| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
ok so apparently you can leave out the semicolon, but *only* if the at
rule is at EOF
|
| |
|
|
|
| |
I'm not 100% content with this syntax either, but it's a significant
improvement over the previous solution.
|
| |
|
|
|
|
|
|
|
|
| |
Well, it's not much prettier... but it will be useful for keep-alive.
(Hopefully.)
Also, loader could now be locked down capsicum/pledge/seccomp, but I'm
not sure if there's a point. The biggest potential threat it faces is
cross-contamination of handles, and no amount of syscall filtering is
going to protect against that.
|
| | |
|
| | |
|
| |
|
|
| |
ref. https://todo.sr.ht/~bptato/chawan/43
|
| |
|
|
| |
Ugly, but works. I think.
|
| |
|
|
|
| |
Dump mode remains the same, except now it can be controlled in
config.toml as well.
|
| | |
|
| | |
|
| |
|
|
|
| |
They can be especially distracting when the rounding error fluctuates
between items.
|
| | |
|
| |
|
|
|
| |
This means we can now use about:downloads for downloads.
Plus it shaves off some ks from the distribution.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Particularly useful when debugging minified JS.
vi always wraps; the centering behavior is from vim.
|
| |
|
|
|
| |
I got tired of submodules.
This commit doesn't build; subtrees incoming...
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
and once again, there was light...
Well, it barely works, but it's enough to get colors back on most sites.
Nested variables aren't supported for now, and shorthand expansion only
"works" for `background' (it's a hack).
Props to the W3C for introducing the C preprocessor to CSS - I was
starting to confuse it with JSSS after calc().
|
| | |
|
| | |
|
| |
|
|
|
|
| |
We already need a camel -> kebab converter anyway.
Unfortunately this also changes JS binding names, so it's a breaking
change. Oh well.
|
| |
|
|
|
|
|
|
|
|
|
| |
Now we just pass through a socket created in pager.
This removes the need for a socket directory, and strengthens the buffer
sandbox slightly.
I've kept the ServerSocket code, because I want to add some form of RPC
and communication between separate instances in the future. However,
I don't expect this to be handled outside the main process, so I've
removed the Capsicum-specific connectat/bindat code.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, each message (load, resume, passFd, etc.) would open a new
connection to loader's UNIX socket, and assumed the loader was dead
when the loader did not respond (ECONNREFUSED).
As it turns out, this model was hopelessly broken: POSIX does not
specify when a UNIX socket can refuse connections, so while it happened
to work on Linux (which just blocks if it can't accept right now),
FreeBSD would randomly refuse connections whenever its listen queue was
full.
Instead, we now take a socketpair() from the loader in addClient, and
pass on one half to the client (the other half stays in loader); this is
the control stream, and all messages from the specific client are sent
through it. If a message includes a new stream (e.g. lcLoad), then it
sends a new socketpair through the control stream.
Aside from not being completely broken (and being marginally more
efficient), this arrangement has several other benefits: it removes the
need for authentication, almost removes the need for sockdir (now only
buffers use it), and will make it easier to add async message processing
in the future.
|
| | |
|
| |
|
|
|
|
|
|
| |
Only root blocks for now; for non-roots, you'd have to cache exclusions
too, and that is a fair bit harder.
It isn't very noticable as an optimization, but it's a good first step
towards a cached layout.
|
| |
|
|
|
|
| |
It works by emitting a base64 URI inside an img tag.
Very inefficient, but useful if no external viewer is set up
(e.g. over SSH).
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Mostly compatible with other browsers/tools that follow the
Netscape/curl format.
Cookie jars are represented by prepending "jar@" to the host part, but
*only* if the target jar is different than the domain. Hopefully, other
software at least does not choke on this convention. (At least curl
seems to simply ignore the entries.)
Also, I've moved cookies.nim to config so that code for local files
parsed at startup remains in one place.
|
| |
|
|
|
| |
"No CGI dir configured" is no longer a common case, so it's OK to just
return "CGI file not found".
|
| |
|
|
|
|
|
|
|
| |
Looking at it closer, this never actually did what it advertised to do.
It only affected first-party cookies from subdomains, but that has been
fixed; third-party cookies were never supported in the first place.
(In fact, even first-party cookies are still skipped unless directly
received on navigation. This should probably be fixed.)
|
| |
|
|
|
|
|
| |
It isn't really limited to config. It just happens to be in
XDG_CONFIG_HOME because XDG basedirs suck.
(W3M_DIR works similarly.)
|
| |
|
|
|
| |
Licenses now ordered by "explicitly PD", "PD-equivalent" and
"not PD-equivalent".
|
| |
|
|
| |
Respects autofocus.
|
| |
|
|
|
|
|
|
|
|
| |
For APIs that cannot be implemented in a privacy-friendly manner.
As a start, I've added accurate screen size queries; getComputedStyle,
getBoundingClientRect, etc. should follow. (We have a harmless
getComputedStyle already, but it's broken.)
Probably, things like JS-based scroll belong in here too, but I'm not
sure yet. (Perhaps autofocus should be reused instead?)
|
| |
|
|
|
| |
It's still missing a "color visited links" feature, but it's better
than nothing.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Only for SVG in image tags for now. Plus it comes with NanoSVG's
limitations, i.e. no text. Still, better than nothing.
I've gone through open tickets and PRs at upstream to check for known
security issues. As a recurring theme I found that parseTransform
fails to check the result of parseTransformArgs, so I fixed and
refactored that part. (Probably not a security issue, but still UB.)
Also, I've added a fix for an OOB read in parseColorRGB.
Future directions:
* replace nanosvgrast with our own rasterizer in canvas (will have to be
extended somewhat...)
* add text rendering (with unifont, which canvas already includes)
|
| | |
|
| |
|
|
|
|
|
|
| |
* correct action on M-b
* add external.bookmark option
* move openFileExpand functionality into unquote
* add menu items
* update docs
|
| |
|
|
|
|
|
|
| |
Both are quite useful.
readFile and writeFile got a small makeover in error handling; in
particular, readFile now returns null instead of the empty string when
the file is missing and writeFile throws a TypeError on I/O errors.
|
| |
|
|
|
|
|
|
| |
Cookie jar separation is already enough to mitigate tracking issues
in this case. (Also, the fact that third-party-cookie controlled this
made things even more confusing.)
Also, add the previously missing host-only flag.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the past, Chawan would read global mailcap (/etc/mailcap, ...) too,
but every now and then that would run entries that I didn't even know
existed and definitely didn't intend to run. So I changed it to only
use ~/.mailcap, but this meant users now had to add mailcap entries for
every single mime type.
At some point I also changed application/octet-stream to always save to
disk, which is usually nice except when a text file is misrecognized as
binary. Often times I just want to decide myself what to do.
So now there are two layers. First, the global mailcap files (path as
per RFC) prompt before executing. Then there is ~/.chawan/auto.mailcap
(or ~/.config/chawan/auto.mailcap) which runs entries automatically.
If you press shift before selecting an option in the prompt, the
corresponding entry gets copied to auto.mailcap. It's also possible to
type a new entry on the fly. Overall I think it's quite convenient.
One unfortunate side effect is that existing users will have to migrate
their entries to auto.mailcap, or redefine external.auto-mailcap to e.g.
~/.mailcap, but this seems acceptable.
|
| | |
|
| | |
|
| | |
|
| | |
|