With the introduction of shadow realms, there will be two different
possible host defined objects. For clarity, rename the existing host
defined object to PrincipalHostDefined.
This allows you to get the module map for any realm, whether it is a
principal or synthetic realm. We don't yet have the concept of a
synethetic realm, but this puts the groundwork in place for it.
This is a bit of a chonkier commit as it results in both:
clean_up_after_running_callback and prepare_to_run_callback being
changed to accept a realm instead of an environment settings object,
which has a bunch of fallout, particuarly for IDL abstract operations.
Instead of a settings object. This matches updates to the HTML spec as
part of the shadow realm proposal, and begins the refactor of running
scripts on a realm instead of a settings environment object.
Some of the spec steps are slightly messy here (such as in
MainThreadVM.cpp) as this partially implements the ShadowRealm changes
but not other pieces which we have not implemented yet, such as
preparing to run a script also being based on a realm instead of an
environment. But this will be addressed in further commits.
In terms of the 'current principal realm' definition.
No functional impact, as we still need to implement current principal
realm once the surrounding infrastructure is in place. But it is one
less place which needs to be updated when that is all in place :^)
Aligning the name with the the PR implementing the javascript
shadow realm proposal into the web platform. This commit
simply performs the rename before implementing the behaviour
change.
The actual change to the behaviour of the AO is not implemented in this
commit to support 'synthetic' shadow realms as the surrounding
infrastructure is not in place yet.
Not all specs have a MR open to align with this proposed change to the
HTML standard. But in this case we can just apply the same mechanical
change everywhere.
This aligns with an update to the HTML specification which instead
stores these promises on the global object instead of the settings
object.
It also makes progress towards implementing the ShadowRealm proposal
as these promises are not present in the 'synthetic' realm for that
proposal.
The only subclass was already GC-allocated, so let's hoist the JS::Cell
inheritance up one level. This ends up simplifying a bit of rather
dubious looking code where we were previously slicing ESOs.
Changes the signature of queue_global_task() from AK:Function to
JS::HeapFunction to be more clear to the user of the function that this
is what it uses internally.
...and use HeapFunction instead of SafeFunction for task steps.
Since there is only one EventLoop per process, it lives as a global
handle in the VM custom data.
This makes it much easier to reason about lifetimes of tasks, task
steps, and random stuff captured by them.
This URL library ends up being a relatively fundamental base library of
the system, as LibCore depends on LibURL.
This change has two main benefits:
* Moving AK back more towards being an agnostic library that can
be used between the kernel and userspace. URL has never really fit
that description - and is not used in the kernel.
* URL _should_ depend on LibUnicode, as it needs punnycode support.
However, it's not really possible to do this inside of AK as it can't
depend on any external library. This change brings us a little closer
to being able to do that, but unfortunately we aren't there quite
yet, as the code generators depend on LibCore.
This will be used to transfer information about the parent context to
DedicatedWorkers and future out-of-process Worker/Worklet
implementations for fetching purposes. In order to properly check
same-origin and other policies, we need to know more about the outside
settings than we were previously passing to the WebWorker process.
We only need to know that the Global Object of the environment is an
event target in order to dispatch an event on it. This resolves a FIXME
where we assumed that the only type of Global in LibWeb is HTML::Window.
This commit un-deprecates DeprecatedString, and repurposes it as a byte
string.
As the null state has already been removed, there are no other
particularly hairy blockers in repurposing this type as a byte string
(what it _really_ is).
This commit is auto-generated:
$ xs=$(ack -l \bDeprecatedString\b\|deprecated_string AK Userland \
Meta Ports Ladybird Tests Kernel)
$ perl -pie 's/\bDeprecatedString\b/ByteString/g;
s/deprecated_string/byte_string/g' $xs
$ clang-format --style=file -i \
$(git diff --name-only | grep \.cpp\|\.h)
$ gn format $(git ls-files '*.gn' '*.gni')
Stop worrying about tiny OOMs. Work towards #20449.
While going through these, I also changed the function signature in many
places where returning ThrowCompletionOr<T> is no longer necessary.
This is fixed by making the "about to be notified rejected promises
list" use JS::Handle instead of JS::NonnullGCPtr. This UAF happens
because notify_about_rejected_promises makes a local copy of this list,
empties the member variable list and then moves the local copy into a
JS::SafeFunction lambda. JS::SafeFunction can only see GC pointers that
are in its storage, not external storage.
Example exploit (requires fixed microtask timing by removing the dummy
execution context):
```html
<script>
Promise.reject(new Error);
// Exit the script block, causing a microtask checkpoint and thus
// queuing of a task to fire the unhandled rejection event for the
// above promise.
// During the time after being queued but before being ran, these
// promises are not kept alive. This is because JS::SafeFunction cannot
// see into a Vector, meaning it can't visit the stored NonnullGCPtrs.
</script>
<script defer>
// Cause a garbage collection, destroying the above promise.
const b = [];
for (var i = 0; i < 200000; i++)
b.push({});
// Some time after this script block, the queued unhandled rejection
// event task will fire, with the event object containing the dead
// promise.
window.onunhandledrejection = (event) => {
let value = event.promise;
console.log(value);
}
</script>
```
We have a new, improved string type coming up in AK (OOM aware, no null
state), and while it's going to use UTF-8, the name UTF8String is a
mouthful - so let's free up the String name by renaming the existing
class.
Making the old one have an annoying name will hopefully also help with
quick adoption :^)
We can't be nuking the ESO while its owned execution context is still on
the VM's execution context stack, as that may lead to a use-after-free.
This patch solves this by adding a `context_owner` field to each context
and treating it as a GC root.
These lambdas were marked mutable as they captured a Ptr wrapper
class by value, which then only returned const-qualified references
to the value they point from the previous const pointer operators.
Nothing is actually mutating in the lambdas state here, and now
that the Ptr operators don't add extra const qualifiers these
can be removed.
(And BrowsingContextGroup had to come along for the ride as well.)
This solves a number of nasty reference cycles between browsing
contexts, history items, and their documents.
