We now check the sink of script.src for trusted types. This is the first
attribute that we check, other sinks will be implemented in follow-up
changes.
The algorithms currently hardcode various parts. That's because I need
to refactor a couple of algorithms already present in TrustedTypePolicy.
They use callbacks at the moment, which made sense for their initial
use. However, for these new algorithms they don't work. Therefore, I
will align them with the specification by taking in an enum. However,
since that's a bigger refactoring, I left that out of this PR (which is
already quite big).
The other trusted types support (createScript and createHTML) will also
be implemented separately.
Part of #36258
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
These changes make us match Gecko's setup for how Window and non-Window
globals are initialized. Since Window globals are much more common than
Worker globals, using lazy interface definitions can be a useful memory
optimization at the expense of increased complexity for property
lookups.
Also adds the MayResolve hook for all globals, which is an optimization
for the JIT to avoid calling resolve hooks unnecessarily.
Testing: Existing test coverage on global interfaces should suffice.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This PR resolves [#36592](https://github.com/servo/servo/issues/36592)
by updating the `RequestBuilder` used in `script_module.rs` to include:
- `insecure_requests_policy`
- `has_trustworthy_ancestor_origin`
- `policy_container`
These fields are critical for enforcing proper fetch behavior under
modern web security models, and were previously omitted from module
script requests.
This change ensures that scripts loaded via `<script type="module">` or
dynamic `import()` correctly reflect the calling document’s security
environment.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#36592
<!-- Either: -->
- [X] There are tests for these changes
Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
This PR addresses [#36593](https://github.com/servo/servo/issues/36593),
where the poster image request for `<video>` elements lacked several
settings introduced in `RequestBuilder`. These settings —
`insecure_requests_policy`, `has_trustworthy_ancestor_origin`, and
`policy_container` — are now forwarded from the document, aligning
poster requests with other fetches using the correct policy container
and trust assessment.
This ensures that poster images are requested under the same security
assumptions as other media or resource loads.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#36593
<!-- Either: -->
- [X] There are tests for these changes
Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
When layout encounters a CSS image, the script thread is responsible for
fetching the image from the image cache. When the image is not yet
available, the script thread creates image cache listeners to perform
actions in response to future updates from the image cache.
In the current implementation, a cache listener would iterate over all
nodes using a particular image and mark them as dirty. However, we
mistakenly added one cache listener per node, leading to n^2 runtime
while performing lots of redundant work. For cases like #36480 with over
1000 elements using the same image, this led to a completely
unresponsive script thread.
Testing: Manual testing on the provided testcase, and a new WPT test
that times out without this PR's changes.
Fixes: #36480
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Sets the navigator.onLine attribute to true.
Testing:
Ran `./mach run https://pinterest.com
--enable-experimental-web-platform-features`. This doesn't show the
"Hmm..you're not connected to the internet" text anymore.
<img width="1027" alt="Screenshot 2025-04-16 at 11 31 02 AM"
src="https://github.com/user-attachments/assets/3745077b-dc51-42ce-88a0-38d5f157fc0c"
/>
part of: #36554
---------
Signed-off-by: Siddhant N. Trivedi <sidntrivedi012@gmail.com>
Signed-off-by: Siddhant N Trivedi <sidntrivedi012@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Updates wgpu to v25 and remove some verbose logging from CTS (that also
causes OOM).
Testing: WebGPU CTS
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
This also ensures that document now reports all violations and we set
the correct directive.
With these changes, all `script-src-attr-elem` WPT tests pass.
Part of #36437
Requires servo/rust-content-security-policy#3 to land first
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
These tests were locally failing for me, both on Servo and Gecko,
because these browsers choose a different default font than Blink,
making the flex items a bit bigger, and thus only fitting 2 items on the
first flex line, instead of 3 items.
Manually setting the `line-height` provides consistent results.
Testing: This doesn't affect CI, but fixes the local problem for me.
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
This is a follow-up to #36518, which only addressed inline formatting
contexts. However, flex formatting contexts had the same problem, so it
seems safer to address it in general.
Testing: this makes a WPT test pass
Fixes: #36570
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
These changes make our implementation of the enumeration hook for
globals [match
Gecko's](https://searchfox.org/mozilla-central/rev/1f65969e57c757146e3e548614b49d3a4168eeb8/dom/base/nsGlobalWindowInner.cpp#3297),
fixing an assertion failure that occurred in the previous
implementation.
Our enumeration hook is supposed to fill a vector with names of
properties on the global object without modifying the global in any way;
instead we were defining all of the missing webidl interfaces. We now do
much less work and crash less.
Testing: New crashtest based on manual testcase.
Fixes: #34686
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
The JS engine uses types like `Handle<Maybe<PropertyDescriptor>>` in
various places and our automated bindings are not able to handle the
Maybe type. We have hand-written bindings that use outparams to indicate
a PropertyDescriptor value is actually the Nothing type, but that data
was getting lost when we passed the property descriptor to
SetPropertyIgnoringNamedGetter, which assumed that the property
descriptor was always valid.
Depends on https://github.com/servo/mozjs/pull/579.
Testing: Manual testing on testcase from
https://github.com/servo/servo/issues/34709, and new crashtest added.
Fixes: #34709
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
The data_url Mime parser has a more conformant behavior in most cases,
including dealing with charsets.
Testing: wpt expectations with new passes are updated.
Signed-off-by: webbeef <me@webbeef.org>
Add missing "EnforceRange" attribute to interface methods
https://html.spec.whatwg.org/multipage/canvas.html#canvasimagedata
--
- [x] ./mach build -d does not report any errors
- [x] ./mach test-tidy does not report any errors
- [x] There are tests for these changes
tests/wpt/tests/html/canvas/element/pixel-manipulation/2d.imageData*
tests/wpt/tests/html/canvas/offscreen/pixel-manipulation/2d.imageData*
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
Follow the implementation of making DOMPoint and DOMPointReadOnly
serializable in PR #35989
Testing: Passed a test previously expected to fail.
Fixes: #36463
---------
Signed-off-by: Kingsley Yung <kingsley@kkoyung.dev>
<!-- Please describe your changes on the following line: -->
Add transfer support to ReadableStream. Part of
https://github.com/servo/servo/issues/34676
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [ ] `./mach build -d` does not report any errors
- [ ] `./mach test-tidy` does not report any errors
- [ ] These changes fix #___ (GitHub issue number if applicable)
<!-- Either: -->
- [ ] There are tests for these changes OR
- [ ] These changes do not require tests because ___
<!-- Also, please make sure that "Allow edits from maintainers" checkbox
is checked, so that we can help you if you get stuck somewhere along the
way.-->
<!-- Pull requests that do not address these steps are welcome, but they
will require additional verification as part of the review process. -->
---------
Signed-off-by: gterzian <2792687+gterzian@users.noreply.github.com>
This affects the following testsuites:
- tests/wpt/tests/
- tests/wpt/mozilla/tests/
- tests/wpt/webgl/tests/
- tests/wpt/webgpu/tests/
Testing: Several tests improve
This is part of #36315
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
It's typically a given that the min-content size can't exceed the
max-content size. However, it was possible to break that assumption when
an inline formatting context had contents with a negative outer size
(due to margins). This could lead to assert failures.
This patch avoids the problem by flooring the max-content size to not be
smaller than the min-content size. Note there is no interoperability:
https://github.com/w3c/csswg-drafts/issues/12076
Testing: adding new reftest and crashtest
Fixes: #36481
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
Implement enough of the Clipboard API to have a working `writeText`.
Testing: Unfortunately many clipboard-apis tests require testdriver, so
only idlharness ones will pass now.
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
The initial value of `min-width` and `min-height` was 0px in CSS2.
However, CSS3 changed it to `auto`, so for backwards compatibility,
`getComputedStyle` needs to resolve it to 0px in a bunch of cases.
Testing: covered by WPT
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
It also updates the FetchResponseListener to process CSP violations to
ensure that iframe elements (amongst others) properly generate the CSP
events. These iframe elements are used in the Trusted Types tests
themselves and weren't propagating the violations before.
However, the tests themselves are still not passing since they also use
Websockets, which currently aren't using the fetch machinery itself.
That is fixed as part of [1].
[1]: https://github.com/servo/servo/issues/35028
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
This algorithm is quite straightforward written in the specification,
but leads to some type awkwardness in Rust. Most notably, the callbacks
have different types and cannot be unified easily. They also return
different string types. Similarly, the returning objects are all unique
types and don't have a common denominator.
Therefore, rather than implementing it in 1-to-1 fashion with the
specification text, it instead uses callbacks to instruct the type
system of what to call when.
This is further complicated by the fact that the callback can exist
or not, as well as return a value or not. This requires multiple
unwrangling, combined with the fact that the algorithm should throw
or not.
All in all, the number of lines is relatively low compared to the
specification algorithm and the Rust compiler does a lot of heavy
lifting figuring out which type is what.
Part of https://github.com/servo/servo/issues/36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Additionally to the minimum specified in min-width or min-height, tables
also enforce a `min-content` minimum.
This was handled in `Sizes::resolve()`, but flex items don't use that.
So this patch moves the logic into `Size::resolve_for_min()`.
Testing: Covered by WPT
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
This feature is part of --enable-experimental-web-platform-features, so
it should be enabled on all tests.
This causes some new failures, but mostly it's because the tests were
timing out instead of running the failing subtests.
This is part of #36315
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
Set File's lastModified when reconstructing from Blob for FormData
Remove special character replacement in fileName (spec removed this
step)
Testing: WPT tests exist
Fixes: #22744 (if I undertand the issue correctly the filename issue was
already fixed and now this fixes the lastModified part)
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
headers library will join values with `, ` (comma space) but
Access-Control-Request-Headers specifies that it does not use the normal
combining algorithm and values should be joined with `,` (comma).
Testing: WPT tests exist
Fixes: temporary fix for #36451 until hyperium/headers#207 is fixed
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
These algorithms are used to check whether an attribute/property can
accept a Trusted Type.
Part of #36258
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Move parsing of Refresh values to Document.
Send Refresh header to Document and have meta tags reuse the logic.
I transplanted the existing Regex and made some updates so that it
passed all the existing parser tests.
I added the comments that made sense but it is not very clean to add
many comments within the regex.
Testing: There are existing WPT tests
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
This PR addresses a crash in text input element due to a hack to prevent
text input being trimmed.
The updated behavior will only add `zero width space` unicode character
to the node if there's no text content instead of adding it constantly.
Also by adding the same `zero width space` unicode character to text
area when there's no text content within will allow text area element to
properly display caret.
<img width="197" alt="截圖 2025-04-11 中午12 51 00"
src="https://github.com/user-attachments/assets/10bc7314-9aa3-49df-baac-ef26d39a96d8"
/>
This PR also addresses issues with multiple glyph runs:
https://github.com/user-attachments/assets/658db56f-b166-47ec-bc77-c6c13114d669
Testing: This PR is tested using:
- `./mach run -d 'data:text/html,<input id="input_element"
value="xxxxxxxxxxxxxxxxxxxx">'`
- `./mach run -d 'data:text/html,<textarea id="input_element"
value="xxxxxxxxxxxxxxxxxxxx">'`
without causing crashes, while the results should be covered by WPT
tests
Fixes: https://github.com/servo/servo/issues/36449
---------
Signed-off-by: DK Liao <dklassic@gmail.com>
Set the `htmlmediaelement`'s `currenSrc` in
resource-selection-algorithm.
Change the `htmlsourceelement`'s src and srcset to USVString type.
According to
[Spec](https://html.spec.whatwg.org/multipage/media.html#concept-media-load-algorithm),
Step 9.3 for mode is children, should set the `currentSrc` to `src` of
children `htmlsourceelement`.
Also, In the `htmlsourceelement` [interface
definition](https://html.spec.whatwg.org/multipage/embedded-content.html#the-source-element),
the `src` and `srcset` attribute should be type `USVString`.
Testing: More WPT tests related to resource selection algorithm are
passing.
Fix: Some spec fix
[Try](1434753561)
cc @xiaochengh
Signed-off-by: rayguo17 <rayguo17@gmail.com>
Adds support for both the content and the IDL attribute.
Note this doesn't cover dynamic updates to `document.styleSheets` and
the owner node of the sheet.
Testing: Covered by WPT
Fixes: #26739
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
This PR introduces an initial, straightforward implementation for
displaying text selection and the caret.
This is achieved by passing the selection range and insertion point
index down to `TextFragment`, along with the starting offset of each
`TextFragment` to determine the proper range for displaying the caret
and text selection. Additionally, the `selected_style` was passed into
`TextFragment` to specify the background color.
During the final build phase, although whitespace is typically ignored
when constructing glyphs, we still need to retrieve it to render both
the caret and text selection at the correct location. This ensures that
whitespace is not overlooked when the `TextFragment` contains an
insertion point or selection range.
There are several improvements yet to be made, including:
- The caret is static and does not flash.
- The caret is not rendered when the input field is empty. (I suppose
there should be an easy fix somewhere but I haven't found it yet)
**Working Examples**
macOS
https://github.com/user-attachments/assets/f3622cbe-9fa6-40c0-b2d8-b3a8f9842c28
Windows
https://github.com/user-attachments/assets/9b008a0d-0011-4c76-a2e2-0e35869a216c
Linux
[Screencast from 03-07-2025 11_05_41
AM.webm](https://github.com/user-attachments/assets/09a311ad-f975-4450-a66c-b20be525a5ed)
---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix part of #33237 (But the cursor isn't blinking
yet)
- [x] These changes do not require tests because there's no behavior
change
Signed-off-by: DK Liao <dklassic@gmail.com>
Extending the original set from #36402 since there are additional tests
relevant to the work happening in #36409 and #36363.
Testing: New tests in CI.
Fixes: Part of https://github.com/servo/servo/issues/4577
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Fixes an oversight of #36097, in which converting to a Promise would
fail if the value passed wasn't actually a Promise, while in binding
code we actually call `Promise::new_resolved` on the value.
Testing: There are wpt tests that should pass now
---------
Signed-off-by: Gae24 <96017547+Gae24@users.noreply.github.com>
This will establish a baseline for the changes from #36363.
Testing: New tests in CI.
Fixes: Part of #4577
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Previously the referrer policy used tree order but the spec only cares
about the most-recently-updated or most-recently-added meta referrer.
Testing: change has existing WPT tests
---------
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
This change implements the pattern parser, completing the "parsing
pipeline" for URL patterns.
Testing: Primarily `urlpattern/urlpattern-hasregexpgroups.any.js`, some
other subtests start to pass too.
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This change adds support for the `::marker` pseudo-element and ensure
that
markers are cached into the box tree. This is only initial support,
there are a few
things missing such as animations, transitions, and support the
`content` CSS
property.
Testing: There are WPT tests for this change.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
More details in Stylo PR: https://github.com/servo/stylo/pull/145
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes
- fixes https://github.com/servo/servo/issues/35833
- fixes https://github.com/servo/servo/issues/35982
<!-- Either: -->
- [x] There are new passing test: `css/css-logical/animation-004.html:
Transitions from physical to logical update when the direction is
changed`
Created new test files as well:
1. `css-transitions/transition-remove-and-change-immediate.html`
2. `css-transitions/transition-zero-duration-with-delay.html`
3. `css-transitions/transitioncancel-003.html`
<!-- Also, please make sure that "Allow edits from maintainers" checkbox
is checked, so that we can help you if you get stuck somewhere along the
way.-->
<!-- Pull requests that do not address these steps are welcome, but they
will require additional verification as part of the review process. -->
cc @Asun0204 @xiaochengh @stevennovaryo
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
