Since we use `NetworkError` just for logging reasons, we don't really
need to pass it around; instead lets follow spec more closely and pass a
`None` on network failures.
Make more explicit if a `modulemap` entry is currently fetching or
ready.
Testing: No functional change, covered by existing tests
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Changed the return type of `ModuleObject::handle()` to the original type
of its contained handle by removing `.into()` call, as requested in the
linked issue.
Additional changes are due to temporary borrows now sharing lifetime
with returned handle reference.
Testing: No new tests needed, as the code is functionally the same after
the changes. Verified with running `./mach test-build` and `./mach
test-unit` successfully.
Fixes: https://github.com/servo/servo/issues/42051
Signed-off-by: Krzysztof Biedroń <arkendil@gmail.com>
This better reflects the intention of the code, which is that these
fields are set at most one time.
Testing: No behaviour change expected, so existing tests suffice.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This commit remove more unused code from `script_module`,
`inline_module_map` and `dynamic_modules` fields from `GlobalScope` and
the now unused custom interface `DynamicModuleOwner`.
Testing: No functional change, a successful build is enough.
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
This change is reviewable per commits:
In first commit we added `&mut JSContext` to `run_box` (it is very hard
to bring `&mut JSContext` to `remove_script_and_layout_blocker`).
In second commit we pass `&mut JSContext` to `run_once`.
In third commit we added support for accepting `&mut JSContext` in
closures of `task!` macro and lastly we demo new macro invocations (to
ensure they actually compile)
Testing: Just refactor, but should be covered by WPT
Part of #40600
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Rather than having each callside specifying the relevant
information from the GlobalScope, do this via a trait instead.
This would have saved us quite a bit of test debugging
since we would often forget to set relevant information
from the global context for a request.
Now, in the future when we need additional information from
the globalscope for a request, we only need to update this
method to make that happen.
Previously it would also sometimes use `document`, but
calling the relevant information on either `document` or
`globalscope` doesn't matter, since the `globalscope`
defers to the value from the `document` anyways.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This implements waiting for pending preloads, where the preload request
is still fetching the result when the second "real" request is started.
It is
implemented by storing responses in the `SharedPreloadedResources`
which is communicated via `PreloadId` send to the `CoreResourceManager`.
Part of #35035
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Replace NetworkError::Internal with structured enum variants
- Adds
UnsupportedScheme,CorsViolation,ConnectionFailure,Timeout,RedirectError,InvalidMethod,ResourceError,SecurityBlock,MixedContent,CacheError,InvalidPort,
LocalDirectoryError, variants in NetworkError enum.
- Refactored the usage of NetworkError::Internal(String) to use the
appropriate new variant
Testing: Changes does not require test.
Fixes: https://github.com/servo/servo/issues/36434
---------
Signed-off-by: Uthman Yahaya Baba <uthmanyahayababa@gmail.com>
Signed-off-by: Usman Yahaya Baba <91813795+uthmaniv@users.noreply.github.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Tim van der Lippe <tvanderlippe@gmail.com>
Inside `notify_owner_to_finish` we already retrieve the `ModuleTree`
tied to the corresponding `ModuleIdentity`, but we ended up retrieving
it a second time inside of `run_a_module_script` instead of simply
passing it.
Testing: Covered by existing tests, a simple cleanup.
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
The `substitute_with_local_script` logic has been refactored into a
standalone function to allow reuse in `script_module.rs` when a module
script's source is fetched and decoded.
Testing: Verified manually by running Servo with a local HTTP server and
a module script, confirming that the local file correctly replaces the
remote one when the `--local-script-source` flag is provided.
Fixes: #41433
Signed-off-by: WaterWhisperer <waterwhisperer24@qq.com>
Use the algorithms introduced in #41109 in more places.
Follow more closely the spec when executing classic scripts, introducing
the concepts of rethrowing and muting errors.
Muting errors is not actually implemented, and will be done in a
followup.
Testing: More tests start passing
Fixes#34199Fixes#27260Fixes#15188
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Changed some allow to expects and removed the unfulfilled expectations.
Testing: Refactor
Part of: #40383
Signed-off-by: anonmiraj <nabilmalek48@gmail.com>
Companion to https://github.com/servo/mozjs/pull/650
We added 3 new options to bindings.conf, each more powerful then the
previous one, so one should use the least powerful as possible to keep
things flexible:
1 `cx_no_gc` prepends argument `&JSContext`, which allows creating NoGC
tokens and using functions that do not trigger GC.
2. `cx` prepends argument `&mut JSContext`, which allows everything that
previous one allows, but it also allows calling GC triggering functions.
3. `realm` prepends argument `&mut CurrentRealm`, which can be deref_mut
to `&mut JSContext` (so it can do everything that previous can), but it
also ensures that there is current entered realm, which can be used for
creation of InRealm.
next steps: #40600
reviewable per commit
Testing: It's just refactoring
try run: https://github.com/sagudev/servo/actions/runs/19287700927
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
The goal of this change is to prevent having to copy so much data out of
listeners when a fetch completes, which will be particularly important
for off-the-main thread parsing of CSS (see #22478). This change has
pros and cons:
Pros:
- This makes the design of the `FetchResponseListener` a great deal
simpler.
They no longer individually store a dummy `ResourceFetchTiming` that is
only replaced right before `process_response_eof`.
- The creation of the `Arc<Mutex<FetchResponseListener>>` in the
`NetworkListener` is abstracted away from clients and now they just
pass the `FetchResponseListener` to the fetch methods in the global.
Cons:
- Now each `FetchResponseListener` must explicitly call `submit_timing`
instead of having the `NetworkListener` do it. This is arguably a bit
easier to follow in the code.
- Since the internal data of the `NetworkListener` is now an
`Arc<Mutex<Option<FetchResponseListener>>>`, when the fetching code
needs to share state with the `NetworkListener` it either needs to
share an `Option` or some sort of internal state. In one case I've
stored the `Option` and in another case, I've stored a new inner
shared value.
Testing: This should not change observable behavior and is thus covered
by existing tests.
Fixes: #22550
---------
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This is last step toward enabling the default rustc
`unsafe_op_in_unsafe_fn` warning for the script crate. It wraps the
remaining unsafe code in `unsafe {}` and removes the line disabling this
warning from `script`'s `Cargo.toml`. In addition, two variables are
renamed from `v` to something slightly more descriptive.
Testing: This should not change behavior so is covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
`FetchReponseListener` has traditionally lived in `net` even though it
is only used in `script` currently. Because of the two way dependency,
it has also use a lot of templating to implement something pretty basic
(call methods on a trait object).
This change moves the trait to `script` and removes several levels of
templating, making the code quite a bit shorter and easier to
understand.
This change is preparation for fixing #22550 and implementing
off-the-main-thread CSS parsing.
Testing: This should not change any behavior so is covered by existing
tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Moves interfaces defined by the performance spec to the
`script/dom/performance/` module from `script/dom/`.
Testing: Just a refactor shouldn't need any testing
Fixes: Partially #38901
Signed-off-by: WaterWhisperer <waterwhisperer24@qq.com>
This implements LazyDOMString (from now on DOMString) as outlined in
https://github.com/servo/servo/issues/39479.
Constructing from a *mut JSString we keep the in a
RootedTraceableBox<Heap<*mut JSString>> and transform
the string into a rust string if necessary via the `make_rust_string`
method.
Methods used in script are implemented on this string. Currently we
transform the string at all times.
But in the future more efficient implementations are possible.
We implement the safety critical sections in a separate module
DOMStringInner which allows simple constructors, `make_rust_string` and
the `bytes` method.
This method returns the new type `EncodedBytes` which contains the
reference to the underlying string in either format.
Testing: WPT tests still seem to work, so this should test this
functionality.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This updates all Rc that were ignored for malloc_size_of to use
conditional_malloc_size_of, unless the type in the Rc itself doesn't
support malloc_size.
Regular expressions used to search for all occurrences:
```
ignore_malloc_size_of = "Rc.*"
ignore_malloc_size_of = "Arc.*"
```
There are a couple left since they have nested Rc, which I don't know
how to fix.
To be able to define these, several new implementations were added to
`malloc_size_of/lib.rs` as well as
`HashMapTracedValues`.
Testing: if it compiles, it's safe
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Script: added ```line_no``` as argument to both
```fetch_inline_module_script()``` & ```compile_module_script()``` to
fix the inline script reporting wrong line issue
([#39415](https://github.com/servo/servo/issues/39415)).
Originally, the function ```compile_module_script()``` hardwires the
value 1 when invoking ```CompileOptionsWrapper::new()```. This is fine
if the script is written in separate JS file, but for inline scripts, it
will cause confusion if the ```<script>``` tag doesn't start from line
#1.
```line_no``` is obtained from ```line_number```, a member variable from ```HTMLScriptElement```.
Credits to @jdm for actually pointing out which functions to fix.
Testing: Created a WPT test for this change, specifically: ```tests/wpt/tests/html/semantics/scripting-1/the-script-element/module/evaluation-error-5.html```.
Fixes: issue [#39415](https://github.com/servo/servo/issues/39415)
---------
Signed-off-by: RichardTjokroutomo <richard.tjokro2@gmail.com>
Signed-off-by: Rocketjumper <112361665+RichardTjokroutomo@users.noreply.github.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Euclid Ye <yezhizhenjiakang@gmail.com>
This is part of the future work of implementing LazyDOMString as
outlined in issue #39479.
We use str() method or direct implementations on DOMString for these
methods. We also change some types.
This is independent of https://github.com/servo/servo/pull/39480
Signed-off-by: Narfinger Narfinger@users.noreply.github.com
Testing: This is essentially just renaming a method and a type and
should not change functionality.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Adding an optional message to be attached to a NotFoundError.
Testing: Just a refactor
Part of #39053
---------
Signed-off-by: Rodion Borovyk <rodion.borovyk@gmail.com>
This shows up sometimes in code reviews, so it makes sense that tidy
enforces it. `rustfmt` supports this via comment normalization, but it
does many other things and is still an unstable feature (with bugs).
Testing: There are new tidy tests for this change.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
to use the [SpiderMonkey Debugger
API](https://firefox-source-docs.mozilla.org/js/Debugger/) as the single
source of truth about scripts and their sources for devtools purposes
(servo/servo#38334), the debugger script needs to be able to distinguish
inline scripts from other scripts, because inline scripts are a special
case where the source contents need to come from the Servo parser.
the mechanism for this is
[Debugger.Script.prototype.**introductionType**](https://firefox-source-docs.mozilla.org/js/Debugger/Debugger.Source.html#introductiontype),
which is `inlineScript` for inline scripts or a variety of other values
for other kinds of scripts, but only the embedder can provide this
information.
this patch bumps mozjs to servo/mozjs#603, which expands on
CompileOptionsWrapper, making it a safe wrapper around CompileOptions.
to construct one from safe code, use Runtime::new_compile_options().
then you can call `set_introduction_type(&'static CStr)` on the new
instance. we also make Runtime::evaluate_script() take a
CompileOptionsWrapper from the caller, instead of constructing one
internally.
in this patch, we set the introductionType to `c"inlineScript"` when
calling run_a_classic_script() and compile_module_script() for inline
scripts, and leave it unset all other cases.
Testing: will undergo automated tests in #38334
Fixes: part of #36027, part of servo/servo#38378
---------
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: atbrakhi <atbrakhi@igalia.com>
The scripted_caller only has information if the context is coming
from a script. If an element fetch listener processes CSP
violations, then this information doesn't exist. Instead, we should
use the global URL and the line number. WPT tests don't appear
to expect a column number, as they are all zero. Not all elements
are updated, as I am not actually sure all of them need it.
The source position remains an Option, since there are also code
paths that don't correspond to element or script sources. Maybe
in the future we can always determine the source position, but
let's take small steps towards that.
Part of #4577
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This refactoring moves various CSP-related methods away from GlobalScope
and Document into a dedicated entrypoint. It also reduces the amount of
imports of the CSP crate, so that types are consolidated into this one
entrypoint. That way, we control how CSP code interacts with the script
crate.
For reviewing purposes, I split up the refactoring into separate
distinct commits that all move 1 method(group) into the new file.
Testing: no change in behavior, only a build improvement + code cleanup
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Implement whole spec of `resolve_module_specifier`. Servo can now
support script element with import map type!
Testing: `tests/wpt/tests/import-map`
Fixes: #37316#36394
---------
Signed-off-by: Wu Yu Wei <yuweiwu@pm.me>
- Register import map when preparing HTML script element
- Added `import_map` to `GlobalScope`
Testing: should pass existing WPT
Fixes: part of https://github.com/servo/servo/issues/37316
---------
Signed-off-by: Jason Tsai <git@pews.dev>
adding `resolve_url_like_module_specifier` method to `ModuleTree`.
Testing: Existing WPT test for script element should pass.
Fixes: https://github.com/servo/servo/issues/37316, resolving a URL-like
module specifier
Signed-off-by: Jason Tsai <git@pews.dev>
All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.
Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).
Fixes#36806
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This PR resolves [#36592](https://github.com/servo/servo/issues/36592)
by updating the `RequestBuilder` used in `script_module.rs` to include:
- `insecure_requests_policy`
- `has_trustworthy_ancestor_origin`
- `policy_container`
These fields are critical for enforcing proper fetch behavior under
modern web security models, and were previously omitted from module
script requests.
This change ensures that scripts loaded via `<script type="module">` or
dynamic `import()` correctly reflect the calling document’s security
environment.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#36592
<!-- Either: -->
- [X] There are tests for these changes
Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.
However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].
[1]: https://github.com/servo/servo/issues/35028
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
