Age | Commit message (Collapse) | Author |
|
These instances were detected by searching for files that include
Array.h, but don't match the regex:
\\b(Array(?!\.h>)|iota_array|integer_sequence_generate_array)\\b
These are the three symbols defined by Array.h.
In theory, one might use LibCPP to detect things like this
automatically, but let's do this one step after another.
|
|
If text-top or text-bottom are given as values for the vertical-align
property, actually use them and calculate the respective position of
the element.
The actual calculations done (using the font_size, descent, etc.) are
not exactly how I imagined them when reading the spec, but the results
seem acceptable when compared to other browsers.
|
|
Previously, calculated properties for line-heights were not being
calculated and were simply ignored.
|
|
Both Element and DOMTokenList are GC-allocated objects so they can just
mark each other instead of using the old strong/weak pattern we use in
ref-counting ownership models.
|
|
`border-style: none` and `border-style: hidden` remove the border
entirely during layout, causing boxes to shift around.
|
|
The only difference between these two values is that `hidden` has
different behaviour for border conflict resolution for border-collapsed
tables in table layout, which we don't have yet.
This gets rid of the main border around the repository information on
the GitHub repository page.
|
|
We were previously missing the bottom- and right-most pixels. This fixes
the errant red line showing on the Acid2 forehead.
|
|
Unlike client{X,Y} which is relative to the current viewport, these
offsets are relative to the left edge of the document (i.e they take
scroll offset into account).
|
|
|
|
MouseEvent.client{X,Y} should be relative to the viewport.
|
|
Fixes the y-position of rows when indicated through the display
attribute `table-row`. Previously there was no y-offset between rows and
so they would overlap.
|
|
Required by Twitter to move the input caret of the 2FA <input> element
to the start. However, we don't currently handle individual <input>
element selections.
|
|
As per Fetch, we are supposed to store cookies from Set-Cookie as soon
as we receive response headers for any HTTP response, even in error
cases.
Required by Twitter to login, as it sets cookies via XHR.
|
|
|
|
|
|
Implement collapsing of a box margin-top and first in-flow
child margin-top by saving function that updates y position
of containing block inside BlockMarginState and then for
every child until "non-collapsed through" child is reached
y position of containing block is updated by calling
update_box_waiting_fox_final_y_position_callback.
|
|
Previously y position of boxes in block formatting context
was calculated by looking at y position of previous in-flow
sibling and adding collapsed margin of "collapse through"
boxes lying between box currently being laid out and it's
previous in-flow sibling.
Here introduced BlockMarginState structure that maintains
array of currently collapsible margins hence we no longer
need to look at previous sibling to calculate y position
of a box.
|
|
Previously, a control point at `(0, 0)` would have been considered
absent. USe `Optional<Gfx::FloatPoint>` instead.
|
|
It is specified to use the "forgiving-base64" decoder instead of the
regular base64 decoder, which is slightly different
|
|
Fixes a bug where when you had spans that that were bigger than the
grid, would create enough tracks to accomodate them. When a fixed
position is given, there should be at a minimum a row/column available
for the track. The span will be truncated if there is no space for it
later.
|
|
For legibility, split up the run() function of the GridFormattingContext
into individual components.
|
|
This same function was being copied in the {Flex,Grid}FormattingContext,
so unify them in the parent FormattingContext.
|
|
|
|
A bug was found where grid items were being drawn outside of the grid if
the item had a large span and the grid was defined as having gaps
between the rows/columns.
This was caused by an erroneous calculation of the
{row,column}_{start,span} properties.
|
|
|
|
Currently, the generated IPC decoders will default-construct the type to
be decoded, then pass that value by reference to the concrete decoder.
This, of course, requires that the type is default-constructible. This
was an issue for decoding Variants, which had to require the first type
in the Variant list is Empty, to ensure it is default constructible.
Further, this made it possible for values to become uninitialized in
user-defined decoders.
This patch makes the decoder interface such that the concrete decoders
themselves contruct the decoded type upon return from the decoder. To do
so, the default decoders in IPC::Decoder had to be moved to the IPC
namespace scope, as these decoders are now specializations instead of
overloaded methods (C++ requires specializations to be in a namespace
scope).
|
|
This patch adds a stub implementation for the POST
/session/{session id}/element/{element id}/click endpoint.
|
|
This patch will allow us to handle scrolling errors in the WebDriver
implementation :)
|
|
The OpenGL API has ways to retrieve these values, so let's make sure to
implement them. :^)
|
|
This code is already generalised to every gradient in existence.
|
|
Previously gradient painting was dominated by the clipping checks in
Painter::set_pixel(). This commit changes gradient painting to use the
new Painter::fill_pixels() function (which does all these checks outside
the hot loop).
With this change gradient painting drops from 96% of the profile to 51%
when scrolling around on gradients.html. A nice 45% reduction :^)
|
|
This is fixed by making the "about to be notified rejected promises
list" use JS::Handle instead of JS::NonnullGCPtr. This UAF happens
because notify_about_rejected_promises makes a local copy of this list,
empties the member variable list and then moves the local copy into a
JS::SafeFunction lambda. JS::SafeFunction can only see GC pointers that
are in its storage, not external storage.
Example exploit (requires fixed microtask timing by removing the dummy
execution context):
```html
<script>
Promise.reject(new Error);
// Exit the script block, causing a microtask checkpoint and thus
// queuing of a task to fire the unhandled rejection event for the
// above promise.
// During the time after being queued but before being ran, these
// promises are not kept alive. This is because JS::SafeFunction cannot
// see into a Vector, meaning it can't visit the stored NonnullGCPtrs.
</script>
<script defer>
// Cause a garbage collection, destroying the above promise.
const b = [];
for (var i = 0; i < 200000; i++)
b.push({});
// Some time after this script block, the queued unhandled rejection
// event task will fire, with the event object containing the dead
// promise.
window.onunhandledrejection = (event) => {
let value = event.promise;
console.log(value);
}
</script>
```
|
|
Previously we were doing this at the painting stage, which meant that
layout potentially used the wrong glyphs when measuring text.
This would lead to incorrect layout metrics and was visible on the
HTML5Test score display, for example. :^)
|
|
OpenType is the backwards-compatible successor to TrueType, and the
format we're actually parsing in LibGfx. So let's call it that.
|
|
This was wrong twice making it right... But let's fix that.
The center was being passed as a DevicePixelPoint, but was in fact in
CSS pixels, the size was passed as a Gfx::FloatSize but was in
CSS pixels again. Then we were scaling from device pixels to CSS pixels
when painting which does not need to be done if everything is passed
which the correct scale factors already applied.
|
|
|
|
Noticed this trying to inspect GitHub, you'd get a segfault due to the
parent node being null here.
|
|
This removes two fix me in HTMLHyperlinkElementUtils
|
|
layout_box() already has a non-const overload, so we don't need to
const_cast them anymore. This gets rid of 2 FIXMEs. :^)
|
|
The variables 'child_to_append_after' are used to specify the child
before which new elements will be inserted, its name is misleading.
These variables are always passed as 'child' to pre_insert.
|
|
This patch adds implementation of the missing `setNamedItemNS()` method.
|
|
This patch adds implementation of the missing `removeNamedItemNS()`
method.
|
|
According to the spec we should return removed attribute, but the old
implementation returned nullptr instead.
Now we return the element's removed attribute.
|
|
This patch allows us to use method getNamedItemNS() of NamedNodeMap API.
|
|
This patch eliminates 1 FIXME that I've got during fixme roulette! :^)
|
|
This patch adds methods for querying element by namespace and
local name.
These methods are defined by the spec for internal
usage, but weren't implemented in LibWeb yet.
|
|
|
|
|
|
This annihilates 2 FIXMEs :^)
|
|
This deals with 2 FIXMEs :^)
|