As a follow-up to the recent introduction of `script.src`
as trusted sink, this PR refactors machinery to also
support `TrustedScript`. In doing so, all trusted sinks
in `HTMLScriptElement` are now covered.
Instead of calling the callbacks in `policy.createX`,
we now have a `TrustedType` enum that specifies which callback
to invoke. Unfortunately we still have the `USVString` vs
`DOMString` problem, which is why we need to `.map` twice
to retrieve the backing `String` and avoid two different
types.
Additionally, I saw that `script.text` should have called
the "String replace all" algorithm rather than setting the
child contents. So that's also now fixed.
Part of #36258
Requires servo/html5ever#608
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Implement
[disentangle](https://html.spec.whatwg.org/multipage/#disentangle)
Remove bespoke gc logic which now becomes unnecessary.
Adds a wpt test that hits the "disentangle while in transfer" logic.
Updates streams code, fixing an error where disentanglement is
conditional on an error.
Test coverage: there are existing tests in
`/webmessaging/message-channels/close-event/explicitly-closed.tentative.window.js`
for the no transfer case, and the simple completed transfer case, and
this PR adds a test for the more complicated transfer in progress case.
Fix https://github.com/servo/servo/issues/36465
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
Implements https://fetch.spec.whatwg.org/#dom-response-json
Restructured the constructor to follow the spec more closely with a
separate "initialize the response" algorithm.
Testing: There are existing WPT tests for this.
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
We now check the sink of script.src for trusted types. This is the first
attribute that we check, other sinks will be implemented in follow-up
changes.
The algorithms currently hardcode various parts. That's because I need
to refactor a couple of algorithms already present in TrustedTypePolicy.
They use callbacks at the moment, which made sense for their initial
use. However, for these new algorithms they don't work. Therefore, I
will align them with the specification by taking in an enum. However,
since that's a bigger refactoring, I left that out of this PR (which is
already quite big).
The other trusted types support (createScript and createHTML) will also
be implemented separately.
Part of #36258
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
These changes make us match Gecko's setup for how Window and non-Window
globals are initialized. Since Window globals are much more common than
Worker globals, using lazy interface definitions can be a useful memory
optimization at the expense of increased complexity for property
lookups.
Also adds the MayResolve hook for all globals, which is an optimization
for the JIT to avoid calling resolve hooks unnecessarily.
Testing: Existing test coverage on global interfaces should suffice.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Sets the navigator.onLine attribute to true.
Testing:
Ran `./mach run https://pinterest.com
--enable-experimental-web-platform-features`. This doesn't show the
"Hmm..you're not connected to the internet" text anymore.
<img width="1027" alt="Screenshot 2025-04-16 at 11 31 02 AM"
src="https://github.com/user-attachments/assets/3745077b-dc51-42ce-88a0-38d5f157fc0c"
/>
part of: #36554
---------
Signed-off-by: Siddhant N. Trivedi <sidntrivedi012@gmail.com>
Signed-off-by: Siddhant N Trivedi <sidntrivedi012@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Add missing "EnforceRange" attribute to interface methods
https://html.spec.whatwg.org/multipage/canvas.html#canvasimagedata
--
- [x] ./mach build -d does not report any errors
- [x] ./mach test-tidy does not report any errors
- [x] There are tests for these changes
tests/wpt/tests/html/canvas/element/pixel-manipulation/2d.imageData*
tests/wpt/tests/html/canvas/offscreen/pixel-manipulation/2d.imageData*
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
This was missed in #36355 and should have also been gated by the flag.
With these, the wpt.fyi tests should now no longer pass, as the flag
hasn't been removed yet.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Implement enough of the Clipboard API to have a working `writeText`.
Testing: Unfortunately many clipboard-apis tests require testdriver, so
only idlharness ones will pass now.
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
This algorithm is quite straightforward written in the specification,
but leads to some type awkwardness in Rust. Most notably, the callbacks
have different types and cannot be unified easily. They also return
different string types. Similarly, the returning objects are all unique
types and don't have a common denominator.
Therefore, rather than implementing it in 1-to-1 fashion with the
specification text, it instead uses callbacks to instruct the type
system of what to call when.
This is further complicated by the fact that the callback can exist
or not, as well as return a value or not. This requires multiple
unwrangling, combined with the fact that the algorithm should throw
or not.
All in all, the number of lines is relatively low compared to the
specification algorithm and the Rust compiler does a lot of heavy
lifting figuring out which type is what.
Part of https://github.com/servo/servo/issues/36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Adds support for both the content and the IDL attribute.
Note this doesn't cover dynamic updates to `document.styleSheets` and
the owner node of the sheet.
Testing: Covered by WPT
Fixes: #26739
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
implement the `ClipboardItem` interface
Testing: covered by existing wpt tests
part of #36084
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Some methods are implemented fully, while others are implemented
partly. With these implementations, there are no observed crashes
when running the trusted-types web-platform-tests.
Most notably, the tests/wpt/tests/trusted-types/idlharness.window.js
is now fully passing.
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Implement the TestUtils namespace from
https://testutils.spec.whatwg.org/.
This should make the `js/builtins/weakrefs` tests run faster and more
consistently.
This change will enable other WPT tests but no tests exist currently for
TestUtils itself.
Fixes: #36290
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Co-authored-by: sagudev <16504129+sagudev@users.noreply.github.com>
Note that `StyleRule` may not have the `CssRules` readily available,
they may need to be created. So the previous approach of providing
`CSSGroupingRule` with the `CssRules` is no good: it would require
writing them in advance, just in case they end up being used.
Therefore, this removes the `CSSGroupingRule::rules` field. Instead,
they are lazily obtained in `CSSGroupingRule::rulelist()` by downcasting
and calling the appropriate method for the subclass.
Testing: covered by WPT
Fixes: #36245
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
This is the CSSOM interface that represents a nested declarations rule.
https://drafts.csswg.org/css-nesting/#the-cssnestrule
Testing: `/_mozilla/mozilla/interfaces.https.html`. And once
`CSSStyleRule` becomes a `CSSGroupingRule` subclass, this will be
further covered by `/css/css-nestting/`.
This is part of #36245
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
* Start working on a basic URLPattern implementation
This is API part of Interop 2025, so we should definitely support it!
This change implements the basic workflow for parsing
and compiling URL patterns. Parts of it are stubbed out and will be
implemented later.
For now the API is preference-gated behind "dom_urlpattern_enabled".
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Preference-gate the URLPattern API
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix full wildcard value (Should be ".*" not "*")
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Add doc comments to boundary point
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Allow querying content box of text fragments
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement Range::getBoundingClientRect
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement declarative shadow dom
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Set allowDeclarativeShadowRoots false for innerHTML
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Enable allowDeclarativeShadowRoots for Document
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Expose HTMLTemplateElement to js
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Implemenet setHTMLUnsafe and add more test cases
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Declarative shadow dom: minor updates and expected test result update
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Shadow-dom: add more test cases
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Update comments according to the spec
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Bump html5ever version
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
---------
Signed-off-by: batu_hoang <longvatrong111@gmail.com>
* Add doc comments to RequestBuilder fields/methods
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement Request::cryptographic_nonce_metadata
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Implement HTMLOrSVGElement::nonce
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set request cryptographic nonce metadata for link elements
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Set request's cryptographic nonce when fetching scripts
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Forward request nonce to rust-content-security-policy
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This patch exposes a servo internal DOM API that is only made available to about:
pages on the navigator object to request memory reports. The about:memory page itself is
loaded like other html resources (eg. bad cert, net error) and makes use of this new API.
On the implementation side, notable changes:
- components/script/routed_promise.rs abstracts the setup used to fulfill a promise when the
work needs to be routed through the constellation. The goal is to migrate other similar
promise APIs in followup (eg. dom/webgpu/gpu.rs, bluetooth.rs).
- a new message is added to request a report from the memory reporter, and the memory reporter
creates a json representation of the set of memory reports.
- the post-processing of memory reports is done in Javascript in the about-memory.html page,
providing the same results as the current Rust code that outputs to stdout. We can decide
later if we want to remove the current output.
Signed-off-by: webbeef <me@webbeef.org>
#30151 added support for setlike and maplike declarations in WebIDL, but
the tests only validated if generator code worked with 'DOMString' as
the key type. The support for interface type as members was broken as
`DomRoot<T>` didn't satify the bounds `Eq` and `Hash` needed by the
`Key` and `Value` types in `Setlike` and `Maplike` traits respectively.
In addition, the splitting of bindings into a separate 'script_bindings'
crate had also broken support for this in CodegenRust.py, as the types
used within the definition of `DomTraits` were not referenced using
`Self::`.
This patch fixes the WebIDL code generator by doing a simple string
replacement on the return value of `getRetvalDeclarationForType` so that
the proper `Self::` is used. I'm not not sure if there is a better
approach to this as it seems most logic in CodegenRust.py uses the `D::`
prefix that is expected to be available only when compiling `script`
crate and not `script_bindings`.
This patch also adds the missing trait implementations for `DomRoot` and
ensures that the generated code works for both members of primitive and
interface types by splitting the existing `TestBinding{Map,Set}Like`
interfaces into `TestBinding{Map,Set}LikeWith{Primitive,Interface}`
tests.
Fixes#35542.
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This patch implements the `FontFace` interface, but with some caveats
1. The interface is only exposed on `Window`. Support for Workers will
be handled in the future.
2. The concept of `css-connected` `FontFace` is not implemented, so
`@font-face` rules in stylesheets will not be represented in the DOM.
3. The constructor only supports using `url()` strings as source
and `ArrayBuffer` and `ArrayBufferView` are not supported yet.
A skeleton implementation of the `load` method of `FontFaceSet` is also
implemented in this patch. The intention is to support some web pages
that don't load without this method.
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
* dom: expose obsolete `scheme` attribute for meta tag
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
* update tests
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
---------
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
