This avoids a crash that occurred when calling `getBBox()` on an SVG
element that had a transform with no inverse.
Found by Domato.
(cherry picked from commit d417b7568360f20487e4182e52872b82c8fbbf60)
Previously, `SVGSVGBox` would have a natural aspect ratio of 0 if it
had a viewbox with zero width. This led to a division by zero, causing
a crash.
Found by Domato.
(cherry picked from commit 4cdafea36334bcff8c4bbb083076ae55b599177c)
Previously calling `PaintableBox::set_scroll_offset()` with a
PaintableBox whose content size was larger than its scrollble overflow
rect would cause a crash.
Found by Domato.
(cherry picked from commit 604f6040a180ac409cf338045c8709a171d920d5)
GCC 14 emits a warning when an always succeeding `dynamic_cast`'s return
value is compared to NULL inside the `AK::is<T>(U)` template when `T` ==
`U`.
While warning on tautological `is` calls seems useful, it's a bit
awkward when it comes from a function template where the cast may fail
in some instantiation. There is a GCC bug open for it:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115664
Work around the warning by performing the algorithm on the base type
(`EventTarget`), with a wrapper that casts it to the more specialized
input type.
(cherry picked from commit 31eb0ed938dff11dee7391a4f616f4132aa250c0)
Previously, you'd see one frame of the sleeping animation, and then it
would stop. This was because Frame2 = 0x1 and Frame1 = 0x0, so once the
Frame2 bit was set, or-ing with Frame1 would not unset it. Since the
current frame was already tracked separately to the state, we can avoid
setting it in the state, and instead only use it when we fetch the
bitmap, preventing this issue.
This method accepts a namespace URI as an argument and returns true if
the given URI is the default namespace on the given node, false
otherwise.
(cherry picked from commit 055c902a375bb34b8c0e31f015c2815fe935c6a9)
This method takes a prefix and returns the namespace URI associated
with it on the given node, or null if no namespace is found.
(cherry picked from commit 27d429a85f359b9c87bf9807e4dea33f7092308a)
This change implements the download, ping, rel, hreflang, and type
attributes using the [Reflect] annotation in the IDL file.
(cherry picked from commit 7562f89d4e2b0dd22430962e102a2195186f8458)
Add fetch group concept from the '2.4. Fetch groups' in
the fetch specs to the environment settings object.
(cherry picked from commit 9e223f6daeb3969d3997084a973b26daff6b4f7e)
Previously, `Node::is_equal_node()` would return true for nodes in
different namespaces that were otherwise equal.
(cherry picked from commit 7ab7be694d1232f4cdc108a2adc88812fc0a9ca9)
This matches the behavior of other browsers. Previously, a click event
was used, so the value was only updated when the mouse was released.
(cherry picked from commit b4b947c60797328d930c8d3de466b8ef292d0ed4)
An input event is now fired when the step up or step down button of an
input element of type number is clicked.
This ensures that any associated <output> element is updated when these
buttons are clicked.
(cherry picked from commit 2a980816e756d727261d53450b4b3f48069d5d50)
Input elements without a defined user-interaction behavior need to fire
an input event when the user changes the element's value in some way.
This change moves the code to do this into its own function and adds
some spec text to explain what is being done.
(cherry picked from commit a3d12e569c88d0dae530657e5bddc18699fb9c9b)
The spec allows setting a constructor on non built-in Iterator objects.
This is a normative change in the Iterator Helpers proposal. See:
https://github.com/tc39/proposal-iterator-helpers/commit/30b3501
(cherry picked from commit fb228a3d850eb5e4b06550823755719a377b41e6)
The spec allows setting the prototype on non built-in Iterator objects.
This is a normative change in the Iterator Helpers proposal. See:
https://github.com/tc39/proposal-iterator-helpers/commit/30b3501
(cherry picked from commit 734e37442db4419b58228e25702bfe176e52f5e3)
The EntryType has three possible values: Fetching, Failed or
ModuleScript. It is possible that we transition from Fetching to Failed
as in #13.1. Change the assertion to include the failed scenario.
Fixes: https://github.com/LadybirdBrowser/ladybird/issues/661
(cherry picked from commit 319bb6353e0ba64fc5e54b32ddb2b38736cedef9)
This fixes some bugs on wpt.dom/events/Event-init-while-dispatching.html,
although the test still fails due to [GH-23722].
[GH-23722]: https://github.com/SerenityOS/serenity/issues/23722
(cherry picked from commit aefab1de38948b0d86a6aed33647e995340859e2)
- Change min track sizing function to be "auto" when flex size is
specified.
- Never check if min track sizing funciton is flexible, because only
max is allowed to be flexible.
- Address FIXME in automatic_minimum_size to avoid regressions after
making two fixes mentioned above.
(cherry picked from commit 3270df476dd46b140e1b9de1e8328647744b56ab)
Areas are disassembled into boundary lines on `build_grid_areas()` step,
so we can always use them to find grid item's position during placement.
This way we support both ways to define area: `grid-template-areas` and
implicitly using `-start` and `-end` boundary line names.
(cherry picked from commit 7a1f3f7ae3af2744e2f99df29baf09153d631b24)
We're expected to handle this situation gracefully, and certainly not
by falling apart like we were.
Found by Domato.
(cherry picked from commit 33207174a9c1c87657e2ae0875cc85cbf41075f8)
If the anchor and focus nodes are not within the same document, we can't
use them for a selection range.
Found by Domato.
(cherry picked from commit 416c4788763baa778465d1d004080d322462c0bf)
Instead of allowing arbitrarily large values (which could eventually
overflow an i32), let's just cap them at the same limit as Firefox does.
Found by Domato.
(cherry picked from commit 4e0edd42b95abf8ad707c64414dbe618313ce89e)
We were incorrectly assuming that setAttribute() could never fail here,
even when passed an invalid name.
Found by Domato.
(cherry picked from commit 093f1dd805f699801079f55d0d490d80b463ccbb)
We already have a FlyString of its value from parsing, and most users
also want a FlyString from it, so let's use that instead of converting
backwards and forwards.
The two users that did want a String are:
- Quotes, which make sense as FlyString instead, so I've converted that.
- Animation names, which should probably be FlyString too, but the code
currently also allows for other kinds of StyleValue, and I don't want
to dive into this right now to figure out if that's needed or not.
(cherry picked from commit 9fb44cb05777c6d7a8a1950258edadfcee6d4e09)
This does not appear to be correct; the `grid-area` property's value is
quite complicated, and not just a string.
(cherry picked from commit d2f04b9f0415ebfebb1d8f6386ff13f8df053674)
This PR adds basic support for loading iCalendar (.ics) files and
parsing VEVENT properties that are currently supported by Calendar
Events: summary, start and end.
The JS::Error types all store their exception messages as a String. So
by using ByteString, we hit the StringView constructor, and end up
allocating the same string twice.
(cherry picked from commit c3f8202d0ca7761caaabf0af5f413dc25337801f)
We had a const and non-const version of this function, with slightly
different behavior (oops!)
This patch consolidates the implementations and keeps only the correct
behavior in there.
Fixes an issue where comments were not collapsible on Hacker News.
(cherry picked from commit 98f88d49de852e1e524655accb39724f1134a23f)
These were being immediately stored in JS::GCPtrs (and dutifully visited
by HTMLParser), so creating temporary handles for them was a complete
waste of time.
(cherry picked from commit f9f11dc51d50746ccb1a82cd304fe30901edc347)
When loading a canned version of reddit.com, we end up parsing many many
shadow tree style sheets of roughly ~170 KiB text each.
None of them have '\r' or '\f', yet we spend 2-3 ms for each sheet just
looping over and reconstructing the text to see if we need to normalize
any newlines.
This patch makes the common case faster in two ways:
- We use TextCodec::Decoder::to_utf8() instead of process()
This way, we do a one-shot fast validation and conversion to UTF-8,
instead of using the generic code-point-at-a-time callback API.
- We scan for '\r' and '\f' before filtering, and if neither is present,
we simply use the unfiltered string.
With these changes, we now spend 0 ms in the filtering function for the
vast majority of style sheets I've seen so far.
(cherry picked from commit dba6216caa71796f25831908035cd9eb0fb54715)
When appending a single Unicode code point, we don't have to go through
the trouble of creating a Utf32View wrapper over it.
(cherry picked from commit 7892ee355df95f6414ab5334d8d997c2c0356a45)
Implement for CreatePerIterationEnvironment for 'for' loops per the Ecma
Standard. This ensures each iteration of a 'for' loop has its own
lexical environment so that variables declared in the loop are scoped to
the current iteration.
(cherry picked from commit dbc2f7ed48f00234f5f94a30b06b83842d9cf4dd)
When traversing the layout tree to find an appropriate box child to
derive the baseline from. Only the child's margin and offset was being
applied. Now we sum each offset on the recursive call.
(cherry picked from commit 3c897e7cf3594f02f559599e1bf28747c9edba13)
The LibELF validate_program_headers method tried to do too many things
at once, and as a result, we had an awkward return type from it.
To be able to simplify it, we no longer allow passing a StringBuilder*
but instead we require to pass an Optional<Elf_Phdr> by reference so
it could be filled with actual ELF program header that corresponds to
an INTERP header if such found.
As a result, we ensure that only certain implementations that actually
care about the ELF interpreter path will actually try to load it on
their own and if they fail, they can have better diagnostics for an
invalid INTERP header.
This change also fixes a bug that on which we failed to execute an ELF
program if the INTERP header is located outside the first 4KiB page of
the ELF file, as the kernel previously didn't have support for looking
beyond that for that header.
Together with a first JSON file for bringing up a fully functional
BuggieBox container, we allow users to take advantage of the kernel
unsharing features that were introduced in earlier commits.
This new syscall will be used by the upcoming runc (run-container)
utility.
In addition to that, this syscall allows userspace to neatly copy RAMFS
instances to other places, which was not possible in the past.
These programs are capable of running other programs, so we should
restrict them from potentially running SUID programs, which was never a
functionality we supported for those programs anyway.
The whole concept of Jails was far more complicated than I actually want
it to be, so let's reduce the complexity of how it works from now on.
Please note that we always leaked the attach count of a Jail object in
the fork syscall if it failed midway.
Instead, we should have attach to the jail just before registering the
new Process, so we don't need to worry about unsuccessful Process
creation.
The reduction of complexity in regard to jails means that instead of
relying on jails to provide PID isolation, we could simplify the whole
idea of them to be a simple SetOnce, and let the ProcessList (now called
ScopedProcessList) to be responsible for this type of isolation.
Therefore, we apply the following changes to do so:
- We make the Jail concept no longer a class of its own. Instead, we
simplify the idea of being jailed to a simple ProtectedValues boolean
flag. This means that we no longer check of matching jail pointers
anywhere in the Kernel code.
To set a process as jailed, a new prctl option was added to set a
Kernel SetOnce boolean flag (so it cannot change ever again).
- We provide Process & Thread methods to iterate over process lists.
A process can either iterate on the global process list, or if it's
attached to a scoped process list, then only over that list.
This essentially replaces the need of checking the Jail pointer of a
process when iterating over process lists.
Expose some initial interfaces in the mount-related syscalls to select
the desired VFSRootContext, by specifying the VFSRootContext index
number.
For now there's still no way to create a different VFSRootContext, so
the only valid IDs are -1 (for currently attached VFSRootContext) or 1
for the first userspace VFSRootContext.
Negative numbers now display correctly in SpinBox.
Previously, they displayed as the negative sign only (no number).
Now the user can also type negative numbers into the SpinBox.
These were accidentally no longer set after
2c396b5378fec5f4470e1e1e950806dff8005f08
(cherry picked from commit f20010c1d3a66aaabd5da5a96c578ad013756f99)
Previously we relied on signed overflow, this commit makes the same
behaviour explicit (avoiding UB in the process).
(cherry picked from commit 8c8310f0bddc874a9f7f07c4158f0abc799357d4)
With this we pass an additional ~2100 tests.
We are left with 7106 WASM fails :).
There's still some test cases in the iNxM tests that fail with
this PR, but they are somewhat weird.
(cherry picked from commit b4acd4fb0b7f4105c7ef673ccc00904114c3c468)
Co-authored-by: Diego Frias <styx5242@gmail.com>
Previously the validator put a `v128` on the stack, which is not what
the spec defines.
(cherry picked from commit 0d38572d8bd2a276be1b6066b62efd376ddbd4d6)
After a `memory.grow`, the type of the memory instance should be
updated so potential memory imports on the boundary are unlinkable.
(cherry picked from commit cdb6e834a1c0eaa6e62a9018026a599916332ab3)
Single-type blocktypes previously gave loop labels an arity of 1, even
though they're shorthand for `[] -> [T]`.
(cherry picked from commit ad6a80144c23f9ccdeeccb123a9de85396524040)
Since be2bf05 the ThreadEventQueue is now destroyed via a phread key
destructor, which leads to many other objects being destroyed. A bunch
of these destructors reference globals, but exit() calls destructors
on globals before phread destructors, this bad state leads to the hangs
seen in #24694.
Fixes#24694
When the min option is given the read will only be fulfilled when there
are min or more elements available in the readable byte stream.
When the min option is not given the default value for min is 1.
(cherry picked from commit 907dc84c1e8c3c236ade581f46dabdb144915c1d)
Lossless WebP allows having a 1-bit to 11-bit addressed
"color cache", where pixels are inserted into a content-addressed
cache of size `1 << color_cache_bits`. Pixels in the color
cache can be addressed using their index. This can be used
to refer to literal pixels using a single color_cache_bits
large symbol, instead of up to 4 symbols for GBRA.
We default to always using a color cache with 6 bits, unless
the input image already uses only a single channel already
(either as-is, or if we write a color indexing transform).
Due to this change, the size of the first prefix group
changes from being known at compile time (256 + 24)
to being known at runtime (256 + 24 + color_cache_size).
Change a few Array<>s to Vector<>s to make this work.
sunset_retro.png (876K):
1.6M -> 1.4M, 29.1 ms ± 0.9 ms -> 31.7 ms ± 0.9 ms
From 83% larger than the input file to 60% larger (12.5% smaller),
for a 9% slowdown.
The two gifs I usually test with don't change: Files using the
color _index_ transform (i.e. that have < 256 colors) don't
use the color _cache_ in our encoder.
This property is now correctly parsed.
Ladybird always uses overlay scrollbars so this property does nothing.
(cherry picked from commit 662317726549cd2dde4c7902b99f0b83397a3396)
The spec doesn't explicitly forbid calling this when the document
doesn't have a node navigable, so let's handle that situation gracefully
by just returning an empty list of ancestors.
I hit this VERIFY somewhere on the web, but I don't know how to
reproduce it.
Previously, the presence of surrounding whitespace would give file paths
the `https` schema instead of the `file` schema, making navigation
unsuccessful.
(cherry picked from commit ff7ca5c48c316e07b1bf631b2d7ed14c358dfa42)
This fixes many tests on
wpt/html/webappapis/scripting/events/event-handler-all-global-events.html
(cherry picked from commit 59f74b909ba161a143fb4cd5cbaf6dcf6734d240)
This fixes wpt/html/webappapis/scripting/events/messageevent-constructor.https.html
(cherry picked from commit ffb3a28684b1b4c028af93aa6d7d9194f002d503)
This allows selection to work within shadow roots and prevents the
selection being cleared if the mouse moves outside of the current
document or shadow root.
(cherry picked from commit e5d1261640a71a672c5cd19910f5f6288e65ed04)
Previously the input element was displayed with value 0, when no value
was set in the HTML. Now it uses `value_sanitization_algorithm()`, which
will calculate the default value.
In `value_sanitization_algorithm()` there was a logical mistake/typo.
The comment from the spec says "unless the maximum is less than the
minimum".
The added layout test would fail without the code changes.
Fixes#520
(cherry picked from commit 191531b7b18d2edf97dc7bf88a9c19903eeae2d5)
Now that we pass an `old_value` parameter to `attribute_changed` it is
no longer necessary to store the current attribute state in
`HTMLScriptElement`.
(cherry picked from commit aa4e18fca50b261eabd5672a3f1163b4ac7ef50b)
This aligns AO transform_stream_error_writable_and_unblock_write() with
the spec.
No functional change is introduced by this amendment.
(cherry picked from commit 24bed027b2db59935da185d3bd490718ccb37baa)
We now defer looking up the various identifiers by IdentifierTableIndex
until the last moment. This allows us to avoid the retrieval in common
cases like when a property access is cached.
Knocks a ~12% item off the profile on https://ventrella.com/Clusters/
(cherry picked from commit 509c10d14db0f2e2ce2b89f307d9dd360b855eb5,
amended to mark the two `throw_null_or_undefined_property_get` functions
static, as -Wmissing-declarations pointed out on CI)
Now that the Interpreter is the only user of these functions, we might
as well keep them in Interpreter.cpp which makes CLion less confused.
(cherry picked from commit ae0cfe4f2d260bfd804364c17f28494e3e8964c9)
Previously, when `WindowOrWorkerGlobalScope.reportError()` was called
the `filename` property of the dispatched error event was blank. It is
now populated with the full path of the active script.
(cherry picked from commit 34b987366449313c96a73ec1d70e88e60f2c4510)
Previously, setting CSS `line-height: 0` on an `input` element would
result in no text being displayed.
Other browsers handle this by setting the minimum height to the
"normal" value for single line inputs.
(cherry picked from commit 629068c2a7eb02db37ffb4fe8d536306ee71e156)
This method was unused and a FIXME remained for combining it with
another, similar method.
(cherry picked from commit df7f7268db5edb37b735f30586d774544537e342)
Previously the entire slider track was colored.
Now only the lower part of the slider track (left side of the thumb) is
colored.
Chrome and Firefox do the same.
(cherry picked from commit 7766909415312b971252f8c7750b0a1873fd5ba0)
This fixes some WPT failures caused by the "view" parameter not being
initialized from the property bag.
(cherry picked from commit 932a7d4d819fac9d0acfe4184574488dd69f94ec)
These methods were overriding properties specified by the EventInit
property bags in the constructor for WheelEvent and MouseEvent.
They appear to be legacy code and no longer relevant, as they would have
been used for ensuring natively dispatched events had the correct
properties --- This is now done in separate create methods, such as
MouseEvent::create_from_platform_event.
This fixes a couple WPT failures (e.g. in
/dom/events/Event-subclasses-constructors.html)
(cherry picked from commit 2c396b5378fec5f4470e1e1e950806dff8005f08)
This method puts the given node and all of its sub-tree into a
normalized form. A normalized sub-tree has no empty text nodes and no
adjacent text nodes.
(cherry picked from commit 0a0651f34ea927a0ca44dc5d2c7786f3dcf8da25)
Solving using the unconstrained height, when solving for bottom, would
either leave a gap over overflow its container.
(cherry picked from commit bee42160c5e2cdb949e6057f029391ee7e0fa9fa)
The first time Document learns its viewport size, we now suppress firing
of the resize event.
This fixes an issue on multiple websites that were not expecting resize
events to fire so early in the loading process.
(cherry picked from commit 4e7558c88b7a993686bb3dc173731e677efe5e26)
This allows global `let` and `const` variable accesses to be cached
by the GetGlobal instruction, and works even when the access is in a
different translation unit from the declaration.
Knocks a ~10% item off the profile on https://ventrella.com/Clusters/
(cherry picked from commit 9448c957c136e62b374a0f8998d1d51906e59fb5)
From https://html.spec.whatwg.org/multipage/scripting.html#script-processing-model:
When a script element el that is not parser-inserted experiences one
of the events listed in the following list, the user agent must
immediately prepare the script element el:
- [...]
- The script element is connected and has a src attribute set where
previously the element had no such attribute.
(cherry picked from commit d890be6e0f7db08ab39ba546cb3421b50b687cda)
The style of input and textarea elements is now invalidated when focus
is changed to a new element. This ensures any `:focus` selectors are
applied correctly.
(cherry picked from commit 572324d47b99bcfbc5db5ff6aef0d6c4eb15ce4c)
Instead of using fixed arbitrary colors for the background of the bar,
AccentColor and Background are now used.
(cherry picked from commit 062a266574a24fe13f2a77401b97f833c3cdd099)