Return an XMLHttpRequestUpload (inheriting XMLHttpRequestEventTarget) from
the lazily-cached `upload` attribute. Fixes htmx login flows that called
`xhr.upload.addEventListener(...)`.
This adds script compilation to the Runner.waitForScript loop. The goal here
isn't really to improve waitForScript - we generally expect these scripts to
be very simple. The goal is to introduce script caching so that it could be
used in more important places (e.g. ScriptManager).
Depends on https://github.com/lightpanda-io/zig-v8-fork/pull/181
The point of children.Children was to save 8 bytes. But it doesn't. I don't
know if it ever did. It's @sizeOf(Children) is 16 bytes, exactly what
@sizeOf(DoublyLinkedList) is.
Maybe this came from when DoublyLinkedList held the length, in which case it
would have been different.
Either way, storing ?*DoublyLinkedList in Node:
1 - Takes the same amount of memory
2 - Simplifies the code
3 - Removes 1 indirection and 1 extra allocation in the case of having more than
1 child (compared to how it was before).
Implement the Node.lookupPrefix(namespace) method per the WHATWG DOM
"locate a namespace prefix" algorithm: match the element's own
namespace and prefix, then scan its xmlns: attribute declarations for
one whose value is the namespace, then recurse to the parent element.
This is the inverse of the existing lookupNamespaceURI and completes
the namespace-introspection trio alongside isDefaultNamespace.
We still occasionally see release overflow errors. I think this is a UAF, since
I cannot find any mismatched acquire/releases. So this adds a canary value to
every RC and includes it in the crash dump.
If the canary value is different than what we set it at, then we have a UAF.
If the canary value is set to the poison we set on release, then we have a
double free.
If the canary value is unchanged, then it's inconclusive.
The first is that it can outlive the Transfer and thus has to dupe anything
it'll use (e.g. the frame_id off the request).
The second is that flushFrame is reentrant (flushFrame -> fire -> flushFrame)
and that results in the active list and list pointers becoming invalid.
Applies the same/similar escaping logic as is already applied to identifiers
and values. Importantly, this allows matching for attribute names with a colon,
e.g. "ng:jq" which can be selected with "ng\:jq".
This fixes real issues with rendering Angular 1.x.
I'm hoping this is the cause of our flaky CI runs. The existing code kept
a reference to the CDD command-owned proxy address. This commit has HttpClient
dupe/own the proxy to ensure the correct lifetime.
Pretty basic, worker started with the {type: 'module'} option has 2 practical
differences:
1 - importScript isn't allowed (TypeError)
2 - the initial script is loaded as a module
Seen in various WPT tests, but also saw this usage on mastodon.
Since the CDP rework, error.ClientDisconnected surfaces to the Runner. There's
no reason to log this (especially as at an error level). It's perfectly normal
and has already been logged at the CDP level.
If you run WPT tests, you'll see a fair number of `FrameNotFound`. This
comes from the cdp frameNavigated notification handler and it happens because
our frame lookup only considers iframes, not popups.
This commit includes popup in the search. I don't expect this to change WPT
results.
Add the reflected attributes src, type, width and height to
HTMLEmbedElement per HTML 4.8.6
(https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmlembedelement).
src is a URL-reflecting attribute (resolved against the document base,
mirroring HTMLImageElement.src); type, width and height are plain
DOMString reflections. Mirrors the reflection idiom used by
HTMLMarqueeElement / HTMLImageElement.
The intercept state is currently split and hard to keep consistent and even
just reason about. InterceptLayer keeps the `intercepted` count, but CDP's
`BrowserContext` has its intercepted lookup. This isn't a problem per se, but
you BrowserContext.deinit tries to decrement `InterceptLayer.intercepted` which
is only safe if we can guarantee that the two are in sync. Which we can't.
This commit simplifies the upkeep of `InterceptLayer.intercepted` and uses the
Transfer's state on unpark/deinit to decrement it. The CDP layer no longer
cares about / has to maintain the count.
Driven by this crash report:
BrowserContext.deinit.intercepted
---
value: 0
/home/runner/work/browser/browser/src/lightpanda.zig:279:25: 0x2871842 in deinit (lightpanda)
/home/runner/work/browser/browser/src/cdp/CDP.zig:127:18: 0x28c3f45 in deinit (lightpanda)
/home/runner/work/browser/browser/src/Server.zig:186:21: 0x2827997 in handleConnection (lightpanda)
/home/runner/work/_temp/6dc322a8-c74f-4990-9660-4cc6dcfb9352/zig-x86_64-linux-0.15.2/lib/std/Thread.zig:509:13: 0x269c233 in entryFn (lightpanda)
???:?:?: 0x7fce7ccabd57 in ??? (libc.so.6)
Unwind information for `libc.so.6:0x7fce7ccabd57` was not available, trace may be incomplete
on 1.0.0-nightly.6542+94ba0791
Add the reflected DOMString attributes name and value to the
existing HTMLParamElement, per HTML 15.3
(https://html.spec.whatwg.org/multipage/obsolete.html#htmlparamelement).
Mirrors the reflection idiom used by HTMLTimeElement / HTMLDataElement.
Advances the html/dom/reflection-obsolete.html WPT row.
Extract ZigToCurlAllocator to its own file and rename it to CurlDebugAllocator
to indicate that it is only used in debug. Also, only use it in debug.
In release mode, this just adds 16 bytes of overhead per allocation that curl
makes. In debug mode, it's the same overhead, but it at least hooks into the
std's DebugAllocator which can detect misuse.
A lot of WPT tests do something like:
```js
const frame = document.createElement("iframe");
t.add_cleanup(() => {
frame.remove();
});
... run a test
```
But our frame.remove (Element.remove) doesn't destroy the frame/context. It
can't. We don't know what is referencing it. So these WPT tests that create
_thousands_ of these quickly run into TooManyContexts errors.
As a quick solution, we now allow up to 8K contexts to be created when running
WPT tests (`-Dwpt_extensions`). Env.contexts becomes an arraylist rather than
an arary (so avoid having to pay that 8192 * 64 byte penalty for tests that
don't need 8K contexts).
An example of such a test is: /encoding/unsupported-labels.window.html
Stacked on https://github.com/lightpanda-io/browser/pull/2604 and driven by
a different WPT test: /html/dom/reflection-metadata.html
Goes from 1527 to 3074 passing cases. Largely just adding more attributes and
adding validation to attributes where necessary.
From a real case involving a modified version of our bing integration. Our
`releaseRef` (release from v8) destroys the FinalizerCallback.Identity but kept
it in the identities list. `releaseRef` now removes it from the list, so that
when FC.deinit is called, it doesn't try to access the freed identity.
Aimed at improving WPT /html/dom/reflection-obsolete.html Goes from 923 to 2305
passing cases (the remaining failing cases are all for <frame> which we don't
currently support)
Add accessors to Directory, Font and FrameSet. Add HTMLMarqueeElement.
Font setColor null -> ""
Add new properties to Html (accessKey and autofocus) and improve tabIndex
parsing.
