While working on #37209 I discovered that the header was computed
incorrectly. After carefully reading the specification, I realized that
the link in the spec was wrong and we were missing the fact that for
host-domains, we should operate on the registrable domain.
Additionally, the same-site call was missing the negation.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
These changes allow a minimal set of checks for font-src
CSP checks to pass.
Part of #4577
Part of #35035
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Add mock SVGImageElement interface to fix TIMEOUT WPT tests
which are related to ImageBitmap (html/canvas/*).
https://svgwg.org/svg2-draft/embedded.html#InterfaceSVGImageElement
Rationality of this change to fire event "error" on any attempt to fetch
image resource on href attribute change to not block WPT tests
execution.
Some WPT tests use the legacy namespace attribute "xlink:href", so
support for it was added to source code.
https://svgwg.org/svg2-draft/linking.html#XLinkHrefAttribute
- setAttributeNS("http://www.w3.org/1999/xlink", 'xlink:href', src);
Testing: Covered by existed WPT tests
- fetch/metadata/generated/svg-image*
- html/canvas/element/manual/*
- html/dom/idlharness.https.html
- html/semantics/embedded-content/the-canvas-element/*
- html/webappapis/scripting/events/event-handler-all-global-events.html
- mozilla/interfaces.https.html
Fixes: https://github.com/servo/servo/issues/35881
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.
Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).
Fixes#36806
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Move parsing of Refresh values to Document.
Send Refresh header to Document and have meta tags reuse the logic.
I transplanted the existing Regex and made some updates so that it
passed all the existing parser tests.
I added the comments that made sense but it is not very clean to add
many comments within the regex.
Testing: There are existing WPT tests
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
Ensure there is an active realm when dispatching the `activation` DOM
event to the ServiceWorker global.
Testing: Existing WPT coverage.
Fixes: #36114Fixes: #36235Fixes: #36231
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
In the fetch spec, the `text()` method of `Body` (an interface mixin
implemented by both `Request` and `Response`) consumes the body with
the Encoding spec "UTF-8 decode" algorithm, which skips the UTF-8 BOM
if it is present at the beginning of the body. Servo's implementation
does not do that. This patch fixes this.
Signed-off-by: Andreu Botella <abotella@igalia.com>
Post layout, when a `Window` has all of the new `<iframe>` sizes, size
any `Window`s for `Pipeline`s in the same `ScriptThread` synchronously.
This ensures that when laying out from the outermost frame to the
innermost frames, the frames sizes are set properly.
There is still an issue where a non-same-`ScriptThread` `<iframe>` sits
in between two `<iframe>`s of the same origin. According to the
specification these frames should all be synchrnously laid out --
something quite difficult in Servo. This is issue #34655.
This is the first change in a series of changes to improve the
consistency of `<iframe>` loading and sizing.
Fixes#14719.
Fixes#24569.
Fixes#24571.
Fixes#25269.
Fixes#25275.
Fixes#25285.
Fixes#30571.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* Implement sec-fetch-dest header
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement "is same site" algorithm
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement remaining sec-fetch-* headers
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix casing of header names
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix handling Destination::None in sec-fetch-dest
This also removes the comment about wanting to upgrade
to a newer content-security-protocol version because
the csp doesn't implement the "empty" case.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Remove colon from spec comment
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Adjust expected default headers
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix test expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Properly store link relations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Send fetch request for prefetch links
We don't actually *do* anything with the response yet
(handle errors etc) but its a first step.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fire load/error events for prefetch loads
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set prefetch destination/cors setting correctly
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix ./mach test-tidy errors
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set correct "Accept" value for prefetch requests
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Add spec text to individual steps
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Add a skeleton implementation of FontFaceSet interface with support
for resolving the `document.fonts.ready` Promise when the loading of
web fonts is completed.
This change exposes new failures in the web platform tests.
These were ERROR before the change because `document.fonts.ready` caused
a `ReferenceError` causing the tests to be aborted and they now FAIL:
- /css/CSS2/linebox/vertical-align-top-bottom-001.html
- /css/css-flexbox/flex-one-sets-flex-basis-to-zero-px.html
- /css/css-fonts/generic-family-keywords-001.html
- /css/css-fonts/math-script-level-and-math-style/math-script-level-004.tentative.html
- /css/css-fonts/math-script-level-and-math-style/math-script-level-002.tentative.html
- /css/css-text/text-autospace/text-autospace-ligature-001.html
- /css/css-values/calc-size/calc-size-width.tentative.html
These were TIMEOUT before the change because `document.fonts.ready` was
a ReferenceError and the tests were asynchronous (reftest-wait). These now
FAIL because the assertions are now executed after fonts are loaded:
- /css/css-fonts/matching/fixed-stretch-style-over-weight.html
- /css/css-fonts/matching/range-descriptor-reversed.html
- /css/css-fonts/matching/stretch-distance-over-weight-distance.html
- /css/css-fonts/matching/style-ranges-over-weight-direction.html
- /css/css-fonts/variations/variable-box-font.html
- /css/css-fonts/variations/variable-gpos-m2b.html
- /css/css-fonts/variations/variable-gsub.html
- /css/css-fonts/variations/variable-opsz-size-adjust.html
- /css/css-position/sticky/position-sticky-change-top.html
- /css/css-position/sticky/position-sticky-fixed-ancestor.html
- /css/css-position/sticky/position-sticky-flexbox.html
- /css/css-position/sticky/position-sticky-grid.html
- /css/css-position/sticky/position-sticky-inline.html
- /css/css-position/sticky/position-sticky-rendering.html
- /css/css-position/sticky/position-sticky-stacking-context.html
- /css/css-position/sticky/position-sticky-table-td-left.html
- /css/css-position/sticky/position-sticky-table-td-right.html
- /css/css-position/sticky/position-sticky-table-tfoot-bottom.html
- /css/css-position/sticky/position-sticky-table-th-right.html
- /css/css-position/sticky/position-sticky-table-thead-top.html
- /css/css-position/sticky/position-sticky-table-tr-bottom.html
- /css/css-position/sticky/position-sticky-table-tr-top.html
- /css/css-position/sticky/position-sticky-writing-modes.html
- /css/css-pseudo/marker-intrinsic-contribution-001.html
- /css/css-text/hyphens/hyphens-character.html
These tests now PASS due to this patch:
* FAIL -> PASS
- /html/canvas/element/text/2d.text.draw.fill.maxWidth.fontface.html
- /html/canvas/element/text/2d.text.measure.width.empty.html
* TIMEOUT -> PASS
- /css/css-fonts/variations/font-descriptor-range-reversed.html
- /css/css-fonts/variations/variable-opsz.html
- /css/css-position/sticky/position-sticky-table-th-left.html
* ERROR -> PASS
- /css/css-fonts/generic-family-keywords-002.html
- /css/css-fonts/generic-family-keywords-003.html
* These two tests only PASS in Layout 2020:
- /css/CSS2/positioning/inline-static-position-001.html
- /css/cssom-view/getBoundingClientRect-empty-inline.html
These two tests have subtests that PASS intermittenttly:
- /fetch/metadata/generated/css-font-face.sub.tentative.html
- /css/css-fonts/generic-family-keywords-001.html
These tests are new TIMEOUTS that used to FAIL because
`documents.fonts.ready` was undefined:
- /resource-timing/TAO-match.html
- /resource-timing/content-type.html
- /resource-timing/nextHopProtocol-is-tao-protected.https.html
The failure in `/resize-observer/change-layout-in-error.html` could be
due to an issue in the ResizeObserver implementation that is now exposed
with this change, but this needs more investigation.
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
