`NormalizedAlgorithm::encrypt`, `NormalizedAlgorithm::decrypt` and other
similar functions have some catch-all `match` arms that are unreachable.
They are unreachable because we rely on the name attribute in `String`
of the subtle dictionaries and the `NormalizedAlgorithm` enum to
determine which cryptographic algorithm to use, while the algorithm
normalization mechanism guarantees that some combinations of name and
enum variants won't exist.
This patch tries to get rid of those unreachable `match` arms to make
our WebCrypto code more idiomatic so that the Rust compiler can help us
ensure the correctness in the future.
To achieve this, we break the enum `NormalizedAlgorithm` into multiple
enums: `EncryptAlgorithm`, `DecryptAlgorithm`, `SignAlgorithm`, etc.
Each one is associated to a cryptographic operation, and its variants
are the cryptographic algorithms that support the associated operation.
The inner type of each variant is the desired parameter dictionary.
Therefore, when the call `EncryptAlgorithm::encrypt`,
`DecryptAlgorithm::decrypt` and other similar functions, we can have
`match` statements that cover all patterns since those enums only
contains necessary variants.
To make this change, we also need to change the algorithm registration
mechanism. Instead of using the `SupportedAlgorithm` enum and its method
`SupportedAlgorithm::support` to register the operations of the
algorithms, the algorithm registration is now done in the function
`from_object_value` of a new trait named `NormalizedAlgorithm`, which
the new enums `EncryptAlgorithm`, `DecryptAlgorithm` and so implement.
(Note that the existing enum named `NormalizedAlgorithm` is removed.)
Some refactoring in also done in the `normalize_algorithm` function to
adapt the above changes.
This new design of algorithm registration is also closer to the
WebCrypto specification, as explained in the comment block below the
`normalize_algorithm` function.
The crate `strum` is also used to reduce some boilerplate code.
Testing: Refactoring. Existing tests suffice.
Fixes: Part of #42579
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Before we were creating a new frame actor each time we paused, even if
the frame object in debugger.js was the same. Now we avoid this by
reusing the same frame actor id.
This helps our upcoming work on onStep, onPop, and onEnterFrame hooks.
Testing: Ran `mach test-devtools` and manually check that it works
Part of: #36027
Signed-off-by: eri <eri@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
This fixes a crash on the attached testcase when running with the async
html parser enabled. The crash also triggers on wpt. When executing
parse ops received from the async parser, we were not considering the
case where one of these operations causes the parser to abort (in the
case above, said operation is the `<popup-info></popup-info>`).
```html
<body>
<script>
class PopupInfo extends HTMLElement {
connectedCallback() {
document.open();
}
}
customElements.define('popup-info', PopupInfo);
</script>
<popup-info></popup-info>
</body>
```
The bug is very obscure and only triggers if `document.open` is called
while there is no parser-blocking script **and** the document parser is
still active.
Testing: We don't run tests on the async parser yet
Fixes: Part of https://github.com/servo/servo/issues/37418
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This PR fixes two related issues with Content Security Policy (CSP)
nonce validation for external scripts:
1. Missing nonce validation for external scripts with malformed
attributes
2. Incorrect violation event reporting for blocked external resources
This makes servo closer to passing the `nonce-enforce-blocked` wpt test.
The remaining failures are blocked by required changes in the html
parser.
1. Svg script support (https://github.com/servo/html5ever/issues/118)
```html
<svg xmlns="http://www.w3.org/2000/svg">
<script attribute attribute nonce="abc">
t.unreached_func("Duplicate attribute in SVG, no execution.")();
</script>
</svg>
```
2. Duplicate attrs check
the html parser needs to provide this flag, as mentioned on the original
commit message
(4821bc0ab0)
```html
<script attribute attribute nonce="abc">
t.unreached_func("Duplicate attribute, no execution.")();
</script>
<script attribute attribute=<style nonce="abc">
t.unreached_func("2# Duplicate attribute, no execution.")();
</script>
[...]
<script src="../support/nonce-should-be-blocked.js?5" attribute attribute nonce="abc"></script>
```
I've also created a PR to implement the duplicate attrs flag on
html5ever https://github.com/servo/html5ever/pull/695
Testing: doesn't fixes the aforementioned wpt test yet.
Fixes: part of #36437
---------
Signed-off-by: Dyego Aurélio <dyegoaurelio@gmail.com>
Since `evaluate_js_on_global` called `enter_realm` and there were
already some callee that did it, I've actually passed `&mut
CurrentRealm`.
Also converted `Window::WebdriverException` to pass `&mut JSContext`
inside `javascript_error_info_from_error_info`.
Testing: A successful build is enough
Part of #40600
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
devtools: Make `why` attribute use `PauseReasons`
Currently we have why attribute hardcoded as per the event. In this PR
we introduce `PAUSE_REASON` and make sure `why` attribute is using
`PAUSE_REASONS`.
This is in order to support the upcoming work on `onStep`, `onPop`, and
`onEnterFrame` hook.
Testing: all existing tests are passing
Fixes: Part of #36027
Signed-off-by: atbrakhi <atbrakhi@igalia.com>
Co-authored-by: eri <eri@igalia.com>
This patch removes `js_*` preferences that are not currently wired up to
the SM engine. The `js_mem_gc_allocation_threshold_factor` was being
used previously but got that usage was commented out in #28092, so the
dead code is removed.
The `dom_worklet_blockingsleep` preference is also renamed to
`dom_worklet_blockingsleep_enabled` to match the declared name in
`PaintWorkletGlobalScope.idl` which also matches the naming convention
of the other the boolean preferences.
Finally, the `network_mime_sniff` is also unused and remmoved in this
patch.
Testing: Should be covered by existing tests.
Fixes: #42868
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
When creating a HTML tokenizer then we check the
`dom_servoparser_async_html_tokenizer_enabled` preference and create a
sync or async tokenizer accordingly. We don't do that in `document.open`
though, this change fixes that.
Part of https://github.com/servo/servo/issues/37418
Testing: We don't run tests for the async tokenizer yet
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Moves the `Drop` implementation for `GPUDevice` into a private
`DroppableGPUDevice` struct.
Also updates `Bindings.conf` to prevent the generation of `Drop`
implementations for `GPUDevice`.
Testing: WebGpu tests just cover the cases
Fixes: Partially #26488
Signed-off-by: Domenico Rizzo <domenico.rizzo@gmail.com>
This reverts commit 1f42551042.
This change led to a decrease in Speedometer performance and needs to be
reworked to avoid that.
Testing: This is just a revert.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
We need a map between frame actor ids (from devtools) and frame objects
(from debugger.js) to implement stepping hooks in the future.
To achieve this, we register the frame actor with a call to the devtools
before entering the event loop when the debugger is paused. Instead of
creating the frame actor in `handle_debugger_pause`, we create it
before.
Testing: It passes existing devtools tests
Part of: #36027
Signed-off-by: eri <eri@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
This changes does three things:
- Updates all specification links to reflect version 3 of the
specification
- Renames the `IDBDatabase::close` member to
`IDBDatabase::close_pending` to better match the specification
- Adds a `OpenRequest::processed` member, again to better match the
specification
Testing: This should not change behavior, so is covered by existing
IndexedDB WPT tests.
Fixes: Part of #40983
---------
Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
Remove embedder defined `ScrollEvent` and merge the payload of it to the
`SetScrollStates` message which tell the `ScriptThread` to update the
scroll state.
In the past, `ScrollEvent` is defined as a embedder's `InputEvent` and
being used only to forward the external scroll node id for a node that
is considered scrolled. This make us sends an additional message to
constellation and additionally, `ScrollEvent` went through lengthy
pipelines as it was deemed as an embedder input event, albeit being a
synthetic input fired by `WebviewRenderer`.
Subsequently, we could introduce a flag to detect whether the scrolling
is still ongoing or not (like whether it is still flinging) for
`scrollend` event.
Testing: No WPT changes
---------
Signed-off-by: Jo Steven Novaryo <steven.novaryo@gmail.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
Now `ServoTestUtils.forceLayout()` will provide the number of fragments
that have been restyled and rebuilt. This will be useful to test that
incremental layout works well.
Testing: Adds a test using this new API
---------
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Luke Warlow <lwarlow@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
Align with the spec and implement part of its lazy loading
steps. Most tests use non-srcdoc lazy loading URLs, so most
tests will not pass until the other parts are implemented
as well.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
`OutsideMarker::repair_style()` was setting `list_item_style` to the
style of the marker, not the style of the list item.
This patch sets it to `node.parent_style(context)` instead, and it fixes
`ServoThreadSafeLayoutNode::parent_style()` to take the pseudo-element
chain into account. This requires modifying a bunch of logic to pass the
`SharedStyleContext` around.
Testing: Adding a new test
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
Currently, `script` and `devtools` use a node's unique id to identify it
across requests. The unique ID is part of a node's rare data field and
is really only meant for debugging. Instantiating it on a node causes
it's memory usage to go up significantly. Now, when the devtools ask for
information about a specific `Node` then they send the unique ID to
`script`, and the script thread then walks the whole DOM tree searching
for that specific ID. This happens here:
6d0b651218/components/script/devtools.rs (L142-L153)
So, in the worst case, all of the nodes in the tree now have a unique
ID. That's not great!
Also, when `script` notifies `devtools` about changes to a DOM node then
`devtools` expects a `NodeActor` to exist for that Node. The actor might
not exist if the inspector doesn't know about that node yet - that
happens when the user hasn't expanded their parent yet.
That is an oversight from https://github.com/servo/servo/pull/42601 and
causes problems now(https://github.com/servo/servo/issues/42784) because
for the longest time, `devtools` was mostly the one sending requests. Of
course, we could make `devtools` simply ignore updates for nodes that it
doesn't know about, but ideally we shouldn't send these updates in the
first place.
This change implements a lookup map on the `ScriptThread` that contains
all nodes that have been sent to the devtools inspector. The map allows
us to efficiently resolve a unique ID to a `Node` in O(1), without
creating unique IDs for the whole tree. It also allows us to only send
DOM updates for nodes that the inspector cares about.
For now, entries from the cache are not evicted unless the relevant
pipeline is closed. That reflects reality, because the inspector also
keeps using them forever.
In the future we will tell the inspector when nodes are removed from the
tree - then it can't interact with them anymore, and we can remove them
from the script-side map.
This is change is not all that complicated but it involves moving a lot
of code around, so feel free to ask for clarification when something is
unclear!
Testing: This change adds a test
Fixes part of https://github.com/servo/servo/issues/42784
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
When processing `elementFromPoint` on a `Document` or a `ShadowRoot`,
better handle the situation where the result of the hit test is the root
element, fixing a crash.
Testing: This fixes a crash in the WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
Co-authored-by: Luke Warlow <lwarlow@igalia.com>
This is part of replacing can_gc with the new &JSContext/&mut JSContext
method.
We modify CheckValidity and ReportValidity in various HTML Elements to
use the context instead of CanGc.
Testing: Compilation is the test as this is mostly mechanical.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
As started in https://github.com/servo/servo/issues/42168 let's report
memory pressure for webgl objects. CanvasContexts report memory twice:
once because of underlying texture object and once by themself, but
that's okay as we also need to account for swapchain textures.
Computing exact size would be to much work and code so we report rough
estimations.
Testing: None
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
As mentioned in #40600 we will need this to properly handle &mut
JSContext (we cannot pass it to drop) and I think this wrappers are
preferred ways of doing this in rust as it is safe to forget (not call
drop) which is unsound in this case (due to realm stack at least).
Revieable per commits.
Testing: Just a refactor, but should be covered by WPT
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
I only wanted to get `&mut JSContext` in microtask chunk and checkpoint,
but this in turn needed `&mut JSContext` in servoparser, which then
caused need for even more changes in script.
I tried to limit the size by putting some `temp_cx` in:
- drops of `LoadBlocker`, `GenericAutoEntryScript`
- methods of `VirtualMethods`
- methods of `FetchResponseListener`
Testing: Just refactor, but should be covered by WPT tests.
Part of #40600
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
This change makes it so that selection changes driven by user input
events also fire the `select` event and not just selection changes from
script. In addition the change eliminate the `SelectionState` data
structure instead opting to store the `SelectionDirection` in the
`SharedSelection`. That way there is a centralized place that selection
changes are handled.
Testing: This change adds a Servo-specific WPT test. This is
Servo-specific as
it relies on engine-specific text selection behavior.
Fixes: #41308.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This patch changes the method of `Crypto` interface to use the new `&mut
JSContext`.
The method `crypto.subtle` calls `SubtleCrypto::new` to create an
instance of `SubtleCrypto` and the new `&mut JSContext` is passed to
`SubtleCrypto::new`. Therefore, the new `reflect_dom_object_with_cx`
method is also used in `SubtleCrypto::new`.
Testing: Refactoring. Existing tests suffice.
Fixes: Part of #42638
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Previously, the resolution loop would break immediately after running
`resolve_imports_match` against the first module specifier map of the
import map's scopes, regardless of whether a match was actually found.
Testing: All sub-tests of `resolving.html` now pass
Part of #37553
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
The variable names and comments around the code refer to the main thread
as the "tokenizer" and the parser thread as the "html tokenizer". This
confuses me every time I look at the code, because both tokenize html
and neither can do it without the other.
I've renamed things to be a bit more clear, mostly referring to things
as the "main thread" and the "parser thread".
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
In preparation of introducing traits for some of these methods,
let's separate them from the basecommand trait. They are not
related to each other and it was making reasoning about where
lives what more difficult.
Part of #25005
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Following the convention of other major UAs of gating the virtual
keyboard by certain user activation, adding a flags to let the embedder
knows about the user activation. This would be used to determine whether
the virtual keyboard needs to be shown or not in android and ohos.
Testing: Manual testing.
---------
Signed-off-by: Jo Steven Novaryo <steven.novaryo@gmail.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
Unless the feature `preserve_order` is enabled, serde_json will sort the
map's entries in an alphanumerical order.
The specification instead expect the entries to be visited by the order
they are listed, a latter entry should replace a previous one when they
are resolved to the same url.
I've also removed a couple of `CanGc` introduced in #37405, unless I've
missed something there is not code that can trigger a GC.
Testing: A subtest now pass
Part of #37553
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
That respects the user locale better than hardcoding en-US. This can
also be manually set with the `LANG` environment variable.
Testing: Manual testing with the devtools to check the header sent and
the value of `navigator.language`
Signed-off-by: webbeef <me@webbeef.org>
We previously clonsed the CSP list unnecessarily which consisted of
roughly 2.7%. 1.2% spend in Document::get_csp_list.
We can easily avoid it with Ref and cloning it deliberately when needed.
Testing: This is functionally identical to the previous code as it is a
change from clone to a Ref<>.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
The pause debugger screen should be shown for both pausing manually
(interrupt) and hitting a breakpoint.
Reuse the logic for pausing breakpoints to pause the debugger when the
user manually clicks the pause button.
Rename the pause event to interrupt to match the language of the
DevTools client and to avoid confusion with paused frames, which can
happen on interrupt or on a breakpoint.
https://github.com/user-attachments/assets/ceb0007d-0e57-44d6-a159-55980ff8b517
Testing: New DevTools test and manual testing.
Part of: #36027
cc @atbrakhi
---------
Signed-off-by: eri <eri@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
In `NormalizedAlgorithm::from_object_value`, we use
`dictionary_from_jsval` to convert `HandleValue` into IDL dictionary
types generated by `script_bingings`, and immediately use `From`,
`TryFrom`, `TryFromWithCx` trait implementation to convert them into
webcrypto's subtle dictionary types.
Since our webcrypto implementation doesn't directly use the dictionary
types generated by `script_bingings`, this patch combines the 2 steps of
this conversion into one step, by using `TryFromWithCx` trait
implementation for those dictionaries and moving the
`dictionary_from_jsval` calls into `try_from_with_cx`.
Testing: Refactoring. Existing tests suffice.
Fixes: Preparation for #42579
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
This implements a baseline for these tests. By implementing these dummy
methods, we avoid a lot of test expectation clutter when debugging these
tests to figure out why they aren't passing yet.
For the delete command, since it doesn't have any state or is
indeterminate, we always return the same.
Part of #25005
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Queue the "complete" event before unblocking later transactions in the
backend. This preserves event ordering for overlapping transactions
created on the same connection.
Fixes#42730Fixes#42718
Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com>
- Use `FxHashMap` for `active_pointer_ids`
- Refactor and fix logging message for touch, especially
`update_active_touch_points_when_early_return`
- Randomly fix some typos
Testing: This changes logging message but no other observable
behaviours. The logging should be more accurate, but I didn't test.
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
There is no specification for this, but there are relevant
WPT tests in `selection/contenteditable`. This PR implements
the required changes to make sure that when such an element
is focused (programmatically), it selects the correct node.
The implementation is therefore entirely reverse-engineered
based on existing browser behavior and commented to hopefully
make it make sense.
Part of #7492
Part of #12776
Part of #25005
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Prerequisite for #40365.
Moving `run_a_module_script()` to `GlobalScope` will allow us to execute
module scripts on `WorkerGlobalScope`.
---
Relates to #23308
Signed-off-by: pylbrecht <pylbrecht@mailbox.org>
This method was already present on the document, but
wasn't implemented yet. Note that now more tests are
failing, since before they weren't running. The tests
check if a command is enabled before they started
running.
The selection API doesn't yet take into account
contenteditable containers, which is why these
tests don't consider a command enabled, since the
range of the selection is empty.
Part of #25005
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Use the new `reflect_dom_object_with_cx` introduced in #42725 in
`CryptoKey::new`.
Testing: Refactoring. Existing tests suffice.
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Follow-up PR to #42720 (addressing nits by @sagudev)
Testing: It compiles without any errors
Fixes: Part of issue #42638 and PR #42720
Signed-off-by: TimurBora <timurborisov5561@gmail.com>
