If we have a valid PNG header with geometry info etc, we should still
display it as *something*, even if the image data itself is missing or
corrupted.
This matches the behavior of other browsers, and is something that
Cloudflare Turnstile checks for.
To achieve this, we split the PNG decoder's initialization into two
steps: "everything except reading frame data" and "reading frame data".
If the latter step fails, we yield a transparent bitmap with the
geometry from the PNG's IHDR chunk.
The popoverTargetElement seems to be one of the only cases of a
reflected Element? attribute in the HTML spec, the behaviour of which
is specified in section 2.6.1.
Buttons can't actually toggle popovers yet because showing/hiding
popovers is not implemented yet.
Setting the `width` or `height` properties of `HTMLCanvasElement` to a
value greater than 2147483647 will now cause the property to be set to
its default value.
Recently reported against the shadow realm proposal after running into
issues with WPT tests.
In a nested shadow realm, the associated realm is a shadow realm, not
the principal realm. One such issue this fixes is a crash when a nested
shadow realm performs an operation which requires the principal settings
object.
This change ensures that the correct default value of 0 is used and
that values greater than 2147483647 will fall back to the default value.
It also splits the display size concept into a separate method, as
this isn't supposed to be used when getting the IDL property.
Attempting to set `HTMLInputElement.size` to 0 via IDL now throws an
IndexSizeError DOMException. Attempting to set it to a value larger
than 2147483647 results in it being set to the default value.
If `HTMLMarqueeElemnt.scrollAmount` or `HTMLMarqueeElemnt.scrollDelay`
is set to a value larger than 2147483647, then it should be set to its
default value.
Previously, the list was copied when constructing the FormData object,
then the original list was passed to the event, meaning any changes to
the list that happened within the event would not be reflected outside
of it.
This is required by mini Cloudflare invisible challenges, as it will
only run if the readyState is not "loading". If it is "loading", then
it waits for readystatechange to check that it's not "loading" anymore.
Initial about:blank iframes do not go through the full navigation and
thus don't go through HTMLParser::the_end, which sets the ready state
to something other than "loading". Therefore, the challenge would never
run, as readyState would never change.
Seen on https://discord.com/login
The MessagePort one in particular is required by Cloudflare Turnstile,
as the method it takes to run JS in a worker is to `eval` the contents
of `MessageEvent.data`. However, it will only do this if
`MessageEvent.isTrusted` is true, `MessageEvent.origin` is the empty
string and `MessageEvent.source` is `null`.
The Window version is a quick fix whilst in the vicinity, as its
MessageEvent should also be trusted.
The insertion steps for iframes were following an old version of the
spec, where it was checking if the iframe was "in a document tree",
which doesn't cross shadow root boundaries. The spec has since been
updated to check the shadow including root instead.
This is now needed for Cloudflare Turnstile iframe widgets to appear,
as they are now inserted into a shadow root.
This was preventing https://ubereats.com/ from fully loading, because
they are attempting to overwrite setItem. They seem to be trying to add
error logging to setItem if it throws, as all they do is add a
try/catch block that emits an error log to their monitoring service if
it throws.
However, because Storage is a legacy platform object with a named
property setter (setItem), it will call setItem with the stringified
version of the function. This is actually expected as per the spec,
Firefox (Gecko) and Epiphany (WebKit) does this too, but Chromium does
not as it actually overwrites the function with the new function and
does not store the stringified function.
The problem is that we had the LegacyOverrideBuiltIns flag accidentally
set, so it would return the stored string instead of the built-in
function (hence the name), then it would try and call it and throw a
"not a function" error. This prevented their JS from going any further.
This fix allows their UI to fully load and be fully interactive, though
it is quite slow at the moment!
This is enough for a basic shadow realm to work :^)
There is more that we still need to implement here such as module
loading and fixing up the global object, but this is enough to get some
basic usage working.
If the attribute value is the empty string `(lang="")`, the language
is set to unknown. `lang` attribute higher up in the document tree
will no longer be applied to the content of that element.
We guarded one step against a null navigable, but the very next step
also needs to be protected. Let's just abort early instead. This was
caught by the following imported WPT test:
html/dom/elements/the-innertext-and-outertext-properties/innertext-setter.html
This test adds a <frame> element and immediately removes it, but the
task to process the src attribute is already queued. Note that <iframe>
would have the same issue, but this test does not include them.
NavigableContainer is our home grown concept which already contains the
AOs needed for frame and iframe elements. This patch simply aligns our
HTMLFrameElement implementation with this class.
A couple of notes:
1. The <script> in the <head> element is intentional. The <frameset>
element effectively takes the place of the <body> element, and we
cannot add a <script> to a <frameset> element.
2. We don't render <frameset> or <frame> at all. Rendering is defined
in the following spec:
https://html.spec.whatwg.org/multipage/rendering.html#frames-and-framesets
3. If you load the test page in your browser, you won't see anything,
regardless of (2). Our test infra adds a <pre> element to the "body"
element (which is the <frameset> element here). Such children will
never be rendered. In the future, we could come up with something
better for our test infra to do, but this isn't important anyways
for this test - we can still grab the <pre> element's innerText.
Stealing the callbacks from the AnimationFrameCallbackDriver made them
no longer safe from GC. Continue to store them on the class until we
have finished their execution.
