Commit graph

10083 commits

Author SHA1 Message Date
Martin Robinson
8808f9a468
layout: Add a repaint-only incremental layout mode (#36978)
This change adds the simplest kind of incremental layout. When Servo
detects that all style changes only require a repaint, only run stacking
context tree and WebRender display list generation. This means that
these kind of restyles do not need a re-layout. Instead, the existing
box and fragment trees will be used and the styles of damaged nodes will
be updated in their box and fragment tree nodes.

This requires a new style repair DOM traversal for nodes that have had
their style damaged. In addition, careful accounting of all the places
where we store style must happen in order ot update those styles.

Testing: This is covered by existing WPT tests as it should not change
observable behavior.

We have created a test case which shows a 50% speedup when run
in Servo, even though there still a long way to go to match the speed
of other browsers:
https://gist.github.com/mrobinson/44ec87d028c0198917a7715a06dd98a0

Co-authored-by: Oriol Brufau <obrufau@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>

Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
2025-05-12 17:03:50 +00:00
Taym Haddadi
62569979ff
Make transform stream transferrable (#36905)
Part of https://github.com/servo/servo/issues/34676

#36739 needs to be merged first.

---------

Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com>
2025-05-12 16:02:06 +00:00
Ngo Iok Ui (Wu Yu Wei)
aa4ad0f2be
fix: ReadableStream::get_in_memory_bytes too large (#36914)
Fix a IPC hang due to `ReadableStream::get_in_memory_bytes` could return
really huge chunk.

Testing: WPT on ReadableStream should pass
Fixes: IPC hang when transferring huge chunk bytes from `ReadableStream`


cc @gterzian @Taym95 since this is also related to ReadableStream.

---------

Signed-off-by: Yu Wei Wu <yuweiwu@YunoMacBook-Air.local>
Co-authored-by: Yu Wei Wu <yuweiwu@YunoMacBook-Air.local>
2025-05-12 16:00:14 +00:00
Gae24
c37d5572fd
codegen: use FromJSValConvertible trait for Promise (#36966)
Before it was only used when converting to a `Record`, using it all the
times allow us to remove two methods.
Plus added a helper method in CodegenRust.py to avoid repeated code.

Testing: a successful build and existing tests should cover the changes.
Fixes: #36410

---------

Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
2025-05-12 11:05:46 +00:00
Tim van der Lippe
d780fb7695
Implement trusted HTML sinks for Element (#36941)
Also implements a conversion for `TrustedHTMLOrNullIsEmptyString`
to `TrustedHTMLOrString` to avoid introducing a separate
`get_trusted_script_compliant_string` for the new type.

Part of #36258

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-05-12 10:53:03 +00:00
Simon Wülker
41283220dd
Update select shadow tree when contents of selected option change (#36958)
The label that is displayed inside a `<select>` element is that of the
selected option, or it's text contents if the option does not have a
label. Therefore, we need to update the `<select>` shadow tree when the
contents of the selected option change.

Testing: Covered by existing web platform tests
Fixes https://github.com/servo/servo/issues/36926
Fixes https://github.com/servo/servo/issues/36925

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-05-11 16:21:56 +00:00
Tim van der Lippe
4821bc0ab0
Implement is-element-nonceable (#36961)
Unfortunately while it now passes almost all cases in
`tests/wpt/tests/content-security-policy/script-src/nonce-enforce-blocked.html`,
the test in question doesn't pass yet as it requires all cases to be
correct. Here, we still miss the "check for duplicate attributes during
parsing". Since we don't have this information available yet from the
parser, skip this for now.

Part of #36437

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-05-11 15:38:13 +00:00
Simon Wülker
dc0e7587bf
Don't attempt to resize Offscreencanvas without a rendering context (#36855)
When the canvas context mode is a placeholder then we shouldn't resize
the context.

Testing: Includes a new test
Fixes: https://github.com/servo/servo/issues/36846

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-05-11 15:27:33 +00:00
webbeef
9c3069366e
Prevent overflow in intersection observer area evaluation (#36955)
Prevent overflowing by not calculating the area and reordering
arithmetic operations.

Testing: No regression in wpt tests:
1495105545
Fixes: https://github.com/servo/servo/issues/36940

Signed-off-by: webbeef <me@webbeef.org>
2025-05-11 03:05:47 +00:00
Keith Yeung
da1c49299b
Update the list of global and window event handlers (#36894)
There's an expanded list of event handlers content attributes that need
to be forwarded to the corresponding window of the body element, and
this PR adds the remaining ones. The full list can be seen in [this
link](https://html.spec.whatwg.org/multipage/webappapis.html#event-handlers-on-elements%2C-document-objects%2C-and-window-objects%3Aevent-handlers-6).

Testing: Covered by various WPT tests

---------

Signed-off-by: Keith Yeung <kungfukeith11@gmail.com>
2025-05-10 15:54:13 +00:00
Tim van der Lippe
d0de4e64d2
Add CSP check for inline style attribute (#36923)
To be able to abort the update, extract the functionality into a
separate method. Otherwise, we don't run the `node.rev_version` at the
end, which according to the comment is probably important.

Not all `style-src` tests pass and I don't fully understand why yet, but
I presume it has to do with some special quirks of stylesheets that
other CSP checks don't have. All `style-src-attr-elem` tests pass
though.

Part of #4577

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-05-09 17:36:55 +00:00
Taym Haddadi
e5347eceac
WebIDL Fix ImageData constructor to take a Uint8ClampedArray instead of js_object (#31398)
<!-- Please describe your changes on the following line: -->

Fix ImageData constructor to take a Uint8ClampedArray instead of
js_object

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #31320

<!-- Either: -->
- [x] These changes do not require tests because there is not behavior
change.

<!-- Also, please make sure that "Allow edits from maintainers" checkbox
is checked, so that we can help you if you get stuck somewhere along the
way.-->

<!-- Pull requests that do not address these steps are welcome, but they
will require additional verification as part of the review process. -->

---------

Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com>
2025-05-09 11:05:56 +00:00
Tim van der Lippe
b6b80d4f6f
Correct event_target for CSP violations (#36887)
All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.

Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).

Fixes #36806

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-05-08 10:46:31 +00:00
Taym Haddadi
f3f4cc5500
Script implement TransformStream and TransformStreamDefaultController (#36739)
Part of https://github.com/servo/servo/issues/34676

---------

Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com>
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
Signed-off-by: Taym <haddadi.taym@gmail.com>
Co-authored-by: gterzian <2792687+gterzian@users.noreply.github.com>
2025-05-08 08:45:57 +00:00
Gae24
5b913441d4
async clipboard: implement readText (#36689)
part of #36084
Testing: Only idl harness tests will pass for now

---------

Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
2025-05-07 15:11:37 +00:00
Simon Wülker
23c327a988
script: Serialize a custom element's "is" value as an attribute (#36888)
Testing: Covered by web platform tests

[try
run](1486889324)

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-05-07 10:29:14 +00:00
Josh Matthews
f47e69c112
Improve some webdriver conformance tests results (#36673)
These changes allow test_dom_token_list from
/execute_script/collections.py to pass, and various tests in
/execute_script/arguments.py to expose new failures.

Testing: Not run in CI yet, but verified results from
tests/wpt/tests/webdriver/tests/classic/{execute_script,execute_async_script}
locally.
Fixes: #35738

---------

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-05-07 07:22:29 +00:00
Josh Matthews
a18c6e2c78
Fix double borrow panic in Node.childNodes (#36889)
`ensure_rare_data` returns a RefMut that extends the borrow of
Node.rare_data. This can lead to a panic in any method that triggers a
GC while this borrow is outstanding, such as Node.childNodes.

Testing: Manual testing on the testcase from the issue. It is impossible
to create a deterministic WPT crash test that is fast enough and can be
counted upon to continue working in the future.
Fixes: #36868

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-05-07 04:35:26 +00:00
Josh Matthews
ba8f923201
Various memory measurement improvements (#36834)
The two significant changes here are 1) a commit that frees memory used
to perform memory reporting once the reporting is complete, 2) memory
reporting for the system font service. There are various other commits
that remove `#[ignore_malloc_size_of]` attributes for data that we are
now able to measure, but they do not significantly change our
measurements when testing servo.org.

Testing: Comparing the output of about:memory on servo.org.

---------

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-05-07 04:00:12 +00:00
Tim van der Lippe
e9f364ef51
Implement inline CSP check for style element (#36860)
Part of #4577

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-05-06 18:52:27 +00:00
Simon Wülker
51b95a6246
Serialize attribute nodes as the empty string (#36875)
The existing code asserts that attribute nodes are never serialized.
This is wrong, because you can pass an attribute node to
`XMLSerializer::serializeToString`. Instead, the spec mandates that
these are serialized as empty strings
(https://w3c.github.io/DOM-Parsing/#dfn-xml-serialization-algorithm).

Testing: Includes a new web platform test
Fixes: https://github.com/servo/servo/issues/36872

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-05-06 12:26:15 +00:00
Simon Wülker
03abec4148
Replace urlpattern implementation with rust-urlpattern crate (#36826)
This change implements the full URLPattern API using
https://github.com/denoland/rust-urlpattern, except the two most
important functions (`test` and `exec`). These two are blocked on
https://github.com/servo/servo/issues/28679 due to this union:
539ca27284/components/script_bindings/webidls/URLPattern.webidl (L61).

Testing: Covered by existing web platform tests
Makes https://github.com/servo/servo/pull/36421 obsolete

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-05-06 09:42:55 +00:00
Simon Wülker
54c2818974
Don't slice a sliced blob (#36866)
When slicing a blob that is already sliced we should reference it's
parent's data instead of creating a subview into the sliced blob. This
keeps the blob ancestry chain small and reduces the number of blobs that
we have to resolve.

Testing: Includes a new crashtest
Fixes: https://github.com/servo/servo/issues/36843

[try
run](1484487366)

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-05-06 07:25:11 +00:00
Jimmy D. Buckets
1f6050f931
Implement document.scrollingElement (#35994)
<!-- Please describe your changes on the following line: -->
This implements `document.scrollingElement`
(https://drafts.csswg.org/cssom-view/#dom-document-scrollingelement).

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #35700
- [x] There are tests for these changes

<!-- Also, please make sure that "Allow edits from maintainers" checkbox
is checked, so that we can help you if you get stuck somewhere along the
way.-->

<!-- Pull requests that do not address these steps are welcome, but they
will require additional verification as part of the review process. -->

---------

Signed-off-by: JimmyDdotEXE <50691404+JimmyDdotEXE@users.noreply.github.com>
2025-05-05 12:50:42 +00:00
Taym Haddadi
7ea5951e34
Avoid borrow panic when Path2D.addPath is called with self (#36847)
Fixes: #36842

Signed-off-by: Taym <haddadi.taym@gmail.com>
2025-05-05 12:10:33 +00:00
Keith Yeung
3936b1d22b
script: Ensure EventSource interprets non-200 response codes as failure (#36853)
Spec has updated so that all responses that aren't 200 shall fail the
event source connection.

Testing: Covered by
`tests/wpt/tests/eventsource/request-status-error.window.js`

---------

Signed-off-by: Keith Yeung <kungfukeith11@gmail.com>
2025-05-05 12:04:46 +00:00
Keith Yeung
b3980dc2ee
script: Ensure EventSource field value is ignored if the null character exists in the field name (#36854)
Spec has updated so that any null characters in the `id` field name
would result in the value being ignored.

Testing: Covered by
`tests/wpt/tests/eventsource/format-field-id-null.window.js`

Signed-off-by: Keith Yeung <kungfukeith11@gmail.com>
2025-05-05 11:38:40 +00:00
Simon Wülker
8608e328a1
devtools: Allow highlighting elements from the inspector (#35822)
This change connects the `HighlighterActor` from the devtools with the
document, which will draw a blue rectangle over any highlighted dom
node.



https://github.com/user-attachments/assets/571b2dab-497f-4102-9e55-517cdcc040ba




---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes do not require tests because we don't have devtools
tests

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-05-05 10:10:25 +00:00
Graham Lowe
21df8b875b
Remove unspecified early return in MessagePort::Close (#36836)
This change removes the early return in `MessagePort::Close` that
occurred when the message port was detached. The
[spec](https://html.spec.whatwg.org/multipage/web-messaging.html#dom-messageport-close)
doesn't prescribe this behaviour for detached ports for this operation,
so the early return was unnecessary.

Testing: Runs ./mach test-wpt /webmessaging/ and ./mach test-wpt
/streams/
Fixes: [servo-36765](https://github.com/servo/servo/issues/36765)

Signed-off-by: Graham Lowe <graham.lowe@gmail.com>
Co-authored-by: Graham Lowe <graham.lowe@gmail.com>
2025-05-05 07:06:32 +00:00
webbeef
3db0194e5a
Embed user agent stylesheets and media control resouces in libservo (#36803)
Embed user agent stylesheets and media control resouces in libservo as
decided in
https://github.com/servo/servo/pull/36788#issuecomment-2845332210

Signed-off-by: webbeef <me@webbeef.org>
2025-05-04 18:48:09 +00:00
Gae24
7e2d2ed0ce
script: add TaskSource argument to route_promise (#36831)
Added task_source argument to route_promise, enabling callers to pick
the correct TaskSource.

Testing: No testing required, straightforward refactor
Fixes: #36825

Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
2025-05-04 17:05:27 +00:00
Tim van der Lippe
1e8896800a
Implement Trusted types worker sinks (#36811)
Part of #36258

Built on top of #36668

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-05-04 17:05:07 +00:00
Tim van der Lippe
c00e0aae61
Implement Trusted types document write sinks (#36824)
Implements the Document.write algorithm covering
Trusted HTML.

Part of #36258

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-05-04 11:50:33 +00:00
Tim van der Lippe
539ca27284
Propagate parent policy container to local iframes (#36710)
This follows the rules as defined in
https://w3c.github.io/webappsec-csp/#security-inherit-csp
where local iframes (about:blank and about:srcdoc) should
initially start with the CSP rules of the parent. After
that, all new CSP headers should only be set on the
policy container of the iframe.

Part of #36437

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-05-03 08:47:40 +00:00
Tim van der Lippe
4164f76769
Implement all trusted sinks in HTMLScriptElement (#36668)
As a follow-up to the recent introduction of `script.src`
as trusted sink, this PR refactors machinery to also
support `TrustedScript`. In doing so, all trusted sinks
in `HTMLScriptElement` are now covered.

Instead of calling the callbacks in `policy.createX`,
we now have a `TrustedType` enum that specifies which callback
to invoke. Unfortunately we still have the `USVString` vs
`DOMString` problem, which is why we need to `.map` twice
to retrieve the backing `String` and avoid two different
types.

Additionally, I saw that `script.text` should have called
the "String replace all" algorithm rather than setting the
child contents. So that's also now fixed.

Part of #36258
Requires servo/html5ever#608

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-05-03 08:35:46 +00:00
Tim van der Lippe
dd63325f50
Check CSP for javascript: URLs (#36709)
Also update a WPT test to fail-fast if the iframe incorrectly
evaluates the `eval`. Before, it would run into a timeout if
the implementation is correct. Now we reject the promise
when an exception is thrown.

Requires servo/rust-content-security-policy#6

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
2025-05-02 20:13:31 +00:00
Josh Matthews
b8971e528f
script: Move Window-only gamepad functionality out of GlobalScope (#36805)
The only code that calls these methods is in the script thread, and the
code is simpler when we can assume a Window global. Pulling this thread
led to cleaning up a lot of constructors for Window-only WebXR code,
too.

Testing: Existing WPT coverage.

---------

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-05-02 20:10:26 +00:00
webbeef
e25e63b587
Fix build when webgpu feature is not enabled (#36804)
Fix winit_minimal build breakage

Signed-off-by: webbeef <me@webbeef.org>
2025-05-02 11:33:28 +00:00
Josh Matthews
46f59e329c
Establish baseline webdriver conformance results (#35024)
https://github.com/web-platform-tests/wpt/pull/50041 allows us to start
running the webdriver conformance tests in Servo, which will make it
easier for us to track regressions/improvements in our webdriver server
implementation.

---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes are part of #15274
- [x] There are tests for these changes

---------

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-05-01 21:13:27 +00:00
sagudev
3648525fe8
Remove HTMLCanvasDataSource and CanvasSource (#36794)
All canvases return `Option<ImageKey>`.

Testing: Just refactor without behavior changes

Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
2025-05-01 17:49:59 +00:00
Kelechi Ebiri
1a3f10bba4
feat: implement ShadowRoot::setHTMLUnsafe (#36240)
Implements #36166

---------

Signed-off-by: TG <ebiritg@gmail.com>
2025-05-01 15:19:41 +00:00
Martin Robinson
0d21992edd
script: Clamp table spans according to the HTML specification (#36703)
Previously, spans were partially clamped during layout, but this means
that accessing and setting these properties via script wouldn't behave
according to the HTML specification. In addition, the value wasn't
floored in layout, so could lead to panics. This change improves
clamping and moves it to script.
    
Testing: This change includes a new WPT test.
Fixes #36699.

Signed-off-by: Martin Robinson <mrobinson@igalia.com>
2025-05-01 13:25:34 +00:00
Simon Wülker
cfc7115867
Send info about the DocumentType node to the devtools inspector (#36787)
This makes the DOCTYPE tag show up correctly in the inspector.

Before:

![image](https://github.com/user-attachments/assets/fd101337-95ce-45ee-8ac5-ae701109eb94)

After:

![image](https://github.com/user-attachments/assets/4e80f4c0-6ae4-4c53-88ca-614803caa032)


Testing: We don't have devtools tests

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-05-01 06:37:23 +00:00
sagudev
c3fcefdc32
Let (Offscreen)RenderingContext implement CanvasContext (#36712)
this allows us to simplify canvas element/offscreen impl to only call
CanvasContext implementations (no more match statements).

This will help with impl more offscreen canvas contextl.

Testing: WPT and rustc

Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
2025-04-30 18:52:57 +00:00
Simon Wülker
3d1dd482df
Include ChildrenList::last_visited in memory reports (#36772)
`MutNullableDom<Node>` is not in fact defined in `mozjs`.

Testing: This change compiles, so it works

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-04-30 15:39:47 +00:00
Kingsley Yung
5c5da6071e
Remove macro impl_rare_data (#36771)
This macro does not hide any complex or unsafe implementation details,
and, it's only used in two files (node.rs and element.rs). This patch
removes the macro, and move the implementation in place.

Moreover, the Element::rare_data_mut function in element.rs is called by
other functions, so the #[allow(dead_code)] annotation is removed. The
Node::rare_data_mut function in node.rs is not called anywhere, so it is
removed.

Testing: No test is needed for this cleaning up.
Fixes: #36767

---------

Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
2025-04-30 15:19:30 +00:00
Simon Wülker
c98cf8b306
Don't explicitly restyle when updating <details> shadow tree (#36769)
I'm not sure why I added these calls in the first place, but they don't
seem to be necessary and seem to be the cause of crashes.

This PR also adds some spec comments that I added while investigating
the crash.


Testing: Covered by existing WPT tests
Fixes https://github.com/servo/servo/issues/36757
Fixes https://github.com/servo/servo/issues/36273

[try
run](4141588918)

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-04-30 12:24:27 +00:00
Gregory Terzian
af5d665efa
MessagePort: implement disentanglement (#36654)
Implement
[disentangle](https://html.spec.whatwg.org/multipage/#disentangle)
Remove bespoke gc logic which now becomes unnecessary. 
Adds a wpt test that hits the "disentangle while in transfer" logic.
Updates streams code, fixing an error where disentanglement is
conditional on an error.

Test coverage: there are existing tests in
`/webmessaging/message-channels/close-event/explicitly-closed.tentative.window.js`
for the no transfer case, and the simple completed transfer case, and
this PR adds a test for the more complicated transfer in progress case.

Fix https://github.com/servo/servo/issues/36465

---------

Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
2025-04-30 10:49:38 +00:00
Fuguo
0c0ee04b8e
Improve inter-document focus handling (#36649)
*Describe the changes that this pull request makes here. This will be
the commit message.*
rewritten the PR #28571
Implement
[Window#focus](https://html.spec.whatwg.org/multipage/#dom-window-focus),
[Window#blur](https://html.spec.whatwg.org/multipage/#dom-window-blur)
Testing: WPT
Fixes: #8981 #9421

---------

Signed-off-by: kongbai1996 <1782765876@qq.com>
Co-authored-by: yvt <i@yvt.jp>
2025-04-30 04:37:53 +00:00
Fuguo
bab788f5d5
fix crash occurs when the focus element is adopted (#36608)
fix crash occurs when the focus element is adopted.

Testing: wpt dom/nodes/insertion-removing-steps/blur-event.window.html
not crash

Fixes:  #36607 #32972

---------

Signed-off-by: kongbai1996 <1782765876@qq.com>
2025-04-29 19:04:22 +00:00