| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* fix header case sensitivity issues
-> probably still wrong as it discards the original
casing. better than nothing, anyway
* fix fulfill on generic promises
* support standard open() async parameter weirdness
* refactor loader response body reading (so bodyRead is no longer
mandatory)
* actually read response body
still missing: response body getters
|
| |
|
|
| |
Dispatch manually with fromJS instead.
|
| |
|
|
| |
+ slightly optimize getContentType
|
| |
|
|
| |
Nim 1.6 does not like it.
|
| |
|
|
| |
called on armhf
|
| | |
|
| |
|
|
| |
was only used by the PNG decoder which got replaced by stbi
|
| |
|
|
|
|
|
| |
* cssvalues, twtstr: unify enum parsing code paths, parse enums by
bisearch instead of hash tables
* mediaquery: refactor (long overdue), fix range comparison syntax
parsing, make ident comparisons case-insensitive (as they should be)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* buffer, pager, config: add meta-refresh value, which makes it possible
to follow http-equiv=refresh META tags.
* config: clean up redundant format mode parser
* timeout: accept varargs for params to pass on to functions
* pager: add "options" dict to JS gotoURL
* twtstr: remove redundant startsWithNoCase
|
| |
|
|
|
|
| |
* fix various parsing bugs
* rewrite state machine
* other small optimizations
|
| |
|
|
|
| |
Still not perfect, because it crashes on missing /tmp dir so you have to
manually set it...
|
| | |
|
| | |
|
| |
|
|
| |
and enable it by default.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Saves bandwidth; it's especially useful over SSH. Still not sure if this
is the right solution, since it now needs two select cycles instead
of one, and it does yet another copy of the image. (Unnecessarily,
because stbi cannot stream its output, and stbiw cannot stream its
input.)
Also, to save memory, we now discard decoded images of buffers that are
not being viewed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* resize images with stb_image_resize
* use tee for output handle redirection (redirectToFile blocks)
* cache original image files
* accept lseek in sandbox
* misc stbi fixes
For now, I just pulled in stb_image_resize v1. v2 is an extra 150K in
size, not sure if it's worth the cost. (Either way, we can always switch
later if needed, since the API is almost the same.)
Next step: move sixel/kitty encoders to CGI, and cache their output in
memory instead of the intermediate RGBA representation.
|
| |
|
|
|
|
|
| |
Now we have decoders for gif, jpeg, bmp. Also, the in-house PNG decoder
has been replaced in favor of the stbi implementation; this means we
no longer depend on zlib, since stbi comes with a built in inflate
implementation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* multi-processed and sandboxed PNG decoding & encoding (through local
CGI)
* improved request body passing (including support for output id as
response body)
* simplified & faster blob()/text() - now every request starts
suspended, and OngoingData.buf has been replaced with loader's
buffering capability
* image caching: we no longer pull bitmaps from the container after
every single getLines call
Next steps: replace our bespoke PNG decoder with something more usable,
add other decoders, and make them stream.
|
| |
|
|
| |
Operation "modularize Chawan somewhat" part 3
|
| | |
|
| |
|
|
| |
seems to get called for signal handlers
|
| |
|
|
|
|
|
| |
* make Client an instance of Window (for less special casing)
* misc work on Request & fetch
* improve origin comparison (opaque origins of same URLs are now
considered the same)
|
| | |
|
| |
|
|
|
|
|
| |
* add $LOGNAME to the tmp directory name, so that tmpdirs of separate
users don't conflict
* use separate directory for sockets, so that we do not have to give
buffers access to all cached pages
|
| |
|
|
|
|
| |
Use a LUContext to only load required CharRanges once per pager.
Also, add kana & hangul vi word break categories for convenience.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using the built-in (and outdated, and buggy) tables, we now
use libunicode from QJS. This shaves some bytes off the executable,
though far less than I had imagined it would.
Also, a surprising effect of this change: because libunicode's tables
aren't glitched out, kanji properly gets classified as alpha. I found
this greatly annoying because `w' in Japanese text would now jump
through whole sentences. As a band-aid solution I added an extra
Han category, but I wish we had a more robust solution that could
differentiate between *all* scripts.
TODO: I suspect that separately loading the tables for every rune in
breaksViWordCat is rather inefficient. Using some context object (at
least per operation) would probably be beneficial.
|
| | |
|
| |
|
|
| |
openssl needs it
|
| |
|
|
|
| |
Unsigned operations and conversions to unsigned types always wrap/narrow
without checks, so no need to manually mask/cast/etc. them.
|
| |
|
|
|
|
|
|
|
|
| |
std's version is known to be broken on versions we still support, and it
makes no sense to use different decoders anyway.
(This does introduce a bit of a dependency hell, because js/base64
depends on js/javascript which tries to bring in the entire QuickJS
runtime. So we move that out into twtstr, and manually convert a
Result[string, string] to DOMException in js/base64.)
|
| |
|
|
|
| |
We no longer modify the file system inside the sandbox, so this
permission is simply not needed.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This fixes setTimeout/setInterval causing crashes.
Note: timerfd_gettime is not actually used by Nim right now.
However, it seems like a good idea to add it to the set in case a
future Nim version needs it, as it does no harm.
We still do not allow signalfd, because it would let rogue buffers
override our SIGSYS handler. (Not sure if this really matters, but
we don't need it for now anyway.)
|
| |
|
|
|
|
|
|
|
| |
glibc apparently calls fstat from fread, and we didn't allow it in
seccomp. So:
* allow fstat in the sandbox; no reason not to, and it seems too big of
a footgun to assume we never call fread
* use read(2) in http; no need for buffered i/o here
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* do not use std's parse*Int; they accept weird stuff that we do not
want to accept in any case
* fix bug in parseHost where a parseIpv4 failure would result in an
empty host
* do not use isDigit, isAlphaAscii
* improve parse*IntImpl error handling
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We use libseccomp, which is now a semi-mandatory dependency on Linux.
(You can still build without it, but only if you pass a scary long flag
to make.)
For this to work I had to disable getTimezoneOffset, which would
otherwise call localtime_r which in turn reads in some files from
/usr/share/zoneinfo. To allow this we would have to give unrestricted
openat(2) access to buffer processes, which is unacceptable.
(Giving websites access to the local timezone is a fingerprinting vector
so if this ever gets fixed then it should be an opt-in config setting.)
This patch also includes misc fixes to buffer cloning, and fixes the
LIBEXECDIR override in the makefile so that it is actually useful.
|
| | |
|
| |
|
|
|
|
| |
* separate params with ; (semicolon) instead of , (colon)
* reduce screaming snake case use
* wrap long lines
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I wish they didn't change this. unsafeAddr may be a confusing name,
but it's more powerful than addr. Merging them violates the principle
of least power.
e.g. say I get n thru a param, and shadow it
proc x(n: int) =
var n = n + 1
a screen or two later I call
mutates_variable_in_c(addr i)
then later I no longer need to add 1, so I remove the var line.
In Nim 1.6 the compiler refuses to compile, I can instantly find the
bug. In 2.0 it does... whatever?? Maybe for an int it "works", for an
object it likely doesn't. Certainly not something I'd enjoy debugging.
|
| | |
|
| |
|
|
| |
it's a waste of space; we don't use these *that* much.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
pledge is a bit more fine-grained than Capsicum's capability mode,
so the buffer & http ("network") sandboxes are now split up into
two parts.
I applied the same hack as in FreeBSD for overriding the buffer
selector kqueue, because a) I didn't want to request sysctl promise
b) I'm not sure if it would even work and c) if it breaks on OpenBSD,
then it's broken on FreeBSD too, so there's a greater chance of
discovering the bug.
|
| |
|
|
|
|
|
| |
Use content type attributes so e.g. git.cgi can set the title even with
a text/x-ansi content type.
(This commit also fixes some bugs in content type attribute handling.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It's the sandboxing system of FreeBSD. Quite pleasant to work with.
(Just trying to figure out the basics with this one before tackling the
abomination that is seccomp.)
Indeed, the only non-trivial part was getting newSelector to work with
Capsicum. Long story short it doesn't, so we use an ugly pointer cast +
assignment. But even that is stdlib's "fault", not Capsicum's.
This also gets rid of that ugly SocketPath global.
|
| |
|
|
|
|
| |
Better (and simpler) than storing them all over the place.
extra: change lmDownload text to match w3m
|
| |
|
|
|
| |
this is unfortunately truncated on Linux, but I don't care enough to
hack around this
|