Invalidation for adopted style sheets was broken because we had an
assumption that "active" style sheet is always attached to
StyleSheetList which is not true for adopted style sheets. This change
addresses that by keeping track of all documents/shadow roots that own
a style sheet and notifying them about invalidation instead of going
through the StyleSheetList.
This replaces the old `OAEP` implementation with one backed by OpenSSL.
The changes also include some added modularity to the RSA class by
making the `RSA_EME` and `RSA_EMSE` for encryption/decryption and
signing/verifying respectively.
This commit replaces the old implementation of `EMSA_PKCS1_V1_5` with
one backed by OpenSSL. In doing so, the `sign` and `verify` methods of
RSA have been modified to behave like expected and not just be
encryption and decryption.
I was not able to split this commit because the changes to `verify` and
`sign` break pretty much everything.
It used to be that the caller would supply a buffer to write the output
to. This created an anti-pattern in multiple places where the caller
would allocate a `ByteBuffer` and then use `.bytes()` to provide it to
the `PKSystem` method. Then the callee would resize the output buffer
and reassign it, but because the resize was on `Bytes` and not on
`ByteBuffer`, the caller using the latter would cause a bug.
Additionally, in pretty much all cases the buffer was pre-allocated
shortly before.
`current_property_id()` is insufficient to determine if a quirk is
allowed. For example, unitless lengths are allowed in certain
properties, but NOT if they are inside a calc() or other function. It's
also incorrect when we are parsing a longhand inside a shorthand. So
instead, replace that with a stack of value-parsing contexts. For now,
this is either properties or CSS functions, but in future can be
expanded to include media features and other places.
This lets us disallow quirks inside functions, like we're supposed to.
It also lays the groundwork for being able to more easily determine
what type a percentage inside a calculation should become, as this is
based on the same stack of contexts.
Previously, a crash would occur when attempting to throw an error in
this case because the method used to create the exception tried to get
the current realm from the execution context stack, which is empty. The
realm is now passed explicitly when constructing the error, avoiding
the crash.
Instead of always reporting a colno and lineno of zero try and use the
values from the Error object that may be provided, falling back to the
source location of the invocation if not provided. We can definitely
improve the reporting even more, but this is a start!
Also update this function to latest spec while we're in the area.
This isn't a full fix, as the paint function does not handle this
either. But instead of getting the bitmap from the image source
immediately, follow the spec a bit more closely by creating the
CanvasPatern object with the ImageSource directly.
Fixes a crash for the 5 included WPT tests.
Replace our slow, possibly incorrect RSA key generation with OpenSSL.
This should fix many WPT tests that are timing out because we were too
slow at computing keys.
We added these methods to propagate OOM errors at process startup, but
we longer fret about these tiny OOM failures. Requiring that these init
methods be called prohibits using these strings in processes that have
not set up a MainThreadVM. So let's just remove them and initialize the
strings in a sane manner.
In doing so, this also standardizes how we initialize strings whose C++
variable name differs from their string value. Instead of special-casing
these strings, we just include their string value in the x-macro list.
This makes it more convenient to use the 'relvant agent' concept,
instead of the awkward dynamic casts we needed to do for every call
site.
mutation_observers is also changed to hold a GC::Root instead of raw
GC::Ptr. Somehow this was not causing problems before, but trips up CI
after these changes.
URL::basic_parse has a subtle bug where the resulting URL is not set
to valid when StateOveride is provided and the URL parser early returns
a valid URL.
This has not surfaced as a problem so far, as the only users of the
state override API provide an already valid URL buffer and also ignore
the result of basic parsing with a state override.
However, this bug surfaces implementing the URL pattern spec, which as
part of URL canonicalization:
* Provides a dummy URL record
* Basic URL parses that URL with state override
* Checks the result of the URL parser to validate the URL
While we could set URL validity on every early return of the URL parser
during state override, it has been a long standing FIXME around the code
to try and remove the awkward validity state of the URL class. So this
commit makes the first stage of this change by migrating the basic
parser API to return Optional, which also happens to make this subtle
issue not a problem any more.
This matches the behavior of other browsers, which always set the dirty
checkedness flag when setting checkedness, except when setting the
`checked` content attribute.
Implement the Ed448 curve for signing and verifying using OpenSSL.
The methods could be all made static, but all other curves are not.
I think this is material for further refactoring.
Previously, <a> elements were frequently invalidated because
`set_the_url()` was called by `reinitialize_url()`, which is a
preparation step in every HTMLHyperlinkElementUtils function. As a
result, styles were unnecessarily invalidated each time any of these
functions were invoked without changing the URL.
This change causes explicit role=none and role=presentation attribute
values to be ignored in cases where the elements for which those values
are specified are either focusable, or have global ARIA attributes —
per https://w3c.github.io/aria/#conflict_resolution_presentation_none.
This change implements the role-checking requirement from the ARIA spec
at https://w3c.github.io/aria/#document-handling_author-errors_roles
that the “form” and “region” roles are required to have accessible
names — and that if they don’t have accessible names as required, UAs
must treat them as if they’d not been specified at all.
This change causes explicitly-specified role attributes to be ignored in
the case where the specified role is “orphaned” — that is, when its
element lacks a required ancestor with an appropriate role.
Per https://w3c.github.io/aria/#document-handling_author-errors_roles,
determining whether to ignore certain specified landmark roles requires
first determining whether the element for which the role is specified
has an accessible name.
But if we then try to retrieve a role for such elements, we end up
calling right back into the accessible-name computation code — which
would cause the calls to loop infinitely.
So to avoid that — and to have handling for any other future cases the
spec may introduce of such recursive calls that will loop indefinitely —
this change introduces a parameter that callers can pass to cause
role-attribute lookup to be skipped during accessible-name computation.
This change adds a virtual to_element function to ARIAMixin, and
overrides it in DOM::Element so it can then be used back inside
ARIAMixin to get an element when needed (for example, when computing a
role requires checking the roles of ancestors of an element).
This accurately reflects the spec it's implementing. This algorithm is
used in 5 spots in the spec but the old buggy behavior was never
triggered:
* In both ::extract() and ::clone_the_contents(), invocations to this
method are guarded by a check to see if the start node is the
inclusive ancestor of the end node, or vice versa - effectively
resulting in the inequality checks to be accidentally correct.
* In ::surround_contents(), we forego the usage of this algorithm as
stated in the spec, and instead use a correct and more optimized
version that simply compares the start and end nodes.
A lot of words to say: no functional changes :^)
Previously the enforcement was only done on creation. Not enforcing it
on change would cause a crash if the canvas width/height was set to
zero or less.
Required by https://qwasm2.m-h.org.uk, which adds a custom `name`
attribute to objects it generates. It then gets some of these objects
out with getParameter, and expects the `name` attribute to be there.
Rather than partly-converting number, dimension, and ident tokens at the
start of parsing a calculation, and then later finishing it off, we can
just do the whole step in convert_to_calculation_node(). This is a
little less code, but mainly means we are left with only a single use
of the Dimension type in the codebase, so that can be removed soon.
Various places in the spec allow for `<number> | <percentage>`, but this
is either/or, and they are not allowed to be combined like dimensions
and percentages are. (For example, `calc(12 + 50%)` is never valid.)
User code generally doesn't need to care about this distinction, but it
does now need to check if a calculation resolves to a number, or to a
percentage, instead of a single call.
The existing parse_number_percentage[_value]() methods have been kept
for simplicity, but updated to check for number/percentage separately.
An upcoming change requires that we can determine which property we are
parsing before we parse the value. That's the opposite of what this
code previously did, which was to parse a generic dimension or calc()
and then figure out what property would accept it.
