This is part of the future work of implementing LazyDOMString as
outlined in issue #39479.
We use str() method or direct implementations on DOMString for these
methods. We also change some types.
This is independent of https://github.com/servo/servo/pull/39480
Signed-off-by: Narfinger Narfinger@users.noreply.github.com
Testing: This is essentially just renaming a method and a type and
should not change functionality.
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
Creating elements by directly calling their interface constructors leads
to some state not being intialized correctly (see #39285). It is also
not in line with the specifications as many of them refer to the
[`create an element`][1] algorithm when an element needs to be created,
which directly maps to `Element::create` in the script crate.
So, switch all such places where elements are created by script to use
`Element::create`.
[1]: https://dom.spec.whatwg.org/#concept-create-element
Testing: Existing WPT tests.
Fixes: #39285
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
The concept of a "resource header" is not well specced, since it is
unclear what a "resource" is. That said, it most closely matches a
"response" as part of the navigation params.
With this change, we now delay loading the document until either two
things happen:
1. We reached the end of the file
2. We processed 1445 bytes (as defined by spec)
We initially store bytes in the resource header and then after loading
parse the stored bytes. Any subsequent loading will process as before.
Part of #14024
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This is in preparation of being able to do mime sniffing on the response
data. For that, we first need to introduce separate methods so that we
can decouple them from process_response. In doing so, we introduce a
NavigationParams which mimics what the spec intents. The spec stores
different data (policy container instead of csp list and response
instead of content-type), but it is similar enough.
Part of #14024
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Implements document's active sandboxing flags. These are currently
populated only from CSP-derived sandboxing flags for a new document,
when defined in the CSP.
Testing: 1 new pass, and some new wpt's are added to test points in the
spec where these flags influence behaviour.
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
While we don't perform any sniffing yet, it does now
check all relevant mime types. Before, we would only
check specific versions of specific mime types. However,
the specification is more elaborate, which MimeClassifier
already handles.
There are two new test failures, but they actually fail
in the same way in other browsers. These tests are still
being discussed what the correct behavior should be [1]
Part of #14024
[1]:
https://github.com/whatwg/mimesniff/issues/189#issuecomment-2081559661
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
We store a pointer to the ScriptThread singleton for a thread in
thread-local storage. While we don't have yet have profiles pointing to
this TLS access as a hot spot, we can remove a potential performance
footgun without a lot of effort by passing around small pieces of data
that we otherwise need to fetch from the ScriptThread.
Testing: Existing WPT is sufficient
Fixes: part of #37969
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Instead of running "update the rendering" at every IPC message, only run
it when a timeout has occured in script. In addition, avoid updating the
rendering if a rendering update isn't necessary. This should greatly
reduce the amount of processing that has to happen in script.
Because we are running many fewer calls to "update the rendering" it is
reasonable now to ensure that these always work the same way. In
particular, we always run rAF and update the animation timeline when
updating the ernder
In addition, pull the following things out of reflow:
- Code dealing with informing the Constellation that a Pipeline has
become Idle when waiting for a screenshot.
- Detecting when it is time to fulfill the `document.fonts.ready`
promise.
The latter means that reflow can never cause a garbage collection,
making timing of reflows more consistent and simplifying many callsites
that need to do script queries.
Followup changes will seek to simplify the way that ScriptThread-driven
animation timeouts happen even simpler.
Testing: In general, this should not change testable behavior so much,
though it
does seem to fix one test. The main improvement here should be that
the ScriptThread does less work.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
Workers created from Blobs inherit their CSP. Now we inherit the CSP and
set the correct base API url. The base API url should be used when
determining the
report-uri endpoint. Otherwise, the blob URL would be used as a base,
which is invalid and the report wouldn't be sent.
Also create a helper method to concatenate two optionals of CSPList,
which was used in several places.
Part of #4577
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
The scripted_caller only has information if the context is coming
from a script. If an element fetch listener processes CSP
violations, then this information doesn't exist. Instead, we should
use the global URL and the line number. WPT tests don't appear
to expect a column number, as they are all zero. Not all elements
are updated, as I am not actually sure all of them need it.
The source position remains an Option, since there are also code
paths that don't correspond to element or script sources. Maybe
in the future we can always determine the source position, but
let's take small steps towards that.
Part of #4577
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Does not yet handle failures of endpoints, which requires us to update
metadata. I don't see that metadata being used anywhere, so I am not
sure if there is WPT coverage for it.
Part of #37238
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
When parsing a html fragment, the initial parser state depends on
whether or not scripting is enabled. So far we've used the scripting
flag of the parser, but that is wrong - the parser's scripting flag is
always false, because the fragment document has no browsing context.
Instead we should use the scripting flag of the context element.
Testing: A new web platform test passes
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This refactoring moves various CSP-related methods away from GlobalScope
and Document into a dedicated entrypoint. It also reduces the amount of
imports of the CSP crate, so that types are consolidated into this one
entrypoint. That way, we control how CSP code interacts with the script
crate.
For reviewing purposes, I split up the refactoring into separate
distinct commits that all move 1 method(group) into the new file.
Testing: no change in behavior, only a build improvement + code cleanup
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
To show the contents of inline scripts in the Sources panel, we need to
send the whole HTML file from script to devtools, not just the script
code. This is trickier than the external script case, but we can look to
[how Firefox does
it](https://servo.zulipchat.com/#narrow/channel/263398-general/topic/Getting.20the.20original.20page.20HTML.20from.20script/near/524392861)
for some inspiration. The process is as follows:
- when we execute a script
- notify devtools to create the source actor
- if it’s an external script, send the script code to the devtools
server
- if it’s an inline script, don’t send any source contents yet
- devtools stores the contents in the source actor
- while loading a new document
- buffer the markup, so we can send it to devtools
- when we finish loading a new document
- send the buffered markup to the devtools server
- devtools stores the contents in any source actors with no contents yet
- when a source actor gets a `source` request
- if we have the contents, send those contents to the client
- if we don’t have the contents (inline script that loaded while
devtools was closed)
- FUTURE: try to fetch the markup out of cache
- otherwise send `<!-- not available; please reload! -->`
Testing: Several tests added to test the changes, also updates an
existing test with correct assertion
Fixes: https://github.com/servo/servo/issues/36874
---------
Signed-off-by: atbrakhi <atbrakhi@igalia.com>
Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: Delan Azabani <dazabani@igalia.com>
Recently added WPT tests for this are now mostly passing. The remaining
tests fail on importmap support.
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.
Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).
Fixes#36806
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Implements the Document.write algorithm covering
Trusted HTML.
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This follows the rules as defined in
https://w3c.github.io/webappsec-csp/#security-inherit-csp
where local iframes (about:blank and about:srcdoc) should
initially start with the CSP rules of the parent. After
that, all new CSP headers should only be set on the
policy container of the iframe.
Part of #36437
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This makes sure that when workers are created, their global scope has
the correct policy-container set
so that we can do CSP-checks.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.
However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].
[1]: https://github.com/servo/servo/issues/35028
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Add CanGc as argument to methods in `Attr` and `Node`.
Addressed part of https://github.com/servo/servo/issues/34573.
---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes do not require tests because they are a refactor.
Signed-off-by: Yerkebulan Tulibergenov <yerkebulan@gmail.com>
Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.
The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.
The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#36108
<!-- Either: -->
- [X] There are tests for these changes
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
The indirection through ServoParser::parse_sync does nothing, so the
method can simply be called directly.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Aligns the implementation with step 8.5 of the HTML spec for parsing
a <template> element in the InHead state by setting
shadow_root.set_available_to_element_internals(true) after
assigning the shadow root to the template’s contents.
Also removes tests/wpt/meta/shadow-dom/declarative/declarative-shadow-dom-available-to-element-internals.html.ini
since the test expectations are now updated accordingly.
Spec reference: https://html.spec.whatwg.org/multipage/#parsing-main-inhead
Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
* Implement declarative shadow dom
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Set allowDeclarativeShadowRoots false for innerHTML
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Enable allowDeclarativeShadowRoots for Document
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Expose HTMLTemplateElement to js
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Implemenet setHTMLUnsafe and add more test cases
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Declarative shadow dom: minor updates and expected test result update
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Shadow-dom: add more test cases
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Update comments according to the spec
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Bump html5ever version
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
---------
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Migrate to 2024 edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Allow unsafe_op_in_unsafe_fn lint
This lint warns by default in the 2024
edition, but is *way* too noisy for servo.
We might enable it in the future, but not now.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Compile using the 2024 edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Use 2024 style edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Reformat all code
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Flatten and simplify Servo's preferences code. In addition, have both
preferences and options passed in as arguments to `Servo::new()` and
make sure not to use the globally set preferences in `servoshell` (as
much as possible now).
Instead of a complex procedural macro to generate preferences, just
expose a very simple derive macro that adds string based getters and
setters.
- All command-line parsing is moved to servoshell.
- There is no longer the concept of a missing preference.
- Preferences no longer have to be part of the resources bundle because
they now have reasonable default values.
- servoshell specific preferences are no longer part of the preferences
exposed by the Servo API.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Expose two new helpers and start using them as much as possible.
- `NodeTraits::owner_global`: which gets the `GlobalScope` that currenty
owns a `Node`. This may be different than `.global()` in the case that
the `Node` was adopted by a different `Document`.
- `Window::as_global_scope`: A helper to avoid having to cast so much
when treating a `Window` like a `GlobalScope`.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Makes use of the is_initial_about_blank property on Document in order to
determine whether the navigation should create a history entry, or replace
the current history entry.
Signed-off-by: Shane Handley <shanehandley@fastmail.com>
