This is part of the future work of implementing LazyDOMString as
outlined in issue #39479.
We use str() method or direct implementations on DOMString for these
methods. We also change some types.
This is independent of https://github.com/servo/servo/pull/39480
Signed-off-by: Narfinger Narfinger@users.noreply.github.com
Testing: This is essentially just renaming a method and a type and
should not change functionality.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Part of #39418. See that PR for a full description.
Moves:
- `read_json_from_file`
- `write_json_to_file`
- `IpcSendResult`
- `IpcSend`
Renames:
- `CoreResourceThreadPool` to `ThreadPool` (shorter and more
descriptive, as we use it for more than the core resource thread now)
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
Creating elements by directly calling their interface constructors leads
to some state not being intialized correctly (see #39285). It is also
not in line with the specifications as many of them refer to the
[`create an element`][1] algorithm when an element needs to be created,
which directly maps to `Element::create` in the script crate.
So, switch all such places where elements are created by script to use
`Element::create`.
[1]: https://dom.spec.whatwg.org/#concept-create-element
Testing: Existing WPT tests.
Fixes: #39285
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This should be the final PR for the Hash Function series that is
trivial.
Of note: I decided to transform `HashMapTracedValues<Atom,..>` to use
FxBuildHasher. This is likely not going to improve performance as Atom's
already have a unique u32 that is used as the Hash but it safes a few
bytes for the RandomState that is normally in the HashMap.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Testing: Hash function changes should not change functionality, we
slightly decrease the size and unit tests still work.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
FxHash is faster than FnvHash and SipHash for simple types up to at
least 64 bytes. The cryptographic guarantees are not needed for any
types changed here because they are simple ids.
This changes the types in script and net crates.
In a future PR we will change the remaining Fnv to be also Fx unless
there is a reason to keep them as Fnv.
Testing: Should not change functionality but unit test and wpt will find
it.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
The concept of a "resource header" is not well specced, since it is
unclear what a "resource" is. That said, it most closely matches a
"response" as part of the navigation params.
With this change, we now delay loading the document until either two
things happen:
1. We reached the end of the file
2. We processed 1445 bytes (as defined by spec)
We initially store bytes in the resource header and then after loading
parse the stored bytes. Any subsequent loading will process as before.
Part of #14024
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This is in preparation of being able to do mime sniffing on the response
data. For that, we first need to introduce separate methods so that we
can decouple them from process_response. In doing so, we introduce a
NavigationParams which mimics what the spec intents. The spec stores
different data (policy container instead of csp list and response
instead of content-type), but it is similar enough.
Part of #14024
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Implements document's active sandboxing flags. These are currently
populated only from CSP-derived sandboxing flags for a new document,
when defined in the CSP.
Testing: 1 new pass, and some new wpt's are added to test points in the
spec where these flags influence behaviour.
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
While we don't perform any sniffing yet, it does now
check all relevant mime types. Before, we would only
check specific versions of specific mime types. However,
the specification is more elaborate, which MimeClassifier
already handles.
There are two new test failures, but they actually fail
in the same way in other browsers. These tests are still
being discussed what the correct behavior should be [1]
Part of #14024
[1]:
https://github.com/whatwg/mimesniff/issues/189#issuecomment-2081559661
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
We store a pointer to the ScriptThread singleton for a thread in
thread-local storage. While we don't have yet have profiles pointing to
this TLS access as a hot spot, we can remove a potential performance
footgun without a lot of effort by passing around small pieces of data
that we otherwise need to fetch from the ScriptThread.
Testing: Existing WPT is sufficient
Fixes: part of #37969
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Instead of running "update the rendering" at every IPC message, only run
it when a timeout has occured in script. In addition, avoid updating the
rendering if a rendering update isn't necessary. This should greatly
reduce the amount of processing that has to happen in script.
Because we are running many fewer calls to "update the rendering" it is
reasonable now to ensure that these always work the same way. In
particular, we always run rAF and update the animation timeline when
updating the ernder
In addition, pull the following things out of reflow:
- Code dealing with informing the Constellation that a Pipeline has
become Idle when waiting for a screenshot.
- Detecting when it is time to fulfill the `document.fonts.ready`
promise.
The latter means that reflow can never cause a garbage collection,
making timing of reflows more consistent and simplifying many callsites
that need to do script queries.
Followup changes will seek to simplify the way that ScriptThread-driven
animation timeouts happen even simpler.
Testing: In general, this should not change testable behavior so much,
though it
does seem to fix one test. The main improvement here should be that
the ScriptThread does less work.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
Workers created from Blobs inherit their CSP. Now we inherit the CSP and
set the correct base API url. The base API url should be used when
determining the
report-uri endpoint. Otherwise, the blob URL would be used as a base,
which is invalid and the report wouldn't be sent.
Also create a helper method to concatenate two optionals of CSPList,
which was used in several places.
Part of #4577
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
The scripted_caller only has information if the context is coming
from a script. If an element fetch listener processes CSP
violations, then this information doesn't exist. Instead, we should
use the global URL and the line number. WPT tests don't appear
to expect a column number, as they are all zero. Not all elements
are updated, as I am not actually sure all of them need it.
The source position remains an Option, since there are also code
paths that don't correspond to element or script sources. Maybe
in the future we can always determine the source position, but
let's take small steps towards that.
Part of #4577
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Does not yet handle failures of endpoints, which requires us to update
metadata. I don't see that metadata being used anywhere, so I am not
sure if there is WPT coverage for it.
Part of #37238
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
When parsing a html fragment, the initial parser state depends on
whether or not scripting is enabled. So far we've used the scripting
flag of the parser, but that is wrong - the parser's scripting flag is
always false, because the fragment document has no browsing context.
Instead we should use the scripting flag of the context element.
Testing: A new web platform test passes
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This refactoring moves various CSP-related methods away from GlobalScope
and Document into a dedicated entrypoint. It also reduces the amount of
imports of the CSP crate, so that types are consolidated into this one
entrypoint. That way, we control how CSP code interacts with the script
crate.
For reviewing purposes, I split up the refactoring into separate
distinct commits that all move 1 method(group) into the new file.
Testing: no change in behavior, only a build improvement + code cleanup
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
To show the contents of inline scripts in the Sources panel, we need to
send the whole HTML file from script to devtools, not just the script
code. This is trickier than the external script case, but we can look to
[how Firefox does
it](https://servo.zulipchat.com/#narrow/channel/263398-general/topic/Getting.20the.20original.20page.20HTML.20from.20script/near/524392861)
for some inspiration. The process is as follows:
- when we execute a script
- notify devtools to create the source actor
- if it’s an external script, send the script code to the devtools
server
- if it’s an inline script, don’t send any source contents yet
- devtools stores the contents in the source actor
- while loading a new document
- buffer the markup, so we can send it to devtools
- when we finish loading a new document
- send the buffered markup to the devtools server
- devtools stores the contents in any source actors with no contents yet
- when a source actor gets a `source` request
- if we have the contents, send those contents to the client
- if we don’t have the contents (inline script that loaded while
devtools was closed)
- FUTURE: try to fetch the markup out of cache
- otherwise send `<!-- not available; please reload! -->`
Testing: Several tests added to test the changes, also updates an
existing test with correct assertion
Fixes: https://github.com/servo/servo/issues/36874
---------
Signed-off-by: atbrakhi <atbrakhi@igalia.com>
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: Delan Azabani <dazabani@igalia.com>
Recently added WPT tests for this are now mostly passing. The remaining
tests fail on importmap support.
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.
Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).
Fixes#36806
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
The existing code asserts that attribute nodes are never serialized.
This is wrong, because you can pass an attribute node to
`XMLSerializer::serializeToString`. Instead, the spec mandates that
these are serialized as empty strings
(https://w3c.github.io/DOM-Parsing/#dfn-xml-serialization-algorithm).
Testing: Includes a new web platform test
Fixes: https://github.com/servo/servo/issues/36872
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Implements the Document.write algorithm covering
Trusted HTML.
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This follows the rules as defined in
https://w3c.github.io/webappsec-csp/#security-inherit-csp
where local iframes (about:blank and about:srcdoc) should
initially start with the CSP rules of the parent. After
that, all new CSP headers should only be set on the
policy container of the iframe.
Part of #36437
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This patch ensures that the Servo HTML parser uses the appropriate
`TreeBuilderOpts` settings
as specified by the HTML specification.
Changes:
- **iframe_srcdoc:** Detect if the parsed document's URL scheme is
`about:srcdoc`, and set the parser’s iframe_srcdoc option accordingly.
- **quirks_mode:** Use the associated Document's quirks mode to set the
parser’s quirks mode flag, improving fragment parsing behavior.
- **scripting_enabled:** Add a `scripting_enabled` method to Document,
based on whether it has a browsing context, and set this flag for the
parser.
These updates align Servo's parsing behavior more closely with the
specification:
https://html.spec.whatwg.org/multipage/parsing.html#the-initial-insertion-mode
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#35478
<!-- Either: -->
- [ ] There are tests for these changes
Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
This makes sure that when workers are created, their global scope has
the correct policy-container set
so that we can do CSP-checks.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.
However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].
[1]: https://github.com/servo/servo/issues/35028
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Add CanGc as argument to methods in `Attr` and `Node`.
Addressed part of https://github.com/servo/servo/issues/34573.
---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes do not require tests because they are a refactor.
Signed-off-by: Yerkebulan Tulibergenov <yerkebulan@gmail.com>
Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.
The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.
The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#36108
<!-- Either: -->
- [X] There are tests for these changes
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
The indirection through ServoParser::parse_sync does nothing, so the
method can simply be called directly.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Aligns the implementation with step 8.5 of the HTML spec for parsing
a <template> element in the InHead state by setting
shadow_root.set_available_to_element_internals(true) after
assigning the shadow root to the template’s contents.
Also removes tests/wpt/meta/shadow-dom/declarative/declarative-shadow-dom-available-to-element-internals.html.ini
since the test expectations are now updated accordingly.
Spec reference: https://html.spec.whatwg.org/multipage/#parsing-main-inhead
Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
* Implement declarative shadow dom
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Set allowDeclarativeShadowRoots false for innerHTML
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Enable allowDeclarativeShadowRoots for Document
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Expose HTMLTemplateElement to js
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Implemenet setHTMLUnsafe and add more test cases
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Declarative shadow dom: minor updates and expected test result update
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Shadow-dom: add more test cases
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Update comments according to the spec
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Bump html5ever version
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
---------
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Migrate to 2024 edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Allow unsafe_op_in_unsafe_fn lint
This lint warns by default in the 2024
edition, but is *way* too noisy for servo.
We might enable it in the future, but not now.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Compile using the 2024 edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Don't run scripts in document that don't have a browsing context
For confirmation that this is correct, refer to the note under
Step 3 of https://html.spec.whatwg.org/multipage/dynamic-markup-insertion.html#dom-domparser-parsefromstring.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Add doc comments to RequestBuilder fields/methods
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement Request::cryptographic_nonce_metadata
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement HTMLOrSVGElement::nonce
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set request cryptographic nonce metadata for link elements
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set request's cryptographic nonce when fetching scripts
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Forward request nonce to rust-content-security-policy
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Use 2024 style edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Reformat all code
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
