Commit graph

1519 commits

Author SHA1 Message Date
Andreas Kling
20cc055ec9 LibWeb: Don't require layout node when setting canvas 2D strokeStyle
Use update_style_if_needed_for_element() and resolve colors via
computed properties instead of forcing a full layout update.
2026-02-22 12:43:01 +01:00
Andreas Kling
c7bf2021bc LibWeb: Don't require layout node when setting canvas 2D fillStyle
Use update_style_if_needed_for_element() and resolve colors via
computed properties instead of forcing a full layout update.
2026-02-22 12:43:01 +01:00
Andreas Kling
ca72156497 LibWeb: Don't require layout node when setting canvas 2D shadowColor
Use update_style_if_needed_for_element() and resolve colors via
computed properties instead of forcing a full layout update.
2026-02-22 12:43:01 +01:00
Andreas Kling
cbf8b70d42 LibWeb: Don't require layout node when setting canvas 2D filter
Setting the filter property on a CanvasRenderingContext2D would crash
with a null pointer dereference if the canvas element had no layout
node (e.g. a detached canvas not in the document).

Instead of forcing a full layout update and requiring a layout node,
we now only update style if needed and resolve lengths via the
element's computed properties when available, falling back to
document-level defaults otherwise. This matches the pattern used by
CanvasTextDrawingStyles.
2026-02-22 12:43:01 +01:00
Andreas Kling
77a3de4561 LibWeb: Handle ancestors without layout nodes in offsetParent
When walking the flat tree in HTMLElement::offset_parent(), ancestors
may not have layout nodes (e.g., they have display:none). This can
happen when an element is slotted into a shadow root where the slot
is inside a display:none container.

Guard layout_node() accesses with null checks. If an ancestor has no
layout node, it cannot be positioned or establish a containing block,
so it cannot be the offset parent for those reasons.
2026-02-21 22:08:36 +01:00
Praise-Garfield
52ee05cb5d LibWeb: Visit ImportMapParseResult in HTMLScriptElement::visit_edges
The m_result Variant can hold a GC::Ref<ImportMapParseResult> when the
script element has type="importmap", but visit_edges only traced the
GC::Ref<Script> arm. This left the ImportMapParseResult unvisited,
allowing the GC to collect it while the element still held a reference.

ImportMapParseResult inherited from JS::Script::HostDefined, but no
JS::Script or JS::Module ever stored it as host_defined data, so
visit_host_defined_self was dead code. This removes the HostDefined
inheritance entirely and switches m_result visitation to Variant::visit
with a lambda that catches all GC::Ref arms.
2026-02-21 11:14:45 -05:00
Andreas Kling
786e93b6c7 LibWeb: Avoid unnecessary GC::Root copies in find_if lambdas
The find_if lambdas in CustomElementRegistry and TraversableNavigable
were taking GC::Root parameters, causing implicit conversion from
GC::Ref (or copying of GC::Root) for each element visited. Each
GC::Root creation/destruction allocates and frees a RootImpl, making
linear scans over these vectors far more expensive than necessary.

Use auto const& to match the actual vector element types.

This was 2.3% of CPU time while opening a YouTube video.
2026-02-21 15:53:22 +01:00
Aliaksandr Kalenik
7cc973fa77 LibWeb: Lazify ElementByIdMap resolution and cache first element
Eliminate O(n) tree-order sorted insert on every add() by simply
appending elements and deferring order resolution to lookup time. Cache
the first-in-tree-order element in get() so repeated getElementById()
calls avoid repeated subtree traversal.

Improves performance on YouTube where add() was hot in profiles while
scrolling through comments.
2026-02-21 13:56:00 +01:00
Andreas Kling
5fd608b7cd LibWeb: Cache editability flag on DOM nodes for O(1) lookups
Add a cached m_in_editable_subtree flag to Node, updated on tree
mutations and contenteditable/designMode changes.

This replaces the recursive parent walk in is_editable() and
is_editing_host() with an O(1) flag check. The flag is recomputed
in inserted(), moved_from(), and cleared in removed_from(). Subtree
walks recompute the flag when contenteditable attributes change or
design mode is toggled.

This was 4% of CPU time while playing a YouTube video.
2026-02-21 03:51:28 +01:00
Zaggy1024
d9eafc8edc LibWeb: Use one method to cancel media elements' fetches
This should help avoid the footgun of forgetting to check for null on
m_fetch_controller. We had missed this check when firing off an error
due to an unsupported format in the PlaybackManager, so we could call
stop_fetch() on a null pointer if the download had completed already.
2026-02-20 19:11:31 -06:00
Zaggy1024
ebda8fcf11 LibWeb: Clarify the capture safety in HTMLMediaElement::fetch_resource
These tasks' captures aren't clearly safe as written, since raw
references don't make it apparent that we're capturing a GC-aware
reference. Conservative scanning made this safe, but let's make it a
bit clearer.
2026-02-20 12:46:17 -06:00
Aliaksandr Kalenik
c7dc2ba0d3 LibWeb: Remove DrawPaintingSurface
No callers of draw_painting_surface remain after the previous commits
migrated canvas, video, and SVG to use ExternalContentSource or
ImmutableBitmap snapshots.
2026-02-20 18:41:33 +01:00
Aliaksandr Kalenik
004e5f851e LibWeb: Use ExternalContentSource for canvas painting
present() now snapshots the PaintingSurface into an ImmutableBitmap
and publishes it to the ExternalContentSource, so the rendering thread
never touches the live GPU surface — eliminating the data race
described in the ExternalContentSource commit (problem 1).

Canvas elements are registered with Page and presented once per frame
from the event loop, rather than on every individual draw call in
CRC2D::did_draw(). A dirty flag on HTMLCanvasElement ensures the
snapshot is only taken when content has actually changed, and makes
the present() call in CanvasPaintable::paint() a no-op when the
surface has already been snapshotted for the current frame.
2026-02-20 18:41:33 +01:00
Aliaksandr Kalenik
8a31ecdf39 LibWeb: Use ExternalContentSource for video painting
Publish new video frames to an ExternalContentSource, and switch
VideoPaintable from draw_scaled_immutable_bitmap to
draw_external_content.

Because DrawExternalContent reads the latest bitmap at replay time,
frame-only updates (no timeline or control change) now call
set_needs_display(InvalidateDisplayList::No) — skipping display list
rebuilds entirely. This addresses problem 2 from the previous commit.
2026-02-20 18:41:33 +01:00
Callum Law
b8f2989ccb LibWeb: Reduce recompilation from editing CascadedProperties.h
This reduces the recompilation of editing `Properties.json` from ~1429
to ~158
2026-02-19 11:27:06 +00:00
Rocco Corsi
7eb0bb7c70 LibWeb: Reset animated frame index when loading new img element src
When an img element is changed from animated image to static image, the
animation briefly continues into the new image, even if the new image
has only a single frame (static image).

Could also impact when going from animated image to another animated
image, but the new image has less frames versus the previously animated
image.

In some cases a newly loaded static image would continue to be animated,
so that is also stopped.

fixes: #7879
fixes: #7945
2026-02-19 10:51:29 +01:00
Jonathan Gamble
d065f6bf00 LibWeb: Perform a microtask checkpoint - VERIFY after reentrancy return
The HTML event loop spec explicitly provides guidance for reentrancy in
the "perform a microtask checkpoint" algorithm, so we cannot VERIFY
for empty execution context before this early exit (as much as we'd
like to).

https://html.spec.whatwg.org/multipage/webappapis.html#perform-a-microtask-checkpoint

See the microtask-checkpoint-reentrancy-via-responsexml-script test for
an example of how this can happen from user scripts.
2026-02-19 08:12:31 +01:00
Zaggy1024
ad92622cf4 LibWeb: Make HTMLMediaElement's FetchController reference weak
This allows the FetchController to be reclaimed when the fetch
completes.
2026-02-18 13:13:32 -06:00
Zaggy1024
b25562ead7 LibWeb: Break a reference loop on HTMLMediaElement::FetchData
The stream's data request callback can't hold a strong reference to
FetchData, as that will create a reference loop:

FetchData -> IncrementallyPopulatedStream -> (lambda) -> FetchData

To prevent a use-after-free on the FetchData& capture, we clear the
data request callback in ~FetchData().
2026-02-18 13:13:32 -06:00
Zaggy1024
a283489799 LibWeb: Close the media element's stream when it is destroyed
This prevents the PlaybackManager's init thread from hanging waiting
for data that will never come after the media element gets GCed.
2026-02-18 13:13:32 -06:00
Zaggy1024
af45418fbf Everywhere: Rename IncrementallyPopulatedStream::reached_end_of_body
This needs to be called even if we haven't reached the end of the body,
so let's call it close() instead.
2026-02-18 13:13:32 -06:00
Zaggy1024
15d0bc86fc LibWeb: Pass HTMLMediaElement::FetchData& to restart_fetch_at_offset
No behavior change.
2026-02-18 13:13:32 -06:00
Zaggy1024
d146adfd66 LibWeb: Don't keep HTMLMediaElement alive in its fetch callbacks
This isn't strictly necessary to allow the element to be collected, but
it doesn't make sense for a fetch to keep the media element alive.
2026-02-18 13:13:32 -06:00
Timothy Flynn
ea32502947 Everywhere: Run clang-format
The following command was used to clang-format these files:

    clang-format-21 -i $(find . \
        -not \( -path "./\.*" -prune \) \
        -not \( -path "./Build/*" -prune \) \
        -not \( -path "./Toolchain/*" -prune \) \
        -type f -name "*.cpp" -o -name "*.mm" -o -name "*.h")
2026-02-18 08:02:45 -05:00
Timothy Flynn
316ffb300b LibWeb: Mark OffscreenCanvas[RenderingContext2D] as experimental 2026-02-17 22:17:50 +01:00
Timothy Flynn
8ad1c72ed3 LibWeb+LibWebView+Services: Add a flag to enable experimental interfaces
This adds the --expose-experimental-interfaces command line flag to
enable experimental IDL interfaces. Any IDL interface with Experimental
in its exposed attributes will be disabled by default.

The problem is that by stubbing out or partially implementing interfaces
in LibWeb, we actually make some sites behave worse. For example, the
OffscreenCanvas interface being exposed makes sites believe we fully
support it, even though we don't. If the interface was not exposed,
these sites may fall back to ordinary canvas objects. Similarly, to
use YouTube, we currently have to patch out MSE interfaces.

This flag will allow developers to iteratively work on features,
without breaking such sites. We enable experimental interfaces during
tests.
2026-02-17 22:17:50 +01:00
Timothy Flynn
7c9b3c08fa LibWeb: Allow selecting text in dialog and label elements
We were previously not allowing the user to select text when the clicked
position represented a click-focusable area. This included text within
dialogs (as the dialog element is click-focusable) and labels (as the
associated input element would be considered click-focusable).

We now no longer consider associated input elements when clicking on a
label. This is handled separately already by the label's activation
behavior steps, so there is no loss of functionality here. In those
steps, though, we now no longer propagate the click event to the input
element if a selection was made during the click. This matches the
behavior of Firefox and Chrome.

With label elements no longer considered here, we can then enter the
character selection mode when click-focusable areas are clicked.
2026-02-17 18:36:54 +01:00
Andreas Kling
e87f889e31 Everywhere: Abandon Swift adoption
After making no progress on this for a very long time, let's acknowledge
it's not going anywhere and remove it from the codebase.
2026-02-17 10:48:09 -05:00
Sam Atkins
ed86e1d978 LibWeb/HTML: Store MessageEvent source as Ref not Root 2026-02-17 07:40:03 -05:00
Sam Atkins
0656f2f334 LibWeb/HTML: Store TrackEvent track as Ref not Root 2026-02-17 07:40:03 -05:00
Jelle Raaijmakers
ded42e649b LibWeb: Do not scroll cursor into view on programmatic selection changes
We were mimicking Firefox' behavior that whenever a programmatic change
to an <input>'s or <textarea>'s selection happened, the new selection
focus is brought into view by scrolling. Currently we run a layout
update synchronously for that to make sure we have the fragment's
correct dimensions, which caused a significant performance regression in
Speedometer.

Since this is non-standard behavior, let's mimic Chromium instead which
does not scroll at all - only for direct user initiated input such as
typing.

Relevant issues:

* https://github.com/whatwg/html/issues/6217
* https://bugzilla.mozilla.org/show_bug.cgi?id=232405
* https://issues.chromium.org/issues/41081857
2026-02-17 10:24:00 +01:00
Shannon Booth
b835e5cbda LibWeb/HTML: Remove uneeded indexed property functionality on Storage
With the bug in the previous commit fixed, we no longer need these
helpers to support JS like:

localStorage[1] = "my value";
2026-02-16 18:49:15 +01:00
Callum Law
9f7f623455 LibWeb: Store FilterOperation::DropShadow sub-values as StyleValues
This simplifies handling and brings it into line with other `StyleValue`
types
2026-02-16 12:09:23 +00:00
Callum Law
98e62cf86a LibWeb: Store FilterOperation::Blur::radius as StyleValue
This simplifies handling and brings it into line with other `StyleValue`
types
2026-02-16 12:09:23 +00:00
Callum Law
c529614e67 LibWeb: Store FilterOperation::HueRotate::angle as StyleValue
This simplifies handling and brings it into line with other `StyleValue`
types
2026-02-16 12:09:23 +00:00
Callum Law
e410efcfb7 LibWeb: Absolutize parsed canvas filter value 2026-02-16 12:09:23 +00:00
Callum Law
cd799aa7e7 LibWeb: Forward declare CSS::FilterOperation structs
This means we don't need to include `FilterValueListStyleValue.h` in as
many places - reducing the rebuild from editing that file from 717 files
to 19.
2026-02-16 12:09:23 +00:00
Psychpsyo
6e1f2c10d6 LibWeb: Implement basics of the WebXR testing framework 2026-02-15 10:50:25 +01:00
Shannon Booth
00911a8b01 LibWeb/HTML: Assume WorkerGlobalScope runs in a SecureContext
As a stopgap until we have things wired up fully, consider
WorkerGlobalScope as a SecureContext so that IDL marked with
[SecureContext] is still exposed.
2026-02-14 23:23:17 +01:00
Shannon Booth
bc93ba4530 LibWeb/Bindings: Implement [SecureContext] extended attribute
Unfortunately this is a bit of a pain to test as it is surprisingly
difficult to create a non secure context in our test harness.
This is because both file scheme URLs and localhost are considered
secure contexts.

To test this, add a very specific internals setter to change the
top level origin of the environment for the current realm.
2026-02-14 20:22:40 +01:00
Shannon Booth
6a9cd0e8e0 LibWeb: Use interface_name instead of serialize_type virtual
`interface_name` is implemented for every platform object,
so we no longer need this boilerplate for every serializable
platform object.
2026-02-14 20:22:40 +01:00
Shannon Booth
4d64f21fa5 LibWeb: Give IDL exposed PlatformObjects an InterfaceName
By making use of the WEB_PLATFORM_OBJECT macro we can remove
the boilerplate of needing to add this override for every
serializable platform object so that we can check whether they
are exposed or not.
2026-02-14 20:22:40 +01:00
Shannon Booth
303f85e8e4 LibWeb/Bindings: Implement 'is exposed' using the InterfaceName enum 2026-02-14 20:22:40 +01:00
Shannon Booth
76cf230bd6 LibWeb: Use Bindings::InterfaceName for serializing types
While this does cost us an extra byte to serialize as it
contains _all_ interface names instead of the set of serializable
types, doing this will allow us to remove to use the same
enum for checking whether that interface is exposed in a future
commit.
2026-02-14 20:22:40 +01:00
Tim Ledbetter
5060a61081 LibWeb: Align Navigable::reload() with the specification 2026-02-14 20:21:53 +01:00
Tim Ledbetter
dc649a7e46 LibWeb: Use reject_the_finished_promise() in abort_a_navigate_event()
This aligns our implementation with the specification. Doing this
fixes a number of WPT tests because this sets
`m_ongoing_api_method_tracker` to null, avoiding an assertion that
previously caused a crash.
2026-02-14 20:21:53 +01:00
Jelle Raaijmakers
3576f4a53a LibWeb: Don't throw away new scroll events after processing the old ones
Dispatching scroll events could cause new scroll events to get lined up
and added to `m_pending_scroll_events`. The spec then asks us to empty
out that list, removing those newly added events.

Prevent doing that by emptying out the list before iterating over the
events. Fixes part of the WPT test `html/webappapis/scripting/event-
loops/new-scroll-event-dispatched-at-next-updating-rendering-time.html`.
2026-02-13 22:44:17 +01:00
Callum Law
32da7edf5e LibWeb: Compute font properties the same as other properties
Previously we computed font properties separately from other properties
for two reasons:
  1) These font properties were computed using a different length
     resolution context than the rest of the properties.
  2) These properties were required to be computed before creating the
     length resolution context for the rest of the properties.

The first issue was solved in the previous commit by introducing a
generic method to get the computation context for a property, and
the second is solved in this commit by computing properties in the
required order.

This simplifies the code a bit and opens up some opportunities for
optimization.
2026-02-13 21:54:06 +01:00
Praise-Garfield
36d8191a3d LibWeb: Chain all accept attribute checks in parse_accept_attribute()
The wildcard checks for audio/* and video/* are standalone if
statements, while the MIME-type and extension branches are
else-if chained only to the image/* check. When a token like
"audio/*" arrives, it matches the first if (adding
FileType::Audio) and then falls through to the MIME-type
else-if. MimeType::parse() accepts the wildcard because * is a
valid HTTP token code point, so a second MimeType{"audio/*"}
entry is added. FileFilter::add_filter() deduplicates within
variant types but cannot catch this cross-type duplication.

This chains all five conditions into a single if/else-if,
matching the spec's mutually exclusive "one of the following"
wording.
2026-02-13 15:32:36 -05:00
Praise-Garfield
56287ca90f LibWeb: Clear textarea with empty string for WebDriver
The WebDriver clear handler for textarea elements sets the raw
value to child_text_content() instead of an empty string. This
is a copy-paste from the adjacent reset handler, which correctly
uses child_text_content() per its own spec. The clear spec says
"set the raw value of element to an empty string".
2026-02-13 15:29:02 -05:00