We will no longer create bitmap buffers for canvases that exceed a
total area of (16384 * 16384) pixels. This matches what some other
browser do.
Thanks to @itamar8910 for finding this! :^)
`ResourceLoader::load` now rejects URLs which specify a `port`
associated with network services known to be vulnerable to
inter-protocol exploitation.
Fixes#1735
In order to complete a relative URL, we need a Document. Fix this by
giving XMLHttpRequest a pointer to its window object. Then we can go
from the window to the document, and then we're home free. :^)
This patch adds very basic XMLHttpRequest support to LibWeb. Here's an
example that currently works:
var callback = function() { alert(this.responseText); }
var xhr = new XMLHttpRequest();
xhr.addEventListener("load", callback);
xhr.open("GET", "http://serenityos.org/~kling/test/example.txt");
xhr.send();
There are many limitations and bugs, but it's pretty dang awesome that
we have XHR. :^)
Add an implementation of CanvasRenderingContext2DWrapper.strokeRect().
While implementing this I fixed fillRect() and the new strokeRect() to
honor the .scale() and .translate() values that had previously been plumbed.
Also enhance the canvas.html demo to utilize strokeRect(), scale(), and translate().
Every Document now has an Origin, found via Document::origin().
It's based on the URL of the document.
This will be used to implement things like the same-origin policy.
Running event handlers in response to a mouse event may cause full
layout invalidation, so we can't expect the layout root to be present
right after returning from JS.
Fixes#1629.
This patch adds a new kind of JS::Value, the empty value.
It's what you get when you do JSValue() (or most commonly, {} in C++.)
An empty Value signifies the absence of a value, and should never be
visible to JavaScript itself. As of right now, it's used for array
holes and as a return value when an exception has been thrown and we
just want to unwind.
This patch is a bit of a mess as I had to fix a whole bunch of code
that was relying on JSValue() being undefined, etc.
Our C++ code generator tools have been relying on host-side dbg() being
forwarded to stdout until now. Now they use out() instead.
Hopefully this will make it easier and more enticing to use streams in
userspace programs as well. :^)
We were allowing this dangerous kind of thing:
RefPtr<Base> base;
RefPtr<Derived> derived = base;
This patch changes the {Nonnull,}RefPtr constructors so this is no
longer possible.
To downcast one of these pointers, there is now static_ptr_cast<T>:
RefPtr<Derived> derived = static_ptr_cast<Derived>(base);
Fixing this exposed a ton of cowboy-downcasts in various places,
which we're now forced to fix. :^)
When we encounter a '<' during HTML parsing, we now look ahead to see
if there is a full </script> coming, otherwise we treat it as text.
This makes it possible to use '<' in inline scripts. :^)
StartDownload requests for unhandled protocols (or invalid URLs) will
now refuse to load instead of asserting. A failure code is sent back
to LibProtocol and Protocol::Client::start_download() returns nullptr.
Fixes#1604.
Scripts loaded in this way will block the parser until they finish
executing. This means that they see the DOM before the whole document
has been fully parsed. This is all normal, of course.
To make this work, I changed the way we notify DOM nodes about tree
insertion. The inserted_into() callbacks are now incrementally invoked
during parse, as each node is appended to its parent.
To accomodate inline scripts and inline style sheets, we now also have
a children_changed() callback which is invoked on any parent when it
has children added/removed.
This function creates a nested event loop and runs a load() operation
inside it, returning only once the load has either succeeded or failed.
This will be used to implement blocking loads (ew!)
The Help application was hooking HtmlView::on_link_click, which would
get invoked before DOM event dispatch. Since we were holding on to the
clicked node with a Node*, the DOM node was gone after returning from
the on_link_click callback.
Fix this by keeping DOM nodes in RefPtrs in the event management code.
Also move DOM event dispatch before widget hook invocation, to try and
keep things sane on the LibWeb side of things.
Fixes#1605.
Let's move towards using references over pointers in LibJS as well.
I had originally steered away from it because that's how I've seen
things done in other engines. But this is not the other engines. :^)
LibWeb now creates a WindowObject which inherits from GlobalObject.
Allocation of the global object is moved out of the Interpreter ctor
to allow for specialized construction.
The existing Window interfaces are moved to WindowObject with their
implementation code in the new Window class.
I made some mistakes in the selector parsing code. It's now able to
parse selectors composed of multiple complex selectors, instead of just
one complex selector.
This currently returns a JS::Array of elements matching a selector.
The more correct behavior would be to return a static NodeList, but as
we don't have NodeLists right now, that'll be a task for the future.
