`Table::create_spanned_slot_based_on_cell_above()` was performing the
subtraction `self.slots.len() - 2`, which could theoretically result
in underflow if `self.slots.len()` is 0 or 1.
That shouldn't have been possible in practice, but it may be worth
addressing, to improve code robustness. So this patch:
- Switches to `self.current_y()?.checked_sub(1)?`, which is safe and
is easier to understand.
- Moves `create_spanned_slot_based_on_cell_above()` to `TableBuilder`,
since `current_y()` is there, and the method is only used when
building the table anyways.
- Ensures that both callers use `expect()` to assert that the method
returned a value.
Signed-off-by: Oriol Brufau <obrufau@igalia.com>
This change exposes a single `InputEvent` type and now there is only a
single delegate method for this `WebViewDelegate::notify_input_event`.
- Clipboard events are now handled as `EditingAction` inpute events. In
the future this can include things like "Select All", etc.
In addition, many parts of the dance to pass these events can now be
simplified due to this abstraction.
- All forwarded events are handled the same way in the `Constellation`,
though they may carry an optional hit test (for events that have a
`point`) which affects which `Pipeline` they are sent to.
- In the `ScriptThread` we now accept these `InputEvents` and use them
everywhere. Now all "compositor events" are "input events".
- This allows removing several data structures which are no longer
necessary.
- We no longer inform the embedder when an event was handled by a
WebView as that was only important for a MDI feature that will
no longer be so important the full-featured `WebView` API.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
I had applied a review suggestion in the previous PR to combine the
nested conditions, but this is wrong as this meant the spurious frame
callback was getting reset not just when the reflow was triggered by the
callback, but also each time the counter reached the threshold.
The test added in the previous PR also had issues with the upstream WPT
repo's lint checks - `test.step_timeout` should be used instead of the
`setTimeout` function.
This patch fixes the counter update logic and also addresses the linting
issue caught by upstream's linter.
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
* feat: dispatch mouse contextmenu event to DOM and embedder
Signed-off-by: Jason Tsai <git@pews.dev>
* chore: add parameters names as inline comments
Signed-off-by: Jason Tsai <git@pews.dev>
---------
Signed-off-by: Jason Tsai <git@pews.dev>
After running an `rAF` callback, if no new callbacks were registered, we
send a `NoAnimationFramesCallback` to the compositor to stop ticking
animations using video refresh callbacks. This interacts badly with the
mechanism to track spurious animations frames i.e. rAF callbacks that
don't mutate the DOM. Such 'faked' rAF callbacks are triggered by
registering a oneshot timer instead of the compositor callback.
The compositor's refresh callback is never enabled back again once a
non-spurious rAF callback runs and registers a new rAF callback. If the
former callback resets the `spurious_animations_frames` counter, then when
the latter rAF callback runs, it will not schedule a OneShotTimer timer
for any rAF callback that itself registers, since the counter was reset
previously. Hence that third rAF callback that never runs as it relies
on the compsitor's refresh callback, which was disabled previously.
The current logic also doesn't actually recognize spurious animation
frames because the `spurious_animations_frames` counter is updated at
the end of the `run_the_animation_frame_callbacks`, effectively meaning
`was_faking_animation_frames` and `self.is_faking_animation_frames` will
always be the same value but the logic effectively only runs when
`(!was_faking && is_faking)` is true.
This patch fixes the logic to detect spurious animations frames by
moving logic to update the counter to be before the check for spurious
frames. It also ensures that the compositor's refesh callbacks is
re-enabled once we see a non-spurious callback.
Fixes#35386
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
In #34998, I inadvertantly enabled shader precaching by default during a
cleanup. This change reverts that particular mistake.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Instead of telling the Constellation to tell the embedder that new
frames are ready, have the compositor tell the embedder directly. This
should reduce frame latency. Now, after processing compositor
updates, run any pending `WebView::new_frame_ready` delegate methods.
This change also removes the `refresh` call from the Java interface as
that was the only other place that the compositor was rendering the
WebRender scene outside of event looping spinning. This `refresh` call
was completely unused.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Add a delegate method for HTTP authentication and a related
`AuthenticationRequest` object that carries with it the URL as well as
whether or not the authentication request is for a proxy or not.
This is now separate from the prompt API because requesting
authentication doesn't necessarily involve prompting -- this is an
implementation detail of the embedder. In addition, the internal bits
are cleaned up slightly.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
- Update the script crate to better reflect the modern Permission
specifcation -- removing the necessity for an `Insecure` variant of
the permissions prompt.
- Have all allow/deny type requests in the internal API use an
`AllowOrDeny` enum for clarity.
- Expose `PermissionsRequest` and `PermissionFeature` data types to the
API and use them in the delegate method.
- Update both servoshell implementations to use the API.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Background:
> JavaScript strings are potentially ill-formed UTF-16 (arbitrary
> Vec<u16>) and can contain unpaired surrogates. Rust’s String type is
> well-formed UTF-8 and can not contain any surrogate. Surrogates are
> never emitted when decoding bytes from the network, but they can sneak
> in through document.write, the Element.innerHtml setter, or other DOM
> APIs.
In 2015, Servo launched an experiment to see if unpaired surrogates
cropped up in page content. That experiment caused Servo to panic if
unpaired surrogates were encountered with a request to report the page
to bug #6564. During that time several pages were reported with unpaired
surrogates, causing Servo to panic. In addition, when running the WPT
tests Servo will never panic due to the `-Z replace-surrogates` option
being passed by the test driver.
Motivation:
After this 10 year experiment, it's clear that unpaired surrogates are a
real concern in page content. Several reports were filed of Servo
panicking after encountering them in real world pages. A complete fix for
this issue would be to somehow maintain unpaired surrogates in the DOM,
but that is a much larger task than simply emitting U+FFD instead of an
unpaired surrogate.
Since it is clear that this kind of content exists, it is better for
Servo to try its best to handle the content rather than crash as
production browsers should not crash due to user content when possible.
In this change, I modify Servo to always replace unpaired surrogates.
It would have been ideal to only crash when debug assertions are
enabled, but debug assertions are enabled by default in release mode --
so this wouldn't be effective for WPT tests.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* Handle slots in an event's path
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This is only used in servoshell, even though it was plumbed through
script previously. It's just about how the `RenderingContext` is set up,
which is something managed entirely outside of servo itself.
In addition, make the name of `servo_shell_preferences` in `app.rs` more
consistent with the rest of the codebase.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
In addition to some small API changes, this downstream version of
WebRender no longer depends on a very old version of time. This is the
last step toward removing the dependency on `time0.1`.
The review for this commit should also include: 9f552bebab
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Add a `ClipboardDelegate` to the `WebView` API and a default
implementation in libservo for this delegate that works on Mac, Windows,
and Linux. Support for Android will be added in the future. This means
that embedders do not need to do anything special to get clipboard
support, but can choose to override it or implement it for other
platforms.
In addition, this adds support for handling fetches of clipboard contents
and renames things to reflect that eventually other types of clipboard
content will be supported. Part of this is removing the string
argument from the `ClipboardEventType::Paste` enum because script will
need to get other types of content from the clipboard than just a
string. It now talks to the embedder to get this information directly.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This fixes common crash related to slottables, currently present on wpt.fyi.
Previously, the traversal parent of `Text` nodes was incorrectly
assumed to always be the parent or shadow host. That caused crashes
inside stylo's bloom filter. Now the traversal parent is the slot
that the node is assigned to, if any, and the parent/shadow host otherwise.
The slottable data for Text/Element nodes is now stored in NodeRareData.
This is very cheap, because NodeRareData will already be instantiated
for assigned slottables anyways, because the containing_shadow_root
field will be set (since assigned slottables are always in a shadow
tree). This change is necessary because we need to hand out references
to the assigned slot to stylo and that is not possible to do (without
unsafe code) if we need to downcast the node first.
As a side effect, this reduces the size of `Text` from 256 to 232 bytes,
because the slottable data is no longer stored there.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Blocking a fetch due to a bad port should be grouped together
with CSP blocks as per the spec, but these steps were previously
seperated.
Additionally, remove handling of ftp in
should_request_be_blocked_due_to_a_bad_port, since it did nothing
anyways.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This is a useful feature to have in a browser engine, so I think it
should be enabled by default. I believe that the original concern was
that there was a security issue, but this certainly has the same
security concerns as normal file loading.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
This will prevent rust-analyzer from suggesting the import of these
types when dealing with `crossbeam` channels.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
