This reduces the boilerplate necessary for adding new
serializable/transferable interfaces to the structured cloning code. We
always need to root the deserialized objects when performing a read
operation, but we don't actually need the concrete object types in the
majority of cases. By storing a list of rooted JS object values, we can
push generic reflector objects into it, and extract the types we need
(MessagePort) at the very end.
Testing: Existing WPT structured cloning tests will provide coverage.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
When doing any kind of query, up until now, containing block rectangles
were calculated by walking the `FragmentTree` until the node being
queried was found. In order to make possible answering queries without
walking the `FragmentTree`, `Fragment`s need to cache their cumulative
containing block rectangles.
This change adds a new `FragmentTree` pass (during construction) that
takes care of calculating and caching these values. The new cached value
is used during resolved style queries and also scrolling area queries
(with the idea that all queries will eventually use them).
In addition, extra `FragmentTree` walks used for cancelling animations
for elements no longer in the `FragmentTree` are integrated into this
new traversal.
Testing: Covered by existing WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
Each canvas context returns snapshot instead of just raw bytes. This
allows as to hold off conversions (BGRA <-> RGBA, (un)premultiply) to
when/if they are actually needed. For example when loading snapshot into
webgl we can load both RGBA and BGRA so no conversion is really needed.
Currently whole thing is designed to be able to be extend on
https://github.com/servo/ipc-channel/pull/356, to make less copies.
Hence some commented out code.
Fixes#35759
There are tests for these changes in WPT
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
remove `webrender_document` in script and constellation's pipeline
Testing: `webrender_document` in script crate is not being referenced
anywhere in the Servo, should be safe to remove.
Fixes: https://github.com/servo/servo/issues/36647
Signed-off-by: Jason Tsai <git@pews.dev>
Fixes an error where a promise was rejected where it should have been
resolved.
Follow-up to
https://github.com/servo/servo/pull/36588/files#r2049437506; the initial
diagnosis was wrong.
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
Rather than creating unique types for each pipeline-namespaced index
type (eg. MessagePortId, DomExceptionId, etc.), we can create a generic
common type that uses a marker to prevent type confusion. This change
allows us to reduce the boilerplate code required when implementing
serializable/transferable interfaces, since the structured clone
implementation can rely on the common type.
Testing: Existing WPT tests for serialization and transferring provide
coverage.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This makes sure that when workers are created, their global scope has
the correct policy-container set
so that we can do CSP-checks.
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This removes a now unnecessary handling of dataclone error when port
posts a message handling error to support stream transfers.
Fix https://github.com/servo/servo/issues/36479
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
#36361 changed the return type of structuredclone::read, so this code is
just stomping on an error value that is potentially more useful since
#36308 was merged.
Testing: Existing WPT test coverage.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
We now check the sink of script.src for trusted types. This is the first
attribute that we check, other sinks will be implemented in follow-up
changes.
The algorithms currently hardcode various parts. That's because I need
to refactor a couple of algorithms already present in TrustedTypePolicy.
They use callbacks at the moment, which made sense for their initial
use. However, for these new algorithms they don't work. Therefore, I
will align them with the specification by taking in an enum. However,
since that's a bigger refactoring, I left that out of this PR (which is
already quite big).
The other trusted types support (createScript and createHTML) will also
be implemented separately.
Part of #36258
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
These changes make us match Gecko's setup for how Window and non-Window
globals are initialized. Since Window globals are much more common than
Worker globals, using lazy interface definitions can be a useful memory
optimization at the expense of increased complexity for property
lookups.
Also adds the MayResolve hook for all globals, which is an optimization
for the JIT to avoid calling resolve hooks unnecessarily.
Testing: Existing test coverage on global interfaces should suffice.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This PR addresses [#36593](https://github.com/servo/servo/issues/36593),
where the poster image request for `<video>` elements lacked several
settings introduced in `RequestBuilder`. These settings —
`insecure_requests_policy`, `has_trustworthy_ancestor_origin`, and
`policy_container` — are now forwarded from the document, aligning
poster requests with other fetches using the correct policy container
and trust assessment.
This ensures that poster images are requested under the same security
assumptions as other media or resource loads.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#36593
<!-- Either: -->
- [X] There are tests for these changes
Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
When layout encounters a CSS image, the script thread is responsible for
fetching the image from the image cache. When the image is not yet
available, the script thread creates image cache listeners to perform
actions in response to future updates from the image cache.
In the current implementation, a cache listener would iterate over all
nodes using a particular image and mark them as dirty. However, we
mistakenly added one cache listener per node, leading to n^2 runtime
while performing lots of redundant work. For cases like #36480 with over
1000 elements using the same image, this led to a completely
unresponsive script thread.
Testing: Manual testing on the provided testcase, and a new WPT test
that times out without this PR's changes.
Fixes: #36480
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Sets the navigator.onLine attribute to true.
Testing:
Ran `./mach run https://pinterest.com
--enable-experimental-web-platform-features`. This doesn't show the
"Hmm..you're not connected to the internet" text anymore.
<img width="1027" alt="Screenshot 2025-04-16 at 11 31 02 AM"
src="https://github.com/user-attachments/assets/3745077b-dc51-42ce-88a0-38d5f157fc0c"
/>
part of: #36554
---------
Signed-off-by: Siddhant N. Trivedi <sidntrivedi012@gmail.com>
Signed-off-by: Siddhant N Trivedi <sidntrivedi012@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Updates wgpu to v25 and remove some verbose logging from CTS (that also
causes OOM).
Testing: WebGPU CTS
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
This removes a bunch of duplicated code needed to support
ConditionalMallocSizeOf correctly, and fixes multiple places where that
code was subtly wrong (the seen pointers hashset was never cleared).
Testing: Measuring https://www.nist.gov/image-gallery lots of times.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This also ensures that document now reports all violations and we set
the correct directive.
With these changes, all `script-src-attr-elem` WPT tests pass.
Part of #36437
Requires servo/rust-content-security-policy#3 to land first
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
In Servo debug build there are runtime crash due to "attempt to multiply
with overflow" panic
in case of creation too large ImageData (new ImageData(1<<31, 1<<31))
Use checked integer multiplication to catch occurred overflow
and throwing JS error (RangeError OR IndexSizeError).
--
- [x] ./mach build -d does not report any errors
- [x] ./mach test-tidy does not report any errors
- [x] There are tests for these changes
tests/wpt/tests/html/canvas/element/pixel-manipulation/2d.imageData.object.ctor.basics.html
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
These changes make our implementation of the enumeration hook for
globals [match
Gecko's](https://searchfox.org/mozilla-central/rev/1f65969e57c757146e3e548614b49d3a4168eeb8/dom/base/nsGlobalWindowInner.cpp#3297),
fixing an assertion failure that occurred in the previous
implementation.
Our enumeration hook is supposed to fill a vector with names of
properties on the global object without modifying the global in any way;
instead we were defining all of the missing webidl interfaces. We now do
much less work and crash less.
Testing: New crashtest based on manual testcase.
Fixes: #34686
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Because there used to be two traits exposing messages to the compositor,
there were two kinds of messages that could be sent:
1. In-process messages from the `Constellation`
2. Cross-process messages from other parts of Servo
Now these two types of messages can be unified into one type.
This is a reland of #36443, which caused regressions due to the fact
that messages to the compositor were no longer triggering the event loop
waker. This version of the PR splits out just the bits that unify the
two APIs, leaving the cleanup of routes in the constellation for another
PR.
Testing: This is covered by existing WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
The data_url Mime parser has a more conformant behavior in most cases,
including dealing with charsets.
Testing: wpt expectations with new passes are updated.
Signed-off-by: webbeef <me@webbeef.org>
We support both the "referrerpolicy" and the "nonce" attribute on script
elements, just not where the spec tells us to do it.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Follow the implementation of making DOMPoint and DOMPointReadOnly
serializable in PR #35989
Testing: Passed a test previously expected to fail.
Fixes: #36463
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Several places were using identical logic in order to parse a media
queries or media query lists.
This patch centralizes the logic into 2 new helper methods in MediaList.
Testing: not needed (no behavior change)
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
This reverts commit 4c55104b36.
This commit introduced an issue where messages from script to the
compositor no longer woke up the embedder. There is a larger issue
here, but this change exacerbated it.
Fixes#36528.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
<!-- Please describe your changes on the following line: -->
Add transfer support to ReadableStream. Part of
https://github.com/servo/servo/issues/34676
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [ ] `./mach build -d` does not report any errors
- [ ] `./mach test-tidy` does not report any errors
- [ ] These changes fix #___ (GitHub issue number if applicable)
<!-- Either: -->
- [ ] There are tests for these changes OR
- [ ] These changes do not require tests because ___
<!-- Also, please make sure that "Allow edits from maintainers" checkbox
is checked, so that we can help you if you get stuck somewhere along the
way.-->
<!-- Pull requests that do not address these steps are welcome, but they
will require additional verification as part of the review process. -->
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
Implement enough of the Clipboard API to have a working `writeText`.
Testing: Unfortunately many clipboard-apis tests require testdriver, so
only idlharness ones will pass now.
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.
However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].
[1]: https://github.com/servo/servo/issues/35028
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
add CanGc as argument to methods in HTMLInputElement, HTMLLinkElement
Testing: These changes do not require tests because they are a refactor.
Addresses part of https://github.com/servo/servo/issues/34573.
Signed-off-by: Yerkebulan Tulibergenov <yerkebulan@gmail.com>
- [x] our [DataClone
error](d733abfca0/components/script/dom/bindings/error.rs (L80))
needs to support an optional message
- [x] we need to add support to our DOMException implementation to allow
an optional message to replace the default message
- [x] we need to create a new struct used by both StructuredDataReader
and StructuredDataWriter for storing the error message in the
report_error_callback
- [x] report_error_callback needs to cast the closure pointer to the new
struct
- [x] the code that [throws a DataClone
error](5d1c64dba9/components/script/dom/bindings/structuredclone.rs (L542))
needs to use the stored error message if it's available
Testing: *Describe how this pull request is tested or why it doesn't
require tests*
Fixes: #36191
---------
Signed-off-by: jerensl <54782057+jerensl@users.noreply.github.com>
add CanGc as argument to methods in HTMLCollection, HTMLDataListElement,
HTMLDialogElement, HTMLElement, HTMLFieldSetElement,
HTMLFormControlsCollection, HTMLFormElement, HTMLIFrameElement
Testing: These changes do not require tests because they are a refactor.
Addresses part of https://github.com/servo/servo/issues/34573.
Signed-off-by: Yerkebulan Tulibergenov <yerkebulan@gmail.com>
Current implementation takes arguments for specifying values of
violation report, but is difficult to understand which value should be
passed. These changes create new builder for violation report to address
the issue.
Testing: These changes do not require tests because they just refactor
current code
Signed-off-by: Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com>
add CanGc as argument to methods in ElementInternals, GlobalScope,
HTMLAnchorElement, HTMLAreaElement, HTMLCanvasElement
Testing: These changes do not require tests because they are a refactor.
Addresses part of https://github.com/servo/servo/issues/34573.
Signed-off-by: Yerkebulan Tulibergenov <yerkebulan@gmail.com>
This algorithm is quite straightforward written in the specification,
but leads to some type awkwardness in Rust. Most notably, the callbacks
have different types and cannot be unified easily. They also return
different string types. Similarly, the returning objects are all unique
types and don't have a common denominator.
Therefore, rather than implementing it in 1-to-1 fashion with the
specification text, it instead uses callbacks to instruct the type
system of what to call when.
This is further complicated by the fact that the callback can exist
or not, as well as return a value or not. This requires multiple
unwrangling, combined with the fact that the algorithm should throw
or not.
All in all, the number of lines is relatively low compared to the
specification algorithm and the Rust compiler does a lot of heavy
lifting figuring out which type is what.
Part of https://github.com/servo/servo/issues/36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Because there used to be two traits exposing messages to the compositor,
there were two kinds of messages that could be sent:
1. In-process messages from the `Constellation`
2. Cross-process messages from other parts of Servo
Now these two types of messages can be unified into one type. With that
done the compositor can simply keep a single `IpcReceiver` for all
messages, instead of having to set up a route for the cross-process
messsages. This decreases overhead of cross proceses messages a bit, but
more importantly solves an issue where Servo would rely on the
compositor's cross-process message route after the `Constellation` had
called `ROUTER.shutdown()`.
This is part of #36442.
Testing: This is covered by existing WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
When clicking on a text input element, we currently position the caret
at the very beginning, even if there is already text present. That makes
is annoying when you want to add text, and doesn't match what other
browsers do.
Instead, this change positions the caret at the end of the current text.
Testing: Not covered by any wpt tests (rightly so I think).
Signed-off-by: webbeef <me@webbeef.org>
Set File's lastModified when reconstructing from Blob for FormData
Remove special character replacement in fileName (spec removed this
step)
Testing: WPT tests exist
Fixes: #22744 (if I undertand the issue correctly the filename issue was
already fixed and now this fixes the lastModified part)
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
These algorithms are used to check whether an attribute/property can
accept a Trusted Type.
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Move parsing of Refresh values to Document.
Send Refresh header to Document and have meta tags reuse the logic.
I transplanted the existing Regex and made some updates so that it
passed all the existing parser tests.
I added the comments that made sense but it is not very clean to add
many comments within the regex.
Testing: There are existing WPT tests
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
Set the `htmlmediaelement`'s `currenSrc` in
resource-selection-algorithm.
Change the `htmlsourceelement`'s src and srcset to USVString type.
According to
[Spec](https://html.spec.whatwg.org/multipage/media.html#concept-media-load-algorithm),
Step 9.3 for mode is children, should set the `currentSrc` to `src` of
children `htmlsourceelement`.
Also, In the `htmlsourceelement` [interface
definition](https://html.spec.whatwg.org/multipage/embedded-content.html#the-source-element),
the `src` and `srcset` attribute should be type `USVString`.
Testing: More WPT tests related to resource selection algorithm are
passing.
Fix: Some spec fix
[Try](1434753561)
cc @xiaochengh
Signed-off-by: rayguo17 <rayguo17@gmail.com>
