In #36364 I moved both serializable and transferable implementations
from the `script_traits` crate into a single file called
`message_ports.rs`. Gregory raised the point that this was a bit of a
inaccurate grouping. This change attempts to fix it according to the
division in the specification.
See [the relevant thread on zulip][thread].
[thread]:
510864104.
Testing: Covered by existing test as this is just code movement.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Rework `ScriptThread::handle_input_event` for correct behaviour and
better performance
1. Only trigger click event with primary button, according to spec
2. Avoid unnecessary clone of `ConstellationInputEvent`
This is a follow up of #36413
Testing: Manually tested. Right mouse won't trigger click event now.
Fixes: #35666
cc @jdm @xiaochengh
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
These changes make us match Gecko's setup for how Window and non-Window
globals are initialized. Since Window globals are much more common than
Worker globals, using lazy interface definitions can be a useful memory
optimization at the expense of increased complexity for property
lookups.
Also adds the MayResolve hook for all globals, which is an optimization
for the JIT to avoid calling resolve hooks unnecessarily.
Testing: Existing test coverage on global interfaces should suffice.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This PR resolves [#36592](https://github.com/servo/servo/issues/36592)
by updating the `RequestBuilder` used in `script_module.rs` to include:
- `insecure_requests_policy`
- `has_trustworthy_ancestor_origin`
- `policy_container`
These fields are critical for enforcing proper fetch behavior under
modern web security models, and were previously omitted from module
script requests.
This change ensures that scripts loaded via `<script type="module">` or
dynamic `import()` correctly reflect the calling document’s security
environment.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#36592
<!-- Either: -->
- [X] There are tests for these changes
Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
This PR addresses [#36593](https://github.com/servo/servo/issues/36593),
where the poster image request for `<video>` elements lacked several
settings introduced in `RequestBuilder`. These settings —
`insecure_requests_policy`, `has_trustworthy_ancestor_origin`, and
`policy_container` — are now forwarded from the document, aligning
poster requests with other fetches using the correct policy container
and trust assessment.
This ensures that poster images are requested under the same security
assumptions as other media or resource loads.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix#36593
<!-- Either: -->
- [X] There are tests for these changes
Signed-off-by: Emmanuel Elom <elomemmanuel007@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Profiling from #36609 showed this is an easy win. Ordering of our root
list does not matter, so swap_remove is a constant time operation
compared to a linear time one that caused memmove to appear in profiles
with lots of unrooting.
Testing: Existing WPT tests will cover this change.
Fixes: Part of #36609.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Now that legacy layout has been removed, the name `layout_2020` doesn't
make much sense any longer, also it's 2025 now for better or worse. The
split between the "layout thread" and "layout" also doesn't make as much
sense since layout doesn't run on it's own thread. There's a possibility
that it will in the future, but that should be something that the user
of the crate controls rather than layout iself.
This is part of the larger layout interface cleanup and optimization
that
@Looriool and I are doing.
Testing: Covered by existing tests as this is just code movement.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
When layout encounters a CSS image, the script thread is responsible for
fetching the image from the image cache. When the image is not yet
available, the script thread creates image cache listeners to perform
actions in response to future updates from the image cache.
In the current implementation, a cache listener would iterate over all
nodes using a particular image and mark them as dirty. However, we
mistakenly added one cache listener per node, leading to n^2 runtime
while performing lots of redundant work. For cases like #36480 with over
1000 elements using the same image, this led to a completely
unresponsive script thread.
Testing: Manual testing on the provided testcase, and a new WPT test
that times out without this PR's changes.
Fixes: #36480
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Bumps
[brotli-decompressor](https://github.com/dropbox/rust-brotli-decompressor)
from 4.0.2 to 4.0.3.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/dropbox/rust-brotli-decompressor/commits">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sets the navigator.onLine attribute to true.
Testing:
Ran `./mach run https://pinterest.com
--enable-experimental-web-platform-features`. This doesn't show the
"Hmm..you're not connected to the internet" text anymore.
<img width="1027" alt="Screenshot 2025-04-16 at 11 31 02 AM"
src="https://github.com/user-attachments/assets/3745077b-dc51-42ce-88a0-38d5f157fc0c"
/>
part of: #36554
---------
Signed-off-by: Siddhant N. Trivedi <sidntrivedi012@gmail.com>
Signed-off-by: Siddhant N Trivedi <sidntrivedi012@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
Add memory reporter integration for the fragment and box trees that are
persisted in the layout thread.
Testing: Looked at the numbers for https://servo.org and
https://html.spec.whatwg.org/. The former was very small, but the latter
was 700mb.
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Added a simple check to only perform metadata extraction and listener
notification when we haven't already processed the metadata for an image
Testing: Existing tests should cover if we break decoding image metadata
complete.
Fixes: #36502
---------
Signed-off-by: Barigbue <barigbuenbira@gmail.com>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>
1. Move click event trigger from embedding layer to `ScriptThread`
2. Previously, the logic is to trigger click event at same position as
`MouseButtonAction::Up` if `MouseButtonAction::Up` is within 10px of
`MouseButtonAction::Down`, in embedding layer. This PR ~~removes the
condition~~ moves the check to `ScriptThread`.
Testing: tested for webdriver with self written test case. Perform
actions of pointermove, pointerdown, pointerup in sequence. Click event
can now be triggered.
Fixes: #35395
cc @xiaochengh @jdm
For `MAYBE? TODO:` part I added, should we do it? I read the
[spec](https://w3c.github.io/uievents/#event-type-click), it doesn't
specify we have to implement MDN's way.
If we should work in the MDN's way, it also should be fixed in another
PR, as this PR doesn't regress anything. Also I am not sure what is the
best way to do it.
Should I handle it in
4d4f94936f/components/script/dom/document.rs (L1296-L1297)?
---------
Signed-off-by: Euclid Ye <yezhizhenjiakang@gmail.com>
Start storing a link to laid-out `Fragment`s in `LayoutBoxBase`, so that
these are accessible for queries and eventually for incremental layout.
Some box tree data structures lacked a `LayoutBoxBase`, such as table
tracks and table track groups[^1].
In addition, start using these `Fragment`s for queries instead of
walking the entire `Fragment` tree. Currently, this isn't possible for
most queries as `Fragment`s do not cache their absolute offsets (which
are often necessary). This change uses the new box tree `Fragment`s for
most resolved style queries.
[^1]: Note that only rows and row groups store `Fragment`s as columsn
and
colgroups do not produce any.
Testing: This is covered by existing tests.
Fixes: This is part of #36525.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
Updates wgpu to v25 and remove some verbose logging from CTS (that also
causes OOM).
Testing: WebGPU CTS
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
This allows changing number of chunks used for WPT testing (sometimes
useful for WebGPU).
Testing: Manual try runs
Fixes: #30062
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
This removes a bunch of duplicated code needed to support
ConditionalMallocSizeOf correctly, and fixes multiple places where that
code was subtly wrong (the seen pointers hashset was never cleared).
Testing: Measuring https://www.nist.gov/image-gallery lots of times.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This also ensures that document now reports all violations and we set
the correct directive.
With these changes, all `script-src-attr-elem` WPT tests pass.
Part of #36437
Requires servo/rust-content-security-policy#3 to land first
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Bumps [svg_fmt](https://github.com/nical/rust_debug) from 0.4.4 to
0.4.5.
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/nical/rust_debug/commits">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
These tests were locally failing for me, both on Servo and Gecko,
because these browsers choose a different default font than Blink,
making the flex items a bit bigger, and thus only fitting 2 items on the
first flex line, instead of 3 items.
Manually setting the `line-height` provides consistent results.
Testing: This doesn't affect CI, but fixes the local problem for me.
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
This is a follow-up to #36518, which only addressed inline formatting
contexts. However, flex formatting contexts had the same problem, so it
seems safer to address it in general.
Testing: this makes a WPT test pass
Fixes: #36570
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
These changes make the image-cache memory reporter report much larger
values after loading image-heavy pages.
Testing: Manual testing on https://www.nist.gov/image-galleryFixes: #36559
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This file used to contain the `EmbedderDelegate` and `WindowMethods`
traits, but these are gone now, so we can move the one remaining enum
to be in `compositor.rs` where it is used. This change also stops
exposing the `compositing` crate as public Servo API.
Testing: This does not change behavior so is covered by existing tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
In Servo debug build there are runtime crash due to "attempt to multiply
with overflow" panic
in case of creation too large ImageData (new ImageData(1<<31, 1<<31))
Use checked integer multiplication to catch occurred overflow
and throwing JS error (RangeError OR IndexSizeError).
--
- [x] ./mach build -d does not report any errors
- [x] ./mach test-tidy does not report any errors
- [x] There are tests for these changes
tests/wpt/tests/html/canvas/element/pixel-manipulation/2d.imageData.object.ctor.basics.html
Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
This allows removing a LazyLock around the resources.
We override the baked in resources unconditionally in servoshell
upon initialization anyway
([desktop](9f93ccd942/ports/servoshell/desktop/cli.rs (L15)),
[android](9f93ccd942/ports/servoshell/egl/android/simpleservo.rs (L49)),
[ohos](9f93ccd942/ports/servoshell/egl/ohos/simpleservo.rs (L43))
), meaning that the baked in resources
are unused in servoshell.
For 3rd-party embedders, we probably also want to the let them know
early that they should initialize the resources, instead of
restricting the panics to production mode.
Rippy is the only resource which was required. Since it is only
253 bytes large, we just bake that resource in as a fallback.
We do want to make using the resources easy from tests, so we add
some logic to keep the baked in resources for tests only and initialize
the resource reader on first access.
---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by
`[X]` when the step is complete, and replace `___` with appropriate
data: -->
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [ ] These changes fix #___ (GitHub issue number if applicable)
- [ ] There are tests for these changes OR
- [ ] These changes do not require tests because ___
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
These changes make our implementation of the enumeration hook for
globals [match
Gecko's](https://searchfox.org/mozilla-central/rev/1f65969e57c757146e3e548614b49d3a4168eeb8/dom/base/nsGlobalWindowInner.cpp#3297),
fixing an assertion failure that occurred in the previous
implementation.
Our enumeration hook is supposed to fill a vector with names of
properties on the global object without modifying the global in any way;
instead we were defining all of the missing webidl interfaces. We now do
much less work and crash less.
Testing: New crashtest based on manual testcase.
Fixes: #34686
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This is needed to implement features like `Response.json` which is a
static helper added to the fetch spec which overlaps with the `json`
instance method `Response` has from `Body`.
Partly based these changes on what Firefox does for this same issue.
(https://searchfox.org/mozilla-central/source/dom/bindings/Codegen.py
and
https://searchfox.org/mozilla-central/source/dom/bindings/Configuration.py
specifically keying `binaryNameFor` on name and `isStatic`).
Testing: I locally updated the Response.webidl to contain the new static
`json` and it compiles.
Signed-off-by: Sebastian C <sebsebmc@gmail.com>
Bumps [proc-macro2](https://github.com/dtolnay/proc-macro2) from 1.0.94
to 1.0.95.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dtolnay/proc-macro2/releases">proc-macro2's
releases</a>.</em></p>
<blockquote>
<h2>1.0.95</h2>
<ul>
<li>Update semver-exempt API under
<code>RUSTFLAGS=--cfg=procmacro2_semver_exempt</code> to that of
nightly-2025-04-16 (<a
href="https://redirect.github.com/dtolnay/proc-macro2/issues/497">#497</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="24bbf16d9d"><code>24bbf16</code></a>
Release 1.0.95</li>
<li><a
href="835c5bd540"><code>835c5bd</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/proc-macro2/issues/497">#497</a>
from dtolnay/nosourcefile</li>
<li><a
href="7bc363c509"><code>7bc363c</code></a>
Update semver-exempt API to nightly-2025-04-16</li>
<li><a
href="b867aa73a8"><code>b867aa7</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/proc-macro2/issues/496">#496</a>
from PaulGrandperrin/master</li>
<li><a
href="c605e8e2d9"><code>c605e8e</code></a>
Revert "Merge pull request <a
href="https://redirect.github.com/dtolnay/proc-macro2/issues/495">#495</a>
from dtolnay/fuzzlld"</li>
<li><a
href="1993cd3211"><code>1993cd3</code></a>
Merge pull request <a
href="https://redirect.github.com/dtolnay/proc-macro2/issues/495">#495</a>
from dtolnay/fuzzlld</li>
<li><a
href="cfdb5677ee"><code>cfdb567</code></a>
Link to honggfuzz-rs issue</li>
<li><a
href="b09a5b0e45"><code>b09a5b0</code></a>
Work around cargo-hfuzz nostart-stop-gc gold link failure</li>
<li>See full diff in <a
href="https://github.com/dtolnay/proc-macro2/compare/1.0.94...1.0.95">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Expose a `ServoBuilder` for easily creating Servo instances using
default values. This change enables removing `EmbedderTraits`.
Testing: This is covered by `Servo` unit tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
`::before` and `::after` pseudo-elements can have their own `::marker`
pseudo-element. Since this case wasn't taken into account, they were
being stored in main element's `::marker` `BoxSlot`. This could cause
problems where two layout boxes would try to use the same `BoxSlot`. For
now, just don't store the nested version of the marker. Later, we'll
need to figure out how to store these layout objects without causing too
much memory usage.
Testing: This is covered by `/css/css-lists/nested-marker-styling.html`.
In
addition, we also made a test case that always causes this crash, but
since it
had to create 100000 `<div>`s it's probably not appropriate for a test
suite.
Fixes: #36551
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Oriol Brufau <obrufau@igalia.com>
These changes add a new report for image cache memory usage for each
script thread.
Testing: Looked at the numbers after browsing various stock photo sites
that show galleries of images.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Records the memory usage of the HSTS lists in the network thread.
Testing: Verified the presence of the new reports for servo.org.
Fixes: #35059
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
uv by default uses baked in webpki certificates.
Using the system certificates is preferable for multiple reasons:
- OS updates will automatically update the certificates (including
revoking)
- Supports custom certificates installed on the system (corporate
networks)
uv does not enable this option by default, because it has a performance
overhead on macos.
In our scenarios, with long-running commands, the overhead is basically
not measurable.
I've been using the option on my mac for around 1 month now, without
noticing any degradation.
See also the previous discussion in
https://github.com/servo/book/issues/53 for some background.
Testing: We use `uv` in all our tests
Signed-off-by: Jonathan Schwender <schwenderjonathan@gmail.com>
A `Servo` instance can only be constructed once per program execution
and cannot be passed between threads. This change adds a special thread
to run `Servo` unit tests. This will allow creating suites of `WebView`
unit tests.
Testing: This change includes a new test.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
The JS engine uses types like `Handle<Maybe<PropertyDescriptor>>` in
various places and our automated bindings are not able to handle the
Maybe type. We have hand-written bindings that use outparams to indicate
a PropertyDescriptor value is actually the Nothing type, but that data
was getting lost when we passed the property descriptor to
SetPropertyIgnoringNamedGetter, which assumed that the property
descriptor was always valid.
Depends on https://github.com/servo/mozjs/pull/579.
Testing: Manual testing on testcase from
https://github.com/servo/servo/issues/34709, and new crashtest added.
Fixes: #34709
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Refactor getting an element's container. Previously this is inlined and
only done for `HTMLOptionElement`.
[Try](1439948227)
Fixes: #24106
Signed-off-by: Kenzie Raditya Tirtarahardja <kenzieradityatirtarahardja.18@gmail.com>
Co-authored-by: Kenzie Raditya Tirtarahardja <kenzieradityatirtarahardja.18@gmail.com>
This data structure is unused.
Testing: No tests as this just removes dead code.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Because there used to be two traits exposing messages to the compositor,
there were two kinds of messages that could be sent:
1. In-process messages from the `Constellation`
2. Cross-process messages from other parts of Servo
Now these two types of messages can be unified into one type.
This is a reland of #36443, which caused regressions due to the fact
that messages to the compositor were no longer triggering the event loop
waker. This version of the PR splits out just the bits that unify the
two APIs, leaving the cleanup of routes in the constellation for another
PR.
Testing: This is covered by existing WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Bumps
[content-security-policy](https://github.com/servo/rust-content-security-policy)
from `babd99e` to `be68d50`.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="be68d50b79"><code>be68d50</code></a>
Make URL serializable with <code>serde</code></li>
<li><a
href="b4a07f7644"><code>b4a07f7</code></a>
Fix effective directive for inline checks</li>
<li>See full diff in <a
href="babd99e8fb...be68d50b79">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The data_url Mime parser has a more conformant behavior in most cases,
including dealing with charsets.
Testing: wpt expectations with new passes are updated.
Signed-off-by: webbeef <me@webbeef.org>
