/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at https://mozilla.org/MPL/2.0/. */ use std::cell::Cell; use std::rc::Rc; use content_security_policy::sandboxing_directive::{ SandboxingFlagSet, parse_a_sandboxing_directive, }; use dom_struct::dom_struct; use embedder_traits::ViewportDetails; use html5ever::{LocalName, Prefix, local_name, ns}; use js::context::JSContext; use js::rust::HandleObject; use net_traits::ReferrerPolicy; use net_traits::request::Destination; use profile_traits::ipc as ProfiledIpc; use script_traits::{NewPipelineInfo, UpdatePipelineIdReason}; use servo_base::id::{BrowsingContextId, PipelineId, WebViewId}; use servo_constellation_traits::{ IFrameLoadInfo, IFrameLoadInfoWithData, LoadData, LoadOrigin, NavigationHistoryBehavior, ScriptToConstellationMessage, TargetSnapshotParams, }; use servo_url::ServoUrl; use style::attr::{AttrValue, LengthOrPercentageOrAuto}; use stylo_atoms::Atom; use crate::document_loader::{LoadBlocker, LoadType}; use crate::dom::attr::Attr; use crate::dom::bindings::cell::DomRefCell; use crate::dom::bindings::codegen::Bindings::HTMLIFrameElementBinding::HTMLIFrameElementMethods; use crate::dom::bindings::codegen::Bindings::WindowBinding::Window_Binding::WindowMethods; use crate::dom::bindings::codegen::UnionTypes::TrustedHTMLOrString; use crate::dom::bindings::error::Fallible; use crate::dom::bindings::inheritance::Castable; use crate::dom::bindings::refcounted::Trusted; use crate::dom::bindings::reflector::DomGlobal; use crate::dom::bindings::root::{DomRoot, LayoutDom, MutNullableDom}; use crate::dom::bindings::str::{DOMString, USVString}; use crate::dom::document::Document; use crate::dom::domtokenlist::DOMTokenList; use crate::dom::element::{AttributeMutation, Element, reflect_referrer_policy_attribute}; use crate::dom::eventtarget::EventTarget; use crate::dom::globalscope::GlobalScope; use crate::dom::html::htmlelement::HTMLElement; use crate::dom::node::{BindContext, Node, NodeDamage, NodeTraits, UnbindContext}; use crate::dom::performance::performanceresourcetiming::InitiatorType; use crate::dom::trustedtypes::trustedhtml::TrustedHTML; use crate::dom::virtualmethods::VirtualMethods; use crate::dom::windowproxy::WindowProxy; use crate::navigation::{ determine_creation_sandboxing_flags, determine_iframe_element_referrer_policy, }; use crate::network_listener::ResourceTimingListener; use crate::script_runtime::CanGc; use crate::script_thread::{ScriptThread, with_script_thread}; use crate::script_window_proxies::ScriptWindowProxies; #[derive(PartialEq)] enum PipelineType { InitialAboutBlank, Navigation, } #[derive(Clone, Copy, PartialEq)] pub(crate) enum ProcessingMode { FirstTime, NotFirstTime, } /// #[derive(Clone, Copy, Default, MallocSizeOf, PartialEq)] enum LazyLoadResumptionSteps { #[default] None, SrcDoc, } #[dom_struct] pub(crate) struct HTMLIFrameElement { htmlelement: HTMLElement, #[no_trace] webview_id: Cell>, #[no_trace] browsing_context_id: Cell>, #[no_trace] pipeline_id: Cell>, #[no_trace] pending_pipeline_id: Cell>, #[no_trace] about_blank_pipeline_id: Cell>, sandbox: MutNullableDom, #[no_trace] sandboxing_flag_set: Cell>, load_blocker: DomRefCell>, throttled: Cell, #[conditional_malloc_size_of] script_window_proxies: Rc, /// current_navigation_was_lazy_loaded: Cell, /// #[no_trace] lazy_load_resumption_steps: Cell, /// Keeping track of whether the iframe will be navigated /// outside of the processing of it's attribute(for example: form navigation). /// This is necessary to prevent the iframe load event steps /// from asynchronously running for the initial blank document /// while script at this point(when the flag is set) /// expects those to run only for the navigated documented. pending_navigation: Cell, /// Whether a load event was synchronously fired, for example when /// an empty iframe is attached. In that case, we shouldn't fire a /// subsequent asynchronous load event. already_fired_synchronous_load_event: Cell, } impl HTMLIFrameElement { /// , fn shared_attribute_processing_steps_for_iframe_and_frame_elements( &self, _mode: ProcessingMode, ) -> Option { let element = self.upcast::(); // Step 2. If element has a src attribute specified, and its value is not the empty string, then: let url = element .get_attribute(&local_name!("src")) .and_then(|src| { let url = src.value(); if url.is_empty() { None } else { // Step 2.1. Let maybeURL be the result of encoding-parsing a URL given that attribute's value, // relative to element's node document. // Step 2.2. If maybeURL is not failure, then set url to maybeURL. self.owner_document().encoding_parse_a_url(&url).ok() } }) // Step 1. Let url be the URL record about:blank. .unwrap_or_else(|| ServoUrl::parse("about:blank").unwrap()); // Step 3. If the inclusive ancestor navigables of element's node navigable contains // a navigable whose active document's URL equals url with exclude fragments set to true, then return null. // TODO // Step 4. If url matches about:blank and initialInsertion is true, then perform the URL and history update steps // given element's content navigable's active document and url. // TODO // Step 5. Return url. Some(url) } pub(crate) fn navigate_or_reload_child_browsing_context( &self, load_data: LoadData, history_handling: NavigationHistoryBehavior, mode: ProcessingMode, target_snapshot_params: TargetSnapshotParams, cx: &mut js::context::JSContext, ) { // In case we fired a synchronous load event, but navigate away // in the event listener of that event, then we should still // fire a second asynchronous load event when that navigation // finishes. Therefore, on any navigation (but not the initial // about blank), we should always set this to false, regardless // of whether we synchronously fired a load in the same microtask. self.already_fired_synchronous_load_event.set(false); self.start_new_pipeline( load_data, PipelineType::Navigation, history_handling, mode, target_snapshot_params, cx, ); } fn start_new_pipeline( &self, mut load_data: LoadData, pipeline_type: PipelineType, history_handling: NavigationHistoryBehavior, mode: ProcessingMode, target_snapshot_params: TargetSnapshotParams, cx: &mut js::context::JSContext, ) { let document = self.owner_document(); { let load_blocker = &self.load_blocker; // Any oustanding load is finished from the point of view of the blocked // document; the new navigation will continue blocking it. LoadBlocker::terminate(load_blocker, cx); *load_blocker.borrow_mut() = Some(LoadBlocker::new( &document, LoadType::Subframe(load_data.url.clone()), )); } if load_data.url.scheme() != "javascript" { self.continue_navigation( load_data, pipeline_type, history_handling, target_snapshot_params, ); return; } // TODO(jdm): The spec uses the navigate algorithm here, but // our iframe navigation is not yet unified enough to follow that. // Eventually we should remove the task and invoke ScriptThread::navigate instead. let iframe = Trusted::new(self); let doc = Trusted::new(&*document); document .global() .task_manager() .networking_task_source() .queue(task!(navigate_to_javascript: move |cx| { let this = iframe.root(); let window_proxy = this.GetContentWindow(); if let Some(window_proxy) = window_proxy { // If this method returns false we are not creating a new // document and the frame can be considered loaded. if !ScriptThread::navigate_to_javascript_url( cx, &this.owner_global(), &window_proxy.global(), &mut load_data, Some(this.upcast()), Some(mode == ProcessingMode::FirstTime), ) { LoadBlocker::terminate(&this.load_blocker, cx); return; } load_data.about_base_url = doc.root().about_base_url(); } this.continue_navigation(load_data, pipeline_type, history_handling, target_snapshot_params); })); } fn continue_navigation( &self, load_data: LoadData, pipeline_type: PipelineType, history_handling: NavigationHistoryBehavior, target_snapshot_params: TargetSnapshotParams, ) { let browsing_context_id = match self.browsing_context_id() { None => return warn!("Attempted to start a new pipeline on an unattached iframe."), Some(id) => id, }; let webview_id = match self.webview_id() { None => return warn!("Attempted to start a new pipeline on an unattached iframe."), Some(id) => id, }; let window = self.owner_window(); let old_pipeline_id = self.pipeline_id(); let new_pipeline_id = PipelineId::new(); self.pending_pipeline_id.set(Some(new_pipeline_id)); let load_info = IFrameLoadInfo { parent_pipeline_id: window.pipeline_id(), browsing_context_id, webview_id, new_pipeline_id, is_private: false, // FIXME inherited_secure_context: load_data.inherited_secure_context, history_handling, target_snapshot_params, }; let viewport_details = window .get_iframe_viewport_details_if_known(browsing_context_id) .unwrap_or_else(|| ViewportDetails { hidpi_scale_factor: window.device_pixel_ratio(), ..Default::default() }); match pipeline_type { PipelineType::InitialAboutBlank => { self.about_blank_pipeline_id.set(Some(new_pipeline_id)); let load_info = IFrameLoadInfoWithData { info: load_info, load_data: load_data.clone(), old_pipeline_id, viewport_details, theme: window.theme(), }; window .as_global_scope() .script_to_constellation_chan() .send(ScriptToConstellationMessage::ScriptNewIFrame(load_info)) .unwrap(); let new_pipeline_info = NewPipelineInfo { parent_info: Some(window.pipeline_id()), new_pipeline_id, browsing_context_id, webview_id, opener: None, load_data, viewport_details, user_content_manager_id: None, theme: window.theme(), target_snapshot_params, }; self.pipeline_id.set(Some(new_pipeline_id)); with_script_thread(|script_thread| { script_thread.spawn_pipeline(new_pipeline_info); }); }, PipelineType::Navigation => { let load_info = IFrameLoadInfoWithData { info: load_info, load_data, old_pipeline_id, viewport_details, theme: window.theme(), }; window .as_global_scope() .script_to_constellation_chan() .send(ScriptToConstellationMessage::ScriptLoadedURLInIFrame( load_info, )) .unwrap(); }, } } /// When an iframe is first inserted into the document, /// an "about:blank" document is created, /// and synchronously processed by the script thread. /// This initial synchronous load should have no noticeable effect in script. /// See the note in `iframe_load_event_steps`. pub(crate) fn is_initial_blank_document(&self) -> bool { self.pending_pipeline_id.get() == self.about_blank_pipeline_id.get() } /// fn navigate_an_iframe_or_frame( &self, cx: &mut js::context::JSContext, load_data: LoadData, mode: ProcessingMode, ) { // Step 2. If element's content navigable's active document is not completely loaded, // then set historyHandling to "replace". let history_handling = if !self .GetContentDocument() .is_some_and(|doc| doc.completely_loaded()) { NavigationHistoryBehavior::Replace } else { // Step 1. Let historyHandling be "auto". NavigationHistoryBehavior::Auto }; // Step 3. If element is an iframe, then set element's pending resource-timing start time // to the current high resolution time given element's node document's relevant global object. // TODO // Step 4. Navigate element's content navigable to url using element's node document, // with historyHandling set to historyHandling, referrerPolicy set to referrerPolicy, // documentResource set to srcdocString, and initialInsertion set to initialInsertion. let target_snapshot_params = snapshot_self(self); self.navigate_or_reload_child_browsing_context( load_data, history_handling, mode, target_snapshot_params, cx, ); } /// fn will_lazy_load_element_steps(&self) -> bool { // Step 1. If scripting is disabled for element, then return false. if !self.owner_document().scripting_enabled() { return false; } // Step 2. If element's lazy loading attribute is in the Lazy state, then return true. // Step 3. Return false. self.Loading() == "lazy" } /// Step 1.3. of fn navigate_to_the_srcdoc_resource( &self, mode: ProcessingMode, cx: &mut js::context::JSContext, ) { // Step 1.3. Navigate to the srcdoc resource: Navigate an iframe or frame given element, // about:srcdoc, the empty string, and the value of element's srcdoc attribute. let url = ServoUrl::parse("about:srcdoc").unwrap(); let document = self.owner_document(); let window = self.owner_window(); let pipeline_id = Some(window.pipeline_id()); let mut load_data = LoadData::new( LoadOrigin::Script(document.origin().snapshot()), url, Some(document.base_url()), pipeline_id, window.as_global_scope().get_referrer(), document.get_referrer_policy(), Some(window.as_global_scope().is_secure_context()), Some(document.insecure_requests_policy()), document.has_trustworthy_ancestor_or_current_origin(), self.sandboxing_flag_set(), ); load_data.destination = Destination::IFrame; load_data.policy_container = Some(window.as_global_scope().policy_container()); load_data.srcdoc = String::from( self.upcast::() .get_string_attribute(&local_name!("srcdoc")), ); self.navigate_an_iframe_or_frame(cx, load_data, mode); } /// fn mark_navigation_as_lazy_loaded(&self, cx: &mut js::context::JSContext) { // > An iframe element whose current navigation was lazy loaded boolean is false potentially delays the load event. self.current_navigation_was_lazy_loaded.set(true); let blocker = &self.load_blocker; LoadBlocker::terminate(blocker, cx); } /// fn process_the_iframe_attributes(&self, mode: ProcessingMode, cx: &mut js::context::JSContext) { let element = self.upcast::(); // Step 1. If `element`'s `srcdoc` attribute is specified, then: // // Note that this also includes the empty string if element.has_attribute(&local_name!("srcdoc")) { // Step 1.1. Set element's current navigation was lazy loaded boolean to false. self.current_navigation_was_lazy_loaded.set(false); // Step 1.2. If the will lazy load element steps given element return true, then: if self.will_lazy_load_element_steps() { // Step 1.2.1. Set element's lazy load resumption steps to the rest of this algorithm // starting with the step labeled navigate to the srcdoc resource. self.lazy_load_resumption_steps .set(LazyLoadResumptionSteps::SrcDoc); // Step 1.2.2. Set element's current navigation was lazy loaded boolean to true. self.mark_navigation_as_lazy_loaded(cx); // Step 1.2.3. Start intersection-observing a lazy loading element for element. // TODO // Step 1.2.4. Return. return; } // Step 1.3. Navigate to the srcdoc resource: Navigate an iframe or frame given element, // about:srcdoc, the empty string, and the value of element's srcdoc attribute. self.navigate_to_the_srcdoc_resource(mode, cx); return; } let window = self.owner_window(); // https://html.spec.whatwg.org/multipage/#attr-iframe-name // Note: the spec says to set the name 'when the nested browsing context is created'. // The current implementation sets the name on the window, // when the iframe attributes are first processed. if mode == ProcessingMode::FirstTime { if let Some(window) = self.GetContentWindow() { window.set_name( element .get_name() .map_or(DOMString::from(""), |n| DOMString::from(&*n)), ); } } // Step 2.1. Let url be the result of running the shared attribute processing steps // for iframe and frame elements given element and initialInsertion. let Some(url) = self.shared_attribute_processing_steps_for_iframe_and_frame_elements(mode) else { // Step 2.2. If url is null, then return. return; }; // Step 2.3. If url matches about:blank and initialInsertion is true, then: if url.matches_about_blank() && mode == ProcessingMode::FirstTime { // We should **not** send a load event in `iframe_load_event_steps`. self.already_fired_synchronous_load_event.set(true); // Step 2.3.1. Run the iframe load event steps given element. self.run_iframe_load_event_steps(cx); // Step 2.3.2. Return. return; } // Step 2.4: Let referrerPolicy be the current state of element's referrerpolicy content // attribute. let document = self.owner_document(); let referrer_policy_token = self.ReferrerPolicy(); // Note: despite not being explicitly stated in the spec steps, this falls back to // document's referrer policy here because it satisfies the expectations that when unset, // the iframe should inherit the referrer policy of its parent let referrer_policy = match ReferrerPolicy::from(&*referrer_policy_token.str()) { ReferrerPolicy::EmptyString => document.get_referrer_policy(), policy => policy, }; // TODO(#25748): // By spec, we return early if there's an ancestor browsing context // "whose active document's url, ignoring fragments, is equal". // However, asking about ancestor browsing contexts is more nuanced than // it sounds and not implemented here. // Within a single origin, we can do it by walking window proxies, // and this check covers only that single-origin case, protecting // against simple typo self-includes but nothing more elaborate. let mut ancestor = window.GetParent(); while let Some(a) = ancestor { if let Some(ancestor_url) = a.document().map(|d| d.url()) { if ancestor_url.scheme() == url.scheme() && ancestor_url.username() == url.username() && ancestor_url.password() == url.password() && ancestor_url.host() == url.host() && ancestor_url.port() == url.port() && ancestor_url.path() == url.path() && ancestor_url.query() == url.query() { return; } } ancestor = a.parent().map(DomRoot::from_ref); } let (creator_pipeline_id, about_base_url) = if url.matches_about_blank() { (Some(window.pipeline_id()), Some(document.base_url())) } else { (None, document.about_base_url()) }; let propagate_encoding_to_child_document = url.origin().same_origin(window.origin()); let mut load_data = LoadData::new( LoadOrigin::Script(document.origin().snapshot()), url, about_base_url, creator_pipeline_id, window.as_global_scope().get_referrer(), referrer_policy, Some(window.as_global_scope().is_secure_context()), Some(document.insecure_requests_policy()), document.has_trustworthy_ancestor_or_current_origin(), self.sandboxing_flag_set(), ); load_data.destination = Destination::IFrame; load_data.policy_container = Some(window.as_global_scope().policy_container()); if propagate_encoding_to_child_document { load_data.container_document_encoding = Some(document.encoding()); } let pipeline_id = self.pipeline_id(); // If the initial `about:blank` page is the current page, load with replacement enabled, // see https://html.spec.whatwg.org/multipage/#the-iframe-element:about:blank-3 let is_about_blank = pipeline_id.is_some() && pipeline_id == self.about_blank_pipeline_id.get(); let history_handling = if is_about_blank { NavigationHistoryBehavior::Replace } else { NavigationHistoryBehavior::Push }; let target_snapshot_params = snapshot_self(self); self.navigate_or_reload_child_browsing_context( load_data, history_handling, mode, target_snapshot_params, cx, ); } /// /// Synchronously create a new browsing context(This is not a navigation). /// The pipeline started here should remain unnoticeable to script, but this is not easy /// to refactor because it appears other features have come to rely on the current behavior. /// For now only the iframe load event steps are skipped in some cases for this initial document, /// and we still fire load and pageshow events as part of `maybe_queue_document_completion`. /// Also, some controversy spec-wise remains: fn create_nested_browsing_context(&self, cx: &mut js::context::JSContext) { let url = ServoUrl::parse("about:blank").unwrap(); let document = self.owner_document(); let window = self.owner_window(); let pipeline_id = Some(window.pipeline_id()); let mut load_data = LoadData::new( LoadOrigin::Script(document.origin().snapshot()), url, Some(document.base_url()), pipeline_id, window.as_global_scope().get_referrer(), document.get_referrer_policy(), Some(window.as_global_scope().is_secure_context()), Some(document.insecure_requests_policy()), document.has_trustworthy_ancestor_or_current_origin(), self.sandboxing_flag_set(), ); load_data.destination = Destination::IFrame; load_data.policy_container = Some(window.as_global_scope().policy_container()); let browsing_context_id = BrowsingContextId::new(); let webview_id = window.window_proxy().webview_id(); self.pipeline_id.set(None); self.pending_pipeline_id.set(None); self.webview_id.set(Some(webview_id)); self.browsing_context_id.set(Some(browsing_context_id)); self.start_new_pipeline( load_data, PipelineType::InitialAboutBlank, NavigationHistoryBehavior::Push, ProcessingMode::FirstTime, snapshot_self(self), cx, ); } fn destroy_nested_browsing_context(&self) { self.pipeline_id.set(None); self.pending_pipeline_id.set(None); self.about_blank_pipeline_id.set(None); self.webview_id.set(None); if let Some(browsing_context_id) = self.browsing_context_id.take() { self.script_window_proxies.remove(browsing_context_id) } } pub(crate) fn update_pipeline_id( &self, new_pipeline_id: PipelineId, reason: UpdatePipelineIdReason, cx: &mut js::context::JSContext, ) { // For all updates except the one for the initial blank document, // we need to set the flag back to false because the navigation is complete, // because the goal is to, when a navigation is pending, to skip the async load // steps of the initial blank document. if !self.is_initial_blank_document() { self.pending_navigation.set(false); } if self.pending_pipeline_id.get() != Some(new_pipeline_id) && reason == UpdatePipelineIdReason::Navigation { return; } self.pipeline_id.set(Some(new_pipeline_id)); // Only terminate the load blocker if the pipeline id was updated due to a traversal. // The load blocker will be terminated for a navigation in iframe_load_event_steps. if reason == UpdatePipelineIdReason::Traversal { let blocker = &self.load_blocker; LoadBlocker::terminate(blocker, cx); } self.upcast::().dirty(NodeDamage::Other); } fn new_inherited( local_name: LocalName, prefix: Option, document: &Document, ) -> HTMLIFrameElement { HTMLIFrameElement { htmlelement: HTMLElement::new_inherited(local_name, prefix, document), browsing_context_id: Cell::new(None), webview_id: Cell::new(None), pipeline_id: Cell::new(None), pending_pipeline_id: Cell::new(None), about_blank_pipeline_id: Cell::new(None), sandbox: Default::default(), sandboxing_flag_set: Cell::new(None), load_blocker: DomRefCell::new(None), throttled: Cell::new(false), script_window_proxies: ScriptThread::window_proxies(), current_navigation_was_lazy_loaded: Default::default(), lazy_load_resumption_steps: Default::default(), pending_navigation: Default::default(), already_fired_synchronous_load_event: Default::default(), } } pub(crate) fn new( cx: &mut js::context::JSContext, local_name: LocalName, prefix: Option, document: &Document, proto: Option, ) -> DomRoot { Node::reflect_node_with_proto( cx, Box::new(HTMLIFrameElement::new_inherited( local_name, prefix, document, )), document, proto, ) } #[inline] pub(crate) fn pipeline_id(&self) -> Option { self.pipeline_id.get() } #[inline] pub(crate) fn browsing_context_id(&self) -> Option { self.browsing_context_id.get() } #[inline] pub(crate) fn webview_id(&self) -> Option { self.webview_id.get() } #[inline] pub(crate) fn sandboxing_flag_set(&self) -> SandboxingFlagSet { self.sandboxing_flag_set .get() .unwrap_or_else(SandboxingFlagSet::empty) } pub(crate) fn set_throttled(&self, throttled: bool) { if self.throttled.get() != throttled { self.throttled.set(throttled); } } /// Note a pending navigation. /// This is used to ignore the async load event steps for /// the initial blank document if those haven't run yet. pub(crate) fn note_pending_navigation(&self) { self.pending_navigation.set(true); } /// pub(crate) fn iframe_load_event_steps( &self, loaded_pipeline: PipelineId, cx: &mut js::context::JSContext, ) { // TODO(#9592): assert that the load blocker is present at all times when we // can guarantee that it's created for the case of iframe.reload(). if Some(loaded_pipeline) != self.pending_pipeline_id.get() { return; } // TODO 1. Assert: element's content navigable is not null. // TODO 2-4 Mark resource timing. // TODO 5 Set childDocument's iframe load in progress flag. // Note: in the spec, these steps are either run synchronously as part of // "If url matches about:blank and initialInsertion is true, then:" // in `process the iframe attributes`, // or asynchronously when navigation completes. // // In our current implementation, // we arrive here always asynchronously in the following two cases: // 1. as part of loading the initial blank document // created in `create_nested_browsing_context` // 2. optionally, as part of loading a second document created as // as part of the first processing of the iframe attributes. // // To preserve the logic of the spec--firing the load event once--in the context of // our current implementation, we must not fire the load event // for the initial blank document if we know that a navigation is ongoing, // which can be deducted from `pending_navigation` or the presence of an src. // // Additionally, to prevent a race condition with navigations, // in all cases, skip the load event if there is a pending navigation. // See #40348 // // TODO: run these step synchronously as part of processing the iframe attributes. let should_fire_event = if self.is_initial_blank_document() { // If this is the initial blank doc: // do not fire if there is a pending navigation, // or if the iframe has an src. !self.pending_navigation.get() && !self.upcast::().has_attribute(&local_name!("src")) } else { // If this is not the initial blank doc: // do not fire if there is a pending navigation. !self.pending_navigation.get() }; // If we already fired a synchronous load event, we shouldn't fire another // one in this method. let should_fire_event = !self.already_fired_synchronous_load_event.replace(false) && should_fire_event; if should_fire_event { self.run_iframe_load_event_steps(cx); } else { debug!( "suppressing load event for iframe, loaded {:?}", loaded_pipeline ); } } /// pub(crate) fn run_iframe_load_event_steps(&self, cx: &mut JSContext) { // TODO 1. Assert: element's content navigable is not null. // TODO 2-4 Mark resource timing. // TODO 5 Set childDocument's iframe load in progress flag. // Step 6. Fire an event named load at element. self.upcast::() .fire_event(atom!("load"), CanGc::from_cx(cx)); let blocker = &self.load_blocker; LoadBlocker::terminate(blocker, cx); // TODO Step 7 - unset child document `mute iframe load` flag } /// Parse the `sandbox` attribute value given the [`Attr`]. This sets the `sandboxing_flag_set` /// property or clears it is the value isn't specified. Notably, an unspecified sandboxing /// attribute (no sandboxing) is different from an empty one (full sandboxing). fn parse_sandbox_attribute(&self) { let attribute = self .upcast::() .get_attribute(&local_name!("sandbox")); self.sandboxing_flag_set .set(attribute.map(|attribute_value| { let tokens: Vec<_> = attribute_value .value() .as_tokens() .iter() .map(|atom| atom.to_string().to_ascii_lowercase()) .collect(); parse_a_sandboxing_directive(&tokens) })); } /// Step 4.2. of pub(crate) fn destroy_document_and_its_descendants(&self, cx: &mut js::context::JSContext) { let Some(pipeline_id) = self.pipeline_id.get() else { return; }; // Step 4.2. Destroy a document and its descendants given childNavigable's active document and incrementDestroyed. if let Some(exited_document) = ScriptThread::find_document(pipeline_id) { exited_document.destroy_document_and_its_descendants(cx); } self.destroy_nested_browsing_context(); } /// fn destroy_child_navigable(&self, cx: &mut js::context::JSContext) { let blocker = &self.load_blocker; LoadBlocker::terminate(blocker, cx); // Step 1. Let navigable be container's content navigable. let Some(browsing_context_id) = self.browsing_context_id() else { // Step 2. If navigable is null, then return. return; }; // Store now so that we can destroy the context and delete the // document later let pipeline_id = self.pipeline_id.get(); // Step 3. Set container's content navigable to null. // // Resetting the pipeline_id to None is required here so that // if this iframe is subsequently re-added to the document // the load doesn't think that it's a navigation, but instead // a new iframe. Without this, the constellation gets very // confused. self.destroy_nested_browsing_context(); // Step 4. Inform the navigation API about child navigable destruction given navigable. // TODO // Step 5. Destroy a document and its descendants given navigable's active document. let (sender, receiver) = ProfiledIpc::channel(self.global().time_profiler_chan().clone()).unwrap(); let msg = ScriptToConstellationMessage::RemoveIFrame(browsing_context_id, sender); self.owner_window() .as_global_scope() .script_to_constellation_chan() .send(msg) .unwrap(); let _exited_pipeline_ids = receiver.recv().unwrap(); let Some(pipeline_id) = pipeline_id else { return; }; if let Some(exited_document) = ScriptThread::find_document(pipeline_id) { exited_document.destroy_document_and_its_descendants(cx); } // Step 6. Let parentDocState be container's node navigable's active session history entry's document state. // TODO // Step 7. Remove the nested history from parentDocState's nested histories whose id equals navigable's id. // TODO // Step 8. Let traversable be container's node navigable's traversable navigable. // TODO // Step 9. Append the following session history traversal steps to traversable: // TODO // Step 10. Invoke WebDriver BiDi navigable destroyed with navigable. // TODO } } impl LayoutDom<'_, HTMLIFrameElement> { #[inline] pub(crate) fn pipeline_id(self) -> Option { (self.unsafe_get()).pipeline_id.get() } #[inline] pub(crate) fn browsing_context_id(self) -> Option { (self.unsafe_get()).browsing_context_id.get() } pub(crate) fn get_width(self) -> LengthOrPercentageOrAuto { self.upcast::() .get_attr_for_layout(&ns!(), &local_name!("width")) .map(AttrValue::as_dimension) .cloned() .unwrap_or(LengthOrPercentageOrAuto::Auto) } pub(crate) fn get_height(self) -> LengthOrPercentageOrAuto { self.upcast::() .get_attr_for_layout(&ns!(), &local_name!("height")) .map(AttrValue::as_dimension) .cloned() .unwrap_or(LengthOrPercentageOrAuto::Auto) } } impl HTMLIFrameElementMethods for HTMLIFrameElement { // https://html.spec.whatwg.org/multipage/#dom-iframe-src make_url_getter!(Src, "src"); // https://html.spec.whatwg.org/multipage/#dom-iframe-src make_url_setter!(SetSrc, "src"); /// fn Srcdoc(&self) -> TrustedHTMLOrString { let element = self.upcast::(); element.get_trusted_html_attribute(&local_name!("srcdoc")) } /// fn SetSrcdoc( &self, cx: &mut js::context::JSContext, value: TrustedHTMLOrString, ) -> Fallible<()> { // Step 1: Let compliantString be the result of invoking the // Get Trusted Type compliant string algorithm with TrustedHTML, // this's relevant global object, the given value, "HTMLIFrameElement srcdoc", and "script". let element = self.upcast::(); let value = TrustedHTML::get_trusted_type_compliant_string( cx, &element.owner_global(), value, "HTMLIFrameElement srcdoc", )?; // Step 2: Set an attribute value given this, srcdoc's local name, and compliantString. element.set_attribute( &local_name!("srcdoc"), AttrValue::String(value.str().to_owned()), CanGc::from_cx(cx), ); Ok(()) } /// /// /// The supported tokens for sandbox's DOMTokenList are the allowed values defined in the /// sandbox attribute and supported by the user agent. These range of possible values is /// defined here: fn Sandbox(&self, cx: &mut js::context::JSContext) -> DomRoot { self.sandbox.or_init(|| { DOMTokenList::new( self.upcast::(), &local_name!("sandbox"), Some(vec![ Atom::from("allow-downloads"), Atom::from("allow-forms"), Atom::from("allow-modals"), Atom::from("allow-orientation-lock"), Atom::from("allow-pointer-lock"), Atom::from("allow-popups"), Atom::from("allow-popups-to-escape-sandbox"), Atom::from("allow-presentation"), Atom::from("allow-same-origin"), Atom::from("allow-scripts"), Atom::from("allow-top-navigation"), Atom::from("allow-top-navigation-by-user-activation"), Atom::from("allow-top-navigation-to-custom-protocols"), ]), CanGc::from_cx(cx), ) }) } /// fn GetContentWindow(&self) -> Option> { self.browsing_context_id .get() .and_then(|id| self.script_window_proxies.find_window_proxy(id)) } /// fn GetContentDocument(&self) -> Option> { // Step 1. If container's content navigable is null, then return null. let pipeline_id = self.pipeline_id.get()?; // Step 2. Let document be container's content navigable's active document. // Note that this lookup will fail if the document is dissimilar-origin, // so we should return None in that case. let document = ScriptThread::find_document(pipeline_id)?; // Step 3. If document's origin and container's node document's origin are not same origin-domain, then return null. if !self .owner_document() .origin() .same_origin_domain(&document.origin()) { return None; } // Step 4. Return document. Some(document) } /// fn ReferrerPolicy(&self) -> DOMString { reflect_referrer_policy_attribute(self.upcast::()) } // https://html.spec.whatwg.org/multipage/#attr-iframe-referrerpolicy make_setter!(SetReferrerPolicy, "referrerpolicy"); // https://html.spec.whatwg.org/multipage/#attr-iframe-allowfullscreen make_bool_getter!(AllowFullscreen, "allowfullscreen"); // https://html.spec.whatwg.org/multipage/#attr-iframe-allowfullscreen make_bool_setter!(SetAllowFullscreen, "allowfullscreen"); // make_getter!(Width, "width"); // make_dimension_setter!(SetWidth, "width"); // make_getter!(Height, "height"); // make_dimension_setter!(SetHeight, "height"); // https://html.spec.whatwg.org/multipage/#other-elements,-attributes-and-apis:attr-iframe-frameborder make_getter!(FrameBorder, "frameborder"); // https://html.spec.whatwg.org/multipage/#other-elements,-attributes-and-apis:attr-iframe-frameborder make_setter!(SetFrameBorder, "frameborder"); // https://html.spec.whatwg.org/multipage/#dom-iframe-name // A child browsing context checks the name of its iframe only at the time // it is created; subsequent name sets have no special effect. make_atomic_setter!(SetName, "name"); // https://html.spec.whatwg.org/multipage/#dom-iframe-name // This is specified as reflecting the name content attribute of the // element, not the name of the child browsing context. make_getter!(Name, "name"); // https://html.spec.whatwg.org/multipage/#attr-iframe-loading // > The loading attribute is a lazy loading attribute. Its purpose is to indicate the policy for loading iframe elements that are outside the viewport. make_enumerated_getter!( Loading, "loading", "lazy" | "eager", // https://html.spec.whatwg.org/multipage/#lazy-loading-attribute // > The attribute's missing value default and invalid value default are both the Eager state. missing => "eager", invalid => "eager" ); // https://html.spec.whatwg.org/multipage/#attr-iframe-loading make_setter!(SetLoading, "loading"); // https://html.spec.whatwg.org/multipage/#dom-iframe-longdesc make_url_getter!(LongDesc, "longdesc"); // https://html.spec.whatwg.org/multipage/#dom-iframe-longdesc make_url_setter!(SetLongDesc, "longdesc"); } impl VirtualMethods for HTMLIFrameElement { fn super_type(&self) -> Option<&dyn VirtualMethods> { Some(self.upcast::() as &dyn VirtualMethods) } fn attribute_mutated( &self, cx: &mut js::context::JSContext, attr: &Attr, mutation: AttributeMutation, ) { self.super_type() .unwrap() .attribute_mutated(cx, attr, mutation); match *attr.local_name() { // From : // // > When an iframe element's sandbox attribute is set or changed while // > it has a non-null content navigable, the user agent must parse the // > sandboxing directive given the attribute's value and the iframe // > element's iframe sandboxing flag set. // // > When an iframe element's sandbox attribute is removed while it has // > a non-null content navigable, the user agent must empty the iframe // > element's iframe sandboxing flag set. local_name!("sandbox") if self.browsing_context_id.get().is_some() => { self.parse_sandbox_attribute(); }, local_name!("srcdoc") => { // https://html.spec.whatwg.org/multipage/#the-iframe-element:the-iframe-element-9 // "Whenever an iframe element with a non-null nested browsing context has its // srcdoc attribute set, changed, or removed, the user agent must process the // iframe attributes." // but we can't check that directly, since the child browsing context // may be in a different script thread. Instead, we check to see if the parent // is in a document tree and has a browsing context, which is what causes // the child browsing context to be created. // trigger the processing of iframe attributes whenever "srcdoc" attribute is set, changed or removed if self.upcast::().is_connected_with_browsing_context() { debug!("iframe srcdoc modified while in browsing context."); self.process_the_iframe_attributes(ProcessingMode::NotFirstTime, cx); } }, local_name!("src") => { // https://html.spec.whatwg.org/multipage/#the-iframe-element // "Similarly, whenever an iframe element with a non-null nested browsing context // but with no srcdoc attribute specified has its src attribute set, changed, or removed, // the user agent must process the iframe attributes," // but we can't check that directly, since the child browsing context // may be in a different script thread. Instead, we check to see if the parent // is in a document tree and has a browsing context, which is what causes // the child browsing context to be created. if self.upcast::().is_connected_with_browsing_context() { debug!("iframe src set while in browsing context."); self.process_the_iframe_attributes(ProcessingMode::NotFirstTime, cx); } }, local_name!("loading") => { // https://html.spec.whatwg.org/multipage/#attr-iframe-loading // > When the loading attribute's state is changed to the Eager state, the user agent must run these steps: if !mutation.is_removal() && &**attr.value() == "lazy" { return; } // Step 1. Let resumptionSteps be the iframe element's lazy load resumption steps. // Step 3. Set the iframe's lazy load resumption steps to null. let previous_resumption_steps = self .lazy_load_resumption_steps .replace(LazyLoadResumptionSteps::None); match previous_resumption_steps { // Step 2. If resumptionSteps is null, then return. LazyLoadResumptionSteps::None => (), LazyLoadResumptionSteps::SrcDoc => { // Step 4. Invoke resumptionSteps. self.navigate_to_the_srcdoc_resource(ProcessingMode::NotFirstTime, cx); }, } }, _ => {}, } } fn attribute_affects_presentational_hints(&self, attr: &Attr) -> bool { match attr.local_name() { &local_name!("width") | &local_name!("height") => true, _ => self .super_type() .unwrap() .attribute_affects_presentational_hints(attr), } } fn parse_plain_attribute(&self, name: &LocalName, value: DOMString) -> AttrValue { match *name { local_name!("sandbox") => AttrValue::from_serialized_tokenlist(value.into()), local_name!("width") => AttrValue::from_dimension(value.into()), local_name!("height") => AttrValue::from_dimension(value.into()), _ => self .super_type() .unwrap() .parse_plain_attribute(name, value), } } /// fn post_connection_steps(&self, cx: &mut JSContext) { if let Some(s) = self.super_type() { s.post_connection_steps(cx); } // This isn't mentioned any longer in the specification, but still seems important. This is // likely due to the fact that we have deviated a great deal with it comes to navigables // and browsing contexts. if !self.upcast::().is_connected_with_browsing_context() { return; } debug!("