dommy-rack 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a1a9aaa4ae2c0fcc61a4054b66fe4e9e9fadb65093acfa912c1b73a5216ac7be
-  data.tar.gz: 3ead606c9fc898c53aeb6e05222f0ddbf2c4c3f08a8ccce6e881867de537019d
+  metadata.gz: 9c964baa96ffd06e89b381a195f92728d59425d855c9eed0f2f60a901b405b82
+  data.tar.gz: 3883f5b58d4bc7817443486a46f597f4aa8204b4159f46e632fc998f084585d6
 SHA512:
-  metadata.gz: 1f5e7fb4b35c073c069812de208765c5ba7e3aaca832a8071d320a991cc2f215ecf6d27ccec6e87988719ede65550b4d0b8901810380428495427e8fa48b6716
-  data.tar.gz: 21f1916ec0327d598142776993685685d0257e76dfa4ac998556aa116819678e96ead4b1615e31cccab60c3645de34d29a8e46f1e42638528bf1bd89071520a1
+  metadata.gz: 6a342735719087256ae5ce571ec435b69b0a4e6ce264f400db0a6bc40baaa84cf36889769701ad32619d4694e0075e64e3dfe2bd3eaecffb84045bb66d85fd99
+  data.tar.gz: 7ed6fa76e4123a4bb13bdce963b2d657e58f6639c19c980952d42081d191e19356c7cdb9e9ae9781443afc83a3545c13798db339ffe247624f2970692269e40e

data/CHANGELOG.md

@@ -1,5 +1,28 @@
 # Changelog
 
+## 0.9.0 — 2026-06-22
+
+Versioned in lockstep with [`dommy`](https://github.com/takahashim/dommy) 0.9.0.
+Unlike previous releases, 0.9.0 carries real dommy-rack changes — driven by the
+new JS runtime, async subresource fetching, and the integrated trace.
+
+### Added
+- **Trace / observability:** a structured event timeline for `Dommy::Rack::Session`, emitted as NDJSON, with extracted DOM-mutation / param-filter views and DOM snapshots.
+- **Backend-agnostic `SessionRuntime`** that wires a JS runtime to a session (passing the session executor and window scheduler).
+- **Cookie persistence:** `Session#export_cookies` / `#import_cookies` (backed by `CookieJar#export` / `#import!`), preserving host-only scoping across a JSON round-trip so an embedder can persist a login across restarts.
+- **Subresource fetching & policy:**
+  - Off-thread subresource fetch via an injected executor (`network_executor:`), with observation posted back through the scheduler inbox; the synchronous default is unchanged. `external_network_pending?` supports async-load run loops.
+  - An opt-in cross-origin subresource allowlist on `Session`, plus an `:open` cross-origin subresource policy.
+  - An embedder `subresource_host_blocker` denylist hook, consulted before any fetch (even in `:open` mode); denied hosts are recorded in a distinct dropped bucket, never prompted.
+  - Concurrent prewarming of `<script src>` bundles before boot (gated on browser mode).
+- **CSS resources:** external `<link rel=stylesheet>` CSS is fetched and applied on navigation, and `@import` URLs are resolved through the app.
+- A thread-safe `CookieJar`; `HttpExchange` extracted as the per-request primitive.
+
+### Fixed
+- `js_errors` and `console` are cleared on page load (a browser's console clears on navigation).
+- GET/HEAD navigation params are folded into the URL query, so `current_url` reflects a submitted GET form.
+- Non-ASCII (IRI) URLs are percent-encoded before parsing.
+
 ## 0.8.0 — 2026-05-31
 
 Versioned in lockstep with [`dommy`](https://github.com/takahashim/dommy) 0.8.0.

data/TODO.md

@@ -0,0 +1,56 @@
+# TODO: dommy-rack 側で検討したい項目
+
+## フレーム window の同一性を保持する(再入時に同じ realm を返す)
+
+### 現状
+
+iframe を開くたびに、フレーム文書を**毎回 fetch して新しい Window/document を生成**している。
+フレームロード経路は 2 つあり、どちらも再 fetch する:
+
+- `Session#within_frame`（`lib/dommy/rack/session.rb:284`）
+  `frame_doc = fetch(resolve_document_url(src), headers: referer_headers).document`
+- capybara-dommy `Driver#load_frame`（`capybara-dommy/lib/capybara/dommy/driver.rb:235`）
+  `rack_session.fetch(url, headers: ...).document`
+
+そのため、同じ iframe に**別々の `within_frame` / `switch_to_frame` で再入する**と、
+document オブジェクトが毎回新規になる。
+
+### なぜ問題になり得るか
+
+dommy-js-quickjs の Capybara アダプタは「document → Runtime（= realm）」のマップで
+JS VM を管理している（各 window が独自のグローバル・リスナー・タイマーを持つ realm）。
+フレーム document が再入のたびに新規だと、**フレーム側に仕込んだ JS 状態が再入で失われる**。
+
+```ruby
+within_frame(:f) { execute_script('window.__x = 1') }
+within_frame(:f) { evaluate_script('window.__x') }   # → undefined（実ブラウザなら 1）
+```
+
+実ブラウザでは iframe の window は（リロードしない限り）再入でも保持されるので、これは差分。
+
+### 現時点で実害がない理由（=今やらない判断の根拠）
+
+- `within_frame` は**ブロックスコープ**。1 ブロック内では document が安定するので、
+  ブロックをまたがない限り状態は保持される。
+- トップ window の realm 状態は dommy-js-quickjs 側で保持済み
+  （フレーム往復後もトップのリスナーが発火することを確認済み）。これが本来直したかった回帰。
+- compliance の js グループはまだ未有効で、この差分を踏むテストは現状ゼロ。
+
+### 実装するときに必要なこと（簡単な一行修正ではない）
+
+1. **フレーム window レジストリ**を導入する（キー = iframe 要素 + src、値 = Window）。
+   現状フレームは「ステートレスな再 fetch」モデルなので、window 同一性という概念を新設することになる。
+2. **無効化を正しく設計する**（ここを誤ると「古いフレーム内容が残る」= 今より悪い後退になる）:
+   - 親ページのナビゲーション時（`on_document_loaded` はトップ用で、フレームキャッシュとは未連携）
+   - iframe の `src` 変更時
+   - iframe が DOM から切り離された時
+3. **2 つのフレームロード経路（`within_frame` と driver `load_frame`）を統一**する。
+   片方だけキャッシュ化すると不整合になる。
+4. history / origin など付随状態の扱い（cookie jar 共有は既存のまま）。
+
+### 結論
+
+「ステートレス再 fetch → ステートフルな永続 window」というモデル変更であり、無効化バグの
+リスクが高い。**需要が顕在化する前の投機的実装は避ける。** compliance の js グループで
+フレーム + JS のテストが実際にこれを要求した段階で、上記 1〜4 を設計して入れる。
+それまでは「フレーム realm の状態は `within_frame` ブロック内に閉じる」という制約を許容する。

data/lib/dommy/rack/cookie_jar.rb

@@ -16,6 +16,12 @@ module Dommy
 
       def initialize
         @entries = []
+        # The jar is shared between the page thread (document.cookie) and network
+        # worker threads (request Cookie headers + Set-Cookie storage), so every
+        # touch of @entries is guarded. The lock is held only around the array
+        # access (no I/O, no reentrancy into the jar), so it never serializes the
+        # blocking HTTP itself.
+        @mutex = Mutex.new
       end
 
       # Parse a single Set-Cookie header value and store the result.
@@ -24,10 +30,12 @@ module Dommy
         entry = parse_set_cookie(set_cookie_string, uri)
         return unless entry
 
-        if expired?(entry)
-          remove(entry.name, entry.domain, entry.path)
-        else
-          store_entry(entry)
+        @mutex.synchronize do
+          if expired?(entry)
+            remove(entry.name, entry.domain, entry.path)
+          else
+            store_entry(entry)
+          end
         end
       end
 
@@ -43,20 +51,43 @@ module Dommy
           http_only: http_only,
           host_only: domain.nil?
         )
-        store_entry(entry)
+        @mutex.synchronize { store_entry(entry) }
       end
 
       # First non-expired cookie value matching the name.
       def get(name)
-        @entries.find { |e| e.name == name.to_s && !expired?(e) }&.value
+        @mutex.synchronize { @entries.find { |e| e.name == name.to_s && !expired?(e) }&.value }
       end
 
       def clear
-        @entries = []
+        @mutex.synchronize { @entries = [] }
       end
 
       def all
-        @entries.reject { |e| expired?(e) }
+        @mutex.synchronize { @entries.reject { |e| expired?(e) } }
+      end
+
+      # Every non-expired cookie as a plain Hash (name/value/domain/path/expires/
+      # secure/http_only/host_only) — enough to round-trip the jar to disk and
+      # back via #import! without losing host-only scoping. `expires` is a Time or
+      # nil; the caller serializes it.
+      def export
+        all.map(&:to_h)
+      end
+
+      # Restore a cookie from an #export Hash, preserving host_only exactly (unlike
+      # #set!, which infers it). Skips an already-expired entry. Symbol- or
+      # string-keyed Hashes both work, so a JSON round-trip is fine.
+      def import!(attrs)
+        h = attrs.transform_keys(&:to_sym)
+        entry = CookieEntry.new(
+          name: h[:name].to_s, value: h[:value].to_s,
+          domain: h[:domain].to_s, path: (h[:path] || "/"),
+          expires: h[:expires], secure: !!h[:secure],
+          http_only: !!h[:http_only], host_only: !!h[:host_only]
+        )
+        @mutex.synchronize { store_entry(entry) unless expired?(entry) }
+        nil
       end
 
       # Build the Cookie request header value for the given URL, or "".
@@ -66,13 +97,16 @@ module Dommy
         host = uri.host.to_s.downcase
         path = uri.path.to_s.empty? ? "/" : uri.path
 
-        matches = @entries.reject { |e| expired?(e) }.select do |e|
-          domain_match?(e, host) &&
-            path_match?(e.path, path) &&
-            (!e.secure || secure_request)
+        matches = @mutex.synchronize do
+          @entries.reject { |e| expired?(e) }.select do |e|
+            domain_match?(e, host) &&
+              path_match?(e.path, path) &&
+              (!e.secure || secure_request)
+          end
         end
 
-        # More specific (longer) paths first, per RFC 6265.
+        # More specific (longer) paths first, per RFC 6265 (on the snapshot copy,
+        # outside the lock).
         matches.sort_by! { |e| -e.path.length }
         matches.map { |e| "#{e.name}=#{e.value}" }.join("; ")
       end

data/lib/dommy/rack/errors.rb

@@ -1,18 +1,22 @@
 # frozen_string_literal: true
 
+require "dommy"
+
 module Dommy
   module Rack
     class Error < StandardError; end
 
-    # Raised when a locator matches no element.
-    class ElementNotFoundError < Error; end
+    # Locating / ambiguity / file errors ARE the shared interaction errors, so a
+    # locator that finds nothing raises the same class whether driven by the
+    # Rack session or the standalone Browser. Aliased so existing
+    # `Dommy::Rack::X` call sites keep resolving.
+    ElementNotFoundError = Dommy::Interaction::ElementNotFoundError
+    AmbiguousElementError = Dommy::Interaction::AmbiguousElementError
+    FileNotFoundError = Dommy::Interaction::FileNotFoundError
 
     # Raised when an element cannot be clicked (e.g. a link with no href).
     class ElementNotClickableError < Error; end
 
-    # Raised when a locator matches more than one element.
-    class AmbiguousElementError < Error; end
-
     # Raised for hrefs that dommy-rack cannot navigate to (javascript:, mailto:, ...).
     class UnsupportedURLError < Error; end
 
@@ -27,8 +31,5 @@ module Dommy
 
     # Raised when a form is malformed or cannot be submitted.
     class InvalidFormError < Error; end
-
-    # Raised when a file to be uploaded does not exist.
-    class FileNotFoundError < Error; end
   end
 end

data/lib/dommy/rack/field_interactor.rb

@@ -1,81 +1,12 @@
 # frozen_string_literal: true
 
+require "dommy"
+
 module Dommy
   module Rack
-    # Drives form fields in the current document: fills text inputs, toggles
-    # radios / checkboxes, selects options, attaches files. Pure DOM mutation —
-    # it locates fields via a Locator and mutates the live Dommy elements, but
-    # issues no requests (Session turns a subsequent submit into navigation).
-    class FieldInteractor
-      def initialize(finder, document)
-        @finder = finder
-        @document = document
-      end
-
-      def fill_in(locator, with:)
-        field = @finder.find_field(locator)
-        field.value = with.to_s
-        field
-      end
-
-      def choose(locator)
-        radio = @finder.find_field(locator)
-        clear_radio_group(radio)
-        radio.checked = true
-        radio
-      end
-
-      def check(locator)
-        box = @finder.find_field(locator)
-        box.checked = true
-        box
-      end
-
-      def uncheck(locator)
-        box = @finder.find_field(locator)
-        box.checked = false
-        box
-      end
-
-      def attach_file(locator, path)
-        input = @finder.find_field(locator)
-        raise FileNotFoundError, "no such file: #{path}" unless ::File.exist?(path)
-
-        file = Dommy::File.new(
-          [::File.binread(path)], ::File.basename(path), "type" => FileUpload.mime_type_for(path)
-        )
-        input.__driver_set_files__([file])
-        input
-      end
-
-      def select(value, from:)
-        select_el = @finder.find_field(from)
-        option = @finder.find_option(select_el, value)
-        raise ElementNotFoundError, "no option #{value.inspect} in #{from.inspect}" unless option
-
-        select_el.options.each { |o| o.remove_attribute("selected") } unless select_el.multiple
-        option.set_attribute("selected", "")
-        select_el
-      end
-
-      def unselect(value, from:)
-        select_el = @finder.find_field(from)
-        option = @finder.find_option(select_el, value)
-        option&.remove_attribute("selected")
-        select_el
-      end
-
-      private
-
-      def clear_radio_group(radio)
-        name = radio.get_attribute("name")
-        return unless name
-
-        scope = radio.closest("form") || @document
-        scope.query_selector_all("input[type='radio']").each do |r|
-          r.checked = false if r.get_attribute("name") == name
-        end
-      end
-    end
+    # The field interactor now lives in dommy core
+    # (Dommy::Interaction::FieldInteractor), shared with the standalone Browser
+    # (it also fires input/change events now). Aliased here for existing refs.
+    FieldInteractor = Dommy::Interaction::FieldInteractor
   end
 end

data/lib/dommy/rack/form_submission.rb

@@ -1,272 +1,21 @@
 # frozen_string_literal: true
 
+require "dommy"
+
 module Dommy
   module Rack
-    # Collects successful form controls and resolves the effective method,
-    # action, and enctype for a form submission. Stateless given the form,
-    # submitter, and session config — it returns a plain data hash and does
-    # not make any requests itself.
-    class FormSubmission
-      FORM_URLENCODED = "application/x-www-form-urlencoded"
-      MULTIPART = "multipart/form-data"
-      OVERRIDE_METHODS = %w[PATCH PUT DELETE].freeze
-
+    # The form-serialization logic now lives in dommy core
+    # (Dommy::Interaction::FormSubmission). This thin subclass adapts the Rack
+    # session's `config` object to core's explicit method-override keywords, so
+    # existing `FormSubmission.new(form, submitter, config)` call sites and tests
+    # keep working.
+    class FormSubmission < Dommy::Interaction::FormSubmission
       def initialize(form, submitter, config)
-        @form = form
-        @submitter = submitter
-        @config = config
-      end
-
-      # Returns { method:, url:, params:, enctype: }.
-      def submit!
-        method = form_method
-        params = collect_params
-        method = apply_method_override(method, params)
-        params = apply_charset(params)
-
-        {
-          method: method,
-          url: resolve_action(form_method),
-          params: params,
-          enctype: form_enctype
-        }
-      end
-
-      private
-
-      def form_method
-        raw = (attr(@submitter, "formmethod") || attr(@form, "method")).to_s.upcase
-        %w[GET POST].include?(raw) ? raw : "GET"
-      end
-
-      def form_enctype
-        attr(@submitter, "formenctype") || attr(@form, "enctype") || FORM_URLENCODED
-      end
-
-      # For GET forms the action's existing query string is discarded and
-      # replaced by the form data; POST keeps it.
-      def resolve_action(method)
-        raw = (attr(@submitter, "formaction") || attr(@form, "action") || "").to_s
-        method == "GET" ? raw.split("?", 2).first.to_s : raw
-      end
-
-      # Returns ordered [name, value] pairs in document order. The clicked
-      # submitter is emitted at its document position; only if it isn't among
-      # the form's controls do we append it at the end.
-      def collect_params
-        pairs = []
-        submitter_emitted = false
-        controls.each do |el|
-          next if disabled?(el)
-
-          case el.tag_name
-          when "INPUT" then submitter_emitted = true if collect_input(el, pairs)
-          when "TEXTAREA" then collect_named(el, normalize_newlines(el.value.to_s), pairs)
-          when "SELECT" then collect_select(el, pairs)
-          when "BUTTON" then submitter_emitted = true if collect_button(el, pairs)
-          end
-        end
-        append_submitter(pairs) unless submitter_emitted
-        pairs
-      end
-
-      # Returns true when this input is the clicked submitter (and was emitted).
-      def collect_input(el, pairs)
-        type = el.type
-        if %w[submit image].include?(type)
-          return false unless submitter?(el)
-
-          emit_submitter(el, pairs)
-          return true
-        end
-        return false if %w[reset button].include?(type) # never submitted
-
-        case type
-        when "checkbox", "radio"
-          if el.checked
-            value = el.has_attribute?("value") ? el.get_attribute("value") : "on"
-            collect_named(el, value, pairs)
-          end
-        when "file"
-          collect_file(el, pairs)
-        else
-          collect_named(el, el.value.to_s, pairs)
-        end
-        false
-      end
-
-      # Only the clicked submitter button contributes its name/value.
-      def collect_button(el, pairs)
-        return false unless submitter?(el)
-
-        emit_submitter(el, pairs)
-        true
-      end
-
-      def submitter?(el)
-        @submitter && el.__dommy_backend_node__.equal?(@submitter.__dommy_backend_node__)
-      end
-
-      # Each File becomes its own entry. An empty file input still
-      # contributes an empty File so the field name survives (HTML spec).
-      def collect_file(el, pairs)
-        name = attr(el, "name")
-        return if blank?(name)
-
-        files = el.respond_to?(:files) ? el.files : nil
-
-        unless multipart?
-          # Non-multipart forms submit only the file's basename, per browsers.
-          filename = files && !files.empty? ? files.first.name.to_s : ""
-          pairs << [name, ::File.basename(filename)]
-          return
-        end
-
-        if files && !files.empty?
-          files.each { |file| pairs << [name, file] }
-        else
-          pairs << [name, Dommy::File.new([], "", "type" => "application/octet-stream")]
-        end
-      end
-
-      def multipart?
-        form_enctype == MULTIPART
-      end
-
-      def collect_select(el, pairs)
-        name = attr(el, "name")
-        return if blank?(name)
-
-        each_node(el.selected_options) do |option|
-          pairs << [name, option.value.to_s]
-        end
-      end
-
-      # Browsers submit textarea values with CRLF line endings.
-      def normalize_newlines(value)
-        value.gsub(/\r\n|\r|\n/, "\r\n")
-      end
-
-      def collect_named(el, value, pairs)
-        name = attr(el, "name")
-        pairs << [name, value] unless blank?(name)
-      end
-
-      # Fallback when the submitter is not among the form's controls.
-      def append_submitter(pairs)
-        return unless @submitter
-
-        emit_submitter(@submitter, pairs)
-      end
-
-      # The submitter's name/value (or image coordinates) join the form data.
-      # `formaction`/`formmethod`/`formenctype` are honored elsewhere;
-      # `formtarget` is ignored (single session, like `target`) and
-      # `formnovalidate` is moot (dommy-rack runs no client-side validation).
-      def emit_submitter(el, pairs)
-        if image_submitter?(el)
-          # Image buttons submit click coordinates. With no layout we use 0,0.
-          prefix = blank?(attr(el, "name")) ? "" : "#{attr(el, "name")}."
-          pairs << ["#{prefix}x", "0"]
-          pairs << ["#{prefix}y", "0"]
-          return
-        end
-
-        name = attr(el, "name")
-        return if blank?(name)
-
-        pairs << [name, attr(el, "value") || ""]
-      end
-
-      def image_submitter?(el)
-        el.tag_name == "INPUT" && el.type == "image"
-      end
-
-      # Honor the form's accept-charset by encoding string values into the
-      # requested charset's bytes; urlencoding/multipart then carries them
-      # verbatim. Names are assumed ASCII. UTF-8 (the default) is a no-op.
-      def apply_charset(pairs)
-        charset = form_charset
-        return pairs if charset.nil? || charset == Encoding::UTF_8
-
-        pairs.map { |name, value| [name, encode_in(value, charset)] }
-      end
-
-      def form_charset
-        raw = attr(@form, "accept-charset").to_s
-        token = raw.split(/[\s,]+/).find { |t| !t.empty? }
-        return nil unless token
-
-        begin
-          Encoding.find(token)
-        rescue ArgumentError
-          nil
-        end
-      end
-
-      def encode_in(value, charset)
-        case value
-        when Array then value.map { |v| encode_in(v, charset) }
-        when String then encode_string(value, charset)
-        else value # File/Blob pass through unchanged
-        end
-      end
-
-      def encode_string(value, charset)
-        value.encode(charset).b
-      rescue Encoding::UndefinedConversionError, Encoding::InvalidByteSequenceError
-        value
-      end
-
-      def apply_method_override(method, pairs)
-        return method unless method == "POST" && @config.respect_method_override
-
-        index = pairs.index { |name, _| name == @config.method_override_param }
-        return method unless index
-
-        override = pairs.delete_at(index)[1]
-        candidate = override.to_s.upcase
-        OVERRIDE_METHODS.include?(candidate) ? candidate : method
-      end
-
-      # All controls belonging to this form, in document order: descendants
-      # without a `form` attribute, plus any element anywhere associated to
-      # this form by `form="<this form's id>"`. Scanning the whole document
-      # once keeps them in document order (matters for param ordering).
-      def controls
-        form_id = attr(@form, "id")
-        @form.document.query_selector_all("input, textarea, select, button").select do |el|
-          if el.has_attribute?("form")
-            !blank?(form_id) && el.get_attribute("form") == form_id
-          else
-            el.closest("form")&.equal?(@form)
-          end
-        end
-      end
-
-      # A control is unsuccessful if it or an ancestor <fieldset> is disabled.
-      def disabled?(el)
-        return true if el.has_attribute?("disabled")
-
-        fieldset = el.closest("fieldset")
-        fieldset ? fieldset.has_attribute?("disabled") : false
-      end
-
-
-      def attr(el, name)
-        el&.get_attribute(name)
-      end
-
-      def blank?(value)
-        value.nil? || value.empty?
-      end
-
-      def each_node(collection)
-        if collection.respond_to?(:each)
-          collection.each { |node| yield node }
-        else
-          collection.length.times { |i| yield collection.item(i) }
-        end
+        super(
+          form, submitter,
+          respect_method_override: config.respect_method_override,
+          method_override_param: config.method_override_param
+        )
       end
     end
   end

data/lib/dommy/rack/header_store.rb

@@ -19,6 +19,15 @@ module Dommy
       # A copy of the stored headers. Mutate via #set / #delete.
       def to_h = @headers.dup
 
+      # A detached HeaderStore with the same headers, safe to hand to a network
+      # worker thread: it owns its own state (no shared mutation with the page's
+      # store) and keeps the case-insensitive #merge a plain Hash would lose.
+      def snapshot
+        copy = HeaderStore.new
+        @headers.each { |name, value| copy.set(name, value) }
+        copy
+      end
+
       def set(name, value)
         @headers[name.to_s] = value.to_s
         self