Depends on: https://github.com/lightpanda-io/wpt/pull/69
WPT can send a list of JSON message to the browser in order to simulate user
interaction, e.g.:
{ type: "pointer", actions: [{type: "pointerMove", x, y, origin}, ...] }
While some of these aren't meaningful for us, many are. A lot of these are just:
1 - scroll to an element
2 - mouse down
3 - mouse up
With the main goal of generating trusted events.
The first is that it can outlive the Transfer and thus has to dupe anything
it'll use (e.g. the frame_id off the request).
The second is that flushFrame is reentrant (flushFrame -> fire -> flushFrame)
and that results in the active list and list pointers becoming invalid.
Applies the same/similar escaping logic as is already applied to identifiers
and values. Importantly, this allows matching for attribute names with a colon,
e.g. "ng:jq" which can be selected with "ng\:jq".
This fixes real issues with rendering Angular 1.x.
I'm hoping this is the cause of our flaky CI runs. The existing code kept
a reference to the CDD command-owned proxy address. This commit has HttpClient
dupe/own the proxy to ensure the correct lifetime.
Pretty basic, worker started with the {type: 'module'} option has 2 practical
differences:
1 - importScript isn't allowed (TypeError)
2 - the initial script is loaded as a module
Seen in various WPT tests, but also saw this usage on mastodon.
Since the CDP rework, error.ClientDisconnected surfaces to the Runner. There's
no reason to log this (especially as at an error level). It's perfectly normal
and has already been logged at the CDP level.
If you run WPT tests, you'll see a fair number of `FrameNotFound`. This
comes from the cdp frameNavigated notification handler and it happens because
our frame lookup only considers iframes, not popups.
This commit includes popup in the search. I don't expect this to change WPT
results.
Add the reflected attributes src, type, width and height to
HTMLEmbedElement per HTML 4.8.6
(https://html.spec.whatwg.org/multipage/iframe-embed-object.html#htmlembedelement).
src is a URL-reflecting attribute (resolved against the document base,
mirroring HTMLImageElement.src); type, width and height are plain
DOMString reflections. Mirrors the reflection idiom used by
HTMLMarqueeElement / HTMLImageElement.
The intercept state is currently split and hard to keep consistent and even
just reason about. InterceptLayer keeps the `intercepted` count, but CDP's
`BrowserContext` has its intercepted lookup. This isn't a problem per se, but
you BrowserContext.deinit tries to decrement `InterceptLayer.intercepted` which
is only safe if we can guarantee that the two are in sync. Which we can't.
This commit simplifies the upkeep of `InterceptLayer.intercepted` and uses the
Transfer's state on unpark/deinit to decrement it. The CDP layer no longer
cares about / has to maintain the count.
Driven by this crash report:
BrowserContext.deinit.intercepted
---
value: 0
/home/runner/work/browser/browser/src/lightpanda.zig:279:25: 0x2871842 in deinit (lightpanda)
/home/runner/work/browser/browser/src/cdp/CDP.zig:127:18: 0x28c3f45 in deinit (lightpanda)
/home/runner/work/browser/browser/src/Server.zig:186:21: 0x2827997 in handleConnection (lightpanda)
/home/runner/work/_temp/6dc322a8-c74f-4990-9660-4cc6dcfb9352/zig-x86_64-linux-0.15.2/lib/std/Thread.zig:509:13: 0x269c233 in entryFn (lightpanda)
???:?:?: 0x7fce7ccabd57 in ??? (libc.so.6)
Unwind information for `libc.so.6:0x7fce7ccabd57` was not available, trace may be incomplete
on 1.0.0-nightly.6542+94ba0791
Add the reflected DOMString attributes name and value to the
existing HTMLParamElement, per HTML 15.3
(https://html.spec.whatwg.org/multipage/obsolete.html#htmlparamelement).
Mirrors the reflection idiom used by HTMLTimeElement / HTMLDataElement.
Advances the html/dom/reflection-obsolete.html WPT row.
Extract ZigToCurlAllocator to its own file and rename it to CurlDebugAllocator
to indicate that it is only used in debug. Also, only use it in debug.
In release mode, this just adds 16 bytes of overhead per allocation that curl
makes. In debug mode, it's the same overhead, but it at least hooks into the
std's DebugAllocator which can detect misuse.
A lot of WPT tests do something like:
```js
const frame = document.createElement("iframe");
t.add_cleanup(() => {
frame.remove();
});
... run a test
```
But our frame.remove (Element.remove) doesn't destroy the frame/context. It
can't. We don't know what is referencing it. So these WPT tests that create
_thousands_ of these quickly run into TooManyContexts errors.
As a quick solution, we now allow up to 8K contexts to be created when running
WPT tests (`-Dwpt_extensions`). Env.contexts becomes an arraylist rather than
an arary (so avoid having to pay that 8192 * 64 byte penalty for tests that
don't need 8K contexts).
An example of such a test is: /encoding/unsupported-labels.window.html
Stacked on https://github.com/lightpanda-io/browser/pull/2604 and driven by
a different WPT test: /html/dom/reflection-metadata.html
Goes from 1527 to 3074 passing cases. Largely just adding more attributes and
adding validation to attributes where necessary.
From a real case involving a modified version of our bing integration. Our
`releaseRef` (release from v8) destroys the FinalizerCallback.Identity but kept
it in the identities list. `releaseRef` now removes it from the list, so that
when FC.deinit is called, it doesn't try to access the freed identity.
Aimed at improving WPT /html/dom/reflection-obsolete.html Goes from 923 to 2305
passing cases (the remaining failing cases are all for <frame> which we don't
currently support)
Add accessors to Directory, Font and FrameSet. Add HTMLMarqueeElement.
Font setColor null -> ""
Add new properties to Html (accessKey and autofocus) and improve tabIndex
parsing.
Arena reuse/retain can hide UAF issues, often resulting in a crash that is more
symptom than cause (far from where the error actually is). Removing this, lets
us better utilize the DebugAllocator's UAF-detection.
Also, when running WPT tests (-Dwpt_extensions) limit console logging to 100
values (a few tests writer millions of values, which is annoying and just
destroys the terminal).
56181bbe6c protected against a document.write
generating a document.write.
This protects against a document.write generating a document.close. We cannot
immediately close, so we 'queue' the close (via a boolean) and defer it until
the write is complete.
Fixes crash in WPT: /html/webappapis/dynamic-markup-insertion/document-write/iframe_010.html
From what I can tell, this is the last one of these.
Depends on https://github.com/lightpanda-io/zig-v8-fork/pull/179
An improvement to https://github.com/lightpanda-io/browser/pull/2515 to prevent
a v8 assertion if we terminate as an inspector dispatch is happening.
The problem is that if we just immediately terminate, we aren't sure what the
worker thread is doing, and, apparently, if we terminate then dispatch a message
to the inspector, we fail an assertion.
With the way the code was, the only safe solution would be to hold a mutex
over the session dispatch, but that could block the network thread.
So instead of terminating from the network thread, we now ask v8 to execute
a callback. This gets executed on the worker thread, which can then terminate
the execution.
The initial version of 2515 delayed the termination from the network thread.
It's possible that solution would "solve" the issue, simply because it's very
unlikely that a worker would be "stuck" for 5 seconds and then get unstuck.
More likely that it exits immediately, or is stuck in an endless loop. But
that would still leave a window where we could terminate in network and then
dispatch in the worker. Less likely, but still possible. Hopefully this new
mechanism eliminates this from being a problem in all circumstances.
This specifically fixes a crash on WPT:
/html/syntax/parsing/html5lib_scripted_webkit01.html?run_type=write
Claude wrote a simple reproducing unit test, and you can see it's a
document.write that calls document.write.
