We have a few places where we read secrets into memory, and then
do some computation on them. In these cases we should always make
sure we zero the allocations before they are free'd.
The SecureString wrapper provides this abstraction by wrapping a
ByteBuffer and calling explicit_bzero on destruction of the object.
PVS-Studio flagged this, as memset can be optimized away by the compiler
in some cases. We obviously don't want that to ever happen so make sure
to always use `explicit_bzero(..)` which can't be optimized away.
The StyleProperties code for opacity existed before NumericStyleValue
was a thing, and was affected by over-enthusiastic unitless-length
parsing, so it assumed everything was a length. Now it matches the
Color4 spec instead, accepting either a number, or a percentage.
We also get to remove the hack! :^)
Previously, we applied the unitless length quirk to all numbers in
quirks mode. Now, we correctly only do so for the set of properties
listed in the quirks-mode spec:
https://quirks.spec.whatwg.org/#quirky-length-value
However, we do not yet prevent this quirk inside CSS expressions (like
`calc()`) as the spec directs.
After `parse_css_value(PropertyID, TokenStream)`, we only need to know
the current PropertyID when checking for property-specific quirks, which
will take place in only 2 places, which happen deep down. Making the
current PropertyID part of the context means that those places can check
it easily, without us having to pass it to every one of the parsing
functions, which otherwise do not care.
Two CSS quirks are specced to only apply to specific properties:
- The hashless hex color quirk
https://quirks.spec.whatwg.org/#the-hashless-hex-color-quirk
- The unitless length quirk
https://quirks.spec.whatwg.org/#the-unitless-length-quirk
These are now represented in `Properties.json` like so:
```json
"property-name-here": {
"quirks": [
"hashless-hex-color",
"unitless-length"
]
}
```
Every property that either of those two quirks applies to is included in
`Properties.json` and now has their quirks listed. :^)
This fixes#9978.
When a TokenStream is empty, reading its `current_token()` still returns
a token (for EOF) so it makes sense to allow users to
`reconsume_current_input_token()` that token, so they do not have to
handle that themselves. Instead of VERIFY()ing, we can just no-op when
reconsuming token 0.
There were a few calls to the standalone version of dump_tree() inside
the recursive version of dump_tree(), which led to the output getting
jumbled out of order.
This is the result of debugging React DOM, which would throw a TypeError
when assigning to window.event in strict mode and then not complete
rendering - here:
https://github.com/facebook/react/blob/cae6350/packages/shared/invokeGuardedCallbackImpl.js#L134
With this change, the following minimal React example now works!
<div id="app"></div>
<script src="react.development.js"></script>
<script src="react-dom.development.js"></script>
<script>
ReactDOM.render(
React.createElement("h1", null, "Hello World"),
document.getElementById("app")
);
</script>
The [Replaceable] attribute "indicates that setting the corresponding
property on the platform object will result in an own property with the
same name being created on the object which has the value being
assigned. This property will shadow the accessor property corresponding
to the attribute, which exists on the interface prototype object."
(https://heycam.github.io/webidl/#Replaceable)
The spec doesn't tell how exactly this is supposed to be done, but other
engines just have a setter as well that just redefines the property
as a data descriptor when called, and returns undefined.
It's bound to the property name and requires an object of the correct
type, so I mirrored these constraints here. Storing the setter and
calling it multiple times will therefore just work.
Implementing this in the wrapper generator is left as an exercise for
the reader, this is going to be used in WindowObject, which isn't
generated from IDL yet.
There's currently a fallback at the call site where the Realm is needed
(due to a slightly incorrect implementation of [[Call]] / [[Construct]])
so this is better than crashing (in LibWeb, currently).
We need both a GlobalObject and Realm now, but can get the former from
the latter (once initialized).
This also fixes JS execution in LibWeb, as we failed to set the Realm of
the newly created Interpreter in this function.
This method represents the Intl.NumberFormat's [[RelevantExtensionKeys]]
internal slot, so it makes more sense for this to be directly in the
class itself.
To be consistent with the style in Temporal, let's move all AOs in Intl
to their object file, rather than splitting the AOs between prototype
and constructor files.
Intl.DisplayNames was the first Intl object implemented, and at that
point all AOs were just put into the main Intl AO header. But AOs that
belong to specific objects belong in that object's header. So this moves
CanonicalCodeForDisplayNames to the Intl.DisplayNames header.
I decided to not use the text parser for this one and rely on a regex to
parse the style tags. This way it supports only and opening delimiter
run and also is much simpler.
Hard line breaks insert a <br /> when two spaces are at the end of a
line. soft line breaks are just regular newlines, but whitespace is now
stripped before and after them
This patch handles the following two rules
1) A delimiter run is either (a) not followed by a Unicode punctuation
character, or (b) followed by a Unicode punctuation character and
preceded by Unicode whitespace or a Unicode punctuation character.
2) A _ can be used to open/close a delimiter run if it's (a) not part
of a left-flanking delimiter run or (b) part of a left-flanking
delimiter run followed by a Unicode punctuation character.
The previous Text::parse was not able to give up on parsing a textual
element, and just leave it as plain text. Because this is a very
important part of markdown, I fully rewrote the parser to support this
without having to backtrack. Also the parser now some other little
features, such ast delimiter runs and flanking.
This got changed in the spec at some point, replacing the assertion in
step 1 with "... and newTarget (an Object or undefined)" in the
parameter description.
Subsequently, there's now one step less, so the numbers all change.
This is where the spec wants to have it. Requires a couple of hacks as
currently everything that needs a Realm actually has a GlobalObject, so
we need to go via the Interpreter.
Instead of hardcoding the environment's global object as the return
value of GlobalEnvironment::global_this_value(), it now stores an Object
reference which is passed to the constructor for this purpose.
From the spec (https://tc39.es/ecma262/#sec-global-environment-records):
[[GlobalThisValue]] | Object | The value returned by this in global
scope. Hosts may provide any ECMAScript Object value.
This change removes the halt and reboot syscalls, and create a new
mechanism to change the power state of the machine.
Instead of how power state was changed until now, put a SysFS node as
writable only for the superuser, that with a defined value, can result
in either reboot or poweroff.
In the future, a power group can be assigned to this node (which will be
the GroupID responsible for power management).
This opens an opportunity to permit to shutdown/reboot without superuser
permissions, so in the future, a userspace daemon can take control of
this node to perform power management operations without superuser
permissions, if we enforce different UserID/GroupID on that node.
File::link_file takes the dst_path then the src_path so on duplicate
names we tried to create a link at the original file location, which
then flipped the parameters back round again and we ended up with a
broken link from "dst_path (1)" to "src_path (1)".