When a form is submitted via a click on a submit button (or
form.requestSubmit(button)), the HTML form-submission algorithm requires
the submitter's formaction / formmethod / formenctype attributes to
override the form's corresponding attributes when present. Frame.submitForm
was reading action / method / enctype only from the form element, so the
button-side overrides were silently ignored. The symmetrical lookup for
formtarget already exists upstream — this commit applies the same pattern
to the other three attributes.
Closes#2278
If a POST navigation gets redirected (302/303), the page that actually
loads is fetched with GET — but Frame._navigated_options still carries
the original POST method, body, and Content-Type. Page.reload would
then re-POST the form data to the redirect target, which is both
incorrect and dangerous (re-submission of credentials, charges, etc.).
Reset method/body/header on _navigated_options inside
frameHeaderDoneCallback whenever response.redirectCount() > 0. The full
spec-correct version would distinguish 307/308 (preserve method) from
301/302/303 (convert POST→GET), but resubmitting form data is the more
dangerous failure mode — conservative reset matches Chrome's practical
behavior on reload.
Also collapse the prev_body/prev_header extraction in doReload to a
single tuple-destructured blk: block (no behavior change).
Tests: new cdp.frame: reload after POST→redirect drops the POST drives
POST /redirect_to_echo → 302 → /echo_method, then Page.reload, asserts
the second request is GET. /redirect_to_echo route added to
testing.zig. The existing reload-replays-POST test still passes (no
redirect, POST is still replayed).
Per review: collectForm walked the children once to look for a
non-disabled <option>, then Select.getValue walked them again to
emit the value. Extract the selectedness-candidate algorithm into
Select.effectiveOption() ?*Option so both call sites share it and
each runs a single iteration.
- Select.getValue is now a one-liner over effectiveOption.
- collectForm replaces the candidate-check + getValue pair with
`select.effectiveOption() orelse continue; break :blk opt.getValue(frame);`.
Behavior is unchanged; the existing form_data.html fixtures
(selectWithoutOptions, selectMultipleWithoutOptions,
selectAllOptionsDisabled) still pass.
- Use std.fmt.allocPrint in formatFloat (per-review suggestion).
- Drop the `r3.value = '1' -> '1'` fractional-bounds assertion, which
conflicted with WHATWG step matching (default step=1, base=min=0.5,
nearest valid is '1.5'). Step matching remains out of scope here.
Per review feedback. attributeValue now guarantees an arena-owned
return: the quoted path already allocates into the arena via the
ArrayList, so we just dupe in the unquoted path and drop the redundant
arena.dupe at the call site. Pre-size the ArrayList to input.len since
escapes only shrink, skipping grow-from-zero reallocs.
1. Add a bunch of initXYZEvent functions, and fix the overload of initTextEvent
2. Add a number of missing (mostly legacy) accessors, e.g. uievent.getWhich()
3. CompositionEvent inherits from UIEvent, not Event
4. Give every accessor get/set a name. E.g the "name" of script.src is
"get script" and "set script".
Currently, we return a dummy `WebGLRenderingContext`. But this type implements
virtually nothing. From MDN: "If the context identifier is not supported null is
returned."
Now, normally we like to move things along as much as we can. Returning
`WebGLRenderingContext` lets us know the next thing the code needs. But in this
case, it seems to be problematic. At least some code is defensive around a null
value from getContext('webgl'), but once we return an instance, it expects it
to work correctly. This is what causes https://github.com/features/copilot to
enter an endless JS loop.
`Parser.attributeValue` walked quoted attribute values with
`indexOfScalarPos` to locate the closing quote and returned the raw byte
slice between the quotes — backslash escapes were neither honored as
escape boundaries nor decoded. As a result, `[data-x="abc\\def"]`
matched against the literal 8-byte string `abc\\def` instead of the
7-byte string `abc\def` the author intended, and `[data-x="foo\"bar"]`
truncated the value at the escaped inner quote.
Walk the string char-by-char respecting backslash escapes per CSS Syntax
Level 3 §4.3.5 (consume-string-token), reusing the existing
`parseEscape` helper that already powers `parseIdentifier` for `#id` /
`.class` selectors. Decode `\\`, `\"`/`\'`, and `\<hex digits>` (1–6
hex digits with optional whitespace terminator), drop `\<newline>` line
continuations, and surface bare newlines / trailing backslashes as
`InvalidAttributeSelector`.
Closes#2268
Per the WHATWG HTML "input type=range" value sanitization algorithm, an
out-of-range value assigned via the JS `value` setter (or `Element.value`)
must be clamped to `[min, max]`, with `min`/`max` defaulting to 0 and 100
when the attribute is missing or not a valid floating-point number; if the
assigned value isn't a valid floating-point number, fall back to
`min + (max - min) / 2`. The previous `.range` branch in `sanitizeValue`
only validated the float grammar and returned `"50"` as a hardcoded
default, so `<input type="range" min="0" max="100">; el.value = "999"`
left `el.value === "999"` instead of `"100"`.
Step matching is a separate sanitization rule and intentionally out of
scope.
Closes#2266
Per RFC 7231 §7.1.2, when a 3xx response carries a Location header
without a fragment, the user agent must process the redirect as if
the value inherited the fragment of the request URL. URL.resolve
follows RFC 3986 §5.3 which drops the base fragment, so handleRedirect
now reattaches the original fragment when the resolved target has none.
Closes#2263
Per the HTML Living Standard "constructing the form data set" algorithm,
a <select> element appends one entry per option whose selectedness is
true. A non-multiple <select> derives its selectedness from an
explicitly-selected option, falling back to the first non-disabled
option in tree order. With zero options (or only disabled options), no
option is selected, so no entry should be appended.
The singular-select fast path in collectForm previously broke from the
block with select.getValue(frame) regardless of whether any option
existed, causing FormData to emit a phantom (name, "") entry for an
empty <select>. Guard the fast path on the existence of at least one
non-disabled <option> child and skip the entry otherwise.
Closes#2262
doReload built a NavigateOpts with only url + kind=.reload; method/body/header
defaulted to GET/null/null, so any prior POST navigation regressed to a GET
on reload. The HTML reload navigation re-fetches the document that produced
the current entry, and Chrome replays the same HTTP request that loaded the
page (including method, body, and Content-Type) — Lightpanda dropped all
three.
Retain the prior request body and content-type header in Frame.NavigatedOpts
(duped into the frame arena), and have doReload capture them into the CDP
command's arena before replacePage() frees the old frame. The reload's
frame.navigate call carries the replayed method/body/header so the request
the page was loaded with is the request that runs again.
Closes#2258
The JsApi binding for Location.prototype declared `pathname` and `search`
as read-only accessors (`null` setter), so assigning either had no
observable effect — the URL was never re-parsed and no navigation was
queued. Per HTML Living Standard §7.4.4.5.5/§7.4.4.5.6, both setters
must run the URL parser against a copy of the current URL and then
"Location-object navigate" to the result.
Add `setPathname` / `setSearch` member functions that mirror the
existing `setHash` shape: compute the new full URL via the matching
helper in `src/browser/URL.zig` and forward to `Frame.scheduleNavigation`
with `kind = .push` (matches Chrome's history-handling for these
setters). Wire them into the `pathname` / `search` accessors in place
of the previous `null` setters.
Closes#2256
Improvement to https://github.com/lightpanda-io/browser/pull/2246
In that PR, the check for `v8__Isolate__IsExecutionTerminating` guarded
runMicrotasks from running when the execution was terminated, but what if
termination happens immediately after? This adds a mutex to ensure that the
isolate cannot be terminated while microtasks are being processed.
The empty Zig anonymous struct `.{}` serializes to `[]` (tuple → JSON
array), not `{}`. The dispatch path's `InputParams.jsonParse` requires
the params field to begin with `object_begin`, so the previous test
fixtures hit `error.UnexpectedToken` → `error.InvalidJSON` instead of
exercising the production code paths.
Switch the two empty-params test cases to raw JSON string literals,
which the testing helper passes through unchanged (string literals are
pointer types and skip `std.json.Stringify.valueAlloc`). The production
code paths under test are unchanged.
`Network.clearBrowserCookies` had an inverted-logic guard that returned
`InvalidParams` whenever the caller included a `params: {}` field — which
most CDP libraries (chrome-remote-interface, chromedp, etc.) do
unconditionally. The CDP spec defines no parameters for the method, but
JSON-RPC convention is to silently accept extra ones; Chrome and the
sibling `Storage.clearCookies` handler already do. Drop the guard.
`Network.getAllCookies` was missing from the `Network` dispatch enum and
returned `UnknownMethod`. Add a small handler that returns the entire
cookie jar via the existing `CdpStorage.CookieWriter`, mirroring
`Storage.getCookies` minus the `browserContextId` filter (Network
commands are scoped to the current browser context already).
Closes#2254
When Form.requestSubmit() is called without a submitter argument, the
HTML spec defaults the internal submitter variable to the form element
itself (step 2). The subsequent "submit a form element" algorithm then
collapses submitter === form back to submitterButton = null before
constructing the SubmitEvent. We were skipping that collapse and using
the form as the SubmitEvent's submitter, which diverges from Chrome /
Firefox / WPT.
Frame.submitForm now coerces submitter_ to null when it equals the
form element, mirroring the spec algorithm. The form.html fixture
that previously asserted the wrong behavior is updated to assert
.submitter === null per spec.
https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#concept-form-submitCloses#2252
Same-URL navigate should always cause a reload. The code that currently prevents
a navigate on fragment change is too loose and treats identical URLs as being
a fragment change..but for it to be considered a fragment change, the fragment
actually has to change.
This improves some WPT compat where tests do:
<iframe></iframe> <--- loads "about:blank"
<script>
document.querySelector('iframe').src = "about:blank"; <--- should load it again
</script>
Runner._wait can iterate for the full opts.ms budget (up to 30s in
fetch, longer in agent tool-use loops). V8 was only nudged to GC on
session/page teardown (Browser.deinit, Page.deinit), so a page that
stays alive while running heavy JS accumulates wrappers and
external-ref'd Zig allocations V8 has no reason to drop. Fire
memoryPressureNotification(.moderate) once per second from the wait
loop.
The main.zig path for `fetch` now captures the *Browser so that
browser.env.terminate() can be called. This is a bit more complex than the serve
path because the Browser owns the Isolate and can't be moved from one thread to
another.
With main having access to the browser, two things are now possible:
1 - We can support a --terminate-ms flag (https://github.com/lightpanda-io/browser/issues/2206)
2 - ctrl-c can correctly stop blocked JavaScript processes
1 is implemented via setitimer to set a timer for SIGALRM, avoiding the need to
add another "watcher" thread, or putting a timer in Network.run.
Was previously using page.arena, but there's no reason to hold this beyond the
point where the page is parsed, and the page can live for quite some time after
the initial load.
