Previously we would incorrectly handle the (somewhat uncommon) case of
binding and then separately connecting a tcp socket to a server, as we
would register the socket during the manual bind(2) in the sockets by
tuple table, but our effective tuple would then change as the result of
the connect updating our target peer address. This would result in the
the entry not being removed from the table on destruction, which could
lead to a UAF.
We now make sure to update the table entry if needed during connects.
POSIX (rightfully so) specifies that the sendto address argument is
ignored in connection-oriented protocols.
The TCPSocket also assumed the peer address may not change post-connect
and would trigger a UAF in sockets_by_tuple() when it did.
This also removes the code for displaying `gemini://` documents. We
currently don't load documents from that protocol anyway - we hit
`attempt_to_create_a_non_fetch_scheme_document()` in `Navigable.cpp`
which is just a stub. It looks like we should be handling those
separately from regular "fetch" documents, so that's a task for a
future person.
(Apologies for bad commit title, it's hard to explain in such a short
space!)
We're going to need to call this for producing markdown and gemini
documents, both of which need a Document and Realm to fetch the entire
response body, so that they can then generate their HTML. So this
commit modifies `create_document_for_inline_content()` to take a lambda
instead of a fixed HTML string, to support these uses.
Also, we always return a nonnull pointer, so make that the return type.
This is a move and change in the same commit, (Sorry!) but all the
changes are to the function signature and step 6.
There's an unfortunate hack here. We have to load the media file's data
before we call `HTML::HTMLParser::the_end()` with our generated
document, otherwise the media element (`<img>`/`<audio>`/`<video>`)
never loads and that blocks the document's load event. The previous code
path also did this, which is perhaps why the bug was never noticed.
This is a little awkward: The spec requires when loading media documents
or ones that don't have a DOM, that we "act as if the user agent had
stopped parsing document" which means following this algorithm. Only a
few steps require an HTMLParser, but those that do, involve reaching
into its internals. The simplest solution I could think of (other than
duplicating this fairly hefty function) is making it static and taking
a Document and optional HTMLParser as parameters.
So far, we always call make_active() before update_readiness
(Complete), but this will soon not be the case once we implement the
spec document-loading algorithms.
Co-authored-by: Aliaksandr Kalenik <kalenik.aliaksandr@gmail.com>
This function is currently very ad-hoc. This commit adds comments which
are almost entirely FIXMEs, so that we can then start filling in the
details one step at a time.
There's no mention in the spec of this being optional, all the places
that call it always pass a NavigationParams directly, and we're
VERIFYing that it's got a value too!
Before this change, we would only cache and reuse Gfx::ScaledFont
instances for downloaded CSS fonts.
By moving it into Gfx::VectorFont, we get caching for all vector fonts,
including local system TTFs etc.
This avoids a *lot* of style invalidations in LibWeb, since we now vend
the same Gfx::Font pointer for the same font when used repeatedly.
We don't need to skip whitespace at the top level because that's already
done before we're called. But we do still have to skip it inside the
`add()` function
This is (part of) a normative change in the ECMA-262 spec. See:
a9ae96e
This implements just support for resizing ArrayBuffer objects. This does
not implement the SharedArrayBuffer changes, as we do not have enough
support to do so.
The IsValidIntegerIndex AO performs the checks we are interested in. The
manual implementation we currently have will no longer compile once the
resizable ArrayBuffer spec is implemented. The AO will be updated with
the spec implementation, so let's use it now to avoid breakage.
This renames IntegerIndexedElementGet to TypedArrayGetElement, and
IntegerIndexedElementSet to TypedArraySetElement.
This also renames the indexedPosition variable inside these method
definitions to byteIndexInBuffer.
These are part of a couple editorial changes in the ECMA-262 spec. See:
03e4410a1a4d48
The remainder of the changes in those commits apply to the resizable
ArrayBuffer spec, which is not implemented in LibJS as of this commit.
After the resizable ArrayBuffer proposal was merged, a bunch of methods
had their spec numbers/headers changed. This patch just updates existing
methods to make future patches easier to grok.
Fixes a bug when the Qt client does not repaint after resizing
when the following sequence of IPC calls happens:
1. In the resize handler, the client sends set_viewport_rect to
WebContent.
2. WebContent starts repainting in response to the changed viewport
size.
3. In the resize handler, the client updates backing stores and sends
new ids and shared bitmaps to WebContent using the add_backing_store
call.
4. WebContent sends an acknowledgment to the client that painting
finished using the old id.
5. The client discards the repaint because it expects a new backing
store id.
