These changes allow a minimal set of checks for font-src
CSP checks to pass.
Part of #4577
Part of #35035
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Limit the maximum image allocation size to 2GB to minimize the
possibility of out of memory errors on some `ImageBitmap`, `ImageData`,
`Canvas`, and `OffscreenCanvas` operations such as construction,
`toBlob`, and `toDataURL`. Other browsers have similar limits:
- Chromium: 2^32-1 (~4GB)
- Firefox: 2^31-1 (~2GB)
Testing: Improvements to the following tests:
-
`html/canvas/element/pixel-manipulation/2d.imageData.object.ctor.basics.html`
assert_throws_dom("INDEX_SIZE_ERR", function() { new ImageData(1 << 31,
1 << 31); });
-
`html/canvas/element/manual/imagebitmap/createImageBitmap-invalid-args.html`
makeOversizedCanvas + makeOversizedOffscreenCanvas
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
The original implementation of `HTMLOptionElement::Text` is recursive,
and the program may run out of stack space for a sufficiently large
number of iterations. The patch switches to an iterative implementation,
with `TreeIterator`.
Note that, instead of the usual `while let Some(node) = iterator.next()`
approach, we use `while let Some(node) = iterator.peek()` with the newly
added `TreeIterator::peek` function. This is because the choice of the
next node depends on some checks performed inside the `while` block,
whereas the `next` function determines the next node before entering the
block.
Moreover, the `TreeIterator::peek` function is added, instead of
wrapping the iterator into `Peekable`. This is because we will lose
access to the `TreeIterator::next_skipping_children` function if we wrap
it into `Peekable`.
Testing: This refactoring has to pass the existing tests.
Fixes: #36959
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
1. Let `input` JS event be dispatched by `keydown` instead of
`keypress`, according to spec
2. Fire `input` event for Backspace and Delete. But do so only when
something is actually deleted
Testing: Manually tested and compared with other browsers.
Fixes: #37051
cc @xiaochengh
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
Refactor the memory profiler code to return the struct and handle the
serializing in servointernal page.
This allows other users of the memory profiler to see the whole report
without parsing json.
Testing: I do not know if the memory page is covered by tests.
---------
Signed-off-by: Narfinger <Narfinger@users.noreply.github.com>
This is part of incremental implementation of #26488 . The interface
involved in this PR is CanvasRenderingContext2D.
Testing: Test should be just implemented.
Fixes: Partially #26488
Signed-off-by: Domenico Rizzo <domenico.rizzo@gmail.com>
This change adds support for rendering static SVG images using the
`resvg` crate, allowing svg sources in the `img` tag and in CSS
`background` and `content` properties. There are some limitations in
using resvg:
1. There is no support for animations or interactivity as these would
require implementing the full DOM layer of SVG specification.
2. Only system fonts can be used for text rendering. There is some
mechanism to provide a custom font resolver to usvg, but that is not
explored in this change.
3. resvg's handling of certain edge cases involving lack of explicit
`width` and `height` on the root svg element deviates from what the
specification expects from browsers. For example, resvg uses the values
in `viewBox` to derive the missing width or height dimension, but
without scaling that dimension to preserve the aspect ratio. It also
doesn't allow overriding this behavior.
Demo screenshot:
<details>
<summary>Source</summary>
```
<style>
#svg1 {
border: 1px solid red;
}
#svg2 {
border: 1px solid red;
width: 300px;
}
#svg3 {
border: 1px solid red;
width: 300px;
height: 200px;
object-fit: contain;
}
#svg4 {
border: 1px solid red;
width: 300px;
height: 200px;
object-fit: cover;
}
#svg5 {
border: 1px solid red;
width: 300px;
height: 200px;
object-fit: fill;
}
#svg6 {
border: 1px solid red;
width: 300px;
height: 200px;
object-fit: none;
}
</style>
</head>
<body>
<div>
<img id="svg1" src="https://raw.githubusercontent.com/servo/servo/refs/heads/main/resources/servo.svg" alt="Servo logo">
</div>
<div>
<img id="svg2" src="https://raw.githubusercontent.com/servo/servo/refs/heads/main/resources/servo.svg" alt="Servo logo">
<img id="svg3" src="https://raw.githubusercontent.com/servo/servo/refs/heads/main/resources/servo.svg" alt="Servo logo">
<img id="svg4" src="https://raw.githubusercontent.com/servo/servo/refs/heads/main/resources/servo.svg" alt="Servo logo">
</div>
<div>
<img id="svg5" src="https://raw.githubusercontent.com/servo/servo/refs/heads/main/resources/servo.svg" alt="Servo logo">
<img id="svg6" src="https://raw.githubusercontent.com/servo/servo/refs/heads/main/resources/servo.svg" alt="Servo logo">
</div>
</body>
```
</details>
---------
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
This is a stub for `AbortSignal`, which we would like to merge first in
order to work in parallel on
https://github.com/servo/servo/issues/34866, and perhaps also
https://github.com/servo/servo/issues/36936
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com>
Co-authored-by: Taym Haddadi <haddadi.taym@gmail.com>
Replace the holder of actual pixel data of the ImageBitmap interface
([[BitmapData]] slot) from Vec<u8> to snapshot::Snapshot (image bitmap
with metadata).
https://html.spec.whatwg.org/multipage/#the-imagebitmap-interface
It will allow to have all required information (e.g. size, pixel format,
alpha mode)
for further drawing processing to/from canvas2D output bitmap.
Testing: No required tests
Fixes: https://github.com/servo/servo/issues/34112
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
In https://github.com/servo/servo/pull/36977, when transferring
`TransformStream`, `CrossRealmTransform::Writable` and
`CrossRealmTransform::Readable` are set to different message ports. The
message port will not be readable and writable at the same time when
transferring the stream, so we can now merge
`cross_realm_transform_readable` and `cross_realm_transform_writable`
into a single field `cross_realm_transform`.
Testing: WPT ([passed on try
branch](4278417951))
Fixes: https://github.com/servo/servo/issues/37084
---------
Signed-off-by: Jason Tsai <git@pews.dev>
Previously, when the theme was set it was only set on currently active
`Window`s. This change makes setting the `Theme` stateful. Now the
`Constellation` tracks what theme is applied to a `WebView` and properly
passes that value to new `Pipeline`s when they are constructed. In
addition, the value is passed to layout when that is constructed as
well.
Testing: this change adds a unit test.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
I'm not sure if `CodegenRust.py` was supposed to remove the underscore,
but we end up exposing `type_` to javascript which is obviously wrong.
There's no need to rename the method in the first place, because `Type`
(with a capital T) is not a rust keyword.
Testing: Covered by existing web platform tests
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
DomObject::global is a tricky API because it's used pervasively but has
subtle requirements that are not documented and not yet enforced by the
type system (#36116). The method returns the relevant global object for
a given DOM object, but that operation is only meaningful if there is an
active realm. We usually, but not always, have an active realm.
This change avoids a footgun by following the principle of least
surprise. Rather than making every single caller of `something.global()`
both prove that there is an active realm and think about which realm
they want active, we implement the obvious behaviour: always activate
the realm of the callee before obtaining the relevant global.
Testing: Existing WPT coverage is sufficient; this method is called all
over the codebase.
Fixes: #37070#27037
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
With this change the URLPattern API is fully implemented. I'll look into
the remaining failures and then enable the preference by default.
Testing: Covered by web platform tests
Depends on https://github.com/servo/servo/pull/37042
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Uses raycasting to determine whether point is in polygon
Testing: Added unittest
Fixes: None to my knowledge
---------
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
ImageBitmap::new always returns Ok. Simplify it by changing to return
DomRoot<ImageBitmap> directly.
The #[allow(dead_code)] seems unnecessary. This patch also removes it.
Testing: No test is needed.
Fixes: #37105
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
According to specification ImageBitmap objects are serializable objects
and transferable objects.
https://html.spec.whatwg.org/multipage/#the-imagebitmap-interface:imagebitmap-11
Testing:
- html/canvas/element/manual/imagebitmap/*
- html/infrastructure/safe-passing-of-structured-data/*
- html/webappapis/structured-clone/*
- workers/semantics/structured-clone/*
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
This follows firefox's implementation:
24d49101ce/dom/webgpu/Instance.h (L68)
It changes the default on most systems to `Bgra8Unorm` but leaves it as
`Rgba8Unorm` on android.
Signed-off-by: Ashwin Naren <arihant2math@gmail.com>
This includes removing an implementation of normalize for `ByteString`,
because it is effectively duplicated in net under
`trim_http_whitespace`. This is part of an attempt to cleanup and
centralize code for header parsing and manipulation.
Testing: Covered by existing WPT tests
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
When the computed restyle damage is empty, do not do a layout. Instead,
just rebuild the display list. In the future, even that can be omitted,
but that requires changes to the compositor.
These kind of relayouts commonly happen when the cursor is moving around
the page and no style rules cause changes to :hover.
Testing: This is covered existing WPT tests and should only have
performance
impacts. Unfortunately there are currently no performance tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
To properly compute (the video) element's content size for
layout requires to dirty the element on any intrinstic size changes.
Full list of the operations which cause layout invalidation:
- media metadata update (NEW)
- removing "src" attribute
- video frame update
- show poster image
Testing:
html/semantics/embedded-content/the-video-element/intrinsic_sizes.htm
Fixes: https://github.com/servo/servo/issues/34434
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
This makes servo use less file descriptors for animated images and
avoids the crash described in
https://github.com/servo/servo/issues/36792.
Doing this also forces the end users to be more explicit about whether
they want to deal with all image frames or just the first one.
Previously, `Image::bytes` silently returned only the data for the first
frame. With this change there's now a `frames` method which returns an
iterator over all frames in the image.
Testing: No tests - this simply reduces the number of fds used. Servo
doesn't currently display animated gifs anyways.
Fixes: https://github.com/servo/servo/issues/36792
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
I have modified the Blob.ArrayBuffer implementation to comply with the
specification part of #25209.
See also: #35151.
Testing: This does not seem to affect tested behavior, so no new tests.
Signed-off-by: yoseio <98276492+yoseio@users.noreply.github.com>
This changes includes two semi-related things:
1. Fixes some specification compliance issues when parsing mime
types and charsets for `XMLHttpRequest`.
2. Implements a `<stylesheet>` parsing quirk involving mime types.
Testing: There are tests for these changes.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
Instead, use the `filter_map` functions of `std::cell::Ref` and
`accountable_refcell::Ref`, which provide the same functionality as
`ref_filter_map`.
Testing: Refactoring for removing dependency. No extra test is needed.
Fixes: #36851
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
This way, we don't always set the destination to Document (which is as
the spec is written today). Instead, we set it it in the load_data,
depending on which context we load it from.
Doing so allows us to set the `Destination::IFrame` for navigations in
iframes, enabling all frame-related CSP checks.
While we currently block iframes when `frame-src` or `child-src` is set,
their respective tests don't pass yet. That's because we don't yet
handle the cases
where we fire the correct `load` event.
Also update one WPT test to correctly fail, rather than erroring. That's
because it was using the wrong JS test variable.
Part of #4577
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Disabling the TestBinding-related bindings and implementations saves 2mb
in a release build. Also, we lost the related test preferences when we
turned the layout-2020 tests on, so the tests have all been failing for
a long time.
Testing: Existing tests in CI.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This change adds a shadow-tree widget for `<input type=color>` elements.
It also involves some changes to the way layout interacts with the DOM,
because currently all `input` and `textarea` elements are rendered as
plain text and their descendants are ignored. This obviously doesn't
work for `<input type={color, date, range, etc}>`.
<details><summary>HTML used for the screenshot above</summary>
```html
<input type=color>
```
</details>
Testing: I doubt that this affects WPT tests, because the appearance and
behaviour of the widget is almost entirely unspecified.
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Add mock SVGImageElement interface to fix TIMEOUT WPT tests
which are related to ImageBitmap (html/canvas/*).
https://svgwg.org/svg2-draft/embedded.html#InterfaceSVGImageElement
Rationality of this change to fire event "error" on any attempt to fetch
image resource on href attribute change to not block WPT tests
execution.
Some WPT tests use the legacy namespace attribute "xlink:href", so
support for it was added to source code.
https://svgwg.org/svg2-draft/linking.html#XLinkHrefAttribute
- setAttributeNS("http://www.w3.org/1999/xlink", 'xlink:href', src);
Testing: Covered by existed WPT tests
- fetch/metadata/generated/svg-image*
- html/canvas/element/manual/*
- html/dom/idlharness.https.html
- html/semantics/embedded-content/the-canvas-element/*
- html/webappapis/scripting/events/event-handler-all-global-events.html
- mozilla/interfaces.https.html
Fixes: https://github.com/servo/servo/issues/35881
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
This change adds the simplest kind of incremental layout. When Servo
detects that all style changes only require a repaint, only run stacking
context tree and WebRender display list generation. This means that
these kind of restyles do not need a re-layout. Instead, the existing
box and fragment trees will be used and the styles of damaged nodes will
be updated in their box and fragment tree nodes.
This requires a new style repair DOM traversal for nodes that have had
their style damaged. In addition, careful accounting of all the places
where we store style must happen in order ot update those styles.
Testing: This is covered by existing WPT tests as it should not change
observable behavior.
We have created a test case which shows a 50% speedup when run
in Servo, even though there still a long way to go to match the speed
of other browsers:
https://gist.github.com/mrobinson/44ec87d028c0198917a7715a06dd98a0
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
Fix a IPC hang due to `ReadableStream::get_in_memory_bytes` could return
really huge chunk.
Testing: WPT on ReadableStream should pass
Fixes: IPC hang when transferring huge chunk bytes from `ReadableStream`
cc @gterzian @Taym95 since this is also related to ReadableStream.
---------
Signed-off-by: Yu Wei Wu <yuweiwu@YunoMacBook-Air.local>
Co-authored-by: Yu Wei Wu <yuweiwu@YunoMacBook-Air.local>
Before it was only used when converting to a `Record`, using it all the
times allow us to remove two methods.
Plus added a helper method in CodegenRust.py to avoid repeated code.
Testing: a successful build and existing tests should cover the changes.
Fixes: #36410
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Also implements a conversion for `TrustedHTMLOrNullIsEmptyString`
to `TrustedHTMLOrString` to avoid introducing a separate
`get_trusted_script_compliant_string` for the new type.
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
The label that is displayed inside a `<select>` element is that of the
selected option, or it's text contents if the option does not have a
label. Therefore, we need to update the `<select>` shadow tree when the
contents of the selected option change.
Testing: Covered by existing web platform tests
Fixes https://github.com/servo/servo/issues/36926
Fixes https://github.com/servo/servo/issues/36925
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Unfortunately while it now passes almost all cases in
`tests/wpt/tests/content-security-policy/script-src/nonce-enforce-blocked.html`,
the test in question doesn't pass yet as it requires all cases to be
correct. Here, we still miss the "check for duplicate attributes during
parsing". Since we don't have this information available yet from the
parser, skip this for now.
Part of #36437
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
When the canvas context mode is a placeholder then we shouldn't resize
the context.
Testing: Includes a new test
Fixes: https://github.com/servo/servo/issues/36846
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Prevent overflowing by not calculating the area and reordering
arithmetic operations.
Testing: No regression in wpt tests:
1495105545
Fixes: https://github.com/servo/servo/issues/36940
Signed-off-by: webbeef <me@webbeef.org>
To be able to abort the update, extract the functionality into a
separate method. Otherwise, we don't run the `node.rev_version` at the
end, which according to the comment is probably important.
Not all `style-src` tests pass and I don't fully understand why yet, but
I presume it has to do with some special quirks of stylesheets that
other CSP checks don't have. All `style-src-attr-elem` tests pass
though.
Part of #4577
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
<!-- Please describe your changes on the following line: -->
Fix ImageData constructor to take a Uint8ClampedArray instead of
js_object
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#31320
<!-- Either: -->
- [x] These changes do not require tests because there is not behavior
change.
<!-- Also, please make sure that "Allow edits from maintainers" checkbox
is checked, so that we can help you if you get stuck somewhere along the
way.-->
<!-- Pull requests that do not address these steps are welcome, but they
will require additional verification as part of the review process. -->
---------
Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com>
All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.
Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).
Fixes#36806
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
