Since the central directory offset in the end of central directory
record and the local file offset in each central directory header
are user-controlled arbitary data, we have to bounds check them
before using them.
We now also check we have enough space in the incoming buffer for the
various signatures and optional (length specified) fields. This helps
prevents a possible heap overflow read.
Because it's what it really is. A frame is composed of 1 or more samples, in
the case of SerenityOS 2 (stereo). This will make it less confusing for
future mantainability.
Just a sanity check, this must never happen. Manual invocations of
call() e.g. in LibWeb bindings must pass js_undefined() if no specific
this value is desired, which OrdinaryCallBindThis will then use as-is or
turn into the global this value in non-strict mode.
Section 10.6.4 rule 5 of the CSS height property spec outlines a method
to compute the height of an absolutely positioned block when the 'top'
and 'bottom' CSS properties are specified.
The case for computing auto-height of block elements which have block-
level children was erroneously skipping some children:
1. If the block element itself is absolute or floating, all children
were skipped due to a likely typo ("box" vs. "child_box" inside the
for-each loop).
2. Floating children should only be skipped if the block element's
'overflow' property computes to 'visible', per section 10.6.3 of the
CSS height property spec. If the property computes to another value,
section 10.6.7 only indicates that absolutely positioned children
should be skipped.
In single process mode, the browser will display a page's favicon in
both the location bar and tab. This adds the same support for multi-
process mode.
This leaves menu applets running but invisible, and that's a regression
we need to take care of obviously. But not today, because it's getting
too late.
This patch begins the transition away from the global menu towards
per-window menus instead.
The global menu looks neat, but has always felt clunky, and there
are a number of usability problems with it, especially in programs
with multiple windows.
You can now call GUI::Window::set_menubar() to add a menubar to
your window. It will be specific to that one window only.
This commit replaces the usage of String::starts_with with
Utf8View::starts_with, which first decodes the utf8 encoded
string, and as such can take things like overlong encoded
sequences into account (which could otherwise cause the prefix
check to be inconsistent with the following code points check).
Since input events may trigger window portions to be invalidated,
rather than making a round trip to WindowServer to get paint events
we can simply fake an immediate paint event and update the window
contents more quickly.
Improves #5881
This is the JSTestRunnerCounts struct from test-js and test-web (but
using unsigned integers - no negative counts). Not all test runners will
use all fields, but all will want to keep track of various counts.
Since we have Value::Type::Int32 now, let's use the Value(i32)
constructor here directly by not casting these i32 values to doubles.
The Value(double) would also figure out that these can be stored as
integers, but needs to do extra work which is not needed here. :^)
Just like to_size_t() - which was already removed in f369229 - this is
non-standard, use to_length() instead. One remaining use was removed,
and I'm glad it's gone. :^)
toGMTString() is deprecated but is kept for compatibility's sake, but because
HTTP Dates are always expressed in GMT, it should be safe to call toUTCString()
in toGMTString().
When the notification was closed, the connection was kept around. This
caused the core event loop to take up nearly all CPU, so instead of
checking the connection we clear it on close and add state variables
to check state.
With this RefPtr, we can initialize the connection to the
NotificationServer upon showing the notification. With this, we can
prevent double shows and updates or closes before showing.
This commit puts all of the remaining pieces in place. This adds a
mechanism to update the text, title, and icon of an image. If an image
is not provided, the default ladybug will be shown.
If a notification was closed, the connection will now be dead. To
prevent inconsistencies between when a user closes a notification and
when an application closes an applicated, check if the notification has
been closed before allowing any action.
