- Update the script crate to better reflect the modern Permission
specifcation -- removing the necessity for an `Insecure` variant of
the permissions prompt.
- Have all allow/deny type requests in the internal API use an
`AllowOrDeny` enum for clarity.
- Expose `PermissionsRequest` and `PermissionFeature` data types to the
API and use them in the delegate method.
- Update both servoshell implementations to use the API.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Background:
> JavaScript strings are potentially ill-formed UTF-16 (arbitrary
> Vec<u16>) and can contain unpaired surrogates. Rust’s String type is
> well-formed UTF-8 and can not contain any surrogate. Surrogates are
> never emitted when decoding bytes from the network, but they can sneak
> in through document.write, the Element.innerHtml setter, or other DOM
> APIs.
In 2015, Servo launched an experiment to see if unpaired surrogates
cropped up in page content. That experiment caused Servo to panic if
unpaired surrogates were encountered with a request to report the page
to bug #6564. During that time several pages were reported with unpaired
surrogates, causing Servo to panic. In addition, when running the WPT
tests Servo will never panic due to the `-Z replace-surrogates` option
being passed by the test driver.
Motivation:
After this 10 year experiment, it's clear that unpaired surrogates are a
real concern in page content. Several reports were filed of Servo
panicking after encountering them in real world pages. A complete fix for
this issue would be to somehow maintain unpaired surrogates in the DOM,
but that is a much larger task than simply emitting U+FFD instead of an
unpaired surrogate.
Since it is clear that this kind of content exists, it is better for
Servo to try its best to handle the content rather than crash as
production browsers should not crash due to user content when possible.
In this change, I modify Servo to always replace unpaired surrogates.
It would have been ideal to only crash when debug assertions are
enabled, but debug assertions are enabled by default in release mode --
so this wouldn't be effective for WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Using environment variables is not really an option on ohos/android,
so add a CLI option to configure tracing.
Making it a `pref`, so that we can persist the filter
might also be desirable.
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
* Handle slots in an event's path
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This is only used in servoshell, even though it was plumbed through
script previously. It's just about how the `RenderingContext` is set up,
which is something managed entirely outside of servo itself.
In addition, make the name of `servo_shell_preferences` in `app.rs` more
consistent with the rest of the codebase.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
In addition to some small API changes, this downstream version of
WebRender no longer depends on a very old version of time. This is the
last step toward removing the dependency on `time0.1`.
The review for this commit should also include: 9f552bebab
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Add a `ClipboardDelegate` to the `WebView` API and a default
implementation in libservo for this delegate that works on Mac, Windows,
and Linux. Support for Android will be added in the future. This means
that embedders do not need to do anything special to get clipboard
support, but can choose to override it or implement it for other
platforms.
In addition, this adds support for handling fetches of clipboard contents
and renames things to reflect that eventually other types of clipboard
content will be supported. Part of this is removing the string
argument from the `ClipboardEventType::Paste` enum because script will
need to get other types of content from the clipboard than just a
string. It now talks to the embedder to get this information directly.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Also fix build errors resulting from the use of the type
`egui::Rounding` which is now renamed to `egui::CornerRadius`.
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This fixes common crash related to slottables, currently present on wpt.fyi.
Previously, the traversal parent of `Text` nodes was incorrectly
assumed to always be the parent or shadow host. That caused crashes
inside stylo's bloom filter. Now the traversal parent is the slot
that the node is assigned to, if any, and the parent/shadow host otherwise.
The slottable data for Text/Element nodes is now stored in NodeRareData.
This is very cheap, because NodeRareData will already be instantiated
for assigned slottables anyways, because the containing_shadow_root
field will be set (since assigned slottables are always in a shadow
tree). This change is necessary because we need to hand out references
to the assigned slot to stylo and that is not possible to do (without
unsafe code) if we need to downcast the node first.
As a side effect, this reduces the size of `Text` from 256 to 232 bytes,
because the slottable data is no longer stored there.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Blocking a fetch due to a bad port should be grouped together
with CSP blocks as per the spec, but these steps were previously
seperated.
Additionally, remove handling of ftp in
should_request_be_blocked_due_to_a_bad_port, since it did nothing
anyways.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This is a useful feature to have in a browser engine, so I think it
should be enabled by default. I believe that the original concern was
that there was a security issue, but this certainly has the same
security concerns as normal file loading.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
