AmiSSL's approach to replacing 90% of OpenSSL calls with assembly
means that the official way to pop_free a stack type won't work.
As such, we open-code it here.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
When we close the JS compartment we try and cancel all callbacks so that
they do not fire after the compartment is closed. However if we have
in-train callbacks, they can gum up the closedown and so we need to check
and if we've done all we can, we break out of the callback removal loop.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
This reduces the source complexity of the html_mouse_action()
previously this was a single function of several thousand
lines with over 30 local variables allocated on the stack.
Variables are now mostly held in a single static structure which
drasticaly reduces the size of stack frame required and improves
lookup locality.
The generated code does cause two additional function calls as the
compiler avoids inlining the sub functions. The optimiser seems to
produce somewhat better code within the sub functions.
In the final analysis there appears to be no significant performance
loss or gain with this change, just more readable source.
In order to better model content close vs destroy, add the concept
of closing a thread to the JS interface.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Since it makes more sense for the htmlc to be responsible for
when the JS thread gets destroyed, move its lifetime from the
responsibility of the browser window to the html content.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
In order to cope with threads which manage to navigate entirely
while executing (sadly possible) we need to handle the possibility
that a thread is destroyed by the browser but still needs to live
until it returns from whatever exec it was doing at the time.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Update the duktape bindings and dukky interface to support the
new JS heap/thread split. Heaps may have multiple active threads
though in general there will only be 2 at a time.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
In preparation for proper splitting of Javascript support into
heaps and threads, this renames the types and corrects the no-js
builds to still work. At this time no substantive change in
semantics exists, and the duktape build won't work.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
If we fail to init the control file for reasons other than it
not being found, we blow away the cache in its entirety and then
try again. We warn if the removal fails, but carry on regardless
since right now the worst that'll happen is that we'll end up
with more on disk than we know about in the cache.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
If we are aborting a cURL fetch then it's possible entry to
cURL to clean up could cause a PROGRESS message to happen which
we need to not reset last_msg for, otherwise we spuriously attempt
to send an ERROR message during abort which is not a safe time for
our message callback to be used.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
This simplifies the poll loops a little more and makes me less worried
that some other corner case will bite us in the future.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
When aborting a fetch, it may be cleaned up, in which case we
would otherwise send a spurious failure message too early. Instead
we record that the abort has occurred to suppress such an error.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Because cURL can do connection caching behind the scenes, we
need to have a cache for the SSL certificate chains which we
send onward on first header back from cURL.
This uses the new hashmap implementation to mean that we cache
chains on a hostname:port basis.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
As a result, we no longer waste a bunch of RAM on the entries
tables. This ought to be no slower, and more memory efficient.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Instead of extracting information from the X509 certificate chain in
the fetcher the entire chain is propagated in Distinguished Encoding
Rules (DER) format.
This allows all the information contained in a certificate chain to be
retained which can subsequently be presented to the user
This is a *very* rudimentary implementation lacking most of the
functionality of NamedNodeMap but it's enough to get jQuery 1.12.4 up.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
To get us further along the JavaScript pathway, support the
getter and setter for innerHTML. The getter always returns
an empty string for now, but the setter works.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
The async script completion process needs to complete the
content state machine so that browser throbbers eventually
stop once async scripts have fetched and run, even if that
happens *after* conversion finishes.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
If there is more than one incomplete sync script then it's
important that we don't unpause hubbub too early. This commit
adds a counter so that if there're unfinished sync scripts in
the set, we don't unpause until the last one completes.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Fixes abort on exit when corestring finalisation tried to unref
what should have been the final ref:
$ ./nsgtk3
corrupted double-linked list
Aborted (core dumped)
HTML contents reference many other objects. The browser window
needs to know if any of them may not be secure, in which case it
needs to report that in its page state. If other content types
might refer to sub-contents, they will need to define the callback
too.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
In order to support persisting SSL data we first have to store it
and support catching up new users.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
This redundant code was added by:
4747bbbfb2 HTML drags now go via content msg.
and then added again with:
c2a718075a A load of refactoring of how content selection and input work.
This was archaic support for rendering images as "overlays",
and avoiding a redraw via the browser window redraw and HTML
contents. Basically it was "plot this image here", but it
was too error prone, so it was removed a long time ago.
These are some last vestiges that made the redraw message
look more complex than it is.
* Changed ETag storage to be time_t, rather than int.
* Changed `If-None-Match` value parsing to use proper
time_t parsing, rather than `atoi`.
We emit FETCH_NOTMODIFIED if the resource hasn't changed.
Any errors from the fetch which are not already handled are
reported with an internal query page instead of a modal
dialog.
This is much less invasive for the user and much more in
keeping with how this is handled by other browsers.
The handler is similar to the timeout handler but the
functionality is kept separate as it is intended timeout
handling be extended in future.
cURL will prevent channel reuse if NTLM auth is enabled because
NTLM authenticates a channel not a request. As such we were
unable to reuse curl handles since we handed off connection
reuse to curl instead of our own handle cache. This mitigates
the effect, though curl authors are looking at fixing it upstream
too.
Fixes: #2707
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
The curl fetcher can operate without openssl library being
available, additionaly curl itself may be compiled with a
different TLS library.
In either case this will simply cause the "unknown" error to be
reported for all TLS failiures and page information to lack any
certificate information.
If dom_to_box is still in progress when we destroy an HTML
content, we need to cancel the conversion otherwise we will
end up with a scheduled callback into infinity.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Since OpenSSL 1.0.2 there has been hostname verification support
which cURL doesn't turn on for some reason. Turn it on so that
we get better hostname verification handling.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
In doing this, also propagate why the certificates were bad
so that the page can display a reason. We will need FatMessages
for all these.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
We now handle authentication requests via an `about:` page
which presents a nice form built into the browser window.
In order to do this, we add internal navigation as a concept
to the browser window and we strip the 401login support from all
frontends except monkey.
The 401login callback is now intended for password safe type support
rather than an immediately interactive prompt.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
In further preparation for the auth and cert queries being handled
as special contents from `about:` this excises the query pathway
from the llcache pretty much entirely.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
* Fetchers now provide the certificates before headers
* This is propagated all the way to the browser window
* When a query occurs, we retrieve it from there and fire
the query with those stored certificates.
* The serial number is a bignum, store it as hex.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
This reworks CONTENT_MSG_ERROR to be structured data and
removes the CONTENT_MSG_ERRORCODE message kind.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Currently only supporting text input, password input, and hidden
input, along with text areas, this mirrors the text values in
and out of the DOM, allowing JS to adjust the gadget values and
for the gadget values to be interrogated from JS.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
As a first step in refactoring query handling to be managed
by `browser_window`, this migrates the calling of the query
handler from the llcache object code up to the hlcache.
In theory this may result in multiple queries happening for one
object, but we mitigate multiple-responses in the llcache so
all should be well.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
In order to prevent a problem where iterating causes an abort
which causes an iteration which clears the iteratorness of a
user allowing it to delete itself causing a segfault, preserve
the iteratorness when iterating in send_message
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Because we need to be slightly more careful now, lodge ourselves
`inside_curl` whenever we might be processing via the cURL messages
or similar.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
When sending an If-Modified-Since header we should use the
`last_modified` rather than the `date` property of the cached
object in order to not incorrectly assume things have a modification
date when they do not.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Normal, and verbose logging will now also log all JS errors in order that we
stand a chance of debugging things more easily when testing.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
By reference to the MDN and to Duktape's CLI, expose everything
we possibly can on the global object (Window).
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
Add a polyfill for Array.from(), and fix the console formatter so that
it won't keep exploding. This should improve matters in the tests.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
In order to cope when an entire document is `visibility: hidden`
we default to the <HTML> node when interacting with the document
to ensure we don't drop off the end of the box model without
identifying at least one node to fire events at.
This resolves#2658
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
We were using integer multiplication rather than fixed-point
multiplication when calculating point sizes relative to the viewport.
This fixes that.
Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>