`ensure_rare_data` returns a RefMut that extends the borrow of
Node.rare_data. This can lead to a panic in any method that triggers a
GC while this borrow is outstanding, such as Node.childNodes.
Testing: Manual testing on the testcase from the issue. It is impossible
to create a deterministic WPT crash test that is fast enough and can be
counted upon to continue working in the future.
Fixes: #36868
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
The two significant changes here are 1) a commit that frees memory used
to perform memory reporting once the reporting is complete, 2) memory
reporting for the system font service. There are various other commits
that remove `#[ignore_malloc_size_of]` attributes for data that we are
now able to measure, but they do not significantly change our
measurements when testing servo.org.
Testing: Comparing the output of about:memory on servo.org.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This makes it so that layout is no longer generic on the node type,
depending directly on `script`'s `ServoLayoutNode`. In addition to
greatly simplifying layout, this is necessary because incremental layout
needs to be able to create pseudo-element styles without having a handle
on the original `impl LayoutNode`. We feel this is a reasonable
tradeoff.
Testing: No functional changes, so covered by existing WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
The existing code asserts that attribute nodes are never serialized.
This is wrong, because you can pass an attribute node to
`XMLSerializer::serializeToString`. Instead, the spec mandates that
these are serialized as empty strings
(https://w3c.github.io/DOM-Parsing/#dfn-xml-serialization-algorithm).
Testing: Includes a new web platform test
Fixes: https://github.com/servo/servo/issues/36872
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
When slicing a blob that is already sliced we should reference it's
parent's data instead of creating a subview into the sliced blob. This
keeps the blob ancestry chain small and reduces the number of blobs that
we have to resolve.
Testing: Includes a new crashtest
Fixes: https://github.com/servo/servo/issues/36843
[try
run](https://github.com/simonwuelker/servo/actions/runs/14844873660)
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
While the vast majority of DOM proxy objects created have a non-null
pointer in the handler's extra data field, there is one place we create
a proxy object that has a null pointer:
8b05b7449d/components/script/window_named_properties.rs (L76)
. Before #36818, dereferencing this null pointer was undefined behaviour
that was silently being ignored; now that Rust 1.86 adds debug pointer
validity checks, we get a panic when trying to dereference it.
Testing: Tested about:memory with rustc 1.86.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
<!-- Please describe your changes on the following line: -->
This implements `document.scrollingElement`
(https://drafts.csswg.org/cssom-view/#dom-document-scrollingelement).
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix#35700
- [x] There are tests for these changes
<!-- Also, please make sure that "Allow edits from maintainers" checkbox
is checked, so that we can help you if you get stuck somewhere along the
way.-->
<!-- Pull requests that do not address these steps are welcome, but they
will require additional verification as part of the review process. -->
---------
Signed-off-by: JimmyDdotEXE <50691404+JimmyDdotEXE@users.noreply.github.com>
Spec has updated so that all responses that aren't 200 shall fail the
event source connection.
Testing: Covered by
`tests/wpt/tests/eventsource/request-status-error.window.js`
---------
Signed-off-by: Keith Yeung <kungfukeith11@gmail.com>
Spec has updated so that any null characters in the `id` field name
would result in the value being ignored.
Testing: Covered by
`tests/wpt/tests/eventsource/format-field-id-null.window.js`
Signed-off-by: Keith Yeung <kungfukeith11@gmail.com>
This change connects the `HighlighterActor` from the devtools with the
document, which will draw a blue rectangle over any highlighted dom
node.
https://github.com/user-attachments/assets/571b2dab-497f-4102-9e55-517cdcc040ba
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes do not require tests because we don't have devtools
tests
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
If a `WebView` is dropped immediately after creating it, the exit
pipeline message can arrive to the `ScriptThread` before the `Document`
is created for the pipeline. If this happens, we should still send a
message to the `Constellation` informing it that the pipeline is closed,
otherwise it will never know that this has happened properly.
Testing: This change includes a new unit test.
Fixes: #36807.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This change removes the early return in `MessagePort::Close` that
occurred when the message port was detached. The
[spec](https://html.spec.whatwg.org/multipage/web-messaging.html#dom-messageport-close)
doesn't prescribe this behaviour for detached ports for this operation,
so the early return was unnecessary.
Testing: Runs ./mach test-wpt /webmessaging/ and ./mach test-wpt
/streams/
Fixes: [servo-36765](https://github.com/servo/servo/issues/36765)
Signed-off-by: Graham Lowe <graham.lowe@gmail.com>
Co-authored-by: Graham Lowe <graham.lowe@gmail.com>
When all unit tests are run, the existing feature flag use from
net_traits was enough to ensure the default resources are baked into the
test binary. When only the unit tests for the `net` crate are run, that
feature flag was not enabled in the build so the tests that require the
resources fail.
Testing: Ran `./mach test-unit -p net`
Fixes: #36837
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Rather than sharing the full image cache in a script_thread, the image
cache is now unique per document. This ensures that CSP factors no
longer affect whether the image is retrieved from the cache incorrectly.
To do so, the thread_pool is shared across all caches, but the store is
fresh. Except for the place_holder{image,url}, which are cloned. That's
because the `rippy_data` is only available in the constellation and no
longer accessible at the point that we need to create the document in
the script_thread.
Contrary to the description in #36505, the script_thread still has an
image_cache for this reason: so it has access to the store and
thread_pool to clone it.
With these changes, the two CSP tests no longer flake. Confirmed with
running the following commmand:
```
./mach test-wpt tests/wpt/tests/content-security-policy/generic/ --rerun=10
```
Fixes#36505
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Part of #36258
Built on top of #36668
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Implements the Document.write algorithm covering
Trusted HTML.
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This follows the rules as defined in
https://w3c.github.io/webappsec-csp/#security-inherit-csp
where local iframes (about:blank and about:srcdoc) should
initially start with the CSP rules of the parent. After
that, all new CSP headers should only be set on the
policy container of the iframe.
Part of #36437
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
As a follow-up to the recent introduction of `script.src`
as trusted sink, this PR refactors machinery to also
support `TrustedScript`. In doing so, all trusted sinks
in `HTMLScriptElement` are now covered.
Instead of calling the callbacks in `policy.createX`,
we now have a `TrustedType` enum that specifies which callback
to invoke. Unfortunately we still have the `USVString` vs
`DOMString` problem, which is why we need to `.map` twice
to retrieve the backing `String` and avoid two different
types.
Additionally, I saw that `script.text` should have called
the "String replace all" algorithm rather than setting the
child contents. So that's also now fixed.
Part of #36258
Requires servo/html5ever#608
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Also update a WPT test to fail-fast if the iframe incorrectly
evaluates the `eval`. Before, it would run into a timeout if
the implementation is correct. Now we reject the promise
when an exception is thrown.
Requires servo/rust-content-security-policy#6
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
The only code that calls these methods is in the script thread, and the
code is simpler when we can assume a Window global. Pulling this thread
led to cleaning up a lot of constructors for Window-only WebXR code,
too.
Testing: Existing WPT coverage.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
`PositioningContext` held two vectors, one inside an `Option`, to
differentiate between the version used for a containing block for all
descendants (including `position: absolute` and `position: fixed`) or
only for `position: absolute` descendants. This distinction was really
hard to reason about and required a lot of bookkeeping about what kind
of `PositioningContext` a layout box's parent expected. In addition, it
led to a lot of mistakes.
This change simplifies things so that `PositioningContext` only holds a
single vector. When it comes time to lay out hoisted absolutely
positioned
fragments, the code then:
- lays out all of them (in the case of a `PositioningContext` for all
descendants), or
- only lays out the `position: absolute` descendants and preserves the
`position: fixed` descendants (in the case the `PositioningContext`
is only for `position: absolute`.), or
- lays out none of them if the `PositioningContext` was created for
box that did not establish a containing block for absolutes.
It's possible that this way of dealing with hoisted absolutes is a bit
less efficient, but, the number of these descendants is typically quite
small, so it should not be significant. In addition, this decreases the
size in memory of all `PositioningContexts` which are created in more
situations as time goes on.
Testing: There is a new WPT test with this change.
Fixes: #36696.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Non-initial values for the `scale`, `rotate` and `translate` properties
should establish a stacking context, just like `transform`.
Testing: adding new WPT tests.
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
https://github.com/web-platform-tests/wpt/pull/50041 allows us to start
running the webdriver conformance tests in Servo, which will make it
easier for us to track regressions/improvements in our webdriver server
implementation.
---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes are part of #15274
- [x] There are tests for these changes
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
All canvases return `Option<ImageKey>`.
Testing: Just refactor without behavior changes
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
`surface()` returns `SourceSurface` which is/was meant as optimization
when passing from canvas to canvas (in vello that would be wgpu texture;
but raquote does not really have this) while bytes returns something
that must impl AsRef<[u8]> (this is more generic then `&[u8]` as it
allows us to have type with drop impl - wgpu's BufferView).
Testing: This is just refactoring (protected by rust), but there are WPT
tests.
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Previously, spans were partially clamped during layout, but this means
that accessing and setting these properties via script wouldn't behave
according to the HTML specification. In addition, the value wasn't
floored in layout, so could lead to panics. This change improves
clamping and moves it to script.
Testing: This change includes a new WPT test.
Fixes#36699.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Fixes: #36717.
Testing: This is covered by existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Small fixes of abstraction.
We do not need to generalize `CompositionOrBlending`, because it's from
canvas_traits.
Ellipse impl that uses arc is not backend specific, so it serves as good
trait default.
Reviewable per commit.
Testing: Only refactoring, but there are WPT tests
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Current abstraction was leaky and very hard to understand/impl because
it was so intervened with actual implementation.
Now we generalize both `CanvasState` and `CanvasData` over `B: Beckend`,
meaning that every type/method must be part of trait interface (that
lives in `beckend.rs`). Using associated trait types instead of `Box<dyn
>` allows us too remove the need for wrapper types (and `to_raquote()`
methods) as we can implement helper traits on (foreign) raquote types.
The only time we actually do dispatch (by enum) is at `Canvas` methods.
Implementation now only need to implement all backend traits and
helpers. I tried to restrain myself from actually cleaning abstraction
(where possible), to keep this change as much mechanical as possible,
but we should absolutely do that as a follow up.
Testing: Rust as we only do refactor, but there are also WPT tests
try run: https://github.com/sagudev/servo/actions/runs/14760658522
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
this allows us to simplify canvas element/offscreen impl to only call
CanvasContext implementations (no more match statements).
This will help with impl more offscreen canvas contextl.
Testing: WPT and rustc
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
`MutNullableDom<Node>` is not in fact defined in `mozjs`.
Testing: This change compiles, so it works
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This macro does not hide any complex or unsafe implementation details,
and, it's only used in two files (node.rs and element.rs). This patch
removes the macro, and move the implementation in place.
Moreover, the Element::rare_data_mut function in element.rs is called by
other functions, so the #[allow(dead_code)] annotation is removed. The
Node::rare_data_mut function in node.rs is not called anywhere, so it is
removed.
Testing: No test is needed for this cleaning up.
Fixes: #36767
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
Implement
[disentangle](https://html.spec.whatwg.org/multipage/#disentangle)
Remove bespoke gc logic which now becomes unnecessary.
Adds a wpt test that hits the "disentangle while in transfer" logic.
Updates streams code, fixing an error where disentanglement is
conditional on an error.
Test coverage: there are existing tests in
`/webmessaging/message-channels/close-event/explicitly-closed.tentative.window.js`
for the no transfer case, and the simple completed transfer case, and
this PR adds a test for the more complicated transfer in progress case.
Fix https://github.com/servo/servo/issues/36465
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
It seems sub-optimal to to sequentialise execution by grabbing a lock,
each time we want to spawn a task onto the tokio runtime. We don't need
the lock either, so it makes sense to just remove it, which also
simplifies a bunch of the using code.
Testing: Covered by existing tests
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
canvas crate was home for both webgl and 2dcanvas impl, but it makes
more sense to separate these two, by splitting webgl into standalone
crate (like we already have for webgpu).
Testing: Rust for fearless refactoring (but there are WPT tests just in
case)
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
update doc for `ScriptThread::relative_mouse_down_point` which was
missing in #36619
Testing: No need as just updating docs
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
As per
[w3.org/TR/filter-effects-1#FilterProperty](https://www.w3.org/TR/filter-effects-1/#FilterProperty),
`filter` shouldn't make the root element establish a containing block
for absolute and fixed positioned descendants. `will-change: filter` has
matching behavior.
This PR adds a check for if we are the root element before establishing
such a block.
To know if we are the root element, we look at the `FragmentFlags`
passed in. Previously for our function, these were dummy flags, always
constructed as empty. Thus, this PR also makes sure the correct
FragmentFlags are passed down the chain to the function
`establishes_containing_block_for_all_descendants`.
Testing:
- `/css/filter-effects/filtered-html-is-not-container.html` now passes
- `/css/css-will-change/will-change-fixedpos-cb-003.html` now passes
- Manual tests are working
Fixes: #35391
---------
Signed-off-by: haval0 <56519858+haval0@users.noreply.github.com>
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
