feat: improve text selection performance and safety

Author: franzos

litehtml-sys/csrc/litehtml_c.cpp

@@ -1260,6 +1260,30 @@ void lh_element_get_inline_box_at(lh_element_t* el, int index, lh_position_t* po
     *pos = to_c(box);
 }
 
+void lh_element_get_inline_boxes(lh_element_t* el, lh_inline_box_callback cb, void* ctx)
+{
+    if (!el || !cb) return;
+    auto* elem = reinterpret_cast<litehtml::element*>(el);
+    auto ri = elem->get_render_item();
+    if (!ri) return;
+
+    litehtml::position::vector boxes;
+    ri->get_inline_boxes(boxes);
+    if (boxes.empty()) return;
+
+    float ox, oy;
+    compute_ri_offset(ri, ox, oy);
+
+    for (const auto& box_ : boxes)
+    {
+        litehtml::position abs = box_;
+        abs.x += ox;
+        abs.y += oy;
+        lh_position_t pos = to_c(abs);
+        cb(&pos, ctx);
+    }
+}
+
 int lh_element_get_text_align(lh_element_t* el)
 {
     if (!el) return 0;

litehtml-sys/csrc/litehtml_c.h

@@ -376,6 +376,11 @@ int lh_element_get_inline_boxes_count(lh_element_t* el);
 /* Get the i-th inline box in absolute document coordinates. */
 void lh_element_get_inline_box_at(lh_element_t* el, int index, lh_position_t* pos);
 
+/* Get all inline boxes in one call via callback. Avoids recomputing boxes N+1 times.
+   The callback receives each box in absolute document coordinates plus a user context. */
+typedef void (*lh_inline_box_callback)(const lh_position_t* pos, void* ctx);
+void lh_element_get_inline_boxes(lh_element_t* el, lh_inline_box_callback cb, void* ctx);
+
 /* Get the computed text-align value (0=left, 1=right, 2=center, 3=justify). */
 int lh_element_get_text_align(lh_element_t* el);
 

litehtml/examples/render.rs

@@ -80,7 +80,7 @@ fn main() {
         }
     };
 
-    let mut selection = Selection::new();
+    let mut selection = Selection::for_document(&doc);
     let mut selection_rects: Vec<Position> = Vec::new();
     let mut mouse_was_down = false;
     let mut drag_origin: Option<(f32, f32)> = None;

litehtml/src/lib.rs

@@ -1788,9 +1788,30 @@ impl<'a> Element<'a> {
     }
 
     /// All per-line inline boxes in absolute document coordinates.
+    ///
+    /// Uses a single C call with a callback to avoid recomputing boxes N+1 times
+    /// (which the count+index pattern would do).
     pub fn inline_boxes(&self) -> Vec<Position> {
-        let count = self.inline_boxes_count();
-        (0..count).filter_map(|i| self.inline_box_at(i)).collect()
+        unsafe extern "C" fn collect_box(
+            pos: *const sys::lh_position_t,
+            ctx: *mut std::ffi::c_void,
+        ) {
+            if pos.is_null() || ctx.is_null() {
+                return;
+            }
+            let out = &mut *(ctx as *mut Vec<Position>);
+            out.push(Position::from(*pos));
+        }
+
+        let mut result: Vec<Position> = Vec::new();
+        unsafe {
+            sys::lh_element_get_inline_boxes(
+                self.ptr,
+                Some(collect_box),
+                &mut result as *mut Vec<Position> as *mut std::ffi::c_void,
+            );
+        }
+        result
     }
 
     /// Computed text-align: 0=left, 1=right, 2=center, 3=justify.

litehtml/src/selection.rs

@@ -53,27 +53,50 @@ impl SelectionEndpoint {
     }
 }
 
+/// Cached result of a document-order comparison between two elements.
+#[derive(Clone)]
+struct OrderCache {
+    a: *mut crate::sys::lh_element_t,
+    b: *mut crate::sys::lh_element_t,
+    a_before_b: bool,
+}
+
 /// Text selection state for a litehtml document.
 ///
-/// Holds the start and end endpoints of a selection, plus cached highlight
-/// rectangles. Endpoints contain raw element pointers valid while the parent
-/// `Document` is alive — the caller must ensure the document outlives this struct.
-pub struct Selection {
+/// The `'doc` lifetime ties this selection to its parent [`Document`], preventing
+/// use-after-free if the document is dropped while the selection holds element
+/// pointers. Use [`Selection::for_document`] to create a lifetime-bound selection.
+pub struct Selection<'doc> {
     start: Option<SelectionEndpoint>,
     end: Option<SelectionEndpoint>,
     rectangles: Vec<Position>,
+    order_cache: Option<OrderCache>,
+    _doc: PhantomData<&'doc ()>,
 }
 
-impl Selection {
-    /// Create an empty (inactive) selection.
+impl<'doc> Selection<'doc> {
+    /// Create an empty (inactive) selection without lifetime enforcement.
+    ///
+    /// Prefer [`Selection::for_document`] to tie the selection lifetime to
+    /// a specific document, preventing use-after-free at compile time.
     pub fn new() -> Self {
         Self {
             start: None,
             end: None,
             rectangles: Vec::new(),
+            order_cache: None,
+            _doc: PhantomData,
         }
     }
 
+    /// Create an empty selection tied to a document's lifetime.
+    ///
+    /// The returned `Selection` cannot outlive `doc`, enforced by the compiler.
+    /// The document is NOT borrowed persistently — only the lifetime is captured.
+    pub fn for_document(_doc: &'doc Document<'_>) -> Self {
+        Self::new()
+    }
+
     /// Begin a selection at document coordinates `(x, y)`.
     ///
     /// `measure_text` should return the pixel width of a string rendered with
@@ -119,6 +142,7 @@ impl Selection {
         self.start = None;
         self.end = None;
         self.rectangles.clear();
+        self.order_cache = None;
     }
 
     /// Returns `true` if there is an active selection with both start and end.
@@ -133,8 +157,8 @@ impl Selection {
         let start = self.start.as_ref()?;
         let end = self.end.as_ref()?;
 
-        // Normalize into document order
-        let (first, second) = normalize_endpoints(start, end);
+        // Normalize into document order (use cache if available)
+        let (first, second) = normalize_endpoints(start, end, &self.order_cache);
         let first_el = first.element();
         let second_el = second.element();
 
@@ -183,8 +207,24 @@ impl Selection {
             _ => return,
         };
 
+        // Update order cache if endpoints changed
+        if start.element != end.element {
+            let needs_update = self
+                .order_cache
+                .as_ref()
+                .map_or(true, |c| c.a != start.element || c.b != end.element);
+            if needs_update {
+                let a_before_b = is_before(&start.element(), &end.element());
+                self.order_cache = Some(OrderCache {
+                    a: start.element,
+                    b: end.element,
+                    a_before_b,
+                });
+            }
+        }
+
         // Normalize into document order
-        let (first, second) = normalize_endpoints(start, end);
+        let (first, second) = normalize_endpoints(start, end, &self.order_cache);
 
         if first.element == second.element {
             let el = first.element();
@@ -234,7 +274,7 @@ impl Selection {
     }
 }
 
-impl Default for Selection {
+impl Default for Selection<'_> {
     fn default() -> Self {
         Self::new()
     }
@@ -261,20 +301,29 @@ fn is_before(a: &Element<'_>, b: &Element<'_>) -> bool {
 }
 
 /// Normalize user-order endpoints into document order: returns (first, second).
+///
+/// Uses the cached order result when available to avoid repeated DOM walks.
 fn normalize_endpoints<'a>(
     a: &'a SelectionEndpoint,
     b: &'a SelectionEndpoint,
+    cache: &Option<OrderCache>,
 ) -> (&'a SelectionEndpoint, &'a SelectionEndpoint) {
     if a.element == b.element {
         if a.char_index <= b.char_index {
             (a, b)
         } else {
             (b, a)
         }
-    } else if is_before(&a.element(), &b.element()) {
-        (a, b)
     } else {
-        (b, a)
+        let a_before_b = cache
+            .as_ref()
+            .filter(|c| c.a == a.element && c.b == b.element)
+            .map_or_else(|| is_before(&a.element(), &b.element()), |c| c.a_before_b);
+        if a_before_b {
+            (a, b)
+        } else {
+            (b, a)
+        }
     }
 }
 
@@ -346,6 +395,8 @@ fn hit_test_char(
 
 /// Find which character index corresponds to pixel offset `target_x` within
 /// the given text rendered with `font`.
+///
+/// Builds the prefix string incrementally to avoid O(n) allocations per call.
 fn find_char_at_x(
     measure_text: &MeasureTextFn<'_>,
     text: &str,
@@ -356,21 +407,23 @@ fn find_char_at_x(
         return 0;
     }
 
-    let chars: Vec<char> = text.chars().collect();
+    let mut prefix = String::with_capacity(text.len());
     let mut prev_width = 0.0f32;
+    let mut count = 0;
 
-    for i in 0..chars.len() {
-        let prefix: String = chars[..=i].iter().collect();
+    for ch in text.chars() {
+        prefix.push(ch);
+        count += 1;
         let width = measure_text(&prefix, font);
         let midpoint = (prev_width + width) / 2.0;
 
         if target_x < midpoint {
-            return i;
+            return count - 1;
         }
         prev_width = width;
     }
 
-    chars.len()
+    count
 }
 
 // ---------------------------------------------------------------------------
@@ -482,12 +535,18 @@ fn closest_text_leaf<'a>(el: &Element<'a>, target_x: f32, target_y: f32) -> Opti
         .map(|(el, _)| el)
 }
 
+/// Maximum ancestor levels to traverse before giving up.
+/// Prevents infinite loops on malformed DOMs.
+const MAX_TREE_DEPTH: usize = 256;
+
 /// Walk to the next text leaf after `el`, stopping before `stop`.
 /// Walks up to the parent, then to the next sibling, then descends.
+/// Gives up after [`MAX_TREE_DEPTH`] ancestor levels to guard against
+/// malformed or extremely deep DOMs.
 fn next_text_leaf<'a>(el: &Element<'a>, stop: &Element<'a>) -> Option<Element<'a>> {
     let mut current_ptr = el.as_ptr();
 
-    loop {
+    for _ in 0..MAX_TREE_DEPTH {
         let current = Element {
             ptr: current_ptr,
             _phantom: PhantomData,
@@ -525,6 +584,8 @@ fn next_text_leaf<'a>(el: &Element<'a>, stop: &Element<'a>) -> Option<Element<'a
         // No more siblings at this level, walk up
         current_ptr = parent.as_ptr();
     }
+
+    None
 }
 
 // ---------------------------------------------------------------------------