). This change makes it so that they
are handled asynchronously, with their responses filtering back through
the Constellation. This should fix many WPT tests when run with
WebDriver.
Testing: There are some WebDriver-based test for this, but they do
not quite pass yet. More investigation is required, but this is
necessary to get them to pass.
Fixes: #39652Fixes: #37013
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Delan Azabani <dazabani@igalia.com>
The embedder should never be responsible for triggering click events, so
this change removes that possibility from the API. In addition,
triggering of click events is simplified by moving the logic to the
`DocumentEventHandler`. This has the benefit of making behavior
consistent between in-process and out-of-process `<iframe>`s. Now click
events are never triggered when the button up and down cross frame
boundaries.
Testing: This should be covered by existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Before, `about: srcdoc` was only handled when loading `<iframe>`
contents in the same `ScriptThread` as the parent. This is not always
the case though with sandboxed `<iframe>`s. This change makes it so that
both code paths properly handle `about: srcdoc`.
Testing: This causes around 12 new WPT passes.
Fixes: #36529.
Fixes: #27791.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
This change makes it so that `<iframe>` sanboxing is equivalent to the
one used for Content Security Policy, which is how the specification is
written. In addition, these sandboxing flags are passed through to
`<iframe>` `Document`s via `LoadData` and stored as
`Document::creation_sandboxing_flag_set`. The flags are used to
calculate the final `Document::active_sandboxing_flag_set` when loading
a `Document`.
This change makes it so that `<iframe>`s actually behave in a sandboxed
way, the same way that `Document`s with CSP configurations do. For
instance, now scripts and popups are blocked by default in `<iframe>`s
with the
`sandbox` attribute.
Testing: This causes many WPT tests to start to pass or to move from
ERROR to TIMEOUT or failing later. Some tests start to fail:
-
`/html/semantics/embedded-content/the-canvas-element/canvas-descendants-focusability-005.html`:
This test uses a combination of `<iframe allow>` and Canvas fallback
content, which we do not support.
-
`/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_navigate_other_frame_popup.sub.html`:
This test is now failing because the iframe is sanboxed but in the
ScriptThread now due to `allow-same-origin`. More implementation is
needed to add support for the "one permitted sandbox navigator concept."
Fixes: This is part of #31973.
---------
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
This change adds a new API to the `WebView` for capturing screenshots.
This makes it possible to:
- use the reftest waiting infrastructure via the API
easily.
- take more than a single screenshot in one Servo run.
- take screenshots, but still paint the `WebView` normally prior
to the moment that the screenshot is ready, instead of preventing
all non-screenshot-ready paints while taking a screenshot.
In addition, the previous infrastructure, the `wait_for_stable_image`
option is removed completely.
Testing: This change is tested by the passing of the WPT tests,
as they commonly use the screenshot feature.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Delan Azabani <dazabani@igalia.com>
Add the prefix of "WebStorage" instead of "Storage" for all webstorage
spec related things. For example, a `struct` called `StorageManager`:
this could refer to either webstorage's thread manager or to the backend
for [the storage manager
interface](https://storage.spec.whatwg.org/#storagemanager). webstorage
is the full name of the spec, so I chose to keep that in the names of
files/structs to prevent confusion when storage manager is implemented.
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Split the window_proxies in script thread into its own struct with
appropiate methods. ScriptThread allows to get an Rc to it.
HtmlIFrameElement, Window and WindowProxy now get the Rc on construction
from ScriptThread.
Testing: Just a refactor so should not change any behavior.
Fixes: Addresses part of https://github.com/servo/servo/issues/37969
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
When an `<iframe>` cannot scroll because the size of the frame is
greater than or
equal to the size of page contents, chain up the keyboard scroll
operation to the parent frame.
Testing: A new Servo-only WPT tests is added, though needs to be
manually
run with `--product servodriver`.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Delan Azabani <dazabani@igalia.com>
Both places where we access signals_slots already have a reference to
ScriptMutationObserver. This saves us another access to
with_script_thread.
Testing: This does not change functionality.
Fixes: Part of addressing: https://github.com/servo/servo/issues/37969
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Implement scroll into view steps for all WebDriver command that requires
it (element click, element send keys, element clear, and take element
screenshot).
Testing: `element_send_keys/scroll_into_view.py`,
`element_click/scroll_into_view.py`, `element_clear/clear.py`
---------
Signed-off-by: PotatoCP <Kenzie.Raditya.Tirtarahardja@huawei.com>
This combines some access to the thread local variable for script
thread.
- We introduce a new UserInteractingScriptGuard which on drop handles
the resetting of was_interacting to the previous value. Sometimes
throughout the code `ScriptThread::is_user_interacting` was reset to the
previous value while sometimes just set to false. This should
remove this footgun.
- This also reduces the amount of thread local access for
MutationObservers and task queue.
Testing: WPT tests should cover this.
Fixes: This addresses part of
https://github.com/servo/servo/issues/37969 but there is probably still
stuff to be done.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This should be the final PR for the Hash Function series that is
trivial.
Of note: I decided to transform `HashMapTracedValues<Atom,..>` to use
FxBuildHasher. This is likely not going to improve performance as Atom's
already have a unique u32 that is used as the Hash but it safes a few
bytes for the RandomState that is normally in the HashMap.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Testing: Hash function changes should not change functionality, we
slightly decrease the size and unit tests still work.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
FxHash is faster than FnvHash and SipHash for simple types up to at
least 64 bytes. The cryptographic guarantees are not needed for any
types changed here because they are simple ids.
This changes the types in script and net crates.
In a future PR we will change the remaining Fnv to be also Fx unless
there is a reason to keep them as Fnv.
Testing: Should not change functionality but unit test and wpt will find
it.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
The concept of a "resource header" is not well specced, since it is
unclear what a "resource" is. That said, it most closely matches a
"response" as part of the navigation params.
With this change, we now delay loading the document until either two
things happen:
1. We reached the end of the file
2. We processed 1445 bytes (as defined by spec)
We initially store bytes in the resource header and then after loading
parse the stored bytes. Any subsequent loading will process as before.
Part of #14024
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
FNV is faster for hashing less than 16 bytes of data and the
cryptographic properties of the default HashMap are not needed for the
various ids.
Testing: This does not change functionality.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
There were still some accesses to the inner BrowsingContextId from the
WebViewId. This changes it to completely rely on the From trait for
these methods. This also means we can make the field private.
For testing we add a way to create arbitrary WebViewIds.
Testing: Does not change functionality.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This PR **removes** `ScriptToConstellationMessage::ForwardToEmbedder`,
and replaces it with an explicit `ScriptToEmbedderChannel`. This new
channel is based on `GenericCallback` and in single-process mode will
directly send the message the to the embedder and wake it. In
multi-process mode, the message is routed via the ROUTER, since waking
is only possible from the same process currently. This means in
multi-process mode there are likely no direct perf benefits, since we
still need to hop the message over the ROUTER (instead of over the
constellation).
In single-process mode we can directly send the message to the embedder,
which should provide a noticable latency improvement in all cases where
script is blocked waiting on the embedder to reply.
This does not change the way the embedder receives messages - the
receiving end is unchanged.
## How was sending messages to the embedder working before?
1. Script wraps it's message to the embedder in
`ScriptToConstellationMessage::ForwardToEmbedder` and sends it to
constellation.
2. The [constellation event loop] receives the message in
[handle_request]
3. If deserialization fails, [an error is logged and the message is
ignored]
4. Since our message came from script, it is handle in
[handle_request_from_script]
5. The message is logged with trace log level
6. If the pipeline is closed, [a warning is logged and the message
ignored]
7. The wrapped `EmbedderMsg` [is forwarded to the embedder]. Sending the
message also invokes `wake()` on the embedder eventloop waker.
[constellation event loop]:
2e1b2e7260/components/constellation/constellation.rs (L755)
[handle request]:
2e1b2e7260/components/constellation/constellation.rs (L1182)
[an error is logged and the message is ignored]:
2e1b2e7260/components/constellation/constellation.rs (L1252)
[handle_request_from_script]:
https://github.com/servo/servo/blob/main/components/constellation/constellation.rs#L1590
[a warning is logged and the message ignored]:
2e1b2e7260/components/constellation/constellation.rs (L1599)
[is forwarded to the embedder]:
2e1b2e7260/components/constellation/constellation.rs (L1701)
Testing: Communication between Script and Embedder is extensive, so this
should be covered by existing tests.
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
This doesn't appear to make a big difference in speedometer results, but
this removes some code from the hot path of creating DomRoot values.
Before: `Score: 30.381097406624708 ± 2.0393225244958018`
After: `Score: 30.344639420871395 ± 1.9359337921154696`
Testing: Existing WPT coverage
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
These changes add a custom servo:preferences URL that allows modifying
selected preferences at runtime. The goal of this work is to make it
easy to test pages while toggling experimental web platform features,
and support quickly changing the User-Agent header.
Testing: Manually verified that spacex.com loads correctly after
changing the user agent, and that https://polygon.io/ displays grid
elements correctly and no console errors with the experimental prefs
enabled.
Fixes: #35862
<img width="1136" height="880" alt="Screenshot 2025-07-18 at 1 06 23 AM"
src="https://github.com/user-attachments/assets/2d27c321-6ca0-43c3-a347-7bc4b55272df"
/>
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
We store a pointer to the ScriptThread singleton for a thread in
thread-local storage. While we don't have yet have profiles pointing to
this TLS access as a hot spot, we can remove a potential performance
footgun without a lot of effort by passing around small pieces of data
that we otherwise need to fetch from the ScriptThread.
Testing: Existing WPT is sufficient
Fixes: part of #37969
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
According to the WebGPU specification there are the dedicated task
source
which is used to queue a global task for a GPUDevice on content
timeline.
https://gpuweb.github.io/gpuweb/#-webgpu-task-source
Tasks on content timeline:
- to fire "uncaptureevent" event
- to resolve GPUDevice.lost promise
Also fixed the "isTrusted" attribute status (false -> true) of the
"uncaptureevent" event by using non JS version of event dispatching.
Testing: No changes in WebGPU CTS expectations
- webgpu:api,operation,uncapturederror:*
- webgpu:api,operation,device,lost:*
- webgpu:api,validation,state,device_lost,destroy:*
Signed-off-by: Andrei Volykhin <volykhin.andrei@huawei.com>
Co-authored-by: Andrei Volykhin <volykhin.andrei@huawei.com>
This is fixup for #37776. We forget to skip documents with
waiting_on_canvas_image_updates flag.
Testing: Existing WPT tests and manual testing
Fixes: #39021
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Adds epoch to each WR image op command that is sent to compositor. The
renderer now has a `FrameDelayer` data structure that is responsible for
tracking when a frame is ready to be displayed. When asking canvases to
update their rendering, they are given an optional `Epoch` which denotes
the `Document`'s canvas epoch. When all image updates for that `Epoch`
are seen in the renderer, the frame can be displayed.
Testing: Existing WPT tests
Fixes: #35733
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
We pass in the new trait implementation to process the value,
which the CSP crate calls in its implementation. Additionally,
since the request url can change, we need to propagate that
to load_data as well.
This also avoids a crash when a discarded browsing context is
accessed while navigating the iframes in the WPT tests. This
is a known issue, but hampers investigation into actual
Trusted Types support.
All tests using iframes don't work, as they don't have the
correct browsing context. The other tests do work, but some
fail on header ascii parsing (#36801) or error while handling
errors. That last one I don't understand based on the current
code and I would need to do a deep-dive in the existing code
to understand better what's going on.
Part of #36258
Part of #37920
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
The `CrossProcessCompositorApi` already provides methods for most
messages.
Remove the `sender()` method, and hide the IpcSender as an
implementation detail. This is a preparation for abstracting over the
internal IpcSender.
Testing: No functional changes
---------
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
Instead of manually triggering `ScriptThread::update_the_rendering`,
have animated images trigger rendering updates via the `ScriptThread`
event loop. This should result in fewer calls to
`ScriptThread::update_the_rendering`.
Testing: This should not change behavior and is thus covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Instead of generating a frame for every display list, which might be one
rendered frame per `<iframe>`, generate only a single frame per call to
"update the rendering." This should make rendering more efficient when
there are `<iframe>`s present and also open up optimizations for
non-display list frames.
Testing: This could potentially reduce flashing of content during
rendering
updates, but that is very difficult to test.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
The method now doesn't need unsafe in its signature because it no longer
accepts unsafe pointers as arguments. We move the unsafe marker to the
method itself.
Testing: I opened the browser and went to google.com; I ran some WPT
(IndexedDB) tests.
Fixes: #38361
---------
Signed-off-by: criskell <96352451+criskell@users.noreply.github.com>
