This pulls one bit of navigation logic out into a method that is easier
to cross-reference against the spec, and drops a bunch of custom logic
that is better served by the existing LoadOrigin infrastructure.
Testing: Existing WPT coverage is sufficient.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
script: Add longdesc reflection to HTMLIFrameElement and
HTMLFrameElement
Also corrects the reflection for HTMLImageElement to use USVString.
Testing: Covered by WPTs
Signed-off-by: Luke Warlow <lwarlow@igalia.com>
Add a check for a valid key path when create index on idb object store
Testing: `./mach test-wpt
tests/wpt/tests/IndexedDB/keypath_invalid.any.js`
Fixes: #42434
---------
Signed-off-by: Jerens Lensun <jerensslensun@gmail.com>
Our existing `SubtleCrypto::normalize_algorithm` implementation converts
the input dictionary from a JavaScript object to a Rust struct twice.
The first conversion (Step 2 to 4) under WebIDL dictionary `Algorithm`
is for retrieving the `name` property to determine the desired
dictionary type, and the second conversion (Step 9 to 10) is for
retrieving the whole dictionary of desired WebIDL dictionary type.
If the `name` property of the input dictionary is a JavaScript getter
method, the getter will be triggered twice and leads to some undesired
side effects. For example, WPT contains some tests that the `name`
property is a getter method which transfers a buffer source. Triggering
it twice leads to a TypeError of accessing detached buffer at the second
time. Those tests then fail.
5bb4f9f103/tests/wpt/tests/WebCryptoAPI/digest/cshake.tentative.https.any.js (L215-L219)
This patch includes two changes to fix this problem.
First, the algorithm name retrieved in Step 2 to 4 is now passed to
`Op::RegisteredAlgorithm::from_object` in Step 9 to 10 so that we don't
need to read the `name` property and trigger the getter method again.
Second, we no longer use `dictionary_from_jsval` for converting the
dictionary, since it reads the whole dictionary including the `name`
property, triggering the getter method again. Instead, we add some
custom helper functions (`get_optional_parameter`,
`get_required_parameter`, `get_optional_parameter_in_box`,
`get_required_parameter_in_box`, `get_optional_buffer_source`,
`get_required_buffer_source`) to manually read properties other the
`name` property one by one, in a way that matches the specification.
Hence, each property of the input dictionary will only be read once, to
avoid this issue.
Testing: Pass some WPT tests that were expected to fail.
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
## Summary
Fixes#43328
When `OsRng.try_fill_bytes` fails in `crypto.getRandomValues`, the code
previously returned `Error::JSFailed`. This error type asserts that a
JavaScript exception is already pending on the context — but `OsRng` is
a Rust library that never sets a JS exception, causing Servo to panic
with `assertion failed: JS_IsExceptionPending(*cx)`.
This PR replaces `Error::JSFailed` with `Error::Operation`, which throws
a proper `OperationError` DOMException instead of crashing. This is
consistent with how Servo's SubtleCrypto handles the same scenario
(e.g., `ed25519_operation.rs`).
## Testing
Tested by unconditionally taking the error branch (`if true`):
**Before (panic):**
<img width="960" alt="Screenshot From 2026-03-20 23-42-35"
src="https://github.com/user-attachments/assets/f15150ce-aa26-46c9-a381-985e6d850904"
/>
---
**After (fix):**
<img width="960" alt="Screenshot From 2026-03-20 23-43-05"
src="https://github.com/user-attachments/assets/99490b06-aeaa-4dcc-b10a-56336efad87d"
/>
Signed-off-by: rogerkorantenng <rogerkorantenng@gmail.com>
This fixes two assertions observed in Servo using debug mozjs builds:
* `Assertion failure: !IsInsideNursery(obj)` for every promise object
reflected into Rust code
* `Missing calls to JS::RemoveAssociatedMemory` when shutting down the
browser
Testing: Verified locally that WPT tests can run to completion in debug
mozjs builds, but we don't run those on CI.
Fixes: #43486
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
The spec has explicit steps for it, where we were calling a different
algorithm before. This passes more assertions in
`content-security-policy/securitypolicyviolation/securitypolicyviolation-block-image.sub.html`
but since line numbers aren't correct, the test isn't fully passing yet.
Testing: WPT
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This change implements the `scrollend` event. Since there is no support
for asynchronous / smooth scrolling, with this change all `scroll`
events simply send a `scrollend` event in a way that looks a bit like
what the specification says. Note that there are currently some serious
issues (w3c/csswg-drafts#8396) with specification, so things are still a
bit weird overall.
In addition, this organizes and reduces duplication in some of the
existing scroll event code.
Testing: This causes some WPT tests to start passing or to stop timing
out.
---------
Signed-off-by: abdelrahman1234567 <abdelrahman.hossameldin.awadalla@huawei.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: abdelrahman1234567 <abdelrahman.hossameldin.awadalla@huawei.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
This uses UnrootedSimpleNodeIterator in a couple of places, namely
- delete_cell_or_row
- children_changed
- move_fn
More importantly this implements upcast and downcast for `UnrootedDom`.
These methods work the same as the DomRoot methods except that they
carry the no_gc and, hence,
keep the lifetime.
Testing: WPT tests will see if this breaks something.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This is no longer present in the spec. Instead, the
`process_request_body` is the new way. These two
methods were called right after each other and there was only 1
implementation in `htmlvideoelement`. That implementation is now moved
to `process_request_body` and hence we can remove the unnecessary
method.
Testing: It compiles
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Pass `&mut JSContext` to `HTMLScriptElement::execute`, propagate it
inside `global_scope_script_execution.rs` and then switch to wrappers2
bindings.
Testing: A successful build is enough.
Part of #40600
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
This PR involves cleaning up the unused GlobalScope argument in
UnderlyingSourceContainer::call_pull_algorithm. This PR involves changes
across three files. Only removing the unused GlobalScope and suppressed
reference with underscore prefix.
Testing: This PR involves cleanup of the unused GlobalScope argument in
UnderlyingSourceContainer::call_pull_algorithm. The argument was
suppressed using underscore earlier. Thus it was not involved in any
runtime instances. Thus this PR does not require additional testing. I
was able to successfully build the repo after changes. There is no other
dependency of removed variable, thus no impact outside.
Fixes: #43460
Signed-off-by: Nishant-k-sagar <147799872+Nishant-k-sagar@users.noreply.github.com>
Previously arrays were falling back to Object previewer which was
showing indices as properties- which was not correct. This PR implements
dedicated `ArrayPreviewer` that follows Firefox's `ArrayLike` pattern.
Currently array preview support only length display, it does not
implement showing array items yet.
Now(Correct and follows Firefox pattern, Array items coming in a
follow-up PR):
<img width="510" height="167" alt="image"
src="https://github.com/user-attachments/assets/a51f04d4-333c-4d7c-8159-18121c967670"
/>
Before(We shouldn't see these values- it's incorrect):
<img width="1294" height="721" alt="image"
src="https://github.com/user-attachments/assets/2218a622-c791-4436-958e-1a5553de7864"
/>
Testing: Current tests are passing.
Fixes: Part of #36027
Signed-off-by: atbrakhi <atbrakhi@igalia.com>
This moves some easy elements in Script from IpcChannel and related
methods to GenericChannel and related methods and some callbacks.
Testing: This will be covered by WPT if the channels behave differently.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
The width and height should be guaranteed to be non-negative according
to CSSOM regardless of the writing mode.
Testing: Existing tests.
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
While we now pass a lot of worker tests, we still fail a bunch:
```
% fd '^worker-.*.html.ini'
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.http.html.ini
tests/wpt/meta/content-security-policy/gen/top.http-rp/script-src-self/worker-import.https.html.ini
tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.http.html.ini
tests/wpt/meta/content-security-policy/gen/top.http-rp/worker-src-self/worker-import.https.html.ini
tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.http.html.ini
tests/wpt/meta/content-security-policy/gen/top.meta/script-src-self/worker-import.https.html.ini
tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.http.html.ini
tests/wpt/meta/content-security-policy/gen/top.meta/worker-src-self/worker-import.https.html.ini
tests/wpt/meta/content-security-policy/script-src/worker-data-set-timeout.sub.html.ini
tests/wpt/meta/content-security-policy/script-src/worker-importscripts.sub.html.ini
tests/wpt/meta/content-security-policy/script-src/worker-set-timeout.sub.html.ini
tests/wpt/meta/fetch/metadata/generated/worker-dedicated-constructor.sub.html.ini
tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.https.sub.html.ini
tests/wpt/meta/fetch/metadata/generated/worker-dedicated-importscripts.sub.html.ini
tests/wpt/meta/mixed-content/gen/top.http-rp/opt-in/worker-import-data.https.html.ini
tests/wpt/meta/mixed-content/gen/top.http-rp/opt-in/worker-import.https.html.ini
tests/wpt/meta/referrer-policy/generic/subresource-test/worker-messaging.html.ini
tests/wpt/meta/service-workers/service-worker/worker-client-id.https.html.ini
tests/wpt/meta/service-workers/service-worker/worker-in-sandboxed-iframe-by-csp-fetch-event.https.html.ini
tests/wpt/meta/service-workers/service-worker/worker-interception-redirect.https.html.ini
tests/wpt/meta/service-workers/service-worker/worker-interception.https.html.ini
tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic.http-rp/upgrade/worker-classic.https.html.ini
tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic.http-rp/upgrade/worker-module.https.html.ini
tests/wpt/meta/upgrade-insecure-requests/gen/worker-module.http-rp/upgrade/worker-classic.https.html.ini
tests/wpt/meta/upgrade-insecure-requests/gen/worker-module.http-rp/upgrade/worker-module.https.html.ini
tests/wpt/meta/wasm/webapi/esm-integration/worker-import-source-phase.tentative.html.ini
tests/wpt/meta/wasm/webapi/esm-integration/worker-import.tentative.html.ini
tests/wpt/meta/workers/Worker-creation-happens-in-parallel.https.html.ini
tests/wpt/meta/workers/Worker-postMessage-happens-in-parallel.https.html.ini
tests/wpt/meta/workers/Worker-terminate-forever-during-evaluation.html.ini
tests/wpt/meta/workers/worker-request-animation-frame.html.ini
```
Also, we are passing `Option<PolicyContainer>` down the call stack
through `LoadState`, which is more of a workaround. However, since
maintaining this long-lived branch is becoming a bit painful (merge
conflicts) and I was starting to lose momentum because of that, I would
like get this merged rather sooner than later.
We will address the failing tests and find the right place for
`PolicyContainer` in follow-ups, including the added
`#[allow(clippy::too_many_arguments)]`.
# See also
* https://html.spec.whatwg.org/multipage/#worker-processing-model
*
https://html.spec.whatwg.org/multipage/#fetch-a-module-worker-script-tree
---
Fixes: #23308
Testing: WPT tests
Signed-off-by: pylbrecht <pylbrecht@mailbox.org>
Co-authored-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Instead of always doing the newline fixup on the `<textarea>`
placeholder, only do it when the placeholder attribute itself changes.
This avoids doing string replacements when they are not necessary (such
as when a `<textarea>` switches from having text to only having the
placeholder and viceversa).
In addition make it so that `DOMString::clear` preserves the string
allocation when called.
Testing: This is just a small optimization so testing should not be
necessary. Existing behavior is verified via WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Pass `&mut JsContext` to `TransformStreamDefaultController::enqueue`, in
preparation of porting the remaining BlobMethods.
Testing: Just a refactor, ./mach test-unit still passes.
Fixes: Part of #42638
---------
Signed-off-by: Uiniel <174327181+uiniel@users.noreply.github.com>
On visual viewport scroll, fire the scroll event to the `VisualViewport`
instances. Incidentaly, fix a bug where the pinch zoom update should be
propagated to the script.
Testing: New unit test and manual WPT.
---------
Signed-off-by: Jo Steven Novaryo <steven.novaryo@gmail.com>
Added dedicated worker side handling, followed the same pattern used in
main script handling by wiring worker global scope to
`DebuggerGlobalScope` and invoking `fire_eval`
fixes: Part of #43317
Signed-off-by: SharanRP <z8903830@gmail.com>
On Windows and Linux the control key is expected to move the text caret
by word. In addition, it seems like the alt wasn't working properly on
Linux. This change makes the modifier key for word movement dependent on
the platform.
Testing: This change adds a Servo-specific keyboard motion test.
Keyboard motion events are not specified AFAIK.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This fixes a warning of `cargo publish`:
```
warning: manifest has no description, documentation, homepage or repository
```
Testing: Compiling. Manual testing of `cargo publish --dry-run` (with
some additional patches, and until the next error, shows this warning
has been fixed)
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
in #42336, we added a
[Servo](https://doc.servo.org/servo/struct.Servo.html)-global API for
controlling whether accessibility is active. the idea was that when the
embedder activates accessibility, all webviews and documents activate
accessibility and start sending AccessKit tree updates, and vice versa
when they deactivate.
we found a problem with this approach in #42338. global activation of
accessibility makes it too easy to accidentally cause a panic in
AccessKit, and harder than it needs to be for embedders to learn that
they are responsible for grafting each webview’s subtree into their main
AccessKit tree as soon as accessibility is activated. this is due to an
invariant of the AccessKit subtree API: if a subtree starts sending
updates before the graft node is created, the program panics.
this patch reworks accessibility activation to make it per-webview. by
requiring embedders to explicitly activate accessibility for a webview,
we can communicate the AccessKit invariant via our API docs.
Testing: this patch includes an initial accessibility test in libservo
Fixes: part of #4344, extracted from our work in #42338
---------
Signed-off-by: Alice Boxhall <alice@igalia.com>
Signed-off-by: delan azabani <dazabani@igalia.com>
Co-authored-by: Alice Boxhall <alice@igalia.com>
Add the cx parameter to `fn process_response` in the
`FetchResponseListener` trait and the traits that that interface change
requires. Chose to add it as the first parameter, following the same
order that `FetchResponseListener::process_response_eof` uses.
Testing: Checked that servo builds locally as well as `./mach fmt` and
`./mach test-tidy`. I don't think more tests are needed as we are not
introducing new functionality
Fixes: #42840
---------
Signed-off-by: Javier Olaechea <pirata@gmail.com>
Instead of using ASCII character to process the `accesskey` attribute
use the hardware key code that comes with the platform key event. This
aligns our implementation closer to the spec and allows `accesskey` to
work properly with lowercase letters on Linux machines (where shift is
part of the access key sequence). This might introduce some issues with
non-US keyboards, but those issues are inherent in the specification --
one reason why `accesskey` is not recommended for use.
Testing: A Servo-specific accesskey test is extended to cover this case.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Elements with `visibility: hidden` or `visibility: collapse` could
receive focus via both sequential navigation and the JS `focus()` API,
and already-focused elements did not lose focus when becoming invisible.
Per the CSS Display spec, invisible elements ”are removed from
navigation”, which we can interpret to mean sequential focus navigation.
In practical terms, all popular user agents also prevent elements with
`visibility: hidden` from being focusable via click/the JS API, so this
PR makes servo match that behaviour as well.
Specifically, this adds a visibility check to
`Element::focusable_area_kind()` so that invisible elements are excluded
from all focusable area kinds.
Fixes#41312.
---------
Signed-off-by: Jacob Adam <software@jacobadam.net>
Pass `&mut JSContext` to `ReadableStream::cancel`, in preparation of
porting the remaining `BlobMethods`.
Testing: Just a refactor, ./mach test-unit still passes.
Fixes: Part of #42638
Signed-off-by: Uiniel <174327181+uiniel@users.noreply.github.com>
It pushes the `temp_cx` 1 level up to `element.rs` where the calling
chain begins. Other than that this was purely a mechanical change where
I used regexes to replace all patterns with the new ones.
Part of #42812
Testing: It compiles
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Previously CONTENT_EVENT_HANDLER_NAMES was a array of more than 100
elements where we were doing a linear search.
This replaces it with a FxHashSet and a O(1) search. In most cases this
should not improve performance as the first few elements seem to be the
most common event handler names. But even these were a couple of costly
string away.
In the case that somebody specifies a later event or an event that does
not exist, we increase the performance significantly.
Currently I do not have numbers as I am away from my workstation.
Testing: This does not change behavior, just speed.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Pass `&mut JSContext` and `&mut CurrentRealm` to more functions in
`dom/stream`, focusing on functions that need to be ported to finish
porting the remaining methods in `Blob`.
Testing: Just a refactor, ./mach test-unit still passes.
Fixes: Part of #42638
---------
Signed-off-by: Uiniel <174327181+uiniel@users.noreply.github.com>
Propagate the had_duplicate_attributes flag from html5ever's
ElementFlags through to the Element struct, enabling step 3 of the
CSP "is element nonceable" algorithm. Elements with duplicate
attributes are now correctly marked as "Not Nonceable", preventing
scripts with duplicate attributes from bypassing CSP nonce checks.
Testing: We still need https://github.com/servo/html5ever/issues/118 to
fully pass the
`content-security-policy/script-src/nonce-enforce-blocked.html` wpt
test. But I was able to uncomment some of the remaining tests on
`mozilla/csp/nonce-external-script-malformed-blocked.html`
---------
Signed-off-by: Dyego Aurélio <dyegoaurelio@gmail.com>
RustRover flags unused dependencies gray in Cargo.toml, which works well
except for macro / derive related crates (false-positives). Based on
that I removed the flagged crates (after double checking with grep based
search).
There is one weird case in `storage`, where `tokio` was added as a
dependency with multiple feature flags enabled, without tokio actually
being used. Since the same feature combination is present in `net`,
probably this is a remnant of migrating storage from net.
Testing: If CI passes, this is fine. I additionally also searched for
references of the packages I removed in the respective crate (I hope I
didn't forget any, but should be 90% good).
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
