These changes allow a minimal set of checks for font-src
CSP checks to pass.
Part of #4577
Part of #35035
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This is a stub for `AbortSignal`, which we would like to merge first in
order to work in parallel on
https://github.com/servo/servo/issues/34866, and perhaps also
https://github.com/servo/servo/issues/36936
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com>
Co-authored-by: Taym Haddadi <haddadi.taym@gmail.com>
I'm not sure if `CodegenRust.py` was supposed to remove the underscore,
but we end up exposing `type_` to javascript which is obviously wrong.
There's no need to rename the method in the first place, because `Type`
(with a capital T) is not a rust keyword.
Testing: Covered by existing web platform tests
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Newer keywords such as `async`/`await`/`gen` were missing from the list
There are no web platform APIs with these names, but it doesn't hurt to
keep the list up to date.
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
DomObject::global is a tricky API because it's used pervasively but has
subtle requirements that are not documented and not yet enforced by the
type system (#36116). The method returns the relevant global object for
a given DOM object, but that operation is only meaningful if there is an
active realm. We usually, but not always, have an active realm.
This change avoids a footgun by following the principle of least
surprise. Rather than making every single caller of `something.global()`
both prove that there is an active realm and think about which realm
they want active, we implement the obvious behaviour: always activate
the realm of the callee before obtaining the relevant global.
Testing: Existing WPT coverage is sufficient; this method is called all
over the codebase.
Fixes: #37070#27037
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
We fail only a couple of the URLPattern tests and I think that's mostly
due to bugs in the `urlpattern` crate.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
With this change the URLPattern API is fully implemented. I'll look into
the remaining failures and then enable the preference by default.
Testing: Covered by web platform tests
Depends on https://github.com/servo/servo/pull/37042
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
According to specification ImageBitmap objects are serializable objects
and transferable objects.
https://html.spec.whatwg.org/multipage/#the-imagebitmap-interface:imagebitmap-11
Testing:
- html/canvas/element/manual/imagebitmap/*
- html/infrastructure/safe-passing-of-structured-data/*
- html/webappapis/structured-clone/*
- workers/semantics/structured-clone/*
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
I have modified the Blob.ArrayBuffer implementation to comply with the
specification part of #25209.
See also: #35151.
Testing: This does not seem to affect tested behavior, so no new tests.
Signed-off-by: yoseio <98276492+yoseio@users.noreply.github.com>
The preference was enabled by default in early march 2025, but was kept
around in case something major breaks
(https://github.com/servo/servo/pull/35899#discussion_r1988222297).
In the time since, no major bugs have been reported:
* https://github.com/servo/servo/issues/36722 is a bug in the UA shadow
tree, not the shadow dom itself. It's also independent of the
preference.
* https://github.com/servo/servo/issues/36273 looks like it *might* be
related to the shadow DOM, but it also requires experimental features so
it might be caused by something else entirely.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
IDL `record` types can themselves contain types that are not described
anywhere else. An example is in
https://github.com/servo/servo/issues/37038, where the `record` contains
a definition of a union. These inner types must be returned from
`getAllTypes`, otherwise we won't generate code for them.
This PR also adds a few type annotations. I can remove them if
requested, but I think they're helpful.
Testing: Includes a regression test
Fixes: https://github.com/servo/servo/issues/37038
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Disabling the TestBinding-related bindings and implementations saves 2mb
in a release build. Also, we lost the related test preferences when we
turned the layout-2020 tests on, so the tests have all been failing for
a long time.
Testing: Existing tests in CI.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Add mock SVGImageElement interface to fix TIMEOUT WPT tests
which are related to ImageBitmap (html/canvas/*).
https://svgwg.org/svg2-draft/embedded.html#InterfaceSVGImageElement
Rationality of this change to fire event "error" on any attempt to fetch
image resource on href attribute change to not block WPT tests
execution.
Some WPT tests use the legacy namespace attribute "xlink:href", so
support for it was added to source code.
https://svgwg.org/svg2-draft/linking.html#XLinkHrefAttribute
- setAttributeNS("http://www.w3.org/1999/xlink", 'xlink:href', src);
Testing: Covered by existed WPT tests
- fetch/metadata/generated/svg-image*
- html/canvas/element/manual/*
- html/dom/idlharness.https.html
- html/semantics/embedded-content/the-canvas-element/*
- html/webappapis/scripting/events/event-handler-all-global-events.html
- mozilla/interfaces.https.html
Fixes: https://github.com/servo/servo/issues/35881
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
Before it was only used when converting to a `Record`, using it all the
times allow us to remove two methods.
Plus added a helper method in CodegenRust.py to avoid repeated code.
Testing: a successful build and existing tests should cover the changes.
Fixes: #36410
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
Also implements a conversion for `TrustedHTMLOrNullIsEmptyString`
to `TrustedHTMLOrString` to avoid introducing a separate
`get_trusted_script_compliant_string` for the new type.
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
<!-- Please describe your changes on the following line: -->
Fix ImageData constructor to take a Uint8ClampedArray instead of
js_object
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#31320
<!-- Either: -->
- [x] These changes do not require tests because there is not behavior
change.
<!-- Also, please make sure that "Allow edits from maintainers" checkbox
is checked, so that we can help you if you get stuck somewhere along the
way.-->
<!-- Pull requests that do not address these steps are welcome, but they
will require additional verification as part of the review process. -->
---------
Signed-off-by: Taym Haddadi <haddadi.taym@gmail.com>
These changes allow test_dom_token_list from
/execute_script/collections.py to pass, and various tests in
/execute_script/arguments.py to expose new failures.
Testing: Not run in CI yet, but verified results from
tests/wpt/tests/webdriver/tests/classic/{execute_script,execute_async_script}
locally.
Fixes: #35738
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
While the vast majority of DOM proxy objects created have a non-null
pointer in the handler's extra data field, there is one place we create
a proxy object that has a null pointer:
8b05b7449d/components/script/window_named_properties.rs (L76)
. Before #36818, dereferencing this null pointer was undefined behaviour
that was silently being ignored; now that Rust 1.86 adds debug pointer
validity checks, we get a panic when trying to dereference it.
Testing: Tested about:memory with rustc 1.86.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
<!-- Please describe your changes on the following line: -->
This implements `document.scrollingElement`
(https://drafts.csswg.org/cssom-view/#dom-document-scrollingelement).
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix#35700
- [x] There are tests for these changes
<!-- Also, please make sure that "Allow edits from maintainers" checkbox
is checked, so that we can help you if you get stuck somewhere along the
way.-->
<!-- Pull requests that do not address these steps are welcome, but they
will require additional verification as part of the review process. -->
---------
Signed-off-by: JimmyDdotEXE <50691404+JimmyDdotEXE@users.noreply.github.com>
Part of #36258
Built on top of #36668
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Implements the Document.write algorithm covering
Trusted HTML.
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
As a follow-up to the recent introduction of `script.src`
as trusted sink, this PR refactors machinery to also
support `TrustedScript`. In doing so, all trusted sinks
in `HTMLScriptElement` are now covered.
Instead of calling the callbacks in `policy.createX`,
we now have a `TrustedType` enum that specifies which callback
to invoke. Unfortunately we still have the `USVString` vs
`DOMString` problem, which is why we need to `.map` twice
to retrieve the backing `String` and avoid two different
types.
Additionally, I saw that `script.text` should have called
the "String replace all" algorithm rather than setting the
child contents. So that's also now fixed.
Part of #36258
Requires servo/html5ever#608
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Implement
[disentangle](https://html.spec.whatwg.org/multipage/#disentangle)
Remove bespoke gc logic which now becomes unnecessary.
Adds a wpt test that hits the "disentangle while in transfer" logic.
Updates streams code, fixing an error where disentanglement is
conditional on an error.
Test coverage: there are existing tests in
`/webmessaging/message-channels/close-event/explicitly-closed.tentative.window.js`
for the no transfer case, and the simple completed transfer case, and
this PR adds a test for the more complicated transfer in progress case.
Fix https://github.com/servo/servo/issues/36465
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
Implements https://fetch.spec.whatwg.org/#dom-response-json
Restructured the constructor to follow the spec more closely with a
separate "initialize the response" algorithm.
Testing: There are existing WPT tests for this.
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
We now check the sink of script.src for trusted types. This is the first
attribute that we check, other sinks will be implemented in follow-up
changes.
The algorithms currently hardcode various parts. That's because I need
to refactor a couple of algorithms already present in TrustedTypePolicy.
They use callbacks at the moment, which made sense for their initial
use. However, for these new algorithms they don't work. Therefore, I
will align them with the specification by taking in an enum. However,
since that's a bigger refactoring, I left that out of this PR (which is
already quite big).
The other trusted types support (createScript and createHTML) will also
be implemented separately.
Part of #36258
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
These changes make us match Gecko's setup for how Window and non-Window
globals are initialized. Since Window globals are much more common than
Worker globals, using lazy interface definitions can be a useful memory
optimization at the expense of increased complexity for property
lookups.
Also adds the MayResolve hook for all globals, which is an optimization
for the JIT to avoid calling resolve hooks unnecessarily.
Testing: Existing test coverage on global interfaces should suffice.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Profiling from #36609 showed this is an easy win. Ordering of our root
list does not matter, so swap_remove is a constant time operation
compared to a linear time one that caused memmove to appear in profiles
with lots of unrooting.
Testing: Existing WPT tests will cover this change.
Fixes: Part of #36609.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Sets the navigator.onLine attribute to true.
Testing:
Ran `./mach run https://pinterest.com
--enable-experimental-web-platform-features`. This doesn't show the
"Hmm..you're not connected to the internet" text anymore.
<img width="1027" alt="Screenshot 2025-04-16 at 11 31 02 AM"
src="https://github.com/user-attachments/assets/3745077b-dc51-42ce-88a0-38d5f157fc0c"
/>
part of: #36554
---------
Signed-off-by: Siddhant N. Trivedi <sidntrivedi012@gmail.com>
Signed-off-by: Siddhant N Trivedi <sidntrivedi012@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
These changes make our implementation of the enumeration hook for
globals [match
Gecko's](https://searchfox.org/mozilla-central/rev/1f65969e57c757146e3e548614b49d3a4168eeb8/dom/base/nsGlobalWindowInner.cpp#3297),
fixing an assertion failure that occurred in the previous
implementation.
Our enumeration hook is supposed to fill a vector with names of
properties on the global object without modifying the global in any way;
instead we were defining all of the missing webidl interfaces. We now do
much less work and crash less.
Testing: New crashtest based on manual testcase.
Fixes: #34686
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This is needed to implement features like `Response.json` which is a
static helper added to the fetch spec which overlaps with the `json`
instance method `Response` has from `Body`.
Partly based these changes on what Firefox does for this same issue.
(https://searchfox.org/mozilla-central/source/dom/bindings/Codegen.py
and
https://searchfox.org/mozilla-central/source/dom/bindings/Configuration.py
specifically keying `binaryNameFor` on name and `isStatic`).
Testing: I locally updated the Response.webidl to contain the new static
`json` and it compiles.
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
The JS engine uses types like `Handle<Maybe<PropertyDescriptor>>` in
various places and our automated bindings are not able to handle the
Maybe type. We have hand-written bindings that use outparams to indicate
a PropertyDescriptor value is actually the Nothing type, but that data
was getting lost when we passed the property descriptor to
SetPropertyIgnoringNamedGetter, which assumed that the property
descriptor was always valid.
Depends on https://github.com/servo/mozjs/pull/579.
Testing: Manual testing on testcase from
https://github.com/servo/servo/issues/34709, and new crashtest added.
Fixes: #34709
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Add missing "EnforceRange" attribute to interface methods
https://html.spec.whatwg.org/multipage/canvas.html#canvasimagedata
--
- [x] ./mach build -d does not report any errors
- [x] ./mach test-tidy does not report any errors
- [x] There are tests for these changes
tests/wpt/tests/html/canvas/element/pixel-manipulation/2d.imageData*
tests/wpt/tests/html/canvas/offscreen/pixel-manipulation/2d.imageData*
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
<!-- Please describe your changes on the following line: -->
Add transfer support to ReadableStream. Part of
https://github.com/servo/servo/issues/34676
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [ ] `./mach build -d` does not report any errors
- [ ] `./mach test-tidy` does not report any errors
- [ ] These changes fix #___ (GitHub issue number if applicable)
<!-- Either: -->
- [ ] There are tests for these changes OR
- [ ] These changes do not require tests because ___
<!-- Also, please make sure that "Allow edits from maintainers" checkbox
is checked, so that we can help you if you get stuck somewhere along the
way.-->
<!-- Pull requests that do not address these steps are welcome, but they
will require additional verification as part of the review process. -->
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
