New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
constellation: crash to a new “sad tab” error page #30290
Conversation
For testing, it might be possible to have an iframe that calls window.trap() ( servo/components/script/dom/window.rs Line 1112 in c623ab9
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this change! This looks fine to me though I have a couple nit-picky comments.
This is interesting! std::intrinsics::trap and std::intrinsics::abort just kill the whole process, unless we are in multiprocess mode, but we can add a window.panic() function gated behind dom.servo_helpers.enabled. I’m not sure if the crash error page will count as cross-origin though, looking into it. |
<!-- tests/wpt/mozilla/tests/crash-page.sub.html -->
<iframe style=border:solid
src="{{location[scheme]}}://{{hosts[alt][]}}:{{location[port]}}/_mozilla/crash-page-inner.html">
</iframe>
<!-- tests/wpt/mozilla/tests/crash-page-inner.html -->
<script>panic()</script> When the iframe crashes, we close all of the pipelines under the top-level browsing context and navigate that, so the page containing the iframe is gone too. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! It sounds like testing this is tricky for now. Just a couple tiny comments:
Servo historically recovered from crashes by navigating forwards to an about:failure page, but we never got around to reimplementing about:failure in the fetch-based network stack, so it turned into an “Unexpected scheme” error.
That approach was less than ideal though, because navigating forwards trashes your forward history. Even if we were to navigate with replacement, the location bar would show “about:failure” instead of the original URL, and we would lose the original LoadData containing the request body and headers and so on. In both cases, it would be tricky to make the reload command work properly or add a reload button to the error page.
This patch replaces our use of about:failure with an error page that behaves similarly to a network error.
When the constellation detects a panic, we create a replacement pipeline as before, but we now reload the page in place with the same LoadData except with .crash set to the crash details. This gets plumbed through RequestBuilder and Request to the fetch code, which converts it to a NetworkError::Crash, which the HTML parser renders as a new kind of error page. The user can then view the reason and backtrace if any, and click a button to reload the page.
To test this manually, go to
data:text/html,<script>document.write()</script>
after applying the patch below:./mach build -d
does not report any errors./mach test-tidy
does not report any errors