To implement the HttpOnly attribute, the CookieJar needs to know where a
request originated from. Namely, it needs to distinguish between HTTP /
non-HTTP (i.e. JavaScript) requests. When the HttpOnly attribute is set,
requests from JavaScript are to be blocked.
This moves the cookie parsing steps out of CookieJar into their own file
inside LibWeb. It makes sense for the cookie structures to be in LibWeb
for a couple reasons:
1. There are some steps in the spec that will need to partially happen
from LibWeb, such as the HttpOnly attribute.
2. Parsing the cookie string will be safer if it happens in the OOP tab
rather than the main Browser process. Then if the parser blows up due
to a malformed cookie, only that tab will be affected.
3. Cookies in general are a Web concept not specific to a browser.
The spec doesn't have any exact steps here, it just notes:
The user agent MUST evict all expired cookies from the cookie store
if, at any time, an expired cookie exists in the cookie store.
Here, we implement "at any time" as "when a cookie is retrieved or
stored".
I hereby declare these to be full nouns that we don't split,
neither by space, nor by underscore:
- Breadcrumbbar
- Coolbar
- Menubar
- Progressbar
- Scrollbar
- Statusbar
- Taskbar
- Toolbar
This patch makes everything consistent by replacing every other variant
of these with the proper one. :^)
https://tools.ietf.org/html/rfc6265#section-5.3
This includes a bit of an update to how cookies are first parsed. The
storage spec requires some extra information from the parsing steps than
just the actual values that were parsed. For example, it needs to know
whether Max-Age or Expires (or both) were specified to give precedence
to Max-Age. To accommodate this, the parser now uses an intermediate
struct for storing this information. The final Cookie struct is not
created until the storage steps.
The storage itself is also updated to be keyed by a combo of the cookie
name, domain, and path.
Retrieving cookies was updated to use the spec's domain-matching
algorithm, but otherwise is not written to the spec yet. This also does
not handle evicting expired cookies yet.
What I meant for the GUI progress bars to show:
- Bytes copied of the current file
- Files copied of the total set
What it actually showed:
- Bytes copied of the total bytes
- Files copied of the total set
This patch fixes it by showing byte progress of the current file
instead of byte progress of total bytes.
And display the progress of the copy operation in a separate window. :^)
Note that this patch only updates the drag&drop code path to use the new
mechanism. We still have to go through FileManager and make use of this
everywhere.
We also need to support additional operations, like Move, Delete, etc.
Still, this is quite cool! :^)
Setting the year to NumericLimits<unsigned>::max() resulted in the
following datetime: -2-12-31 00:00:00.
Instead, set the latest datetime to the last second of the year 9999.
The previous handling of the name and message properties specifically
was breaking websites that created their own error types and relied on
the error prototype working correctly - not assuming an JS::Error this
object, that is.
The way it works now, and it is supposed to work, is:
- Error.prototype.name and Error.prototype.message just have initial
string values and are no longer getters/setters
- When constructing an error with a message, we create a regular
property on the newly created object, so a lookup of the message
property will either get it from the object directly or go though the
prototype chain
- Internal m_name/m_message properties are no longer needed and removed
This makes printing errors slightly more complicated, as we can no
longer rely on the (safe) internal properties, and cannot trust a
property lookup either - get_without_side_effects() is used to solve
this, it's not perfect but something we can revisit later.
I did some refactoring along the way, there was some really old stuff in
there - accessing vm.call_frame().arguments[0] is not something we (have
to) do anymore :^)
Fixes#6245.
Note: the default expiry time should be the "the latest representable
date". However, DateTime::from_timestamp(NumericLimits<time_t>::max())
isn't feasible due to the for-loops in LibC's time_to_tm. So instead,
this just sets the date to the maxium year.
This adds storage for cookies that maye be set via 'document.cookie' in
JavaScript or the Set-Cookie HTTP header. For now, it parses only the
name-value pair from a set-cookie line, but does not parse optional
attributes.
Currently, storage is ephemeral and only survives for the lifetime of
the Browser instance.
This is done using a wrapper model that transforms all the information
about a single process in the ProcessModel and turns it into a 2-column
table model with only that process in it.
According to the Single UNIX Specification, Version 2 that's where
those macros should be defined. This fixes the libiconv port.
This also fixes some (but not all) build errors for the diffutils and nano ports.
Actions are now shared between menu bar and toolbar. Adds an edit
menu to complement toolbar actions. Glyphs are now passed as ints
instead of u8s; fixes Latin Extended+ glyphs failing to update in
real time on map. Converts weight and type to more human-readable
combo box lists. Selected glyph now scrolls into view on load.
Fixes glyphs not updating when loading between fonts at the same
index. Fixes GlyphEditor spinbox inadvertently modifying width
of last selected index.
Adds cut, copy, paste and delete to GlyphEditor. Font preview has
moved to a separate resizable ToolWindow. Font metadata can now be
hidden. FontEditor and glyph widgets can now be re-initialized
instead of resetting window's main widget after loading new fonts.
This makes it easier to work in FontEditor at low resolution.
Previously glyph map resized itself and the parent window to
accomodate fonts, which isn't ideal. Users typically control
window size/position after launch; widgets have to make do.
Fix#4038 by not deferring the creation of the tools. The original
change that introduced this, 7973f76790,
mentions this was needed to avoid having the menu work on the wrong
window, but I don't see that issue with this change so that may not be
needed anymore.
This menu is only relevant while interacting with the process list,
so let's not have it in the menu bar where its presence implies
universal relevance.
When double-clicking a process in the process list, we now open the
detailed information in a new window instead of showing it in a view
below the process list.
This declutters the main UI, and allows you to view details for
multiple processes at the same time.
This is just a first cut, there are many refinements possible here. :^)
This fixes a bug where the application would crash if the user
changed the default values for opacity or visibility of a layer
and then tried to draw on it.
This adds a double-click speed slider control to the Mouse Settings
panel, and value labels for both the movement speed and double-click
speed sliders.
To allow for updating and persisting the configured double-click
speed through the WindowServer, two IPC calls - `SetDoubleClickSpeed`
and `GetDoubleClickSpeed` - have been added.
This prevents the undefined behaviour that would come up as a result of
doing so. (For example: opening "infinite" devices like /dev/full will
result in an infinite loop until exhaustion of memory)
And overhaul resize and paint events to fix layout edge cases in
which Calendar wasn't filling its parent widget completely. Ensures
month views always display prior month days for click navigation.
Converts Calendar app layout to GML.
Most coredumps contain large amounts of consecutive null bytes and as
such are a prime candidate for compression.
This commit makes CrashDaemon compress files once the kernel finishes
emitting them, as well as adds the functionality needed in LibCoreDump
to then parse them.
This adds an option "Lenient" that makes the reader conform to what
appears to be the norm in spreadsheet-land:
- Treat missing values as empty ones
- Update previously read rows if another row with more columns are seen
afterwards
By setting the parent of the JS console, DOM inspector, view source and
download windows, they will be destroyed automatically when the main
browser window is closed.
Fixes#2373.
Because it's what it really is. A frame is composed of 1 or more samples, in
the case of SerenityOS 2 (stereo). This will make it less confusing for
future mantainability.
This patch begins the transition away from the global menu towards
per-window menus instead.
The global menu looks neat, but has always felt clunky, and there
are a number of usability problems with it, especially in programs
with multiple windows.
You can now call GUI::Window::set_menubar() to add a menubar to
your window. It will be specific to that one window only.
Just like to_size_t() - which was already removed in f369229 - this is
non-standard, use to_length() instead. One remaining use was removed,
and I'm glad it's gone. :^)
This broke in 6a6f19a72f, which replaced
the representation of columns with numbers.
As a result, the save logic would store cells as
"\x<column_index><row_number>", which is obviously wrong.
Fixes#5905.
Also simplifies the control flow in `import_worksheet` a bit.
There won't be any parse errors before we actually try to parse
something.
Fixes input like "=1+" crashing the spreadsheet instead of just causing
an error in the cell.
Fixes#5736. The selected note value could also underflow if
you drag to the left, but the assert got triggered only in
case you're dragging past the end of the note roll.
With a little help (read: copy & paste) from ImageWidget, QuickShow will
now cycle through the frames of animated images - enjoy the cat GIFs!
Future improvement: cache decoded images like LibWeb's ImageResource to
waste less CPU - the same applies to LibGUI though, maybe we can put
something shared in LibGfx.
Closes#5837.
The previous names (RGBA32 and RGB32) were misleading since that's not
the actual byte order in memory. The new names reflect exactly how the
color values get laid out in bitmap data.
Now the pixel under the cursor doesn't move, which is more consistent
with other image viewers (e.g. GwenView and IrfanView). Also switch
m_pan_origin to use window space to have less space transformations.
When multiple images are dragged and dropped onto the image widget,
QuickShow will use LibDesktop::Launcher to launch a new instance
of QuickShow for each item, rather than spawn a child QuickShow
process for each item with posix_spawn.
This allows `proc` and `exec` pledges to be removed :^)
..instead of a tool window. Tool windows are meant as accessories to
an application's main/primary windows, not to be primary windows
themselves.
Fixes#5667.
This adds 2 more flags, that help with the "select on start" invocation.
-s - makes us open the parent directory of the entry, and select it.
-r - makes FileManager to skip real path resolution for cases when we
want to select the symlink in parent directory.
Also, if the file path is passed as argument, not it will open parent
with the file selected.
And delete the generic icon member which has been dormant since
switching to FileIconProvider. Fixes icon column not being properly
painted as icon cells.
Extracted a method from the code in the File Manager application which
added actions for activating launch handlers found for the selected
file from the context menu. Applied this method to desktop files
and shortcuts.
Note: made some launch handler related methods in the DirectoryView
static or const which allows passing const DirectoryView& to certain
methods.
When you reset() a Track, you need to set the piano roll iterators back
to the first notes.
Fixes#2578. The bug was due to pressing export between 2 notes - the
tracks were never told to go back to the first note.
Added input hook into console widget to allow input to be captured and
sent to the external JS console via IPC.
Output from the external JS console is fed into the console widget
via handle_js_console_output().
This is basically just for consistency, it's quite strange to see
multiple AK container types next to each other, some with and some
without the namespace prefix - we're 'using AK::Foo;' a lot and should
leverage that. :^)
Refactors menubar creation to avoid a null parent window during
construction; moves search options to the more traditional edit
menu; creates and exclusive action group for bytes per row
Fixes#5177 in part
Commit 6a6f19a72 broke the cell position display in the top left of the
Spreadsheet window and the title of the cell type dialog, causing the
application to crash when interacting with cells beyond column FE.
This will make constructing (and destructing) Positions a lot cheaper
(as it no longer needs to ref() and unref() a String).
Resulted from #5483, but doesn't fix it.
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)
Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.
We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
Most of the functions under FileUtils were removed, except those which
dealt with file deletion, as they spawned MessageBoxes for errors, as
such, those functions were written in terms of Core::File::remove.
This was needlessly expecting the first backtrace entry function name to
start with '__assertion_failed', which is no longer the case - it's now
something from libsystem.so. Let's just check whether we have an
'assertion' key in the coredump's metadata, just like we do for pledge
violations.
This is obviously a requirement for #5374, oops :^)
Also handle errors gracefully, opening a file that isn't PixelPaint JSON
would previously crash.
Closes#5388.
This adds a new structure 'Typeface' to the FontDatabase that
represents all fonts of the same family and variant.
It can contain a list of BitmapFonts with varying size but of
the same family and weight or a pointer to a single TTF font
for all sizes of this Typeface.
Currently, graphs are defined in terms of graph color. This means that
when the system palette is changed, the old colors are still used. We
switch to storing the color roles and looking up the palette colors on
paint events. We also define the graph line background color as the
graph color at half-transparency.
Now that we no longer need to support the signal trampolines being
user-accessible inside the kernel memory range, we can get rid of the
"kernel" and "user-accessible" flags on Region and simply use the
address of the region to determine whether it's kernel or user.
This also tightens the page table mapping code, since it can now set
user-accessibility based solely on the virtual address of a page.
Arbitrarily split up to make git bisect easier.
These unnecessary #include's were found by combining an automated tool (which
determined likely candidates) and some brain power (which decided whether
the #include is also semantically superfluous).
My favorite #include:
#include "Applications/Piano/Music.h" // You can't have too much music in life!
This is a little bit messy but the basic idea is:
Syntax::Highlighter now has a Syntax::HighlighterClient to talk to the
outside world. It mostly communicates in LibGUI primitives that are
available in headers, so inlineable.
GUI::TextEditor inherits from Syntax::HighlighterClient.
This let us to move GUI::JSSyntaxHighlighter to JS::SyntaxHighlighter
and remove LibGUI's dependency on LibJS.
Add a new wrapping mode to the TextEditor that will wrap lines at the
spaces between words.
Replace the previous menubar checkbox 'Wrapping Mode' in HackStudio and
the TextEditor with an exclusive submenu which allows switching between
'No wrapping', 'Wrap anywhere' and 'Wrap at words'. 'Wrap anywhere' (the
new 'Wrap lines') is still the default mode.
Setting the wrapping mode in the constructors of the TextEditorWidget
and HackStudio has been removed, it is now set when constructing the
menubar actions.
This patch adds an IPC call for debugging requests. It's stringly typed
and very simple, and allows us to easily implement all the features in
the Browser's Debug menu.
Frick it, let's just enable this by default and give ourselves a reason
to improve things! Some things are broken, and there's a bit of flicker
when resizing, but we can do this.
This drastically improves our web browsing security model by isolating
each tab into its own WebContent process that runs as an unprivileged
user with a tight pledge+unveil sandbox.
To get a single-process browser, you can start it with -s.
We have both the normal menu items and keyboard shortcuts for these by
now. No need to have always-visible buttons -- makes the app more
consistent with the other apps, and makes it use up less vertical space.
Previously it was possible to open a link like /home/anon/Desktop/Home,
leading to a folder with the same name. Now it correctly opens its real
path, which is /home/anon
FileManager: Use Core::File::real_path_for to get real path of links
Application.h includes Widget.h which includes Application.h. I'm not entirely
sure what the semantics are in this case, but avoiding this seems to be the
safer approach. In this case, Widget does not actually use Application, so let's
just remove the unused include.
This was just an alias for "unix" that I added early on back when there
was some belief that we might be compatible with OpenBSD. We're clearly
never going to be compatible with their pledges so just drop the alias.
It's less code, and blit() already handles scaled painters.
Fixes the window server asserting in highdpi mode with a centered
background image. Part of #5017.
This apparently was a workaround for escape sequences in GML at some
point (see #4937), but it now literally inserts "\n" and no newline, as
the backslash itself is escaped.
These are 2x the smallest 4 resolutions. When picking one of these
in 1x and then half the size in 2x, the window server adjust the
ui scale factor, but the actual framebuffer size doesn't change.
2560x1440 also happens to be 5k resolution and monitors with that
resolution do exist -- so that seems like a good upper limit :)
For now, only support 1x and 2x scale.
I tried doing something "smarter" first where the UI would try
to keep the physical resolution constant when toggling between
1x and 2x, but many of the smaller 1x resolutions map to 2x
logical resolutions that Compositor rejects (e.g. 1024x768 becomes
512x384, which is less than the minimum 640x480 that Compositor
wants) and it felt complicated and overly magical.
So this instead just gives you a 1x/2x toggle and a dropdown
with logical (!) resolutions. That is, 800x600 @ 2x gives you
a physical resolution of 1600x1200.
If we don't like this after trying it for a while, we can change
the UI then.
Now that WindowServer broadcasts the system theme using an anonymous
file, we need clients to pledge "recvfd" so they can receive it.
Some programs keep the "shared_buffer" pledge since it's still used for
a handful of things.
This is in preparation of adding (much) more process information to
coredumps. As we can only have one null-terminated char[] of arbitrary
length in each struct it's now a single JSON blob, which is a great fit:
easily extensible in the future and allows for key/value pairs and even
nested objects, which will be used e.g. for the process environment, for
example.
Now, `chres 640 480 2` can set the UI to HighDPI 640x480 at runtime. A
real GUI for changing the display factor will come later.
(`chres 640 480 2` followed by `chres 1280 960` is very fast since
we don't have to re-allocate the framebuffer since both modes use
the exact same number of physical pixels.)
For small rects there was a disagreement between two parts of the
layout algorithm. There is a function that decides if there is
enough space in a rectangle for a label. But this function was
called on two slightly different rectangles.
This API was a mostly gratuitous deviation from POSIX that gave up some
portability in exchange for avoiding the occasional strlen().
I don't think that was actually achieving anything valuable, so let's
just chill out and have the same open() API as everyone else. :^)
