Some servers (e.g. ec.europa.eu) close the TCP connection without
sending a TLS close_notify alert after responding with Connection: close.
BoringSSL treats this as a fatal error, which libcurl surfaces as
CURLE_RECV_ERROR. If we already received valid HTTP headers and the
response included Connection: close, the connection closure is the
expected end-of-body signal per HTTP/1.1 — treat it as success.
You can reproduce with
```
lightpanda fetch https://ec.europa.eu/commission/presscorner/detail/en/ip_26_614
```
We previously only supported an Element. null == viewport, but document means
the entire (scrollable) area, since we don't render anything, treating
document as null seems ok?
Create SubmitEvent type and use it in submitForm() so that
e.submitter is correctly set when requestSubmit(submitter) is called.
Fixes#1982
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
I've been thinking the implementation here is messy (ever since we added support for it) and thought it would be better to separate each algorithm to their respective files in order to maintain in a long run. `digest` is also refactored to prefer libcrypto instead of std.
There are a few things allowed in cross origin scripting, the most important
being window.postMessage and window.parent.
This commit changes window-returning functions (e.g. window.top, window.parent
iframe.contentWindow) from always returning a *Window, to conditionally
returning a *Window or a *CrossOriginWindow. The CrossOriginWindow only allows
a few methods (e.g. postMessage).
testing.async(...) is pretty lame. It works for simple cases, where the
microtask is very quickly resolved, but otherwise can't block the test from
exiting.
This adds an overload to testing.async and leverages the new Runner
https://github.com/lightpanda-io/browser/pull/1958 to "tick" until completion
(or timeout).
The overloaded version of testing.async() (called without a callback) will
increment a counter which is only decremented with the promise is resolved. The
test runner will now `tick` until the counter == 0.
URL.setPathname() inserted the value verbatim without percent-encoding,
so `url.pathname = "c d"` produced `http://a/c d` instead of
`http://a/c%20d`. This caused sites using URL polyfills (e.g. Angular's
polyfills bundle) to detect broken native URL support and fall back to a
polyfill that relies on HTMLInputElement.checkValidity(), which is not
implemented — crashing the entire app bootstrap.
`appendAllChildren` iterates through the children, but when a child is appended
it can mutate the DOM (only via a custom element connected callback AFAIK) which
can render the iterator invalid. Constantly get parent.firstChild() as the
target.
Enqueuing while processing the navigation queue is rare, but apparently can
happen. The most likely culprit is the microqueue task being processed which
enqueues a new navigation (e.g. when a promise resolves).
This was never well handled, with the possibility of a use-after-free or of
skipping the new navigation. This commit introduces a double queue, which is
swapped at the start of processing, so that we always have 1 list for queueing
new navigation requests, and one list that we're currently processing.
Address review feedback from @karlseguin:
1. Use Form.getElements() instead of manual TreeWalker for field
collection. This reuses NodeLive(.form) which handles fields
outside the <form> via the form="id" attribute per spec.
2. Add disabled detection: checks both the element's disabled
attribute and ancestor <fieldset disabled> (with first-legend
exemption per spec). Fields are flagged rather than excluded -
agents need visibility into disabled state.
3. allocator is now the first parameter in collectForms/helpers.
4. handleDetectForms returns InvalidParams on bad input instead
of silently swallowing parse errors.
5. Added tests for disabled fields, disabled fieldsets, and
external form fields via form="id".
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
