Commit graph

30 commits

Author SHA1 Message Date
Tim van der Lippe
85e4a2b5c7
Update FetchTaskTarget to propagate CSP violations. (#36409)
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.

However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].

[1]: https://github.com/servo/servo/issues/35028

---------

Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
2025-04-13 20:54:59 +00:00
Simon Wülker
9af9507920
Unify the way html5ever and xml5ever block on script elements (#36284)
Companion PR for https://github.com/servo/html5ever/pull/591

Testing: Covered by WPT
Part of https://github.com/servo/servo/issues/6414,
https://github.com/servo/servo/issues/24898, preparation for
https://github.com/servo/html5ever/pull/590

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-04-08 16:40:14 +00:00
Sebastian C
76edcff202
Check all ancestor navigable trustworthiness for mixed content (#36157)
Propagate through documents a flag that represents if any of the
ancestor navigables has a potentially trustworthy origin.

The "potentially trustworthy origin" concept appears to have gotten
confused in a couple of places and we were instead testing if a URL had
"potentially trustworthy" properties.

The main test for the ancestor navigables is
[mixed-content/nested-iframes](https://github.com/web-platform-tests/wpt/blob/master/mixed-content/nested-iframes.window.js)

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #36108 

<!-- Either: -->
- [X] There are tests for these changes

---------

Signed-off-by: Sebastian C <sebsebmc@gmail.com>
2025-04-05 05:38:24 +00:00
Josh Matthews
c8d8787959
Move CustomTraceable to script_bindings. (#35988)
* script: Move CustomTraceable to script_bindings.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* script: Move record binding support to script_bindings.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* Address clippy warnings.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

---------

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-03-16 14:08:22 +00:00
Simon Wülker
1b6b21cb85
Implement nonce attribute to pass more CSP checks (#35876)
* Add doc comments to RequestBuilder fields/methods

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Implement Request::cryptographic_nonce_metadata

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Implement HTMLOrSVGElement::nonce

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Set request cryptographic nonce metadata for link elements

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Set request's cryptographic nonce when fetching scripts

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Forward request nonce to rust-content-security-policy

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Update WPT expectations

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-03-10 09:25:34 +00:00
Simon Wülker
3d320fa96a
Update rustfmt to the 2024 style edition (#35764)
* Use 2024 style edition

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

* Reformat all code

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>

---------

Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
2025-03-03 11:26:53 +00:00
Shubham Gupta
1e164738d8
Add support for Upgrade request to a potentially trustworthy URL. (#34986)
* Add support for Upgrade request to a potentially trustworthy URL.

Signed-off-by: Shubham Gupta <shubham13297@gmail.com>

* script: Support inheritable insecure request policy in documents and workers.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

---------

Signed-off-by: Shubham Gupta <shubham13297@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Shubham Gupta <shubham.gupta@chromium.org>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
2025-02-05 12:49:56 +00:00
Josh Matthews
c94ac5bccb
Move various reflector types and traits to script_bindings (#35279)
* script: Move Reflector to script_bindings.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* script: Extract global() helper from DomObject into new trait. Move DomObject and related traits to script_bindings.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

---------

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-02-04 06:58:08 +00:00
Delan Azabani
5e9de2cb61
Include WebViewId into EmbedderMsg variants where possible (#35211)
`EmbedderMsg` was previously paired with an implicit
`Option<WebViewId>`, even though almost all variants were either always
`Some` or always `None`, depending on whether there was a `WebView
involved.

This patch adds the `WebViewId` to as many `EmbedderMsg` variants as
possible, so we can call their associated `WebView` delegate methods
without needing to check and unwrap the `Option`. In many cases, this
required more changes to plumb through the `WebViewId`.

Notably, all `Request`s now explicitly need a `WebView` or not, in order
to ensure that it is passed when appropriate.

Signed-off-by: Delan Azabani <dazabani@igalia.com>
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
2025-01-30 11:15:35 +00:00
Josh Matthews
875e387004
script: Feature-gate all crown support. (#35055)
* script: Feature-gate all crown support.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* script: Use cfg(crown) instead of a cargo feature.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

---------

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-01-18 21:36:15 +00:00
Josh Matthews
c94d909a86
script: Limit public exports. (#34915)
* script: Restrict reexport visibility of DOM types.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* script: Mass pub->pub(crate) conversion.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* script: Hide existing dead code warnings.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* Formatting.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* Fix clippy warnings.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* Formatting.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* Fix unit tests.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* Fix clippy.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* More formatting.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

---------

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2025-01-10 08:19:19 +00:00
shanehandley
975e2ae859
Remove referrer policy from document (#34263)
* Remove the referrer policy from document and rely on its policy container

Signed-off-by: Shane Handley <shanehandley@fastmail.com>

* Make ReferrerPolicy non-optional, instead using a new enum value to represent the empty string case

Signed-off-by: Shane Handley <shanehandley@fastmail.com>

* Fix clippy issue

Signed-off-by: Shane Handley <shanehandley@fastmail.com>

* Fix usage of Option<ReferrerPolicy> in unit test

Signed-off-by: Shane Handley <shanehandley@fastmail.com>

---------

Signed-off-by: Shane Handley <shanehandley@fastmail.com>
2024-11-19 12:45:10 +00:00
Josh Matthews
4df7a1af25
Support HTML parser reentrancy (#32820)
* Update parser interface for reentrancy.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* Remove assertions around invoking scripts with active parser.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* Add regression test.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

* Run test with normal and async html parser.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

---------

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
2024-08-16 16:25:50 +00:00
Martin Robinson
3398fc017b
Move non-gfx things out of gfx_traits and create a base crate (#32296)
For a long time, `gfx_traits` has held a lot of things unrelated to graphics
and also unrelated to the `gfx` crate (which is mostly about fonts).
This is a cleanup which does a few things:

1. Move non `gfx` crate things out of `gfx_traits`. This is important in
   order to prevent dependency cycles with a different integration between
   layout, script, and fonts.
2. Rename the `msg` crate to `base`. It didn't really contain anything
   to do with messages and instead mostly holds ids, which are used
   across many different crates in Servo. This new crate will hold the
   *rare* data types that are widely used.

Details:

 - All BackgroundHangMonitor-related things from base to a new
   `background_hang_monitor_api` crate.
 - Moved `TraversalDirection` to `script_traits`
 - Moved `Epoch`-related things from `gfx_traits` to `base`.
 - Moved `PrintTree` to base. This should be widely useful in Servo.
 - Moved `WebrenderApi` from `base` to `webrender_traits` and renamed it
   to `WebRenderFontApi`.
2024-05-17 12:28:58 +00:00
Oluwatobi Sofela
3c05b58221
clippy: Fix explicit_auto_deref warnings in components/script (#31837)
* clippy: Fix explicit auto-deref warnings

* clippy: Fix explicit auto-deref warnings

* refactor: Tidy up code

* refactor: Fix method not found errors
2024-03-23 11:29:20 +00:00
Samson
604979e367
Replace script_plugins with a clippy like rustc driver (named crown) (#30508)
* Remove script_plugins

* Use crown instead of script_plugins

* crown_is_not_used

* Use crown in command base

* bootstrap crown

* tidy happy

* disable sccache

* Bring crown in tree

* Install crown from tree

* fix windows ci

* fix warning

* fix mac

libscript_plugins.dylib is not available anymore

* Update components/script/lib.rs

Co-authored-by: Martin Robinson <mrobinson@igalia.com>

* Update for nightly-2023-03-18

Mostly just based off https://github.com/servo/servo/pull/30630

* Always install crown

it's slow only when there is new version

* Run crown test with `mach test-unit`

* Small fixups; better trace_in_no_trace tests

* Better doc

* crown in config.toml

* Fix tidy for real

* no sccache on rustc_wrapper

* document rustc overrides

* fixup of compiletest

* Make a few minor comment adjustments

* Fix a typo in python/servo/platform/base.py

Co-authored-by: Samson <16504129+sagudev@users.noreply.github.com>

* Proper test types

* Ignore tidy on crown/tests

---------

Co-authored-by: Martin Robinson <mrobinson@igalia.com>
2023-12-01 15:50:52 +00:00
Samson
aad2dccc9c
Strict import formatting (grouping and granularity) (#30325)
* strict imports formatting

* Reformat all imports
2023-09-11 19:16:54 +00:00
Samson
711dbbd4af
remove extern crate (#30311)
* remove extern crate

* Update components/script_plugins/lib.rs

Co-authored-by: Martin Robinson <mrobinson@igalia.com>

---------

Co-authored-by: Martin Robinson <mrobinson@igalia.com>
2023-09-08 12:11:31 +00:00
Samson
450f8193a5
Use mozjs tracing infrastructure (#29918)
* Update mozjs

64711ec2e6 also fixes https://github.com/servo/servo/issues/30043

* Move to mozjs Traceable and introduce CustomTraceable
2023-08-10 21:46:06 +00:00
Samson
9514f670d1
No tracing of nop traceable fields (#29926)
* Add `no_trace` option to JSTraceable derive

* NoTrace wrapper

* Port some types to no_trace schematics

* Fixing my unsafe mistakes (not tracing traceables)

* Add docs & safety guards for no_trace

Safety guards (trait shenanigans) guarantees safety usage of `no_trace`

* Port canvas_traits to no_trace

* Port servo_media to no_trace

* Port net_traits to no_trace

* Port style to no_trace

* Port webgpu to no_trace

* Port script_traits to no_trace

* Port canvas_traits, devtools_traits, embedder_traits, profile_traits to no_trace

* unrooted_must_root lint in seperate file

* Add trace_in_no_trace_lint as script_plugin

* Composable types in must_not_have_traceable

* Introduced HashMapTracedValues wrapper

* `HashMap<NoTrace<K>,V>`->`HashMapTracedValues<K,V>`

* Port rest of servo's types to no_trace

* Port html5ever, euclid, mime and http to no_trace

* Port remaining externals to no_trace

* Port webxr and Arc<Mutex<_>>

* Fix spelling in notrace doc
2023-08-04 10:17:43 +00:00
Josh Matthews
1aef31bb2f checkpoint - dynamic load inside of a module and classic script works. 2020-07-18 00:43:34 +09:00
Matthias Deiml
47355766ed Fix invalid use of ReferrerUrl 2020-06-17 19:07:15 +02:00
Matthias Deiml
fa18cf620f Make url for "client" referrer mandatory 2020-06-17 19:07:14 +02:00
Patrick Shaughnessy
0228904f27 Remove unnecessary LocalName::from(constant) calls 2020-01-28 11:47:05 -05:00
Simon Sapin
bea73951db Use #![register_tool] instead of #![register_attr]
CC https://github.com/rust-lang/rust/issues/66079
2019-11-15 17:24:42 +01:00
Anthony Ramine
785a344e32 Update rand to 0.7 (fixes #24448) 2019-10-23 15:34:48 +02:00
Josh Matthews
1df8d57dc6 Support CORS attributes for image elements. 2019-10-04 15:08:40 -04:00
Alan Jeffrey
2e6f14ffea Responding to review comments 2019-09-11 12:13:41 -05:00
Alan Jeffrey
49a5e84fb1 Responding to review comments 2019-09-11 11:40:50 -05:00
Alan Jeffrey
1aeb97b281 Prefetch img and scripts during parsing 2019-09-10 16:13:49 -05:00