When loading an XML resource into an iframe and the resource fails to
decode (e.g due to invalid UTF-8), we must still fire a load event.
This fixes the regression in subtest 69 of Acid3.
Navigation should not run for <object> element until it is inserted into
a document. Spec deoes not seem to explicitely say that, but that
matches other browsers behavior.
Fixes hanging after reloading in Acid3 test.
This otherwise caused a race condition between the signal dispatcher
(which sets sepc to the signal trampoline) and sepc being updated in the
trap handler.
We obviously have to keep the sepc set by the signal dispatcher and not
increment it afterwards.
There were two things going wrong here:
- Transformed text (via CSS text-transform) was not invalidated after a
`@media` rule changed state.
- Removing the `style` attribute from an element didn't trigger a style
update.
This fixes the regression in subtest 46 of Acid3.
Fixes#21777
Some really cursed servers simply drop the TCP socket on the floor when
they're trying to close an HTTP connection going through a TLS socket.
This commit makes LibTLS tolerate these silly servers, and LibHTTP
accept their idea of "EOF == connection closed".
Fixes loading wpt.live/acid/acid3/test.html.
Note that this means TLSv12::on_ready_to_read can fire with an empty
buffer signifying EOF; one test refused this behaviour, and has been
changed in this commit.
As a layout test, this verifies that the fallback attr() substitution
results in the expected layout node. For example, the fallback content
for a `string` attribute type should create a text node.
I haven't found this being mentioned in the current spec, but that is
what chromium (atm the only other Navigation API implementer) does.
Fixes crashing when location.hash is changed subsequently more than once
using JS.
When launched with the new --enable-idl-tracing option, we now log
every call to web platform APIs declared via IDL, along with the
arguments passed.
This can be very helpful when trying to figure out what a site is
doing, especially if it's not doing what you'd expect.
When running with --log-all-js-exceptions, we will print the message
and backtrace for every single JS exception that is thrown, not just
the ones nobody caught.
This can sometimes be very helpful in debugging sites that swallow
important exceptions.
Fixes bug when "navigate forward" button in UI is disabled after
performing following steps:
1. Load page with an iframe (top step = 0, iframe step = 0)
2. Navigate iframe to different document (top step = 0, iframe step = 1)
3. Navigate back from browser UI (top step = 0, iframe step = 0)
No test because change is only observable from browser UI.
Previously, the parent CSS stylesheet, owner node and owner CSS rule
properties were not unset when removing a sheet from a StyleSheetList.
This change moves the methods for adding and removing sheets to and
from a StyleSheetList, directly into the StyleSheetList class and
ensures they are called as required by the CSSOM specification.
While this clutters Process.cpp a tiny bit, I feel that it's worth it:
- 2x speed on the kcov_loop benchmark. Likely more during fuzzing.
- Overall code complexity is going down with this change.
- By reducing the code reachable from __sanitizer_cov_trace_pc code,
we can now instrument more code.
Sticking this to the function source has multiple benefits:
- We instrument more code, by not excluding entire files.
- NO_SANITIZE_COVERAGE can be used in Header files.
- Keeping the info with the source code, means if a function or
file is moved around, the NO_SANITIZE_COVERAGE moves with it.
This reverts commit 9dbec601b0.
For KCOV to be performant (or at least not even slower) we need to
mmap the PC buffer from both user and kernel space at the same time.
You can't mmap a character device, so this change didn't make sense.
Plus even if we did invent a new method to exfiltrate the coverage
information out of the kernel, it would be incompatible with existing
kernel fuzzers. That would be kind of annoying. 🙃
GCC sometimes complains about the The `no_sanitize("address")` syntax,
and clang sometimes complains abouth the `no_sanitize_address` syntax.
Both claim to support both, so that's neat!
A tag tree is a data structure used for deserializing JPEG2000
packet headers.
We don't use them for anything yet, except from tests.
The implementation feels a bit awkward to me, but we can always polish
it later.
The spec thankfully includes two concrete examples. The code is
correct enough to pass those -- I added them as test.
