All logic is implemented in `report_csp_violations` to avoid
pulling in various element-logic into SecurityManager.
Update the `icon-blocked.sub.html` WPT test to ensure that
the document is the correct target (verified in Firefox and Chrome).
Fixes#36806
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
This turned out to be a full rabbit hole. The new header
is parsed in the new `parse_csp_list_from_metadata` which
sets `disposition` to `report.
I was testing this with
`script-src-report-only-policy-works-with-external-hash-policy.html`
which was blocking the script incorrectly. Turns out that there
were multiple bugs in the CSP library, as well as a missing
check in `fetch` to report violations.
Additionally, in several locations we were manually reporting csp
violations, instead of the new `global.report_csp_violations`. As
a result of that, they would double report, since the report-only
header would be appended as a policy and now would report twice.
Now, all callsides use `global.report_csp_violations`. As a nice
side-effect, I added the code to set source file information,
since that was already present for the `eval` check, but nowhere
else.
Part of #36437
Requires servo/rust-content-security-policy#5
---------
Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com>
Signed-off-by: Tim van der Lippe <TimvdLippe@users.noreply.github.com>
This removes a bunch of duplicated code needed to support
ConditionalMallocSizeOf correctly, and fixes multiple places where that
code was subtly wrong (the seen pointers hashset was never cleared).
Testing: Measuring https://www.nist.gov/image-gallery lots of times.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Current implementation takes arguments for specifying values of
violation report, but is difficult to understand which value should be
passed. These changes create new builder for violation report to address
the issue.
Testing: These changes do not require tests because they just refactor
current code
Signed-off-by: Chocolate Pie <106949016+chocolate-pie@users.noreply.github.com>
* Use 2024 style edition
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Reformat all code
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
This patch implements the `FontFace` interface, but with some caveats
1. The interface is only exposed on `Window`. Support for Workers will
be handled in the future.
2. The concept of `css-connected` `FontFace` is not implemented, so
`@font-face` rules in stylesheets will not be represented in the DOM.
3. The constructor only supports using `url()` strings as source
and `ArrayBuffer` and `ArrayBufferView` are not supported yet.
A skeleton implementation of the `load` method of `FontFaceSet` is also
implemented in this patch. The intention is to support some web pages
that don't load without this method.
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This change exposes a single `InputEvent` type and now there is only a
single delegate method for this `WebViewDelegate::notify_input_event`.
- Clipboard events are now handled as `EditingAction` inpute events. In
the future this can include things like "Select All", etc.
In addition, many parts of the dance to pass these events can now be
simplified due to this abstraction.
- All forwarded events are handled the same way in the `Constellation`,
though they may carry an optional hit test (for events that have a
`point`) which affects which `Pipeline` they are sent to.
- In the `ScriptThread` we now accept these `InputEvents` and use them
everywhere. Now all "compositor events" are "input events".
- This allows removing several data structures which are no longer
necessary.
- We no longer inform the embedder when an event was handled by a
WebView as that was only important for a MDI feature that will
no longer be so important the full-featured `WebView` API.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Flatten and simplify Servo's preferences code. In addition, have both
preferences and options passed in as arguments to `Servo::new()` and
make sure not to use the globally set preferences in `servoshell` (as
much as possible now).
Instead of a complex procedural macro to generate preferences, just
expose a very simple derive macro that adds string based getters and
setters.
- All command-line parsing is moved to servoshell.
- There is no longer the concept of a missing preference.
- Preferences no longer have to be part of the resources bundle because
they now have reasonable default values.
- servoshell specific preferences are no longer part of the preferences
exposed by the Servo API.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Previously, senders and receivers to different kinds of event loops (the
main `ScriptThread`, different types of workers) used a rust `trait`
mechanism to implement dynamic behavior. This led to having many unused
implementations of this `trait`. This change moves to using an `enum`
based approach for these senders and receivers and removes all of the
dead code.
In addition, to allowing for use of rust's dead code detection, it
simplifies the code a great deal. All of these generic senders and
receivers are moved to the `messaging.rs` file and given proper
documentation.
Finally, empty an `JSTraceable` implementation is made for all
crossbeam `Sender<...>`s to avoid having to manually skip them everytime
they are included in structs. The pre-existing empty `MallocSizeOf`
implementation is used more thoroughly.
Other unecessary wrappers around these senders and receivers are removed
as well.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
No longer hide errors while queueing tasks on the main thread. This
requires creating two types of `TaskSource`s: one for the main thread
and one that can be sent to other threads. This makes queueing a bit
more efficient on the main thread and more importantly, no longer hides
task queue errors.
Fixes#25688.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
This is a simplification of the internal `TaskQueue` API that moves the
`TaskManager` to the `GlobalScope` itself. In addition, the handling of
cancellers is moved to the `TaskManager` as well. This means that no
arguments other than the `task` are necessary for queueing tasks, which
makes the API a lot easier to use and cleaner.
`TaskSource` now also keeps a copy of the canceller with it, so that
they always know the proper way to cancel any tasks queued on them.
There is one complication here. The event loop `sender` for dedicated
workers is constantly changing as it is set to `None` when not handling
messages. This is because this sender keeps a handle to the main
thread's `Worker` object, preventing garbage collection while any
messages are still in flight or being handled. This change allows
setting the `sender` on the `TaskManager` to `None` to allow proper
garbabge collection.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Instead of creating a type for each `TaskSource` variety have each `TaskSource`
hold the same kind of sender (this was inconsistent before, but each
sender was effectively the same trait object), a pipeline, and a
`TaskSourceName`. This elminates the need to reimplement the same
queuing code for every task source.
In addition, have workers hold their own `TaskManager`. This allows just
exposing the manager on the `GlobalScope`. Currently the `TaskCanceller`
is different, but this will also be eliminated in a followup change.
This is a the first step toward having a shared set of `Sender`s on
`GlobalScope`.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
Create two new data structures in the `script` crate to hold senders and
receiver:
- `ScriptThreadSenders`: holds all outgoing channels from the
`ScriptThread` including a channel to the `ScriptThread` itself. The
ultimate goal with this is to reduce duplication by giving a boxed
version of this this to `Window`s.
- `ScriptThradReceivers`: holds all incoming channels to the
`ScriptThread`. This isn't cloenable like the senders. This is used to
abstract away `recv()` and `try_recv()` methods used to make the
`ScriptThread` event loop easier to read.
In addition:
- The many duplicated `ScriptThread` self-senders for the `TaskManager`
have been removed and, in general, a lot of boilerplate is removed as
well.
- Visibilty of all methods affected by this change is changed to
`pub(crate)` in order to take advantage of dead code detection. Some
dead code produced from macros is removed.
- Some conversion code is refactord into implementations of the `From`
trait.
- The names of channels uses a standard "sender" and "receiver" naming
as well as trying to be descriptive of where they go in `ScriptThread`
as well as `InitialScriptState`
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* few cangc fixes
Signed-off-by: L Ashwin B <lashwinib@gmail.com>
* few cangc fixes
Signed-off-by: L Ashwin B <lashwinib@gmail.com>
---------
Signed-off-by: L Ashwin B <lashwinib@gmail.com>
* Make CanGc non-sendable, and add documentation.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
* Update CanGc usage to fix usages that were moved between threads/tasks.
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
---------
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This change:
1. Adds safety documentation where it was missing.
2. Limits the scope of unsafe code in some cases to where it is actually
unsafe.
3. Converts some free functions to associated functions and methods,
thereby making them more likely to be called safely.
Signed-off-by: Martin Robinson <mrobinson@igalia.com>
* asan: Add suppression for known false positive
Signed-off-by: ede1998 <online@erik-hennig.me>
* fix: re-suppress lazy_static leaks
lazy_static is still used by dependencies and still leaks
from static variables.
Signed-off-by: ede1998 <online@erik-hennig.me>
* fix: Memory leak of Box<NetworkingTaskSource>
Signed-off-by: ede1998 <online@erik-hennig.me>
---------
Signed-off-by: ede1998 <online@erik-hennig.me>
These operations are deprecated and might be removed
in a future rust version. Clippy is also complaining
about them.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update mozjs
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* Fix changed readTransfer callback
https://bugzilla.mozilla.org/show_bug.cgi?id=1842713
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* Use NewExternalArrayBuffer from glue
d33454be74
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* Fix columnorigin and filename being in latin1
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* fixup newexternalarray
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* Float16 (this might require more work for codegen support)
https://bugzilla.mozilla.org/show_bug.cgi?id=1833647
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* js.strict is removed
https://bugzilla.mozilla.org/show_bug.cgi?id=1621603
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* asm options are now somewhere else
https://hg.mozilla.org/mozilla-central/rev/26045c88e3972957087d535e7f259e08857bd2a2
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* Comment out offthread compilation
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* Set NDK to 26
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* Fix 1-origin handling
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* Expect `FinalizationRegistry` interface
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* Good expectations
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* more expectations
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* Add `WeakRef` to interfaces expectation
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* mozjs upgrade: fixes for Android
Android NDK's layout has changed in r26 and 'lib64' no longer exists
under `toolchain/llvm/prebuilt/linux-x86_64`. The libraries that used to
be it are now present in `lib` folder itself.
This patch updates the build configuration to use the `lib` folder
instead when configuring the LIBCLANG_PATH environment variable.
This patch also updates to a newer mozjs version that includes fixes for
linker errors faced on Android (see #32769).
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
* Patch libz-sys & update mozjs
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* update NDK version in README
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
* Use servo/mozjs
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
* Update mozjs again
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
---------
Signed-off-by: sagudev <16504129+sagudev@users.noreply.github.com>
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Co-authored-by: Mukilan Thiyagarajan <mukilan@igalia.com>
For a long time, `gfx_traits` has held a lot of things unrelated to graphics
and also unrelated to the `gfx` crate (which is mostly about fonts).
This is a cleanup which does a few things:
1. Move non `gfx` crate things out of `gfx_traits`. This is important in
order to prevent dependency cycles with a different integration between
layout, script, and fonts.
2. Rename the `msg` crate to `base`. It didn't really contain anything
to do with messages and instead mostly holds ids, which are used
across many different crates in Servo. This new crate will hold the
*rare* data types that are widely used.
Details:
- All BackgroundHangMonitor-related things from base to a new
`background_hang_monitor_api` crate.
- Moved `TraversalDirection` to `script_traits`
- Moved `Epoch`-related things from `gfx_traits` to `base`.
- Moved `PrintTree` to base. This should be widely useful in Servo.
- Moved `WebrenderApi` from `base` to `webrender_traits` and renamed it
to `WebRenderFontApi`.
* Fixed some clippy warning by adding default implementations
* Updated PR that adds default implementation of structs
* Clean up and extend `Default` implementations
---------
Co-authored-by: Martin Robinson <mrobinson@igalia.com>
The crash when loading servo.org happens in the JIT code
emitted by SM's CacheIRCompiler to invoke the VM function
`ProxyGetPropertyByValue`.
To disable this code path, it is not sufficient to disable
just the baseline JIT (which exposed in servo under the
pref `js.baseline.enabled`) but also the baseline
interpreter which is controlled by a different flag in SM.
This PR disables renames the `js.baseline.enabled` pref in
Servo to `js.baseline_jit.enabled` and introduces a new
pref `js.baseline_interpreter.enabled` that controls the
baseline interpreter.
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
