PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspen...
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-20  Chris Dumez  <cdumez@apple.com>
2
3         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
4         https://bugs.webkit.org/show_bug.cgi?id=159962
5         <rdar://problem/21439264>
6
7         Reviewed by David Kilzer.
8
9         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
10         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
11         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
12         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
13         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
14         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
15         ResourceLoadSuspender object is alive.
16
17         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
18         the style resolver.
19
20         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
21         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
22         is better because it manages a resolutionNestingDepth counter internally to make sure
23         it only calls LoaderStrategy::resumePendingRequests() once all
24         PostResolutionCallbackDisabler instances are destroyed.
25
26         No new tests, there is no easy way to reproduce the crashes.
27
28         * dom/Document.cpp:
29         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
30         * loader/LoaderStrategy.cpp:
31         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
32         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
33         * loader/LoaderStrategy.h:
34
35 2016-07-19  Youenn Fablet  <youenn@apple.com>
36
37         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
38         https://bugs.webkit.org/show_bug.cgi?id=159932
39
40         Reviewed by Alex Christensen.
41
42         Covered by existing tests.
43
44         Refactoring Headers initializeWith to use the new built-in internal that implements
45         https://fetch.spec.whatwg.org/#concept-headers-fill.
46
47         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
48         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
49
50         * CMakeLists.txt: Adding FetchHeadersInternals.js
51         * DerivedSources.make: Ditto.
52         * Modules/fetch/FetchHeaders.js:
53         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
54         * Modules/fetch/FetchInternals.js: Added.
55         (fillFetchHeaders):
56         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
57         that the checks are done in the order defined by the spec.
58         (WebCore::FetchResponse::setStatus):
59         (WebCore::FetchResponse::initializeWith):
60         (WebCore::isNullBodyStatus): Deleted.
61         * Modules/fetch/FetchResponse.h:
62         * Modules/fetch/FetchResponse.idl:
63         * Modules/fetch/FetchResponse.js:
64         (initializeFetchResponse): New built-in internal.
65         * WebCore.xcodeproj/project.pbxproj:
66         * bindings/js/WebCoreBuiltinNames.h:
67
68 2016-07-19  Chris Dumez  <cdumez@apple.com>
69
70         Fix null handling of SVGScriptElement.type attribute
71         https://bugs.webkit.org/show_bug.cgi?id=159927
72
73         Reviewed by Benjamin Poulain.
74
75         Fix null handling of SVGScriptElement.type attribute:
76         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
77
78         We were treating null as the null String which would end up removing
79         the 'type' content attribute. However, we should treat null as the
80         String "null".
81
82         Firefox and Chrome match the specification.
83
84         No new tests, updated existing test.
85
86         * svg/SVGScriptElement.idl:
87
88 2016-07-19  Chris Dumez  <cdumez@apple.com>
89
90         Fix null handling of several HTMLDocument attributes
91         https://bugs.webkit.org/show_bug.cgi?id=159923
92
93         Reviewed by Benjamin Poulain.
94
95         Fix null handling of several HTMLDocument attributes:
96         - https://html.spec.whatwg.org/multipage/dom.html#document
97         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
98
99         In particular, null handling was incorrect in WebKit for 'dir',
100         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
101
102         Firefox and Chrome match the specification.
103
104         Test: fast/dom/HTMLDocument/null-handling.html
105
106         * html/HTMLDocument.idl:
107
108 2016-07-19  Chris Dumez  <cdumez@apple.com>
109
110         Document.createElementNS() / createAttributeNS() parameters should be mandatory
111         https://bugs.webkit.org/show_bug.cgi?id=159938
112
113         Reviewed by Benjamin Poulain.
114
115         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
116         - https://dom.spec.whatwg.org/#document
117
118         They were optional in WebKit. However, Firefox and Chrome both match the
119         specification.
120
121         No new tests, rebaselined existing tests.
122
123         * dom/Document.idl:
124
125 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
126
127         Use getElementById for attribute matching if the attribute name is html's id
128         https://bugs.webkit.org/show_bug.cgi?id=159960
129
130         Reviewed by Chris Dumez.
131
132         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
133         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
134
135         If we are not in quirks mode, IdForStyleResolution has the same value
136         as the Id attribute. We can use the same optimization for both cases.
137
138         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
139                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
140
141         * dom/SelectorQuery.cpp:
142         (WebCore::canBeUsedForIdFastPath):
143         (WebCore::findIdMatchingType):
144         (WebCore::SelectorDataList::SelectorDataList):
145         (WebCore::selectorForIdLookup):
146         (WebCore::filterRootById):
147
148 2016-07-19  Chris Dumez  <cdumez@apple.com>
149
150         Drop SVGElement.xmlbase attribute
151         https://bugs.webkit.org/show_bug.cgi?id=159926
152
153         Reviewed by Benjamin Poulain.
154
155         Drop SVGElement.xmlbase attribute as it is no longer part of the
156         specification:
157         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
158
159         Both Firefox and Chrome have already dropped support for
160         SVGElement.xmlbase.
161
162         Chrome's intent to remove:
163         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
164
165         Test: svg/dom/SVGElement-xmlbase.html
166
167         * svg/SVGElement.cpp:
168         (WebCore::SVGElement::removedFrom): Deleted.
169         * svg/SVGElement.h:
170         * svg/SVGElement.idl:
171
172 2016-07-19  Chris Dumez  <cdumez@apple.com>
173
174         Align CSSStyleDeclaration.setProperty() with the specification
175         https://bugs.webkit.org/show_bug.cgi?id=159955
176
177         Reviewed by Benjamin Poulain.
178
179         Align CSSStyleDeclaration.setProperty() with the specification:
180         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
181
182         In particular, the following changes were needed:
183         1. The 'value' parameter should not be optional
184         2. The 'priority' parameter should treat null as the empty string
185            rather than the string "null".
186         3. The 'priority' parameter's default value should be the empty string,
187            not the string "undefined".
188         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
189            is not the empty string and is not an ASCII case-insensitive match
190            for the string "important".
191
192         Chrome matches the specification entirely.
193         Firefox matches the specification with the exception that it does a
194         case-sensitive match for "important".
195
196         Test: fast/css/CSSStyleDeclaration-setProperty.html
197
198         * css/CSSStyleDeclaration.idl:
199         * css/PropertySetCSSStyleDeclaration.cpp:
200         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
201
202 2016-07-19  Daniel Bates  <dabates@apple.com>
203
204         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
205         https://bugs.webkit.org/show_bug.cgi?id=159841
206         <rdar://problem/27381684>
207
208         Reviewed by Brent Fulgham.
209
210         Implement a first pass at sending multiple violation reports so as to more closely
211         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
212         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
213
214         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
215                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
216                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
217                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
218                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
219                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
220                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
221                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
222                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
223                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
224                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
225                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
226                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
227                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
228                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
229                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
230                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
231                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
232                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
233                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
234                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
235                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
236                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
237                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
238                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
239                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
240
241         * page/csp/ContentSecurityPolicy.cpp:
242         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
243         is allowed by all of the policies with the specified disposition.
244         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
245         all of the enforced policies.
246         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
247         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
248         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
249         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
250         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
251         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
252         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
253         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
254         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
255         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
256         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
257         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
258         report-only policies so that we only allow the resource for the former. As a side effect of this change
259         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
260         for more details.
261         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
262         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
263         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
264         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
265         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
266         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
267         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
268         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
269         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
270         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
271         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
272         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
273         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
274         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
275         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
276         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
277         * page/csp/ContentSecurityPolicy.h:
278         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
279
280 2016-07-19  Chris Dumez  <cdumez@apple.com>
281
282         Fix null handling of HTMLScriptElement.text attribute
283         https://bugs.webkit.org/show_bug.cgi?id=159943
284
285         Reviewed by Benjamin Poulain.
286
287         Fix null handling of HTMLScriptElement.text attribute:
288         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
289
290         We should treat null as the "null" String but we were treating it as
291         the empty string.
292
293         Firefox and Chrome match the specification.
294
295         No new tests, rebaselined existing test.
296
297         * html/HTMLScriptElement.idl:
298
299 2016-07-19  Chris Dumez  <cdumez@apple.com>
300
301         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
302         https://bugs.webkit.org/show_bug.cgi?id=159934
303
304         Reviewed by Benjamin Poulain.
305
306         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
307         non-standard and we want to drop support for it from the bindings generator.
308
309         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
310         given that both a missing/empty attribute result in using the default
311         autocapitalization mode and that autocapitalize returns the empty string by
312         default.
313
314         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
315
316         * html/HTMLFormElement.idl:
317         * html/HTMLInputElement.idl:
318         * html/HTMLTextAreaElement.idl:
319
320 2016-07-19  Zalan Bujtas  <zalan@apple.com>
321
322         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
323         https://bugs.webkit.org/show_bug.cgi?id=159952
324
325         Reviewed by Simon Fraser.
326
327         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
328         where the container (RenderView) of one of the dirty subtrees is dirty.
329         See r203415.
330  
331         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
332
333         * page/FrameView.cpp:
334         (WebCore::FrameView::scheduleRelayoutOfSubtree):
335
336 2016-07-19  Dean Jackson  <dino@apple.com>
337
338         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
339         https://bugs.webkit.org/show_bug.cgi?id=159948
340         <rdar://problem/27391012>
341
342         Reviewed by Simon Fraser.
343
344         There is an iOS bug (<rdar://problem/27416744>) that is causing us
345         to not always get a color space on CGContextRefs. Investigation of this
346         exposed some optimizations we can take when we are creating ImageBuffers.
347         In particular, if we have a bitmap context or an IOSurfaceContext we
348         can simply copy their color space using API. Otherwise we stick with
349         the existing CGContextCopyDeviceColorSpace.
350
351         Lastly, if for some reason we are unable to copy the device color space,
352         we should fall back to sRGB.
353
354         * platform/graphics/cg/ImageBufferCG.cpp:
355         (WebCore::ImageBuffer::createCompatibleBuffer):
356         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
357
358
359 2016-07-19  George Ruan  <gruan@apple.com>
360
361         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
362         https://bugs.webkit.org/show_bug.cgi?id=159833
363         <rdar://problem/27379487>
364
365         Reviewed by Eric Carlson.
366
367         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
368
369         * WebCore.xcodeproj/project.pbxproj:
370         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
371         of RefPtr<T>
372         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
373         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
374         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
375         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
376         observers and AVSampleBufferDisplayLayer
377         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
378         is available.
379         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
380         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
381         for enqueuing sample buffers to the active video track.
382         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
383         exists.
384         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
385         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
386         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
387         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
388         new SampleBuffer is available.
389         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
390         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
391         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
392         MediaPlayerPrivateMediaSourceAVFObjC.mm
393         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
394         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
395         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
396         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
397         * platform/mediastream/MediaStreamPrivate.cpp:
398         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
399         * platform/mediastream/MediaStreamTrackPrivate.cpp:
400         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
401         is available.
402         * platform/mediastream/MediaStreamTrackPrivate.h:
403         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
404         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
405         * platform/mediastream/RealtimeMediaSource.cpp:
406         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
407         * platform/mediastream/RealtimeMediaSource.h:
408         * platform/mediastream/mac/AVVideoCaptureSource.mm:
409         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
410
411 2016-07-19  Anders Carlsson  <andersca@apple.com>
412
413         Get rid of a #define private public hack in WebCore
414         https://bugs.webkit.org/show_bug.cgi?id=159953
415
416         Reviewed by Dan Bernstein.
417
418         Use @package instead.
419
420         * bindings/objc/DOMInternal.h:
421         * bindings/objc/DOMObject.h:
422
423 2016-07-19  Andreas Kling  <akling@apple.com>
424
425         Fix SharedBuffer leak in MockContentFilter::replacementData().
426         <https://webkit.org/b/159945>
427
428         Reviewed by Andy Estes.
429
430         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
431         Since this is in the mock filter, it only affected layout tests.
432
433         * testing/MockContentFilter.cpp:
434         (WebCore::MockContentFilter::replacementData):
435
436 2016-07-19  Zalan Bujtas  <zalan@apple.com>
437
438         theguardian.co.uk crossword puzzles are sometimes not displaying text
439         https://bugs.webkit.org/show_bug.cgi?id=159924
440         <rdar://problem/27409483>
441
442         Reviewed by Simon Fraser.
443
444         This patch fixes the case when
445         - 2 disjoint subtrees are dirty
446         - RenderView is also dirty.
447         and we end up not laying out one of the 2 subtrees.
448
449         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
450         we already have a pending full layout which means that any previous subtree layouts have already been
451         converted to full layouts.
452         However this assumption is incorrect. RenderView can get dirty without checking if there's
453         already a pending subtree layout.
454         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
455         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
456         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
457         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
458         This patch implements the second option.
459
460         Test: fast/misc/subtree-layouts.html
461
462         * page/FrameView.cpp:
463         (WebCore::FrameView::scheduleRelayoutOfSubtree):
464
465 2016-07-19  Anders Carlsson  <andersca@apple.com>
466
467         Some payment authorization status values should keep the sheet active
468         https://bugs.webkit.org/show_bug.cgi?id=159936
469         rdar://problem/26756701
470
471         Reviewed by Tim Horton.
472
473         * Modules/applepay/ApplePaySession.cpp:
474         (WebCore::ApplePaySession::completePayment):
475         Keep the sheet active if the status isn't a final state status.
476
477         * Modules/applepay/PaymentAuthorizationStatus.h:
478         (WebCore::isFinalStateStatus):
479         Add a new helper function that returns whether a given payment authorization status is "final",
480         meaning that once that status has been passed to completePayment, the session is finished.
481
482 2016-07-19  Nan Wang  <n_wang@apple.com>
483
484         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
485         https://bugs.webkit.org/show_bug.cgi?id=159910
486
487         Reviewed by Chris Fleizach.
488
489         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
490         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
491         fixed a word navigation issue based on that.
492
493         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
494
495         * accessibility/AXObjectCache.cpp:
496         (WebCore::AXObjectCache::traverseToOffsetInRange):
497         (WebCore::AXObjectCache::rangeForNodeContents):
498         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
499         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
500         (WebCore::AXObjectCache::rightWordRange):
501         (WebCore::AXObjectCache::previousBoundary):
502         * accessibility/AXObjectCache.h:
503         (WebCore::AXObjectCache::isNodeInUse):
504
505 2016-07-19  Youenn Fablet  <youenn@apple.com>
506
507         [Streams API] ReadableStreamController methods should throw if its stream is not readable
508         https://bugs.webkit.org/show_bug.cgi?id=159871
509
510         Reviewed by Xabier Rodriguez-Calvar.
511
512         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
513         Covered by rebased and/or modified tests.
514
515         * Modules/streams/ReadableStreamController.js:
516         (enqueue): Throwing a TypeError if controlled stream is not readable.
517         (close): Ditto.
518
519 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
520
521         Bubbles appear split for a brief moment in Messages
522         https://bugs.webkit.org/show_bug.cgi?id=159915
523         rdar://problem/27182267
524
525         Reviewed by David Hyatt.
526
527         RenderView::repaintRootContents() had a long-standing bug in WebView when the
528         view is scrolled. repaint() uses visualOverflowRect() but, for the 
529         RenderView, the visualOverflowRect() is the initial containing block
530         which is anchored at 0,0. When the view is scrolled it's clipped out and
531         calls to repaintRootContents() have no effect.
532         
533         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
534         will clip it to the view if necessary.
535
536         Test: fast/repaint/scrolled-view-full-repaint.html
537
538         * rendering/RenderView.cpp:
539         (WebCore::RenderView::repaintRootContents):
540
541 2016-07-19  Dan Bernstein  <mitz@apple.com>
542
543         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
544
545         * bindings/js/JSDOMGlobalObject.cpp:
546         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
547
548 2016-07-19  Youenn Fablet  <youenn@apple.com>
549
550         [Streams API] Make ReadableStream properties not enumerable
551         https://bugs.webkit.org/show_bug.cgi?id=159868
552
553         Reviewed by Darin Adler.
554
555         Covered by rebased tests.
556
557         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
558         Updating IDL constructor definitions to correctly compute constructor length.
559         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
560
561         * Modules/streams/ReadableStream.idl:
562         * Modules/streams/ReadableStream.js:
563         * Modules/streams/ReadableStreamController.idl:
564         * Modules/streams/ReadableStreamReader.idl:
565
566 2016-07-19  Chris Dumez  <cdumez@apple.com>
567
568         form.enctype / encoding / method should treat null as "null" string
569         https://bugs.webkit.org/show_bug.cgi?id=159916
570
571         Reviewed by Ryosuke Niwa.
572
573         form.enctype / encoding / method should treat null as "null" string:
574         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
575
576         Previously, WebKit would treat null as the null String, which would
577         end up removing the existing attribute.
578
579         Firefox and Chrome match the specification.
580
581         Test: fast/dom/HTMLFormElement/null-handling.html
582
583         * html/HTMLFormElement.h:
584         * html/HTMLFormElement.idl:
585
586 2016-07-18  Csaba Osztrogonác  <ossy@webkit.org>
587
588         All-in-one buildfix after r202439
589         https://bugs.webkit.org/show_bug.cgi?id=159877
590
591         Reviewed by Chris Dumez.
592
593         * Modules/webaudio/AudioDestinationNode.h:
594         (WebCore::AudioDestinationNode::resume):
595         (WebCore::AudioDestinationNode::suspend):
596         (WebCore::AudioDestinationNode::close):
597
598 2016-07-18  Frederic Wang  <fwang@igalia.com>
599
600         Move parsing of subscriptshift and superscriptshift from rendering to element classes
601         https://bugs.webkit.org/show_bug.cgi?id=159622
602
603         Reviewed by Darin Adler.
604
605         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
606         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
607         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
608         attribute parsing to the DOM (bug 156536).
609
610         No new tests, rendering is unchanged.
611
612         * CMakeLists.txt: Add MathMLScriptsElement files.
613         * WebCore.xcodeproj/project.pbxproj: Ditto.
614         * mathml/MathMLAllInOne.cpp: Ditto.
615         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
616         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
617         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
618         parsing for the subscriptshift and superscriptshift MathML lengths.
619         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
620         (WebCore::MathMLScriptsElement::create):
621         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
622         parsing the attribute again if necessary.
623         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
624         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
625         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
626         * mathml/MathMLScriptsElement.h: Ditto.
627         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
628         * rendering/mathml/RenderMathMLScripts.cpp:
629         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
630         MathMLScriptsElement.
631         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
632         using the functions from the MathMLScriptsElement class.
633         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
634
635 2016-07-18  Frederic Wang  <fwang@igalia.com>
636
637         Do not store gap and shift parameters on RenderMathMLFraction
638         https://bugs.webkit.org/show_bug.cgi?id=159876
639
640         Reviewed by Darin Adler.
641
642         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
643         do not need to store them on the class. We remove them and split updateLayoutParameters into
644         three functions: one to update the linethickness and two others to retrieve the fraction and
645         stack respectively.
646
647         No new tests, rendering is unchanged.
648
649         * rendering/mathml/RenderMathMLFraction.cpp:
650         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
651         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
652         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
653         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
654         for fraction and stack parameters.
655         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
656         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
657         for stack and fraction parameters.
658
659 2016-07-18  Chris Dumez  <cdumez@apple.com>
660
661         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
662         https://bugs.webkit.org/show_bug.cgi?id=159908
663
664         Reviewed by Alex Christensen.
665
666         input.formEnctype / formMethod and button.formEnctype / formMethod / type
667         should treat null as "null" String:
668         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
669         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
670
671         In WebKit, we would treat null as a null String which would end up
672         removing the corresponding attribute. This does not match the
673         specification. Firefox and Chrome match the specification here.
674
675         Tests:
676         - fast/dom/HTMLButtonElement/null-handling.html
677         - fast/dom/HTMLInputElement/null-handling.html
678
679         * html/HTMLButtonElement.idl:
680         * html/HTMLInputElement.idl:
681
682 2016-07-18  Alex Christensen  <achristensen@webkit.org>
683
684         webbookmarksd needs to use the same AppCache directory as MobileSafari
685         https://bugs.webkit.org/show_bug.cgi?id=159912
686
687         Reviewed by Alexey Proskuryakov.
688
689         No new tests.  This only changes behavior for webbookmarksd.
690
691         * platform/RuntimeApplicationChecks.h:
692         * platform/RuntimeApplicationChecks.mm:
693         (WebCore::IOSApplication::isWebBookmarksD): Added.
694
695 2016-07-18  Chris Dumez  <cdumez@apple.com>
696
697         EventTarget.dispatchEvent() parameter should not be nullable
698         https://bugs.webkit.org/show_bug.cgi?id=159897
699
700         Reviewed by Benjamin Poulain.
701
702         EventTarget.dispatchEvent() parameter should not be nullable:
703         - https://dom.spec.whatwg.org/#interface-eventtarget
704
705         Even though the parameter was marked as nullable in our IDL, our
706         implementation does a null check and we already throw a TypeError
707         when calling dispatchEvent(null).
708
709         Update our IDL so that it matches the specification and so that
710         the null check is generated in the bindings instead.
711
712         No new tests, rebaseline existing tests.
713
714         * dom/EventTarget.cpp:
715         (WebCore::EventTarget::dispatchEventForBindings):
716         * dom/EventTarget.h:
717         * dom/EventTarget.idl:
718
719 2016-07-18  Chris Dumez  <cdumez@apple.com>
720
721         DocType's publicId / systemId should not be nullable
722         https://bugs.webkit.org/show_bug.cgi?id=159901
723
724         Reviewed by Benjamin Poulain.
725
726         DocType's publicId / systemId should not be nullable. While they were
727         not marked as nullable in our IDL, they could be stored as null Strings
728         in our implementation depending on how the Node was constructed. This
729         led to subtle bugs where String() != emptyString().
730
731         In particular, Node.isEqualNode() would return false when DocumentType
732         nodes would mismatch because of their publicId / systemId being null
733         instead of the emptyString.
734
735         Serialization would DocumentType nodes would also be wrong when
736         publicId / systemId were empty Strings instead of null strings. The
737         new behavior now matches:
738         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
739
740         To address these issues, we now always store publicId / systemId as
741         non-null Strings inside the DocumentType class.
742
743         Test: fast/dom/DocumentType/isEqualNode.html
744
745         * dom/DocumentType.cpp:
746         (WebCore::DocumentType::DocumentType):
747         * editing/MarkupAccumulator.cpp:
748         (WebCore::MarkupAccumulator::appendDocumentType):
749
750 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
751
752         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
753         https://bugs.webkit.org/show_bug.cgi?id=157553
754         rdar://problem/25740804
755
756         Reviewed by Eric Carlson.
757
758         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
759
760         When suspending under lock on iOS, there is first a resign active event, then a
761         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
762         suspend under lock to interrupt playback.
763
764         Currently if there are nested interruptions only the first one is acted upon.
765
766         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
767         previous interruptions were ignored.
768
769         This test is for iPad only, so it must be run manually.
770
771         * html/HTMLMediaElement.cpp:
772         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
773         * platform/audio/PlatformMediaSession.cpp:
774         (WebCore::PlatformMediaSession::beginInterruption):
775         * testing/Internals.cpp:
776         (WebCore::Internals::beginMediaSessionInterruption):
777
778 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
779
780         Don't associate form-associated elements with forms in other trees.
781         https://bugs.webkit.org/show_bug.cgi?id=119451
782         <rdar://problem/27382946>
783
784         Change is based on the Blink change (patch by <adamk@chromium.org>):
785         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
786
787         Reviewed by Chris Dumez.
788
789         Prevent elements from being associated with forms that are not part of the same home subtree.
790         This brings us in line with the WhatWG HTML specification as of September, 2013.
791
792         Tests: fast/forms/image-disconnected-during-parse.html
793                fast/forms/input-disconnected-during-parse.html
794
795         * dom/Element.h:
796         (WebCore::Node::rootElement): Added.
797         * html/FormAssociatedElement.cpp:
798         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
799         is not part of the same tree, remove the association.
800         * html/HTMLImageElement.cpp:
801         (WebCore::HTMLImageElement::insertedInto): Ditto.
802
803 2016-07-18  Anders Carlsson  <andersca@apple.com>
804
805         WebKit nightly fails to build on macOS Sierra
806         https://bugs.webkit.org/show_bug.cgi?id=159902
807         rdar://problem/27365672
808
809         Reviewed by Tim Horton.
810
811         * Modules/applepay/cocoa/PaymentCocoa.mm:
812         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
813         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
814         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
815         Use new PassKitSPI header.
816
817         * WebCore.xcodeproj/project.pbxproj:
818         Add new PassKitSPI header.
819
820         * icu/unicode/ucurr.h: Added.
821         Add ucurr.h from ICU.
822
823         * platform/spi/cocoa/PassKitSPI.h: Added.
824         Add new PassKitSPI header.
825
826 2016-07-18  Dean Jackson  <dino@apple.com>
827
828         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
829         https://bugs.webkit.org/show_bug.cgi?id=159906
830         <rdar://problem/27391725>
831
832         Reviewed by Simon Fraser.
833
834         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
835         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
836
837         Revert them both until we have better testing.
838
839         * css/CSSParser.cpp:
840         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
841         (WebCore::CSSParser::parseValue):
842         (WebCore::CSSParser::parseAnimationShorthand):
843         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
844         * css/CSSPropertyNames.in:
845         * css/PropertySetCSSStyleDeclaration.cpp:
846         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
847         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
848         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
849         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
850         * css/StyleProperties.cpp:
851         (WebCore::MutableStyleProperties::removeShorthandProperty):
852         (WebCore::MutableStyleProperties::removeProperty):
853         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
854         (WebCore::MutableStyleProperties::setProperty):
855         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
856         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
857         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
858         (WebCore::StyleProperties::asText): Deleted.
859         * css/StyleProperties.h:
860
861 2016-07-18  Andreas Kling  <akling@apple.com>
862
863         There should be a way to simulate memory pressure in layout tests
864         <https://webkit.org/b/159743>
865
866         Reviewed by Simon Fraser.
867
868         Add three window.internal APIs:
869
870             - boolean isUnderMemoryPressure (readonly attribute)
871             - void beginSimulatedMemoryPressure()
872             - void endSimulatedMemoryPressure()
873
874         These make it possible to write tests that exercise behaviors that only
875         occur during memory pressure situations.
876
877         I also implemented the "org.WebKit.lowMemory" notification handler using the new API.
878
879         Test: memory/memory-pressure-simulation.html
880
881         * platform/MemoryPressureHandler.cpp:
882         (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
883         (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
884         * platform/MemoryPressureHandler.h:
885         (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
886         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
887         (WebCore::MemoryPressureHandler::platformReleaseMemory):
888         (WebCore::MemoryPressureHandler::install):
889         * testing/Internals.cpp:
890         (WebCore::Internals::isUnderMemoryPressure):
891         (WebCore::Internals::beginSimulatedMemoryPressure):
892         (WebCore::Internals::endSimulatedMemoryPressure):
893         * testing/Internals.h:
894         * testing/Internals.idl:
895
896 2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>
897
898         [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
899         https://bugs.webkit.org/show_bug.cgi?id=158715
900
901         Reviewed by Dean Jackson.
902
903         Test: fast/images/displaced-non-cached-pdf.html
904
905         For iOS, we need to ensure the size of the cached PDF images will not
906         exceed some limit. Also we should be caching only a sub image of the PDF
907         if caching the whole image will exceed the memory limit.
908
909         * page/Settings.cpp:
910         (WebCore::Settings::Settings):
911         (WebCore::Settings::setCachedPDFImageEnabled):
912         * page/Settings.h:
913         (WebCore::Settings::isCachedPDFImageEnabled):
914             Add an option to disable caching the PDF images.
915
916         * platform/graphics/cg/PDFDocumentImage.cpp:
917         (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
918             Allow the caller of draw() to disable caching the PDF images.
919         
920         (WebCore::PDFDocumentImage::cacheParametersMatch):
921             Match the context dirty rectangle with the cached image rectangle.
922         
923         (WebCore::transformContextForPainting):
924             When preparing the context for drawing the PDF, take the location 
925             of the destination rectangle into account. We do not need to scale
926             the location of the source rectangle because we scale the size of
927             the rectangle but we don't scale the whole coordinate system.
928
929         (WebCore::cachedImageRect):
930             Calculate the rectangle of the cached image such that it does not
931             exceed the limit. Start from the center of the dirty rectangle and
932             then expand around it.
933             
934         (WebCore::PDFDocumentImage::decodedSizeChanged):
935             In addition to notifying the ImageObserver, it keeps track of the size
936             of all the cached PDF images.
937
938         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
939             Ensure the size of all the cached images does not exceed the limit
940             
941         (WebCore::PDFDocumentImage::destroyDecodedData):
942         * platform/graphics/cg/PDFDocumentImage.h:
943
944         * rendering/RenderImage.cpp:
945         (WebCore::RenderImage::paintIntoRect):
946             Pass the option to disable caching the PDF images to PDFDocumentImage.
947
948         * testing/InternalSettings.cpp:
949         (WebCore::InternalSettings::Backup::Backup):
950         (WebCore::InternalSettings::Backup::restoreTo):
951         (WebCore::InternalSettings::setCachedPDFImageEnabled):
952         * testing/InternalSettings.h:
953         * testing/InternalSettings.idl:
954             Add an internal option to disable caching the PDF images.
955
956 2016-07-18  Chris Dumez  <cdumez@apple.com>
957
958         The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
959         https://bugs.webkit.org/show_bug.cgi?id=158008
960
961         Reviewed by Darin Adler.
962
963         The 2 first parameters to addEventListener() / removeEventListener() should be
964         mandatory:
965         - https://dom.spec.whatwg.org/#interface-eventtarget
966
967         Firefox 46 and Chrome 50 both match the specification and throw an exception when those
968         parameters are omitted. However, those parameters were marked as optional in WebKit and
969         the calls were no-ops if those parameters were omitted. This patch aligns our behavior
970         with the specification and other browsers.
971
972         Test: fast/dom/eventtarget-api-parameters.html
973
974         * bindings/scripts/CodeGeneratorJS.pm:
975         (GetFunctionLength): Deleted.
976         * dom/EventTarget.idl:
977
978 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
979
980         Unreviewed, rolling out r203373.
981
982         Unaddressed
983
984         Reverted changeset:
985
986         "Don't associate form-associated elements with forms in other
987         trees."
988         https://bugs.webkit.org/show_bug.cgi?id=119451
989         http://trac.webkit.org/changeset/203373
990
991 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
992
993         Don't associate form-associated elements with forms in other trees.
994         https://bugs.webkit.org/show_bug.cgi?id=119451
995         <rdar://problem/27382946>
996
997         Change is based on the Blink change (patch by <adamk@chromium.org>):
998         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
999
1000         Reviewed by Zalan Bujtas.
1001
1002         Prevent elements from being associated with forms that are not part of the same home subtree.
1003         This brings us in line with the WhatWG HTML specification as of September, 2013.
1004
1005         Tests: fast/forms/image-disconnected-during-parse.html
1006                fast/forms/input-disconnected-during-parse.html
1007
1008         * dom/NodeTraversal.h:
1009         (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
1010         * html/FormAssociatedElement.cpp:
1011         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1012         is not part of the same tree, remove the association.
1013         * html/HTMLImageElement.cpp:
1014         (WebCore::HTMLImageElement::insertedInto): Ditto.
1015
1016 2016-07-18  George Ruan  <gruan@apple.com>
1017
1018         Move MediaSampleAVFObjC into its own file
1019         https://bugs.webkit.org/show_bug.cgi?id=159796
1020         <rdar://problem/27362488>
1021
1022         In preparation for a feature that uses MediaSampleAVFObjC, but does
1023         not need SourceBufferPrivateAVFObjC, it is beneficial to move
1024         MediaSampleAVFObjC to its own file.
1025
1026         Reviewed by Eric Carlson.
1027
1028         * WebCore.xcodeproj/project.pbxproj:
1029         * platform/MediaSample.h: Allow setting trackID to associate
1030         MediaSample id with MediaStreamTrackPrivate id.
1031         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
1032         * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
1033         from MediaSampleAVFObjC
1034         (WebCore::MediaSampleAVFObjC::presentationTime):
1035         (WebCore::MediaSampleAVFObjC::decodeTime):
1036         (WebCore::MediaSampleAVFObjC::duration):
1037         (WebCore::MediaSampleAVFObjC::sizeInBytes):
1038         (WebCore::MediaSampleAVFObjC::platformSample):
1039         (WebCore::CMSampleBufferIsRandomAccess):
1040         (WebCore::MediaSampleAVFObjC::flags):
1041         (WebCore::MediaSampleAVFObjC::presentationSize):
1042         (WebCore::MediaSampleAVFObjC::dump):
1043         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
1044         (WebCore::MediaSampleAVFObjC::setTimestamps):
1045         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1046         Moved MediaSampleAVFObjC to its own file.
1047         (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
1048         (WebCore::CMSampleBufferIsRandomAccess): Deleted.
1049         (WebCore::MediaSampleAVFObjC::flags): Deleted.
1050         (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
1051         (WebCore::MediaSampleAVFObjC::dump): Deleted.
1052         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
1053         (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
1054         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
1055
1056 2016-07-18  Eric Carlson  <eric.carlson@apple.com>
1057
1058         [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
1059         https://bugs.webkit.org/show_bug.cgi?id=159812
1060         <rdar://problem/27371624>
1061
1062         Reviewed by Jon Lee.
1063
1064         No new tests, it isn't possible to test this with our current testing infrastructure.
1065
1066         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
1067         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1068         (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
1069         been an HDCP error.
1070         (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.
1071
1072 2016-07-18  Yoav Weiss  <yoav@yoav.ws>
1073
1074         Add preload to features.json
1075         https://bugs.webkit.org/show_bug.cgi?id=159872
1076
1077         Reviewed by Darin Adler.
1078
1079         No new tests but no functional change.
1080
1081         * features.json:
1082
1083 2016-07-18  Youenn Fablet  <youenn@apple.com>
1084
1085         [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
1086         https://bugs.webkit.org/show_bug.cgi?id=159870
1087
1088         Reviewed by Xabier Rodriguez-Calvar.
1089
1090         Covered by rebased test.
1091
1092         * Modules/streams/StreamInternals.js:
1093         (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.
1094
1095 2016-07-18  Csaba Osztrogonác  <ossy@webkit.org>
1096
1097         Windows buildfix after r203338
1098         https://bugs.webkit.org/show_bug.cgi?id=159875
1099
1100         Unreviewed buildfix.
1101
1102         * dom/UserGestureIndicator.h:
1103         (WebCore::UserGestureToken::addDestructionObserver):
1104
1105 2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>
1106
1107         MemoryPressureHandler doesn't work if cgroups aren't present in Linux
1108         https://bugs.webkit.org/show_bug.cgi?id=155255
1109
1110         Reviewed by Sergio Villar Senin.
1111
1112         Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
1113         available.
1114
1115         * platform/MemoryPressureHandler.h:
1116         * platform/linux/MemoryPressureHandlerLinux.cpp:
1117
1118 2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1119
1120         Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
1121         https://bugs.webkit.org/show_bug.cgi?id=159701
1122
1123         Reviewed by Alex Christensen.
1124
1125         No new tests, no behavior changes.
1126
1127         * Modules/encryptedmedia/CDM.h:
1128         * Modules/encryptedmedia/MediaKeySession.h:
1129         * Modules/encryptedmedia/MediaKeys.h:
1130         * Modules/quota/DOMWindowQuota.cpp:
1131         * Modules/quota/StorageErrorCallback.cpp:
1132         (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
1133         * Modules/quota/StorageErrorCallback.h:
1134         * Modules/quota/StorageInfo.h:
1135         * Modules/quota/StorageQuota.h:
1136         * Modules/speech/DOMWindowSpeechSynthesis.cpp:
1137         * Modules/speech/SpeechSynthesis.cpp:
1138         (WebCore::SpeechSynthesis::getVoices):
1139         (WebCore::SpeechSynthesis::startSpeakingImmediately):
1140         (WebCore::SpeechSynthesis::speak):
1141         (WebCore::SpeechSynthesis::cancel):
1142         (WebCore::SpeechSynthesis::handleSpeakingCompleted):
1143         (WebCore::SpeechSynthesis::boundaryEventOccurred):
1144         (WebCore::SpeechSynthesis::didStartSpeaking):
1145         (WebCore::SpeechSynthesis::didPauseSpeaking):
1146         (WebCore::SpeechSynthesis::didResumeSpeaking):
1147         (WebCore::SpeechSynthesis::didFinishSpeaking):
1148         (WebCore::SpeechSynthesis::speakingErrorOccurred):
1149         * Modules/speech/SpeechSynthesis.h:
1150         * Modules/speech/SpeechSynthesisEvent.h:
1151         * Modules/speech/SpeechSynthesisUtterance.h:
1152         * Modules/speech/SpeechSynthesisVoice.cpp:
1153         (WebCore::SpeechSynthesisVoice::create):
1154         (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
1155         * Modules/speech/SpeechSynthesisVoice.h:
1156         * platform/PlatformSpeechSynthesizer.h:
1157         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
1158         (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
1159         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
1160         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
1161         (WebCore::PlatformSpeechSynthesizerMock::speak):
1162         (WebCore::PlatformSpeechSynthesizerMock::cancel):
1163         (WebCore::PlatformSpeechSynthesizerMock::pause):
1164         (WebCore::PlatformSpeechSynthesizerMock::resume):
1165
1166 2016-07-16  Sam Weinig  <sam@webkit.org>
1167
1168         [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
1169         <rdar://problem/26554137>
1170         https://bugs.webkit.org/show_bug.cgi?id=159856
1171
1172         Reviewed by Dan Bernstein.
1173
1174         - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
1175         - Makes UserGestureIndicator track UserGestureToken.
1176         - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
1177           to represent the different initial states.
1178         - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
1179           postMessage, and ScheduledNavigation) rather than just a boolean.
1180
1181         * accessibility/AccessibilityNodeObject.cpp:
1182         (WebCore::AccessibilityNodeObject::increment):
1183         (WebCore::AccessibilityNodeObject::decrement):
1184         * accessibility/AccessibilityObject.cpp:
1185         (WebCore::AccessibilityObject::press):
1186         * bindings/js/ScriptController.cpp:
1187         (WebCore::ScriptController::executeScriptInWorld):
1188         (WebCore::ScriptController::executeScript):
1189         Update for new UserGestureIndicator interface.
1190
1191         * dom/UserGestureIndicator.cpp:
1192         (WebCore::currentToken):
1193         (WebCore::UserGestureToken::~UserGestureToken):
1194         (WebCore::UserGestureIndicator::UserGestureIndicator):
1195         (WebCore::UserGestureIndicator::~UserGestureIndicator):
1196         (WebCore::UserGestureIndicator::currentUserGesture):
1197         (WebCore::UserGestureIndicator::processingUserGesture):
1198         (WebCore::UserGestureIndicator::processingUserGestureForMedia):
1199         (WebCore::isDefinite): Deleted.
1200         * dom/UserGestureIndicator.h:
1201         (WebCore::UserGestureToken::create):
1202         (WebCore::UserGestureToken::state):
1203         (WebCore::UserGestureToken::processingUserGesture):
1204         (WebCore::UserGestureToken::processingUserGestureForMedia):
1205         (WebCore::UserGestureToken::addDestructionObserver):
1206         (WebCore::UserGestureToken::UserGestureToken):
1207         Add UserGestureToken and track the current one explicitly.
1208
1209         * html/HTMLMediaElement.cpp:
1210         (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
1211         * inspector/InspectorFrontendClientLocal.cpp:
1212         (WebCore::InspectorFrontendClientLocal::openInNewTab):
1213         * inspector/InspectorFrontendHost.cpp:
1214         * inspector/InspectorPageAgent.cpp:
1215         (WebCore::InspectorPageAgent::navigate):
1216         Update for new UserGestureIndicator interface.
1217
1218         * loader/NavigationAction.cpp:
1219         (WebCore::NavigationAction::NavigationAction):
1220         * loader/NavigationAction.h:
1221         (WebCore::NavigationAction::userGestureToken):
1222         (WebCore::NavigationAction::processingUserGesture):
1223         * loader/NavigationScheduler.cpp:
1224         (WebCore::ScheduledNavigation::ScheduledNavigation):
1225         (WebCore::ScheduledNavigation::~ScheduledNavigation):
1226         (WebCore::ScheduledNavigation::lockBackForwardList):
1227         (WebCore::ScheduledNavigation::wasDuringLoad):
1228         (WebCore::ScheduledNavigation::isLocationChange):
1229         (WebCore::ScheduledNavigation::userGestureToForward):
1230         (WebCore::ScheduledNavigation::clearUserGesture):
1231         (WebCore::NavigationScheduler::mustLockBackForwardList):
1232         (WebCore::NavigationScheduler::scheduleFormSubmission):
1233         (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
1234         * page/DOMTimer.cpp:
1235         (WebCore::shouldForwardUserGesture):
1236         (WebCore::userGestureTokenToForward):
1237         (WebCore::DOMTimer::DOMTimer):
1238         (WebCore::DOMTimer::fired):
1239         * page/DOMTimer.h:
1240         * page/DOMWindow.cpp:
1241         (WebCore::PostMessageTimer::PostMessageTimer):
1242         Store the active UserGestureToken rather than just a bit.
1243
1244         * page/EventHandler.cpp:
1245         (WebCore::EventHandler::handleMousePressEvent):
1246         (WebCore::EventHandler::handleMouseDoubleClickEvent):
1247         (WebCore::EventHandler::handleMouseReleaseEvent):
1248         (WebCore::EventHandler::keyEvent):
1249         (WebCore::EventHandler::handleTouchEvent):
1250         * rendering/HitTestResult.cpp:
1251         (WebCore::HitTestResult::toggleMediaFullscreenState):
1252         (WebCore::HitTestResult::enterFullscreenForVideo):
1253         (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
1254         Update for new UserGestureIndicator interface.
1255
1256 2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>
1257
1258         Rename fastHasAttribute to hasAttributeWithoutSynchronization
1259         https://bugs.webkit.org/show_bug.cgi?id=159864
1260
1261         Reviewed by Chris Dumez.
1262
1263         Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.
1264
1265         * accessibility/AccessibilityListBoxOption.cpp:
1266         (WebCore::AccessibilityListBoxOption::isEnabled):
1267         * accessibility/AccessibilityObject.cpp:
1268         (WebCore::AccessibilityObject::hasAttribute):
1269         (WebCore::AccessibilityObject::getAttribute):
1270         * accessibility/AccessibilityRenderObject.cpp:
1271         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
1272         * bindings/scripts/CodeGenerator.pm:
1273         (GetterExpression):
1274         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
1275         * bindings/scripts/test/JS/JSTestObj.cpp:
1276         (WebCore::jsTestObjReflectedBooleanAttr):
1277         (WebCore::jsTestObjReflectedCustomBooleanAttr):
1278         * bindings/scripts/test/ObjC/DOMTestObj.mm:
1279         (-[DOMTestObj reflectedBooleanAttr]):
1280         (-[DOMTestObj setReflectedBooleanAttr:]):
1281         (-[DOMTestObj reflectedCustomBooleanAttr]):
1282         (-[DOMTestObj setReflectedCustomBooleanAttr:]):
1283         * dom/Document.cpp:
1284         (WebCore::Document::hasManifest):
1285         (WebCore::Document::doctype):
1286         * dom/Element.h:
1287         (WebCore::Node::parentElement):
1288         (WebCore::Element::hasAttributeWithoutSynchronization):
1289         (WebCore::Element::fastHasAttribute): Deleted.
1290         * editing/ApplyStyleCommand.cpp:
1291         (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
1292         * editing/DeleteSelectionCommand.cpp:
1293         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
1294         * editing/markup.cpp:
1295         (WebCore::createMarkupInternal):
1296         * html/ColorInputType.cpp:
1297         (WebCore::ColorInputType::shouldShowSuggestions):
1298         * html/FileInputType.cpp:
1299         (WebCore::FileInputType::handleDOMActivateEvent):
1300         (WebCore::FileInputType::receiveDroppedFiles):
1301         * html/FormAssociatedElement.cpp:
1302         (WebCore::FormAssociatedElement::didMoveToNewDocument):
1303         (WebCore::FormAssociatedElement::insertedInto):
1304         (WebCore::FormAssociatedElement::removedFrom):
1305         (WebCore::FormAssociatedElement::formAttributeChanged):
1306         * html/FormController.cpp:
1307         (WebCore::ownerFormForState):
1308         * html/GenericCachedHTMLCollection.cpp:
1309         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
1310         * html/HTMLAnchorElement.cpp:
1311         (WebCore::HTMLAnchorElement::draggable):
1312         (WebCore::HTMLAnchorElement::href):
1313         (WebCore::HTMLAnchorElement::sendPings):
1314         * html/HTMLAppletElement.cpp:
1315         (WebCore::HTMLAppletElement::rendererIsNeeded):
1316         * html/HTMLElement.cpp:
1317         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
1318         (WebCore::elementAffectsDirectionality):
1319         (WebCore::setHasDirAutoFlagRecursively):
1320         * html/HTMLEmbedElement.cpp:
1321         (WebCore::HTMLEmbedElement::rendererIsNeeded):
1322         * html/HTMLFieldSetElement.cpp:
1323         (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
1324         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
1325         (WebCore::HTMLFieldSetElement::disabledStateChanged):
1326         (WebCore::HTMLFieldSetElement::childrenChanged):
1327         * html/HTMLFormControlElement.cpp:
1328         (WebCore::HTMLFormControlElement::formNoValidate):
1329         (WebCore::HTMLFormControlElement::formAction):
1330         (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
1331         (WebCore::shouldAutofocus):
1332         * html/HTMLFormElement.cpp:
1333         (WebCore::HTMLFormElement::formElementIndex):
1334         (WebCore::HTMLFormElement::noValidate):
1335         * html/HTMLFrameElement.cpp:
1336         (WebCore::HTMLFrameElement::noResize):
1337         (WebCore::HTMLFrameElement::didAttachRenderers):
1338         * html/HTMLFrameElementBase.cpp:
1339         (WebCore::HTMLFrameElementBase::parseAttribute):
1340         (WebCore::HTMLFrameElementBase::location):
1341         * html/HTMLHRElement.cpp:
1342         (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
1343         * html/HTMLImageElement.cpp:
1344         (WebCore::HTMLImageElement::isServerMap):
1345         * html/HTMLInputElement.cpp:
1346         (WebCore::HTMLInputElement::finishParsingChildren):
1347         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
1348         (WebCore::HTMLInputElement::isActivatedSubmit):
1349         (WebCore::HTMLInputElement::reset):
1350         (WebCore::HTMLInputElement::multiple):
1351         (WebCore::HTMLInputElement::setSize):
1352         (WebCore::HTMLInputElement::shouldUseMediaCapture):
1353         * html/HTMLMarqueeElement.cpp:
1354         (WebCore::HTMLMarqueeElement::minimumDelay):
1355         * html/HTMLMediaElement.cpp:
1356         (WebCore::HTMLMediaElement::insertedInto):
1357         (WebCore::HTMLMediaElement::selectMediaResource):
1358         (WebCore::HTMLMediaElement::loadResource):
1359         (WebCore::HTMLMediaElement::autoplay):
1360         (WebCore::HTMLMediaElement::preload):
1361         (WebCore::HTMLMediaElement::loop):
1362         (WebCore::HTMLMediaElement::setLoop):
1363         (WebCore::HTMLMediaElement::controls):
1364         (WebCore::HTMLMediaElement::setControls):
1365         (WebCore::HTMLMediaElement::muted):
1366         (WebCore::HTMLMediaElement::setMuted):
1367         (WebCore::HTMLMediaElement::selectNextSourceChild):
1368         (WebCore::HTMLMediaElement::sourceWasAdded):
1369         (WebCore::HTMLMediaElement::mediaSessionTitle):
1370         * html/HTMLObjectElement.cpp:
1371         (WebCore::HTMLObjectElement::parseAttribute):
1372         * html/HTMLOptGroupElement.cpp:
1373         (WebCore::HTMLOptGroupElement::isDisabledFormControl):
1374         (WebCore::HTMLOptGroupElement::isFocusable):
1375         * html/HTMLOptionElement.cpp:
1376         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
1377         (WebCore::HTMLOptionElement::text):
1378         * html/HTMLProgressElement.cpp:
1379         (WebCore::HTMLProgressElement::isDeterminate):
1380         (WebCore::HTMLProgressElement::didElementStateChange):
1381         * html/HTMLScriptElement.cpp:
1382         (WebCore::HTMLScriptElement::async):
1383         (WebCore::HTMLScriptElement::setCrossOrigin):
1384         (WebCore::HTMLScriptElement::asyncAttributeValue):
1385         (WebCore::HTMLScriptElement::deferAttributeValue):
1386         (WebCore::HTMLScriptElement::hasSourceAttribute):
1387         (WebCore::HTMLScriptElement::dispatchLoadEvent):
1388         * html/HTMLSelectElement.cpp:
1389         (WebCore::HTMLSelectElement::reset):
1390         * html/HTMLTrackElement.cpp:
1391         (WebCore::HTMLTrackElement::isDefault):
1392         (WebCore::HTMLTrackElement::ensureTrack):
1393         (WebCore::HTMLTrackElement::loadTimerFired):
1394         * html/MediaElementSession.cpp:
1395         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
1396         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
1397         (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
1398         * html/SearchInputType.cpp:
1399         (WebCore::SearchInputType::searchEventsShouldBeDispatched):
1400         (WebCore::SearchInputType::didSetValueByUserEdit):
1401         * inspector/InspectorDOMAgent.cpp:
1402         (WebCore::InspectorDOMAgent::buildObjectForNode):
1403         * loader/FrameLoader.cpp:
1404         (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
1405         (WebCore::FrameLoader::findFrameForNavigation):
1406         * loader/ImageLoader.cpp:
1407         (WebCore::ImageLoader::notifyFinished):
1408         * mathml/MathMLSelectElement.cpp:
1409         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
1410         * rendering/RenderTableCell.cpp:
1411         (WebCore::RenderTableCell::computePreferredLogicalWidths):
1412         * rendering/RenderThemeIOS.mm:
1413         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
1414         * rendering/SimpleLineLayout.cpp:
1415         (WebCore::SimpleLineLayout::canUseForWithReason):
1416         * rendering/svg/RenderSVGResourceClipper.cpp:
1417         (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
1418         * svg/SVGAnimateMotionElement.cpp:
1419         (WebCore::SVGAnimateMotionElement::updateAnimationPath):
1420         * svg/SVGAnimationElement.cpp:
1421         (WebCore::SVGAnimationElement::startedActiveInterval):
1422         (WebCore::SVGAnimationElement::updateAnimation):
1423         * svg/animation/SVGSMILElement.cpp:
1424         (WebCore::SVGSMILElement::insertedInto):
1425
1426 2016-07-17  Brady Eidson  <beidson@apple.com>
1427
1428         Exceptions logged to the JS console should use toString().
1429         https://bugs.webkit.org/show_bug.cgi?id=159855
1430
1431         Reviewed by Darin Adler.
1432
1433         No new tests (No change in behavior).
1434
1435         * bindings/js/JSDOMBinding.cpp:
1436         (WebCore::reportException):
1437
1438         * dom/DOMCoreException.h:
1439         (WebCore::DOMCoreException::DOMCoreException):
1440
1441         * dom/ExceptionBase.cpp:
1442         (WebCore::ExceptionBase::ExceptionBase):
1443         (WebCore::ExceptionBase::toString):
1444         (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
1445         * dom/ExceptionBase.h:
1446         (WebCore::ExceptionBase::description): Deleted.
1447
1448         * svg/SVGException.h:
1449
1450         * xml/XPathException.h:
1451         (WebCore::XPathException::XPathException):
1452
1453 2016-07-17  Brady Eidson  <beidson@apple.com>
1454
1455         Update DOMCoreException to use the description in toString().
1456         https://bugs.webkit.org/show_bug.cgi?id=159857
1457
1458         Reviewed by Darin Adler.
1459
1460         No new tests (Covered by changes to existing tests).
1461
1462         * bindings/js/JSDOMBinding.cpp:
1463         (WebCore::createDOMException):
1464
1465         * dom/DOMCoreException.h:
1466         (WebCore::DOMCoreException::DOMCoreException):
1467         (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.
1468
1469 2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>
1470
1471         Support new emoji group candidates
1472         https://bugs.webkit.org/show_bug.cgi?id=159755
1473         <rdar://problem/27325521>
1474
1475         Reviewed by Dean Jackson.
1476
1477         There are a few code points which should be able to be joined (with ZWJ) to
1478         either U+2640 or U+2642 to change the gender of the emoji. These patterns
1479         should also work with an additional 0xFE0F variation selector. This patch
1480         adds these new patterns to our existing emoji group candidate infrastructure.
1481
1482         Tests: fast/text/emoji-gender-2-3.html
1483                fast/text/emoji-gender-2-4.html
1484                fast/text/emoji-gender-2-5.html
1485                fast/text/emoji-gender-2-6.html
1486                fast/text/emoji-gender-2-7.html
1487                fast/text/emoji-gender-2-8.html
1488                fast/text/emoji-gender-2-9.html
1489                fast/text/emoji-gender-2.html
1490                fast/text/emoji-gender-3.html
1491                fast/text/emoji-gender-4.html
1492                fast/text/emoji-gender-5.html
1493                fast/text/emoji-gender-6.html
1494                fast/text/emoji-gender-7.html
1495                fast/text/emoji-gender-8.html
1496                fast/text/emoji-gender-9.html
1497                fast/text/emoji-gender-fe0f-3.html
1498                fast/text/emoji-gender-fe0f-4.html
1499                fast/text/emoji-gender-fe0f-5.html
1500                fast/text/emoji-gender-fe0f-6.html
1501                fast/text/emoji-gender-fe0f-7.html
1502                fast/text/emoji-gender-fe0f-8.html
1503                fast/text/emoji-gender-fe0f-9.html
1504                fast/text/emoji-gender.html
1505                fast/text/emoji-num-glyphs.html
1506                fast/text/emoji-single-parent-family-2.html
1507                fast/text/emoji-single-parent-family.html
1508
1509         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
1510         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
1511         * platform/graphics/FontCascade.cpp:
1512         (WebCore::FontCascade::characterRangeCodePath):
1513         * platform/text/CharacterProperties.h:
1514         (WebCore::isEmojiGroupCandidate):
1515
1516 2016-07-16  Brady Eidson  <beidson@apple.com>
1517
1518         Update SVGException to use the description in toString().
1519         https://bugs.webkit.org/show_bug.cgi?id=159847
1520
1521         Reviewed by Darin Adler.
1522
1523         No new tests (Covered by changes to existing tests).
1524
1525         * bindings/js/JSDOMBinding.cpp:
1526         (WebCore::reportException): use consoleErrorMessage for now.
1527
1528         * dom/ExceptionBase.cpp:
1529         (WebCore::ExceptionBase::consoleErrorMessage):
1530         * dom/ExceptionBase.h:
1531
1532         * svg/SVGException.h:
1533
1534 2016-07-16  Chris Dumez  <cdumez@apple.com>
1535
1536         Use fastHasAttribute() when possible
1537         https://bugs.webkit.org/show_bug.cgi?id=159838
1538
1539         Reviewed by Ryosuke Niwa.
1540
1541         Use fastHasAttribute() when possible, for performance.
1542
1543         * editing/DeleteSelectionCommand.cpp:
1544         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
1545         * editing/markup.cpp:
1546         (WebCore::createMarkupInternal):
1547         * html/HTMLAnchorElement.cpp:
1548         (WebCore::HTMLAnchorElement::draggable):
1549         * html/HTMLFrameElementBase.cpp:
1550         (WebCore::HTMLFrameElementBase::parseAttribute):
1551         * mathml/MathMLSelectElement.cpp:
1552         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
1553         * rendering/RenderThemeIOS.mm:
1554         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
1555
1556 2016-07-16  Ryosuke Niwa  <rniwa@webkit.org>
1557
1558         Rename fastGetAttribute to attributeWithoutSynchronization
1559         https://bugs.webkit.org/show_bug.cgi?id=159852
1560
1561         Reviewed by Darin Adler.
1562
1563         Renamed fastGetAttribute to attributeWithoutSynchronization for clarity.
1564
1565         * accessibility/AXObjectCache.cpp:
1566         (WebCore::AXObjectCache::findAriaModalNodes):
1567         (WebCore::nodeHasRole):
1568         (WebCore::AXObjectCache::handleLiveRegionCreated):
1569         (WebCore::AXObjectCache::handleMenuItemSelected):
1570         (WebCore::AXObjectCache::handleAriaModalChange):
1571         (WebCore::isNodeAriaVisible):
1572         * accessibility/AccessibilityNodeObject.cpp:
1573         (WebCore::siblingWithAriaRole):
1574         (WebCore::AccessibilityNodeObject::titleElementText):
1575         (WebCore::AccessibilityNodeObject::alternativeTextForWebArea):
1576         (WebCore::AccessibilityNodeObject::hierarchicalLevel):
1577         (WebCore::AccessibilityNodeObject::stringValue):
1578         (WebCore::accessibleNameForNode):
1579         * accessibility/AccessibilityObject.cpp:
1580         (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
1581         (WebCore::AccessibilityObject::getAttribute):
1582         * accessibility/AccessibilityRenderObject.cpp:
1583         (WebCore::AccessibilityRenderObject::stringValue):
1584         (WebCore::AccessibilityRenderObject::exposesTitleUIElement):
1585         * accessibility/AccessibilitySVGElement.cpp:
1586         (WebCore::AccessibilitySVGElement::childElementWithMatchingLanguage):
1587         (WebCore::AccessibilitySVGElement::accessibilityDescription):
1588         * bindings/objc/DOM.mm:
1589         (-[DOMHTMLLinkElement _mediaQueryMatches]):
1590         * bindings/scripts/CodeGenerator.pm:
1591         (GetterExpression):
1592         * bindings/scripts/CodeGeneratorObjC.pm:
1593         (GenerateImplementation):
1594         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
1595         * bindings/scripts/test/JS/JSTestObj.cpp:
1596         (WebCore::jsTestObjReflectedStringAttr):
1597         * dom/AuthorStyleSheets.cpp:
1598         (WebCore::AuthorStyleSheets::collectActiveStyleSheets):
1599         * dom/Document.cpp:
1600         (WebCore::Document::buildAccessKeyMap):
1601         (WebCore::Document::processBaseElement):
1602         * dom/DocumentOrderedMap.cpp:
1603         (WebCore::DocumentOrderedMap::getElementByLabelForAttribute):
1604         * dom/Element.cpp:
1605         (WebCore::Element::imageSourceURL):
1606         (WebCore::Element::rendererIsNeeded):
1607         (WebCore::Element::insertedInto):
1608         (WebCore::Element::removedFrom):
1609         (WebCore::Element::pseudo):
1610         (WebCore::Element::setPseudo):
1611         (WebCore::Element::spellcheckAttributeState):
1612         (WebCore::Element::canContainRangeEndPoint):
1613         (WebCore::Element::completeURLsInAttributeValue):
1614         * dom/Element.h:
1615         (WebCore::Element::fastHasAttribute):
1616         (WebCore::Element::attributeWithoutSynchronization):
1617         (WebCore::Element::fastGetAttribute): Deleted.
1618         * dom/InlineStyleSheetOwner.cpp:
1619         (WebCore::InlineStyleSheetOwner::createSheet):
1620         * dom/ScriptElement.cpp:
1621         (WebCore::ScriptElement::requestScript):
1622         (WebCore::ScriptElement::executeScript):
1623         * dom/SlotAssignment.cpp:
1624         (WebCore::slotNameFromSlotAttribute):
1625         (WebCore::SlotAssignment::SlotAssignment):
1626         (WebCore::recursivelyFireSlotChangeEvent):
1627         (WebCore::SlotAssignment::didChangeSlot):
1628         (WebCore::SlotAssignment::hostChildElementDidChange):
1629         (WebCore::SlotAssignment::assignedNodesForSlot):
1630         (WebCore::SlotAssignment::resolveAllSlotElements):
1631         * dom/TreeScope.cpp:
1632         (WebCore::TreeScope::labelElementForId):
1633         * dom/VisitedLinkState.cpp:
1634         (WebCore::linkAttribute):
1635         * editing/ApplyStyleCommand.cpp:
1636         (WebCore::isLegacyAppleStyleSpan):
1637         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
1638         * editing/EditingStyle.cpp:
1639         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
1640         * editing/ReplaceSelectionCommand.cpp:
1641         (WebCore::isInterchangeNewlineNode):
1642         (WebCore::isInterchangeConvertedSpaceSpan):
1643         (WebCore::positionAvoidingPrecedingNodes):
1644         (WebCore::isMailPasteAsQuotationNode):
1645         (WebCore::isHeaderElement):
1646         (WebCore::isInlineNodeWithStyle):
1647         * editing/TextIterator.cpp:
1648         (WebCore::isRendererReplacedElement):
1649         * editing/cocoa/DataDetection.mm:
1650         (WebCore::DataDetection::isDataDetectorLink):
1651         (WebCore::DataDetection::requiresExtendedContext):
1652         (WebCore::DataDetection::dataDetectorIdentifier):
1653         (WebCore::DataDetection::shouldCancelDefaultAction):
1654         (WebCore::removeResultLinksFromAnchor):
1655         (WebCore::searchForLinkRemovingExistingDDLinks):
1656         * editing/gtk/EditorGtk.cpp:
1657         (WebCore::elementURL):
1658         * editing/htmlediting.cpp:
1659         (WebCore::isTabSpanNode):
1660         (WebCore::isTabSpanTextNode):
1661         (WebCore::isMailBlockquote):
1662         (WebCore::caretMinOffset):
1663         * editing/markup.cpp:
1664         (WebCore::createFragmentFromMarkup):
1665         * html/Autofill.cpp:
1666         (WebCore::AutofillData::createFromHTMLFormControlElement):
1667         * html/BaseTextInputType.cpp:
1668         (WebCore::BaseTextInputType::patternMismatch):
1669         * html/DateInputType.cpp:
1670         (WebCore::DateInputType::createStepRange):
1671         * html/DateTimeInputType.cpp:
1672         (WebCore::DateTimeInputType::createStepRange):
1673         * html/DateTimeLocalInputType.cpp:
1674         (WebCore::DateTimeLocalInputType::createStepRange):
1675         * html/FormAssociatedElement.cpp:
1676         (WebCore::FormAssociatedElement::findAssociatedForm):
1677         (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
1678         (WebCore::FormAssociatedElement::formAttributeTargetChanged):
1679         * html/HTMLAnchorElement.cpp:
1680         (WebCore::HTMLAnchorElement::draggable):
1681         (WebCore::HTMLAnchorElement::href):
1682         (WebCore::HTMLAnchorElement::setHref):
1683         (WebCore::HTMLAnchorElement::target):
1684         (WebCore::HTMLAnchorElement::origin):
1685         (WebCore::HTMLAnchorElement::sendPings):
1686         (WebCore::HTMLAnchorElement::handleClick):
1687         * html/HTMLAnchorElement.h:
1688         (WebCore::HTMLAnchorElement::visitedLinkHash):
1689         * html/HTMLAppletElement.cpp:
1690         (WebCore::HTMLAppletElement::updateWidget):
1691         * html/HTMLAreaElement.cpp:
1692         (WebCore::HTMLAreaElement::target):
1693         * html/HTMLAttachmentElement.cpp:
1694         (WebCore::HTMLAttachmentElement::attachmentTitle):
1695         (WebCore::HTMLAttachmentElement::attachmentType):
1696         * html/HTMLBaseElement.cpp:
1697         (WebCore::HTMLBaseElement::target):
1698         (WebCore::HTMLBaseElement::href):
1699         * html/HTMLBodyElement.cpp:
1700         (WebCore::HTMLBodyElement::addSubresourceAttributeURLs):
1701         * html/HTMLButtonElement.cpp:
1702         (WebCore::HTMLButtonElement::value):
1703         (WebCore::HTMLButtonElement::computeWillValidate):
1704         * html/HTMLCanvasElement.cpp:
1705         (WebCore::HTMLCanvasElement::reset):
1706         * html/HTMLDocument.cpp:
1707         (WebCore::HTMLDocument::bgColor):
1708         (WebCore::HTMLDocument::setBgColor):
1709         (WebCore::HTMLDocument::fgColor):
1710         (WebCore::HTMLDocument::setFgColor):
1711         (WebCore::HTMLDocument::alinkColor):
1712         (WebCore::HTMLDocument::setAlinkColor):
1713         (WebCore::HTMLDocument::linkColor):
1714         (WebCore::HTMLDocument::setLinkColor):
1715         (WebCore::HTMLDocument::vlinkColor):
1716         (WebCore::HTMLDocument::setVlinkColor):
1717         * html/HTMLElement.cpp:
1718         (WebCore::contentEditableType):
1719         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
1720         (WebCore::HTMLElement::dir):
1721         (WebCore::HTMLElement::setDir):
1722         (WebCore::HTMLElement::draggable):
1723         (WebCore::HTMLElement::setDraggable):
1724         (WebCore::HTMLElement::title):
1725         (WebCore::HTMLElement::tabIndex):
1726         (WebCore::HTMLElement::translateAttributeMode):
1727         (WebCore::HTMLElement::hasDirectionAuto):
1728         (WebCore::HTMLElement::directionality):
1729         * html/HTMLEmbedElement.cpp:
1730         (WebCore::HTMLEmbedElement::imageSourceURL):
1731         (WebCore::HTMLEmbedElement::addSubresourceAttributeURLs):
1732         * html/HTMLFormControlElement.cpp:
1733         (WebCore::HTMLFormControlElement::formEnctype):
1734         (WebCore::HTMLFormControlElement::formMethod):
1735         (WebCore::HTMLFormControlElement::formAction):
1736         (WebCore::HTMLFormControlElement::autocorrect):
1737         (WebCore::HTMLFormControlElement::autocapitalizeType):
1738         * html/HTMLFormElement.cpp:
1739         (WebCore::HTMLFormElement::autocorrect):
1740         (WebCore::HTMLFormElement::autocapitalizeType):
1741         (WebCore::HTMLFormElement::autocapitalize):
1742         (WebCore::HTMLFormElement::action):
1743         (WebCore::HTMLFormElement::setAction):
1744         (WebCore::HTMLFormElement::target):
1745         (WebCore::HTMLFormElement::wasUserSubmitted):
1746         (WebCore::HTMLFormElement::shouldAutocomplete):
1747         (WebCore::HTMLFormElement::finishParsingChildren):
1748         (WebCore::HTMLFormElement::autocomplete):
1749         * html/HTMLFrameElementBase.cpp:
1750         (WebCore::HTMLFrameElementBase::location):
1751         (WebCore::HTMLFrameElementBase::setLocation):
1752         * html/HTMLHtmlElement.cpp:
1753         (WebCore::HTMLHtmlElement::insertedByParser):
1754         * html/HTMLImageElement.cpp:
1755         (WebCore::HTMLImageElement::imageSourceURL):
1756         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
1757         (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
1758         (WebCore::HTMLImageElement::selectImageSource):
1759         (WebCore::HTMLImageElement::altText):
1760         (WebCore::HTMLImageElement::createElementRenderer):
1761         (WebCore::HTMLImageElement::width):
1762         (WebCore::HTMLImageElement::height):
1763         (WebCore::HTMLImageElement::alt):
1764         (WebCore::HTMLImageElement::draggable):
1765         (WebCore::HTMLImageElement::setHeight):
1766         (WebCore::HTMLImageElement::src):
1767         (WebCore::HTMLImageElement::setSrc):
1768         (WebCore::HTMLImageElement::addSubresourceAttributeURLs):
1769         (WebCore::HTMLImageElement::didMoveToNewDocument):
1770         (WebCore::HTMLImageElement::isServerMap):
1771         (WebCore::HTMLImageElement::crossOrigin):
1772         * html/HTMLInputElement.cpp:
1773         (WebCore::HTMLInputElement::updateType):
1774         (WebCore::HTMLInputElement::initializeInputType):
1775         (WebCore::HTMLInputElement::altText):
1776         (WebCore::HTMLInputElement::value):
1777         (WebCore::HTMLInputElement::defaultValue):
1778         (WebCore::HTMLInputElement::setDefaultValue):
1779         (WebCore::HTMLInputElement::acceptMIMETypes):
1780         (WebCore::HTMLInputElement::acceptFileExtensions):
1781         (WebCore::HTMLInputElement::accept):
1782         (WebCore::HTMLInputElement::alt):
1783         (WebCore::HTMLInputElement::effectiveMaxLength):
1784         (WebCore::HTMLInputElement::src):
1785         (WebCore::HTMLInputElement::setAutoFilled):
1786         (WebCore::HTMLInputElement::dataList):
1787         (WebCore::HTMLInputElement::resetListAttributeTargetObserver):
1788         * html/HTMLKeygenElement.cpp:
1789         (WebCore::HTMLKeygenElement::isKeytypeRSA):
1790         (WebCore::HTMLKeygenElement::appendFormData):
1791         * html/HTMLLIElement.cpp:
1792         (WebCore::HTMLLIElement::didAttachRenderers):
1793         (WebCore::HTMLLIElement::parseValue):
1794         * html/HTMLLabelElement.cpp:
1795         (WebCore::HTMLLabelElement::control):
1796         * html/HTMLLinkElement.cpp:
1797         (WebCore::HTMLLinkElement::crossOrigin):
1798         (WebCore::HTMLLinkElement::process):
1799         (WebCore::HTMLLinkElement::href):
1800         (WebCore::HTMLLinkElement::rel):
1801         (WebCore::HTMLLinkElement::target):
1802         (WebCore::HTMLLinkElement::type):
1803         (WebCore::HTMLLinkElement::iconType):
1804         * html/HTMLMarqueeElement.cpp:
1805         (WebCore::HTMLMarqueeElement::scrollAmount):
1806         (WebCore::HTMLMarqueeElement::setScrollAmount):
1807         (WebCore::HTMLMarqueeElement::scrollDelay):
1808         (WebCore::HTMLMarqueeElement::setScrollDelay):
1809         (WebCore::HTMLMarqueeElement::loop):
1810         * html/HTMLMediaElement.cpp:
1811         (WebCore::HTMLMediaElement::insertedInto):
1812         (WebCore::HTMLMediaElement::crossOrigin):
1813         (WebCore::HTMLMediaElement::networkState):
1814         (WebCore::HTMLMediaElement::mediaSessionTitle):
1815         (WebCore::HTMLMediaElement::doesHaveAttribute):
1816         * html/HTMLMetaElement.cpp:
1817         (WebCore::HTMLMetaElement::process):
1818         (WebCore::HTMLMetaElement::content):
1819         (WebCore::HTMLMetaElement::httpEquiv):
1820         (WebCore::HTMLMetaElement::name):
1821         * html/HTMLMeterElement.cpp:
1822         (WebCore::HTMLMeterElement::min):
1823         (WebCore::HTMLMeterElement::setMin):
1824         (WebCore::HTMLMeterElement::max):
1825         (WebCore::HTMLMeterElement::setMax):
1826         (WebCore::HTMLMeterElement::value):
1827         (WebCore::HTMLMeterElement::low):
1828         (WebCore::HTMLMeterElement::high):
1829         (WebCore::HTMLMeterElement::optimum):
1830         * html/HTMLObjectElement.cpp:
1831         (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
1832         (WebCore::HTMLObjectElement::hasValidClassId):
1833         (WebCore::HTMLObjectElement::imageSourceURL):
1834         (WebCore::HTMLObjectElement::renderFallbackContent):
1835         (WebCore::HTMLObjectElement::containsJavaApplet):
1836         (WebCore::HTMLObjectElement::addSubresourceAttributeURLs):
1837         * html/HTMLOptGroupElement.cpp:
1838         (WebCore::HTMLOptGroupElement::groupLabelText):
1839         * html/HTMLOptionElement.cpp:
1840         (WebCore::HTMLOptionElement::value):
1841         (WebCore::HTMLOptionElement::label):
1842         * html/HTMLParamElement.cpp:
1843         (WebCore::HTMLParamElement::value):
1844         (WebCore::HTMLParamElement::isURLParameter):
1845         * html/HTMLProgressElement.cpp:
1846         (WebCore::HTMLProgressElement::value):
1847         (WebCore::HTMLProgressElement::max):
1848         * html/HTMLScriptElement.cpp:
1849         (WebCore::HTMLScriptElement::crossOrigin):
1850         (WebCore::HTMLScriptElement::src):
1851         (WebCore::HTMLScriptElement::sourceAttributeValue):
1852         (WebCore::HTMLScriptElement::charsetAttributeValue):
1853         (WebCore::HTMLScriptElement::typeAttributeValue):
1854         (WebCore::HTMLScriptElement::languageAttributeValue):
1855         (WebCore::HTMLScriptElement::forAttributeValue):
1856         (WebCore::HTMLScriptElement::eventAttributeValue):
1857         (WebCore::HTMLScriptElement::asyncAttributeValue):
1858         * html/HTMLSlotElement.cpp:
1859         (WebCore::HTMLSlotElement::insertedInto):
1860         (WebCore::HTMLSlotElement::removedFrom):
1861         * html/HTMLSourceElement.cpp:
1862         (WebCore::HTMLSourceElement::media):
1863         (WebCore::HTMLSourceElement::setMedia):
1864         (WebCore::HTMLSourceElement::type):
1865         (WebCore::HTMLSourceElement::setType):
1866         * html/HTMLTableCellElement.cpp:
1867         (WebCore::HTMLTableCellElement::colSpanForBindings):
1868         (WebCore::HTMLTableCellElement::rowSpan):
1869         (WebCore::HTMLTableCellElement::rowSpanForBindings):
1870         (WebCore::HTMLTableCellElement::cellIndex):
1871         (WebCore::HTMLTableCellElement::abbr):
1872         (WebCore::HTMLTableCellElement::axis):
1873         (WebCore::HTMLTableCellElement::setColSpanForBindings):
1874         (WebCore::HTMLTableCellElement::headers):
1875         (WebCore::HTMLTableCellElement::setRowSpanForBindings):
1876         (WebCore::HTMLTableCellElement::scope):
1877         (WebCore::HTMLTableCellElement::addSubresourceAttributeURLs):
1878         (WebCore::HTMLTableCellElement::cellAbove):
1879         * html/HTMLTableColElement.cpp:
1880         (WebCore::HTMLTableColElement::width):
1881         * html/HTMLTableElement.cpp:
1882         (WebCore::HTMLTableElement::rules):
1883         (WebCore::HTMLTableElement::summary):
1884         (WebCore::HTMLTableElement::addSubresourceAttributeURLs):
1885         * html/HTMLTableSectionElement.cpp:
1886         (WebCore::HTMLTableSectionElement::align):
1887         (WebCore::HTMLTableSectionElement::setAlign):
1888         (WebCore::HTMLTableSectionElement::ch):
1889         (WebCore::HTMLTableSectionElement::setCh):
1890         (WebCore::HTMLTableSectionElement::chOff):
1891         (WebCore::HTMLTableSectionElement::setChOff):
1892         (WebCore::HTMLTableSectionElement::vAlign):
1893         (WebCore::HTMLTableSectionElement::setVAlign):
1894         * html/HTMLTextAreaElement.cpp:
1895         (WebCore::HTMLTextAreaElement::appendFormData):
1896         * html/HTMLTextFormControlElement.cpp:
1897         (WebCore::HTMLTextFormControlElement::strippedPlaceholder):
1898         (WebCore::HTMLTextFormControlElement::isPlaceholderEmpty):
1899         (WebCore::HTMLTextFormControlElement::directionForFormData):
1900         * html/HTMLTrackElement.cpp:
1901         (WebCore::HTMLTrackElement::srclang):
1902         (WebCore::HTMLTrackElement::label):
1903         (WebCore::HTMLTrackElement::isDefault):
1904         (WebCore::HTMLTrackElement::ensureTrack):
1905         (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
1906         * html/HTMLVideoElement.cpp:
1907         (WebCore::HTMLVideoElement::parseAttribute):
1908         (WebCore::HTMLVideoElement::imageSourceURL):
1909         * html/ImageInputType.cpp:
1910         (WebCore::ImageInputType::height):
1911         (WebCore::ImageInputType::width):
1912         * html/InputType.cpp:
1913         (WebCore::InputType::applyStep):
1914         * html/MediaElementSession.cpp:
1915         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
1916         * html/MonthInputType.cpp:
1917         (WebCore::MonthInputType::createStepRange):
1918         * html/NumberInputType.cpp:
1919         (WebCore::NumberInputType::createStepRange):
1920         (WebCore::NumberInputType::sizeShouldIncludeDecoration):
1921         * html/RangeInputType.cpp:
1922         (WebCore::RangeInputType::createStepRange):
1923         (WebCore::RangeInputType::handleKeydownEvent):
1924         * html/TextFieldInputType.cpp:
1925         (WebCore::TextFieldInputType::appendFormData):
1926         (WebCore::TextFieldInputType::updateAutoFillButton):
1927         * html/TimeInputType.cpp:
1928         (WebCore::TimeInputType::createStepRange):
1929         * html/ValidationMessage.cpp:
1930         (WebCore::ValidationMessage::updateValidationMessage):
1931         * html/WeekInputType.cpp:
1932         (WebCore::WeekInputType::createStepRange):
1933         * html/track/WebVTTElement.cpp:
1934         (WebCore::WebVTTElement::createEquivalentHTMLElement):
1935         * inspector/InspectorPageAgent.cpp:
1936         (WebCore::InspectorPageAgent::buildObjectForFrame):
1937         * loader/FormSubmission.cpp:
1938         (WebCore::FormSubmission::create):
1939         * loader/FrameLoader.cpp:
1940         (WebCore::FrameLoader::defaultSubstituteDataForURL):
1941         * loader/ImageLoader.cpp:
1942         (WebCore::ImageLoader::updateFromElement):
1943         * loader/SubframeLoader.cpp:
1944         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy):
1945         * mathml/MathMLElement.cpp:
1946         (WebCore::MathMLElement::colSpan):
1947         (WebCore::MathMLElement::rowSpan):
1948         (WebCore::MathMLElement::childShouldCreateRenderer):
1949         (WebCore::MathMLElement::defaultEventHandler):
1950         (WebCore::MathMLElement::cachedMathMLLength):
1951         * mathml/MathMLFractionElement.cpp:
1952         (WebCore::MathMLFractionElement::lineThickness):
1953         (WebCore::MathMLFractionElement::cachedFractionAlignment):
1954         * mathml/MathMLSelectElement.cpp:
1955         (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
1956         (WebCore::MathMLSelectElement::getSelectedActionChild):
1957         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
1958         (WebCore::MathMLSelectElement::defaultEventHandler):
1959         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents):
1960         (WebCore::MathMLSelectElement::toggle):
1961         * page/EventHandler.cpp:
1962         (WebCore::findDropZone):
1963         * page/Frame.cpp:
1964         (WebCore::Frame::matchLabelsAgainstElement):
1965         * page/PageSerializer.cpp:
1966         (WebCore::PageSerializer::serializeFrame):
1967         * platform/win/PasteboardWin.cpp:
1968         (WebCore::Pasteboard::writeImageToDataObject):
1969         * rendering/HitTestResult.cpp:
1970         (WebCore::HitTestResult::altDisplayString):
1971         * rendering/RenderDetailsMarker.cpp:
1972         (WebCore::RenderDetailsMarker::isOpen):
1973         * rendering/RenderImage.cpp:
1974         (WebCore::RenderImage::imageMap):
1975         (WebCore::RenderImage::nodeAtPoint):
1976         * rendering/RenderMenuList.cpp:
1977         (RenderMenuList::itemAccessibilityText):
1978         (RenderMenuList::itemToolTip):
1979         * rendering/RenderSearchField.cpp:
1980         (WebCore::RenderSearchField::autosaveName):
1981         * rendering/RenderThemeIOS.mm:
1982         (WebCore::getAttachmentProgress):
1983         (WebCore::AttachmentInfo::AttachmentInfo):
1984         * rendering/RenderThemeMac.mm:
1985         (WebCore::AttachmentLayout::layOutSubtitle):
1986         (WebCore::RenderThemeMac::paintAttachment):
1987         * rendering/mathml/MathMLStyle.cpp:
1988         (WebCore::MathMLStyle::resolveMathMLStyle):
1989         * rendering/mathml/RenderMathMLFenced.cpp:
1990         (WebCore::RenderMathMLFenced::updateFromElement):
1991         * rendering/mathml/RenderMathMLOperator.cpp:
1992         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
1993         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttributeValue):
1994         (WebCore::RenderMathMLOperator::setOperatorProperties):
1995         * rendering/mathml/RenderMathMLScripts.cpp:
1996         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
1997         * rendering/mathml/RenderMathMLUnderOver.cpp:
1998         (WebCore::RenderMathMLUnderOver::hasAccent):
1999         * style/StyleSharingResolver.cpp:
2000         (WebCore::Style::SharingResolver::canShareStyleWithElement):
2001         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
2002         * svg/SVGAElement.cpp:
2003         (WebCore::SVGAElement::title):
2004         (WebCore::SVGAElement::defaultEventHandler):
2005         * svg/SVGAltGlyphElement.cpp:
2006         (WebCore::SVGAltGlyphElement::glyphRef):
2007         (WebCore::SVGAltGlyphElement::setFormat):
2008         (WebCore::SVGAltGlyphElement::format):
2009         (WebCore::SVGAltGlyphElement::childShouldCreateRenderer):
2010         * svg/SVGAnimationElement.cpp:
2011         (WebCore::SVGAnimationElement::toValue):
2012         (WebCore::SVGAnimationElement::byValue):
2013         (WebCore::SVGAnimationElement::fromValue):
2014         (WebCore::SVGAnimationElement::isAdditive):
2015         (WebCore::SVGAnimationElement::isAccumulated):
2016         * svg/SVGElement.cpp:
2017         (WebCore::SVGElement::xmlbase):
2018         (WebCore::SVGElement::setXmlbase):
2019         * svg/SVGFontFaceElement.cpp:
2020         (WebCore::SVGFontFaceElement::unitsPerEm):
2021         (WebCore::SVGFontFaceElement::xHeight):
2022         (WebCore::SVGFontFaceElement::capHeight):
2023         (WebCore::SVGFontFaceElement::horizontalOriginX):
2024         (WebCore::SVGFontFaceElement::horizontalOriginY):
2025         (WebCore::SVGFontFaceElement::horizontalAdvanceX):
2026         (WebCore::SVGFontFaceElement::verticalOriginX):
2027         (WebCore::SVGFontFaceElement::verticalOriginY):
2028         (WebCore::SVGFontFaceElement::verticalAdvanceY):
2029         (WebCore::SVGFontFaceElement::ascent):
2030         (WebCore::SVGFontFaceElement::descent):
2031         * svg/SVGFontFaceNameElement.cpp:
2032         (WebCore::SVGFontFaceNameElement::srcValue):
2033         * svg/SVGFontFaceUriElement.cpp:
2034         (WebCore::SVGFontFaceUriElement::srcValue):
2035         * svg/SVGGlyphRefElement.cpp:
2036         (WebCore::SVGGlyphRefElement::glyphRef):
2037         (WebCore::SVGGlyphRefElement::setGlyphRef):
2038         * svg/SVGHKernElement.cpp:
2039         (WebCore::SVGHKernElement::buildHorizontalKerningPair):
2040         * svg/SVGSVGElement.cpp:
2041         (WebCore::SVGSVGElement::contentScriptType):
2042         (WebCore::SVGSVGElement::contentStyleType):
2043         * svg/SVGStyleElement.cpp:
2044         (WebCore::SVGStyleElement::media):
2045         (WebCore::SVGStyleElement::title):
2046         (WebCore::SVGStyleElement::setTitle):
2047         * svg/SVGToOTFFontConversion.cpp:
2048         (WebCore::SVGToOTFFontConverter::appendOS2Table):
2049         (WebCore::SVGToOTFFontConverter::appendCFFTable):
2050         (WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
2051         (WebCore::SVGToOTFFontConverter::appendVORGTable):
2052         (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
2053         (WebCore::SVGToOTFFontConverter::processGlyphElement):
2054         (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically):
2055         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
2056         * svg/SVGVKernElement.cpp:
2057         (WebCore::SVGVKernElement::buildVerticalKerningPair):
2058         * svg/animation/SVGSMILElement.cpp:
2059         (WebCore::SVGSMILElement::insertedInto):
2060         (WebCore::SVGSMILElement::parseAttribute):
2061         (WebCore::SVGSMILElement::svgAttributeChanged):
2062         (WebCore::SVGSMILElement::restart):
2063         (WebCore::SVGSMILElement::fill):
2064         (WebCore::SVGSMILElement::dur):
2065         (WebCore::SVGSMILElement::repeatDur):
2066         (WebCore::SVGSMILElement::repeatCount):
2067         (WebCore::SVGSMILElement::maxValue):
2068         (WebCore::SVGSMILElement::minValue):
2069
2070 2016-07-16  Carlos Garcia Campos  <cgarcia@igalia.com>
2071
2072         ASSERTION FAILED: isMainThread() in ~UniqueIDBDatabase() since r201997
2073         https://bugs.webkit.org/show_bug.cgi?id=159809
2074
2075         Reviewed by Brady Eidson.
2076
2077         In r201997 the UniqueIDBDatabase was protected in executeNextDatabaseTask() because the last reference could be
2078         removed while the task is performed. However UniqueIDBDatabase is expected to be deleted in the main thread, and
2079         the destructor asserts when not called in the main thread, but executeNextDatabaseTask() is always called on a
2080         secondary thread. So, if the protector contains the last reference, the object is deleted in the secondary thread.
2081
2082         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2083         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): Use callOnMainThread to ensure the object is
2084         deleted in the main thread in case the protector contains the last reference.
2085
2086 2016-07-15  Chris Dumez  <cdumez@apple.com>
2087
2088         Use emptyString() / nullAtom when possible
2089         https://bugs.webkit.org/show_bug.cgi?id=159850
2090
2091         Reviewed by Ryosuke Niwa.
2092
2093         Use emptyString() / nullAtom when possible, for performance.
2094
2095         * Modules/webaudio/AudioNode.cpp:
2096         (WebCore::AudioNode::channelCountMode):
2097         (WebCore::AudioNode::channelInterpretation):
2098         * Modules/webdatabase/DatabaseTracker.cpp:
2099         (WebCore::DatabaseTracker::tracker):
2100         * Modules/websockets/WebSocket.cpp:
2101         (WebCore::WebSocket::WebSocket):
2102         (WebCore::WebSocket::didConnect):
2103         * Modules/websockets/WebSocketChannel.cpp:
2104         (WebCore::WebSocketChannel::subprotocol):
2105         (WebCore::WebSocketChannel::extensions):
2106         * accessibility/AccessibilityObject.cpp:
2107         (WebCore::AccessibilityObject::supportsPressAction):
2108         * accessibility/mac/AXObjectCacheMac.mm:
2109         (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
2110         * css/CSSPropertySourceData.cpp:
2111         (WebCore::CSSPropertySourceData::CSSPropertySourceData):
2112         * css/PageRuleCollector.cpp:
2113         (WebCore::PageRuleCollector::pageName):
2114         * css/PropertySetCSSStyleDeclaration.cpp:
2115         (WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority):
2116         * dom/DocumentMarkerController.cpp:
2117         (WebCore::DocumentMarkerController::addDictationPhraseWithAlternativesMarker):
2118         * dom/Element.cpp:
2119         (WebCore::Element::setPrefix):
2120         * editing/AlternativeTextController.cpp:
2121         (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
2122         (WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):
2123         * editing/CompositeEditCommand.cpp:
2124         (WebCore::CompositeEditCommand::removeNodeAttribute):
2125         (WebCore::CompositeEditCommand::moveParagraphs):
2126         * editing/InsertTextCommand.cpp:
2127         (WebCore::InsertTextCommand::positionInsideTextNode):
2128         * editing/TextCheckingHelper.cpp:
2129         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
2130         * editing/TypingCommand.cpp:
2131         (WebCore::TypingCommand::deleteSelection):
2132         (WebCore::TypingCommand::deleteKeyPressed):
2133         (WebCore::TypingCommand::forwardDeleteKeyPressed):
2134         (WebCore::TypingCommand::insertLineBreak):
2135         (WebCore::TypingCommand::insertParagraphSeparator):
2136         * editing/cocoa/EditorCocoa.mm:
2137         (WebCore::Editor::styleForSelectionStart):
2138         * editing/mac/EditorMac.mm:
2139         (WebCore::Editor::stringSelectionForPasteboard):
2140         (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
2141         * fileapi/FileReaderLoader.cpp:
2142         (WebCore::FileReaderLoader::FileReaderLoader):
2143         * html/FileInputType.cpp:
2144         (WebCore::FileInputType::appendFormData):
2145         * html/HTMLMediaElement.cpp:
2146         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
2147         * html/HTMLOutputElement.cpp:
2148         (WebCore::HTMLOutputElement::HTMLOutputElement):
2149         * html/SearchInputType.cpp:
2150         (WebCore::SearchInputType::handleKeydownEvent):
2151         * html/TextFieldInputType.cpp:
2152         (WebCore::autoFillButtonTypeToAccessibilityLabel):
2153         * html/canvas/WebGLDebugShaders.cpp:
2154         (WebCore::WebGLDebugShaders::getTranslatedShaderSource):
2155         * html/canvas/WebGLRenderingContextBase.cpp:
2156         (WebCore::WebGLRenderingContextBase::dispatchContextLostEvent):
2157         (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
2158         * html/canvas/WebGLShader.cpp:
2159         (WebCore::WebGLShader::WebGLShader):
2160         * html/shadow/MediaControlElements.cpp:
2161         (WebCore::MediaControlStatusDisplayElement::update):
2162         * html/track/TextTrack.cpp:
2163         (WebCore::TextTrack::captionMenuOffItem):
2164         (WebCore::TextTrack::captionMenuAutomaticItem):
2165         * html/track/VTTRegion.cpp:
2166         (WebCore::VTTRegion::scroll):
2167         * html/track/VTTRegion.h:
2168         * inspector/InspectorDOMAgent.cpp:
2169         (WebCore::InspectorDOMAgent::toErrorString):
2170         (WebCore::InspectorDOMAgent::resolveNode):
2171         (WebCore::InspectorDOMAgent::documentURLString):
2172         (WebCore::documentBaseURLString):
2173         * inspector/InspectorDOMDebuggerAgent.cpp:
2174         (WebCore::domTypeName):
2175         * inspector/InspectorFrontendHost.cpp:
2176         (WebCore::InspectorFrontendHost::localizedStringsURL):
2177         * inspector/InspectorHistory.cpp:
2178         (WebCore::InspectorHistory::Action::mergeId):
2179         * inspector/InspectorPageAgent.cpp:
2180         (WebCore::InspectorPageAgent::reload):
2181         (WebCore::InspectorPageAgent::frameId):
2182         (WebCore::InspectorPageAgent::loaderId):
2183         * inspector/InspectorStyleSheet.cpp:
2184         (WebCore::InspectorStyleSheet::ruleSelector):
2185         * loader/EmptyClients.h:
2186         * loader/FrameLoader.cpp:
2187         (WebCore::FrameLoader::referrer):
2188         * loader/ImageLoader.cpp:
2189         (WebCore::ImageLoader::clearFailedLoadURL):
2190         * loader/ResourceLoader.cpp:
2191         (WebCore::ResourceLoader::didReceiveResponse):
2192         * page/ContextMenuController.cpp:
2193         (WebCore::ContextMenuController::contextMenuItemSelected):
2194         * page/FrameTree.cpp:
2195         (WebCore::FrameTree::setName):
2196         (WebCore::FrameTree::clearName):
2197         * page/Location.cpp:
2198         (WebCore::Location::port):
2199         * platform/network/ProtectionSpaceBase.cpp:
2200         (WebCore::ProtectionSpaceBase::ProtectionSpaceBase):
2201         * xml/parser/XMLDocumentParserLibxml2.cpp:
2202         (WebCore::handleElementAttributes):
2203
2204 2016-07-15  Simon Fraser  <simon.fraser@apple.com>
2205
2206         Repaints rects drawn incorrectly when inspecting a WebView on a Retina display
2207         https://bugs.webkit.org/show_bug.cgi?id=159824
2208         rdar://problem/27376305
2209
2210         Reviewed by Brian Burg.
2211
2212         InspectorOverlayPage.js set up the canvases with a deviceScaleFactor passed into
2213         reset(), which comes from the overlay's m_page.deviceScaleFactor(). However, updatePaintRects()
2214         used window.devicePixelRatio which was always 1.
2215
2216         Fix by setting the deviceScaleFactor on the m_overlayPage.
2217
2218         * inspector/InspectorOverlay.cpp:
2219         (WebCore::InspectorOverlay::overlayPage):
2220
2221 2016-07-15  Myles C. Maxfield  <mmaxfield@apple.com>
2222
2223         [macOS] Work around crash in [NSAttributedString nextWordFromIndex:forward:]
2224         https://bugs.webkit.org/show_bug.cgi?id=159842
2225
2226         Reviewed by Jon Lee.
2227
2228         <rdar://problem/27380532> describes a crash inside [NSAttributedString nextWordFromIndex:forward:].
2229         This must be worked around for https://bugs.webkit.org/show_bug.cgi?id=159755 and
2230         <rdar://problem/27325521>.
2231
2232         * platform/text/mac/TextBoundaries.mm:
2233         (WebCore::findNextWordFromIndex):
2234
2235 2016-07-15  Brady Eidson  <beidson@apple.com>
2236
2237         Update XPathException to use the description in toString().
2238         https://bugs.webkit.org/show_bug.cgi?id=159848
2239
2240         Reviewed by Alex Christensen.
2241
2242         No new tests (Covered by changes to existing tests).
2243
2244         * bindings/js/JSDOMBinding.cpp:
2245         (WebCore::createDOMException):
2246         * xml/XPathException.h:
2247         (WebCore::XPathException::XPathException):
2248
2249 2016-07-15  Brady Eidson  <beidson@apple.com>
2250
2251         Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
2252         https://bugs.webkit.org/show_bug.cgi?id=159839
2253
2254         Reviewed by Alex Christensen.
2255
2256         No new tests (Covered by changes to existing tests).
2257
2258         This is the first step towards extended exception messages for all exception types.
2259
2260         * dom/ExceptionBase.cpp:
2261         (WebCore::ExceptionBase::ExceptionBase):
2262         (WebCore::ExceptionBase::toString):
2263         * dom/ExceptionBase.h:
2264
2265 2016-07-15  Geoffrey Garen  <ggaren@apple.com>
2266
2267         Added a makeRef<T> helper
2268         https://bugs.webkit.org/show_bug.cgi?id=159835
2269
2270         Reviewed by Andreas Kling.
2271
2272         Anders told me to!
2273
2274         * Modules/indexeddb/IDBTransaction.cpp:
2275         (WebCore::IDBTransaction::putOrAddOnServer):
2276         * Modules/indexeddb/shared/InProcessIDBServer.cpp:
2277         (WebCore::InProcessIDBServer::deleteDatabase):
2278         (WebCore::InProcessIDBServer::didDeleteDatabase):
2279         (WebCore::InProcessIDBServer::openDatabase):
2280         (WebCore::InProcessIDBServer::didOpenDatabase):
2281         (WebCore::InProcessIDBServer::didAbortTransaction):
2282         (WebCore::InProcessIDBServer::didCommitTransaction):
2283         (WebCore::InProcessIDBServer::didCreateObjectStore):
2284         (WebCore::InProcessIDBServer::didDeleteObjectStore):
2285         (WebCore::InProcessIDBServer::didClearObjectStore):
2286         (WebCore::InProcessIDBServer::didCreateIndex):
2287         (WebCore::InProcessIDBServer::didDeleteIndex):
2288         (WebCore::InProcessIDBServer::didPutOrAdd):
2289         (WebCore::InProcessIDBServer::didGetRecord):
2290         (WebCore::InProcessIDBServer::didGetCount):
2291         (WebCore::InProcessIDBServer::didDeleteRecord):
2292         (WebCore::InProcessIDBServer::didOpenCursor):
2293         (WebCore::InProcessIDBServer::didIterateCursor):
2294         (WebCore::InProcessIDBServer::abortTransaction):
2295         (WebCore::InProcessIDBServer::commitTransaction):
2296         (WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
2297         (WebCore::InProcessIDBServer::createObjectStore):
2298         (WebCore::InProcessIDBServer::deleteObjectStore):
2299         (WebCore::InProcessIDBServer::clearObjectStore):
2300         (WebCore::InProcessIDBServer::createIndex):
2301         (WebCore::InProcessIDBServer::deleteIndex):
2302         (WebCore::InProcessIDBServer::putOrAdd):
2303         (WebCore::InProcessIDBServer::getRecord):
2304         (WebCore::InProcessIDBServer::getCount):
2305         (WebCore::InProcessIDBServer::deleteRecord):
2306         (WebCore::InProcessIDBServer::openCursor):
2307         (WebCore::InProcessIDBServer::iterateCursor):
2308         (WebCore::InProcessIDBServer::establishTransaction):
2309         (WebCore::InProcessIDBServer::fireVersionChangeEvent):
2310         (WebCore::InProcessIDBServer::didStartTransaction):
2311         (WebCore::InProcessIDBServer::didCloseFromServer):
2312         (WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
2313         (WebCore::InProcessIDBServer::databaseConnectionClosed):
2314         (WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
2315         (WebCore::InProcessIDBServer::didFireVersionChangeEvent):
2316         (WebCore::InProcessIDBServer::openDBRequestCancelled):
2317         (WebCore::InProcessIDBServer::confirmDidCloseFromServer):
2318         (WebCore::InProcessIDBServer::getAllDatabaseNames):
2319         (WebCore::InProcessIDBServer::didGetAllDatabaseNames):
2320         * Modules/mediastream/MediaDevicesRequest.cpp:
2321         (WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):
2322         * Modules/mediastream/UserMediaRequest.cpp:
2323         (WebCore::UserMediaRequest::constraintsValidated):
2324         (WebCore::UserMediaRequest::userMediaAccessGranted):
2325         * Modules/webaudio/AudioContext.cpp:
2326         (WebCore::AudioContext::scheduleNodeDeletion):
2327         (WebCore::AudioContext::isPlayingAudioDidChange):
2328         (WebCore::AudioContext::suspend):
2329         (WebCore::AudioContext::resume):
2330         (WebCore::AudioContext::close):
2331         (WebCore::AudioContext::suspendPlayback):
2332         (WebCore::AudioContext::mayResumePlayback):
2333         * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
2334         (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
2335         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
2336         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
2337         (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
2338         (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
2339         (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
2340         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
2341         (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
2342         * Modules/websockets/WebSocket.cpp:
2343         (WebCore::WebSocket::connect):
2344         * bindings/js/JSEventListener.h:
2345         (WebCore::JSEventListener::jsFunction):
2346         * dom/Node.cpp:
2347         (WebCore::Node::setTextContent):
2348         * html/HTMLMediaElement.cpp:
2349         (WebCore::HTMLMediaElement::layoutSizeChanged):
2350         * inspector/CommandLineAPIHost.cpp:
2351         (WebCore::CommandLineAPIHost::wrapper):
2352         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
2353         (WebCore::AudioSourceProviderAVFObjC::prepare):
2354         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
2355         (WebCore::WebCoreAVCFResourceLoader::invalidate):
2356         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
2357         (WebCore::WebCoreAVFResourceLoader::invalidate):
2358         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
2359         (WebVideoFullscreenControllerContext::setExternalPlayback):
2360         * platform/network/BlobResourceHandle.cpp:
2361         (WebCore::BlobResourceHandle::start):
2362         (WebCore::BlobResourceHandle::notifyFinish):
2363         * platform/network/SocketStreamHandleBase.cpp:
2364         (WebCore::SocketStreamHandleBase::disconnect):
2365         * platform/network/curl/CurlDownload.cpp:
2366         (WebCore::CurlDownload::didReceiveHeader):
2367
2368 2016-07-15  Chris Dumez  <cdumez@apple.com>
2369
2370         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible
2371         https://bugs.webkit.org/show_bug.cgi?id=159793
2372
2373         Reviewed by Ryosuke Niwa.
2374
2375         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible, for performance.
2376
2377         * Modules/plugins/YouTubePluginReplacement.cpp:
2378         (WebCore::YouTubePluginReplacement::installReplacement):
2379         * dom/Element.h:
2380         (WebCore::Element::setIdAttribute):
2381         * editing/ApplyStyleCommand.cpp:
2382         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
2383         (WebCore::createFontElement):
2384         (WebCore::ApplyStyleCommand::applyInlineStyleChange):
2385         * editing/EditingStyle.cpp:
2386         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
2387         * editing/Editor.cpp:
2388         (WebCore::Editor::setBaseWritingDirection):
2389         * editing/ReplaceSelectionCommand.cpp:
2390         (WebCore::isMailPasteAsQuotationNode):
2391         (WebCore::isInlineNodeWithStyle):
2392         * editing/cocoa/DataDetection.mm:
2393         (WebCore::DataDetection::detectContentInRange):
2394         * editing/htmlediting.cpp:
2395         (WebCore::createTabSpanElement):
2396         * editing/ios/EditorIOS.mm:
2397         (WebCore::Editor::setTextAlignmentForChangedBaseWritingDirection):
2398         (WebCore::Editor::WebContentReader::readURL):
2399         * editing/mac/EditorMac.mm:
2400         (WebCore::Editor::WebContentReader::readURL):
2401         * editing/markup.cpp:
2402         (WebCore::createFragmentFromText):
2403         * html/BaseButtonInputType.cpp:
2404         (WebCore::BaseButtonInputType::setValue):
2405         * html/BaseCheckableInputType.cpp:
2406         (WebCore::BaseCheckableInputType::setValue):
2407         * html/FTPDirectoryDocument.cpp:
2408         (WebCore::FTPDirectoryDocumentParser::appendEntry):
2409         (WebCore::FTPDirectoryDocumentParser::createTDForFilename):
2410         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
2411         (WebCore::FTPDirectoryDocumentParser::createBasicDocument):
2412         * html/HTMLAnchorElement.cpp:
2413         (WebCore::HTMLAnchorElement::href):
2414         (WebCore::HTMLAnchorElement::setHref):
2415         (WebCore::HTMLAnchorElement::target):
2416         * html/HTMLAreaElement.cpp:
2417         (WebCore::HTMLAreaElement::target):
2418         * html/HTMLBaseElement.cpp:
2419         (WebCore::HTMLBaseElement::setHref):
2420         * html/HTMLButtonElement.cpp:
2421         (WebCore::HTMLButtonElement::setType):
2422         * html/HTMLDetailsElement.cpp:
2423         (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
2424         (WebCore::HTMLDetailsElement::toggleOpen):
2425         * html/HTMLDocument.cpp:
2426         (WebCore::HTMLDocument::setBgColor):
2427         (WebCore::HTMLDocument::setFgColor):
2428         (WebCore::HTMLDocument::setAlinkColor):
2429         (WebCore::HTMLDocument::setLinkColor):
2430         (WebCore::HTMLDocument::setVlinkColor):
2431         * html/HTMLElement.cpp:
2432         (WebCore::HTMLElement::setDir):
2433         (WebCore::HTMLElement::setContentEditable):
2434         (WebCore::HTMLElement::setDraggable):
2435         (WebCore::HTMLElement::setSpellcheck):
2436         (WebCore::HTMLElement::setTranslate):
2437         * html/HTMLFormControlElement.cpp:
2438         (WebCore::HTMLFormControlElement::setFormEnctype):
2439         (WebCore::HTMLFormControlElement::setFormMethod):
2440         (WebCore::HTMLFormControlElement::setAutocorrect):
2441         (WebCore::HTMLFormControlElement::setAutocapitalize):
2442         (WebCore::HTMLFormControlElement::setAutocomplete):
2443         * html/HTMLFormElement.cpp:
2444         (WebCore::HTMLFormElement::setAutocorrect):
2445         (WebCore::HTMLFormElement::setAutocapitalize):
2446         (WebCore::HTMLFormElement::setAction):
2447         (WebCore::HTMLFormElement::setEnctype):
2448         (WebCore::HTMLFormElement::setMethod):
2449         (WebCore::HTMLFormElement::target):
2450         * html/HTMLImageElement.cpp:
2451         (WebCore::HTMLImageElement::width):
2452         (WebCore::HTMLImageElement::height):
2453         (WebCore::HTMLImageElement::setSrc):
2454         * html/HTMLInputElement.cpp:
2455         (WebCore::HTMLInputElement::setType):
2456         (WebCore::HTMLInputElement::updateType):
2457         (WebCore::HTMLInputElement::altText):
2458         (WebCore::HTMLInputElement::setDefaultValue):
2459         * html/HTMLLinkElement.cpp:
2460         (WebCore::HTMLLinkElement::href):
2461         (WebCore::HTMLLinkElement::target):
2462         (WebCore::HTMLLinkElement::type):
2463         * html/HTMLMediaElement.cpp:
2464         (WebCore::HTMLMediaElement::setSrc):
2465         (WebCore::HTMLMediaElement::setPreload):
2466         * html/HTMLMeterElement.cpp:
2467         (WebCore::HTMLMeterElement::min):
2468         (WebCore::HTMLMeterElement::setMin):
2469         (WebCore::HTMLMeterElement::max):
2470         (WebCore::HTMLMeterElement::setMax):
2471         (WebCore::HTMLMeterElement::value):
2472         (WebCore::HTMLMeterElement::setValue):
2473         (WebCore::HTMLMeterElement::low):
2474         (WebCore::HTMLMeterElement::setLow):
2475         (WebCore::HTMLMeterElement::high):
2476         (WebCore::HTMLMeterElement::setHigh):
2477         (WebCore::HTMLMeterElement::optimum):
2478         (WebCore::HTMLMeterElement::setOptimum):
2479         * html/HTMLObjectElement.cpp:
2480         (WebCore::HTMLObjectElement::containsJavaApplet):
2481         * html/HTMLOptionElement.cpp:
2482         (WebCore::HTMLOptionElement::createForJSConstructor):
2483         (WebCore::HTMLOptionElement::setValue):
2484         (WebCore::HTMLOptionElement::setLabel):
2485         * html/HTMLProgressElement.cpp:
2486         (WebCore::HTMLProgressElement::setValue):
2487         (WebCore::HTMLProgressElement::setMax):
2488         * html/HTMLScriptElement.cpp:
2489         (WebCore::HTMLScriptElement::typeAttributeValue):
2490         * html/HTMLSelectElement.cpp:
2491         (WebCore::HTMLSelectElement::setMultiple):
2492         * html/HTMLSourceElement.cpp:
2493         (WebCore::HTMLSourceElement::setSrc):
2494         (WebCore::HTMLSourceElement::media):
2495         (WebCore::HTMLSourceElement::setMedia):
2496         (WebCore::HTMLSourceElement::type):
2497         (WebCore::HTMLSourceElement::setType):
2498         * html/HTMLTableSectionElement.cpp:
2499         (WebCore::HTMLTableSectionElement::setAlign):
2500         (WebCore::HTMLTableSectionElement::setCh):
2501         (WebCore::HTMLTableSectionElement::chOff):
2502         (WebCore::HTMLTableSectionElement::setChOff):
2503         (WebCore::HTMLTableSectionElement::setVAlign):
2504         * html/HTMLTextFormControlElement.cpp:
2505         (WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability):
2506         * html/HTMLVideoElement.cpp:
2507         (WebCore::HTMLVideoElement::imageSourceURL):
2508         * html/HiddenInputType.cpp:
2509         (WebCore::HiddenInputType::restoreFormControlState):
2510         (WebCore::HiddenInputType::setValue):
2511         * html/MediaDocument.cpp:
2512         (WebCore::MediaDocumentParser::createDocumentStructure):
2513         (WebCore::MediaDocument::replaceMediaElementTimerFired):
2514         * html/PluginDocument.cpp:
2515         (WebCore::PluginDocumentParser::createDocumentStructure):
2516         * html/TextFieldInputType.cpp:
2517         (WebCore::TextFieldInputType::createAutoFillButton):
2518         (WebCore::TextFieldInputType::updateAutoFillButton):
2519         * html/parser/HTMLTreeBuilder.cpp:
2520         (WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody):
2521         * html/shadow/MediaControlElements.cpp:
2522         (WebCore::MediaControlClosedCaptionsContainerElement::create):
2523         (WebCore::MediaControlTimelineElement::create):
2524         (WebCore::MediaControlPanelVolumeSliderElement::create):
2525         (WebCore::MediaControlFullscreenVolumeSliderElement::create):
2526         * html/shadow/TextControlInnerElements.cpp:
2527         (WebCore::SearchFieldCancelButtonElement::SearchFieldCancelButtonElement):
2528         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
2529         (WebCore::ImageControlsButtonElementMac::tryCreate):
2530         * html/shadow/mac/ImageControlsRootElementMac.cpp:
2531         (WebCore::ImageControlsRootElement::tryCreate):
2532         * html/track/WebVTTElement.cpp:
2533         (WebCore::WebVTTElement::createEquivalentHTMLElement):
2534         * html/track/WebVTTParser.cpp:
2535         (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
2536         * inspector/InspectorCSSAgent.cpp:
2537         (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument):
2538         * inspector/InspectorPageAgent.cpp:
2539         (WebCore::InspectorPageAgent::buildObjectForFrame):
2540         * mathml/MathMLSelectElement.cpp:
2541         (WebCore::MathMLSelectElement::toggle):
2542         * page/PageSerializer.cpp:
2543         (WebCore::PageSerializer::serializeFrame):
2544         * rendering/RenderDetailsMarker.cpp:
2545         (WebCore::RenderDetailsMarker::isOpen):
2546         * rendering/mathml/RenderMathMLFraction.cpp:
2547         (WebCore::RenderMathMLFraction::updateFromElement):
2548         * svg/SVGElement.cpp:
2549         (WebCore::SVGElement::setXmlbase):
2550         * svg/SVGSVGElement.cpp:
2551         (WebCore::SVGSVGElement::setContentScriptType):
2552         (WebCore::SVGSVGElement::setContentStyleType):
2553         * svg/SVGStyleElement.cpp:
2554         (WebCore::SVGStyleElement::setMedia):
2555         (WebCore::SVGStyleElement::setTitle):
2556
2557 2016-07-15  Chris Dumez  <cdumez@apple.com>
2558
2559         Modernize StaticNodeList / StaticElementList
2560         https://bugs.webkit.org/show_bug.cgi?id=159831
2561
2562         Reviewed by Ryosuke Niwa.
2563
2564         Modernize StaticNodeList / StaticElementList. Pass vector to adopt
2565         as an rvalue reference instead of a non-const reference.
2566
2567         * bindings/js/JSHTMLAllCollectionCustom.cpp:
2568         (WebCore::namedItems):
2569         * dom/ChildListMutationScope.cpp:
2570         (WebCore::ChildListMutationAccumulator::enqueueMutationRecord):
2571         * dom/MutationRecord.cpp:
2572         * dom/SelectorQuery.cpp:
2573         (WebCore::SelectorDataList::queryAll):
2574         * dom/StaticNodeList.h:
2575         * dom/WebKitNamedFlow.cpp:
2576         (WebCore::WebKitNamedFlow::getRegionsByContent):
2577         (WebCore::WebKitNamedFlow::getRegions):
2578         (WebCore::WebKitNamedFlow::getContent):
2579         * svg/SVGSVGElement.cpp:
2580         (WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):
2581         * testing/Internals.cpp:
2582         (WebCore::Internals::nodesFromRect):
2583
2584 2016-07-15  Brent Fulgham  <bfulgham@apple.com>
2585
2586         Block insecure script running in a data: frame when the top-level page is HTTPS
2587         https://bugs.webkit.org/show_bug.cgi?id=125806
2588         <rdar://problem/27331825>
2589
2590         Reviewed by Brady Eidson.
2591
2592         Fix based on a Blink change (patch by <tsepez@chromium.org>):
2593         <https://chromium.googlesource.com/chromium/blink/+/33e553bd96e040151c1472289a0d80803bfca3a5>
2594
2595         Test: http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html
2596
2597         * loader/cache/CachedResourceLoader.cpp:
2598         (WebCore::CachedResourceLoader::checkInsecureContent): Check the top-level frame's security state
2599         before allowing insecure scripts to be used.        
2600
2601 2016-07-15  Chris Dumez  <cdumez@apple.com>
2602
2603         Let the compiler generate QualifiedName copy constructor and assignment operator
2604         https://bugs.webkit.org/show_bug.cgi?id=159826
2605
2606         Reviewed by Alex Christensen.
2607
2608         Let the compiler generate QualifiedName copy constructor and assignment operator
2609         as our custom implementation does nothing special. This also makes QualifiedName
2610         movable as the compiler is now able to generate the move constructor / assignment
2611         operator as well.
2612
2613         * dom/QualifiedName.h:
2614         (WebCore::QualifiedName::QualifiedName): Deleted.
2615         (WebCore::QualifiedName::operator=): Deleted.
2616
2617 2016-07-15  Antonio Gomes  <tonikitoo@igalia.com>
2618
2619         ScrollView::setHasHorizontalScrollbar / setHasVerticalScrollbar duplicate their logic
2620         https://bugs.webkit.org/show_bug.cgi?id=159825
2621
2622         Patch introduces a (private) method to ScrollView
2623         to share the code/logic of setHas{Horizontal,Vertical}Scrollbar.
2624
2625         Reviewed by Simon Fraser.
2626
2627         No new tests needed.
2628
2629         * platform/ScrollView.cpp:
2630         (WebCore::ScrollView::setHasScrollbarInternal):
2631         (WebCore::ScrollView::setHasHorizontalScrollbar):
2632         (WebCore::ScrollView::setHasVerticalScrollbar):
2633         * platform/ScrollView.h:
2634
2635 2016-07-15  Frederic Wang  <fwang@igalia.com>
2636
2637         MathOperator: Improve alignment for vertical size variant
2638         https://bugs.webkit.org/show_bug.cgi?id=158866
2639
2640         Reviewed by Brent Fulgham.
2641
2642         The MathOperator class may stretch operators with either a large glyph or a glyph assembly.
2643         In the latter case, the assembly is adjusted to match the stretch ascent and descent
2644         requested by the callers. But in the former case the glyph ascent and descent are used
2645         instead. We solve this by making MathOperator::stretchTo only take a targetSize and let
2646         callers do the vertical alignment they want. This improves the rendering of fences with some
2647         math fonts (e.g. XITS) and allows to pass the two cases of mo-axis-height-1.html.
2648
2649         Test: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
2650
2651         * rendering/mathml/MathOperator.cpp:
2652         (WebCore::MathOperator::stretchTo): Merge vertical and horizontal stretching into the same
2653         function with only the targetSize as a parameter.
2654         * rendering/mathml/RenderMathMLOperator.cpp:
2655         (WebCore::RenderMathMLOperator::stretchTo): Updated to use the new signature.
2656         (WebCore::RenderMathMLOperator::verticalStretchedOperatorShift): Helper function to calculate
2657         the shift necessary to align the baseline of the MathOperator instance with the one of the
2658         RenderMathMLOperator.
2659         (WebCore::RenderMathMLOperator::firstLineBaseline): Adjust the baseline.
2660         * rendering/mathml/RenderMathMLOperator.h: Declare verticalStretchedOperatorShift.
2661         * rendering/mathml/RenderMathMLRoot.cpp:
2662         (WebCore::RenderMathMLRoot::layoutBlock): Use the new signature. This function aligns the top
2663         of the radical with the overbar so we do not need to adjust baseline alignment here.
2664
2665 2016-07-15  Brady Eidson  <beidson@apple.com>
2666
2667         WebKit should prevent push/replace state with username in URL.
2668         <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818
2669
2670         Reviewed by Brent Fulgham.
2671
2672         Test: http/tests/security/history-username-password.html
2673
2674         * page/History.cpp:
2675         (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.
2676
2677 2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>
2678
2679         Unreviewed, rolling out r203266.
2680
2681         This change caused editing/deleting/delete-emoji.html to time
2682         out on El Capitan, crash under GuardMalloc
2683
2684         Reverted changeset:
2685
2686         "Support new emoji group candidates"
2687         https://bugs.webkit.org/show_bug.cgi?id=159755
2688         http://trac.webkit.org/changeset/203266
2689
2690 2016-07-15  Frederic Wang  <fwang@igalia.com>
2691
2692         Move parsing of mfrac attributes into a MathMLFractionElement class
2693         https://bugs.webkit.org/show_bug.cgi?id=159624
2694
2695         Reviewed by Brent Fulgham.
2696
2697         We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
2698         minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
2699         the members in updateLayoutParameters are actually only used in layoutBlock and could be
2700         removed in a follow-up patch. We also improve the resolution of negative line thickness value
2701         since the MathML recommendation says it should be rounded up to the nearest valid
2702         value (which is zero) instead of ignoring the attribute and using the line thickness.
2703
2704         No new tests, already covered by existing tests.
2705
2706         * CMakeLists.txt: Add MathMLFractionElement.
2707         * WebCore.xcodeproj/project.pbxproj: Ditto.
2708         * mathml/MathMLAllInOne.cpp: Ditto.
2709         * mathml/MathMLFractionElement.cpp: Added.
2710         (WebCore::MathMLFractionElement::MathMLFractionElement):
2711         (WebCore::MathMLFractionElement::create):
2712         (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
2713         parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
2714         or fallback to the general parseMathMLLength for MathML lengths.
2715         (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
2716         parsing it again if it is dirty.
2717         (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
2718         (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
2719         (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
2720         (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
2721         * mathml/MathMLFractionElement.h: Added.
2722         * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
2723         (WebCore::MathMLInlineContainerElement::createElementRenderer):
2724         * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
2725         * rendering/mathml/RenderMathMLFraction.cpp:
2726         (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
2727         layout parameters, replacing updateFromElement. We no longer parse and store the alignment
2728         values here. We also change the resolution of negative values.
2729         (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
2730         (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
2731         updateFromElement. The numerator and denominator alignments are resolved here.
2732         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
2733         attribute is now handled in MathMLFractionElement.
2734         (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
2735         handled in MathMLFractionElement.
2736         (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
2737         * rendering/mathml/RenderMathMLFraction.h: Update declarations.
2738
2739 2016-07-15  Frederic Wang  <fwang@igalia.com>
2740
2741         Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
2742         https://bugs.webkit.org/show_bug.cgi?id=159783
2743
2744         Reviewed by Brent Fulgham.
2745
2746         GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
2747         index is nonzero. This behavior is not expected by the MathML code and we have had crashes
2748         in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
2749         GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.
2750
2751         No new tests, this only makes null pointer checks stronger.
2752
2753         * rendering/mathml/MathOperator.cpp:
2754         (WebCore::boundsForGlyph):
2755         (WebCore::advanceWidthForGlyph):
2756         (WebCore::MathOperator::getBaseGlyph):
2757         (WebCore::MathOperator::setSizeVariant):
2758         (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
2759         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
2760         (WebCore::MathOperator::paintVerticalGlyphAssembly):
2761         (WebCore::MathOperator::paintHorizontalGlyphAssembly):
2762         (WebCore::MathOperator::paint):
2763         * rendering/mathml/RenderMathMLOperator.cpp:
2764         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
2765         * rendering/mathml/RenderMathMLToken.cpp:
2766         (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
2767         (WebCore::RenderMathMLToken::firstLineBaseline):
2768         (WebCore::RenderMathMLToken::layoutBlock):
2769         (WebCore::RenderMathMLToken::paint):
2770         (WebCore::RenderMathMLToken::paintChildren):
2771
2772 2016-07-15  Frederic Wang  <fwang@igalia.com>
2773
2774         Add DejaVu Math TeX Gyre to the list of math fonts.
2775         https://bugs.webkit.org/show_bug.cgi?id=159805
2776
2777         Reviewed by Brent Fulgham.
2778
2779         DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
2780         likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
2781         list of font-families in mathml.css in order to increase the chance to find a math font.
2782
2783         No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.
2784
2785         * css/mathml.css:
2786         (math):
2787
2788 2016-07-15  Eric Carlson  <eric.carlson@apple.com>
2789
2790         [MSE] Increase the SourceBuffer "fudge factor"
2791         https://bugs.webkit.org/show_bug.cgi?id=159813
2792         <rdar://problem/27372033>
2793
2794         Reviewed by Jon Lee.
2795         
2796         Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
2797         math, and the error accumulation results in small gaps in the media timeline. r202641
2798         increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
2799         out that at least one large provider has a significant amount of content encoded with
2800         up to two 24fps frames.
2801
2802         No new tests, updated media/media-source/media-source-small-gap.html.
2803
2804         * Modules/mediasource/SourceBuffer.cpp:
2805         (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.
2806
2807 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
2808
2809         Add final keyword to WebCore/svg classes
2810         https://bugs.webkit.org/show_bug.cgi?id=159802
2811
2812         Reviewed by Youenn Fablet.
2813
2814         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
2815
2816         * svg/SVGException.h:
2817         * svg/SVGLengthList.h:
2818         * svg/SVGMatrix.h:
2819         * svg/SVGNumberList.h:
2820         * svg/SVGPaint.h:
2821         * svg/SVGPathBuilder.h:
2822         * svg/SVGPathByteStreamBuilder.h:
2823         * svg/SVGPathByteStreamSource.h:
2824         * svg/SVGPathSegArcAbs.h:
2825         * svg/SVGPathSegArcRel.h:
2826         * svg/SVGPathSegClosePath.h:
2827         * svg/SVGPathSegCurvetoCubicAbs.h:
2828         * svg/SVGPathSegCurvetoCubicRel.h:
2829         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
2830         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
2831         * svg/SVGPathSegCurvetoQuadraticAbs.h:
2832         * svg/SVGPathSegCurvetoQuadraticRel.h:
2833         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
2834         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
2835         * svg/SVGPathSegLinetoAbs.h:
2836         * svg/SVGPathSegLinetoHorizontalAbs.h:
2837         * svg/SVGPathSegLinetoHorizontalRel.h:
2838         * svg/SVGPathSegLinetoRel.h:
2839         * svg/SVGPathSegLinetoVerticalAbs.h:
2840         * svg/SVGPathSegLinetoVerticalRel.h:
2841         * svg/SVGPathSegListBuilder.h:
2842         * svg/SVGPathSegListSource.h:
2843         * svg/SVGPathSegMovetoAbs.h:
2844         * svg/SVGPathSegMovetoRel.h:
2845         * svg/SVGPathStringSource.h:
2846         * svg/SVGPathTraversalStateBuilder.h:
2847         * svg/SVGPointList.h:
2848         * svg/SVGRenderingIntent.h:
2849         * svg/SVGStringList.h:
2850         * svg/SVGTRefElement.cpp:
2851         * svg/SVGToOTFFontConversion.cpp:
2852         * svg/SVGTransformList.h:
2853         * svg/SVGUnitTypes.h:
2854         * svg/SVGViewSpec.h:
2855         * svg/SVGZoomEvent.h:
2856         * svg/animation/SMILTimeContainer.h:
2857         * svg/animation/SVGSMILElement.cpp:
2858         * svg/graphics/filters/SVGFEImage.h:
2859         * svg/graphics/filters/SVGFilter.h:
2860         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
2861         * svg/properties/SVGAnimatedPropertyTearOff.h:
2862         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
2863         * svg/properties/SVGMatrixTearOff.h:
2864         * svg/properties/SVGPathSegListPropertyTearOff.h:
2865         * svg/properties/SVGStaticListPropertyTearOff.h:
2866         * svg/properties/SVGStaticPropertyTearOff.h:
2867         * svg/properties/SVGTransformListPropertyTearOff.h:
2868
2869 2016-07-15  Per Arne Vollan  <pvollan@apple.com>
2870
2871         Uninitialized variable in DIBPixelData can cause a dangerous memory write
2872         https://bugs.webkit.org/show_bug.cgi?id=159414
2873
2874         Reviewed by Brent Fulgham.
2875
2876         Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
2877         fails to do so, because the bitmap handle is invalid.
2878
2879         Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp
2880
2881         * platform/graphics/win/DIBPixelData.cpp:
2882         (WebCore::DIBPixelData::initialize): Initialize local variable.
2883         (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
2884         * platform/graphics/win/DIBPixelData.h: Link fix.
2885
2886 2016-07-14  Yoav Weiss  <yoav@yoav.ws>
2887
2888         Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
2889         https://bugs.webkit.org/show_bug.cgi?id=159666
2890
2891         Reviewed by Michael Catanzaro.
2892
2893         Tests:
2894             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
2895
2896         * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
2897         * css/CSSParser.cpp:
2898         (WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.
2899         * css/CSSParser.h:
2900
2901 2016-07-14  Antonio Gomes  <tonikitoo@igalia.com>
2902
2903         [RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
2904         https://bugs.webkit.org/show_bug.cgi?id=158252
2905
2906         Reviewed by Myles C. Maxfield.
2907
2908         When the 'dir' attribute changes either on body or on the document
2909         element level, the associated FrameView does not trigger an update on
2910         the frame level vertical scrollbar.
2911
2912         Patch adds a 'hook' so that RenderBox::styleDidChange can call in
2913         order to get the document level scrollbar placed properly in the next
2914         layout.
2915
2916         Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html
2917               fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
2918               fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html
2919
2920         * page/FrameView.cpp:
2921         (WebCore::FrameView::topContentDirectionDidChange):
2922         * page/FrameView.h:
2923         * rendering/RenderBox.cpp:
2924         (WebCore::RenderBox::styleDidChange):
2925
2926 2016-07-14  Myles C. Maxfield  <mmaxfield@apple.com>
2927
2928         Support new emoji group candidates
2929         https://bugs.webkit.org/show_bug.cgi?id=159755
2930         <rdar://problem/27325521>
2931
2932         Reviewed by Dean Jackson.
2933
2934         There are a few code points which should be able to be joined (with ZWJ) to
2935         either U+2640 or U+2642 to change the gender of the emoji. These patterns
2936         should also work with an additional 0xFE0F variation selector. This patch
2937         adds these new patterns to our existing emoji group candidate infrastructure.
2938
2939         Tests: fast/text/emoji-gender-2-3.html
2940                fast/text/emoji-gender-2-4.html
2941                fast/text/emoji-gender-2-5.html
2942                fast/text/emoji-gender-2-6.html
2943                fast/text/emoji-gender-2-7.html
2944                fast/text/emoji-gender-2-8.html
2945                fast/text/emoji-gender-2-9.html
2946                fast/text/emoji-gender-2.html
2947                fast/text/emoji-gender-3.html
2948                fast/text/emoji-gender-4.html
2949                fast/text/emoji-gender-5.html
2950                fast/text/emoji-gender-6.html
2951                fast/text/emoji-gender-7.html
2952                fast/text/emoji-gender-8.html
2953                fast/text/emoji-gender-9.html
2954                fast/text/emoji-gender-fe0f-3.html
2955                fast/text/emoji-gender-fe0f-4.html
2956                fast/text/emoji-gender-fe0f-5.html
2957                fast/text/emoji-gender-fe0f-6.html
2958                fast/text/emoji-gender-fe0f-7.html
2959                fast/text/emoji-gender-fe0f-8.html
2960                fast/text/emoji-gender-fe0f-9.html
2961                fast/text/emoji-gender.html
2962                fast/text/emoji-num-glyphs.html
2963                fast/text/emoji-single-parent-family-2.html
2964                fast/text/emoji-single-parent-family.html
2965
2966         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
2967         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
2968         * platform/graphics/FontCascade.cpp:
2969         (WebCore::FontCascade::characterRangeCodePath):
2970         * platform/text/CharacterProperties.h:
2971         (WebCore::isEmojiGroupCandidate):
2972
2973 2016-07-14  Dean Jackson  <dino@apple.com>
2974
2975         CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
2976         https://bugs.webkit.org/show_bug.cgi?id=159799
2977         <rdar://problem/27346959>
2978
2979         Reviewed by Myles Maxfield.
2980
2981         Speculative fix for this crash, which seems to happen when asking for the Node's
2982         renderer(). From the incoming crash logs, it is triggered by mutations on
2983         a <picture> or <img> element, which would require choosing a new source,
2984         and causing some media queries to evaluate.
2985
2986         The only place in MediaQueryEvaluator that has anything to do with
2987         renderers is when gathering up some style information to pass to the
2988         actual evaluation function. I put a guard against a missing documentElement
2989         in there.
2990
2991         * css/MediaQueryEvaluator.cpp:
2992         (WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
2993         null.
2994
2995 2016-07-14  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
2996
2997         Update HTML*Element class override methods in final classes
2998         https://bugs.webkit.org/show_bug.cgi?id=159456
2999
3000         Reviewed by Youenn Fablet.
3001
3002         Update HTML*Element classes so that overriden methods in final classes are marked final.
3003         Also marked HTMLDivElement overriden methods as final since they are not overridden by derived classes.
3004
3005         * html/HTMLAppletElement.h:
3006         * html/HTMLAreaElement.h:
3007         * html/HTMLAttachmentElement.h:
3008         * html/HTMLAudioElement.h:
3009         * html/HTMLBRElement.h:
3010         * html/HTMLBaseElement.h:
3011         * html/HTMLBodyElement.h:
3012         * html/HTMLButtonElement.h:
3013         * html/HTMLCanvasElement.h:
3014         * html/HTMLDataElement.h:
3015         * html/HTMLDetailsElement.h:
3016         * html/HTMLDivElement.h:
3017         * html/HTMLEmbedElement.h:
3018         * html/HTMLFieldSetElement.h:
3019         * html/HTMLFontElement.h:
3020         * html/HTMLFormElement.h:
3021         * html/HTMLFrameSetElement.h:
3022         * html/HTMLHRElement.h:
3023         * html/HTMLHtmlElement.h:
3024         * html/HTMLKeygenElement.h:
3025         * html/HTMLLIElement.h:
3026         * html/HTMLLabelElement.h:
3027         * html/HTMLLegendElement.h:
3028         * html/HTMLLinkElement.h:
3029         * html/HTMLMapElement.h:
3030         * html/HTMLMarqueeElement.h:
3031         * html/HTMLMetaElement.h:
3032         * html/HTMLMeterElement.h:
3033         * html/HTMLModElement.h:
3034         * html/HTMLOListElement.h:
3035         * html/HTMLObjectElement.h:
3036         * html/HTMLOptGroupElement.h:
3037         * html/HTMLOptionElement.h:
3038         * html/HTMLOutputElement.h:
3039         * html/HTMLParagraphElement.h:
3040         * html/HTMLParamElement.h:
3041         * html/HTMLPreElement.h:
3042         * html/HTMLProgressElement.h:
3043         * html/HTMLQuoteElement.h:
3044         * html/HTMLScriptElement.h:
3045         * html/HTMLSourceElement.h:
3046         * html/HTMLStyleElement.h:
3047         * html/HTMLSummaryElement.h:
3048         * html/HTMLTableCaptionElement.h:
3049         * html/HTMLTableColElement.h:
3050         * html/HTMLTableElement.h:
3051         * html/HTMLTableSectionElement.h:
3052         * html/HTMLTemplateElement.h:
3053         * html/HTMLTextAreaElement.h:
3054         * html/HTMLTitleElement.h:
3055         * html/HTMLUListElement.h:
3056         * html/HTMLUnknownElement.h:
3057         * html/HTMLVideoElement.h:
3058         * html/HTMLWBRElement.h:
3059
3060 2016-07-14  Chris Dumez  <cdumez@apple.com>
3061
3062         Modernize GlyphMetricsMap
3063         https://bugs.webkit.org/show_bug.cgi?id=159788
3064
3065         Reviewed by Darin Adler.
3066
3067         Modernize GlyphMetricsMap a bit.
3068
3069         * platform/graphics/GlyphMetricsMap.h:
3070         - Drop WTF_MAKE_NONCOPYABLE as the class is already non-copyable due to having
3071           to having a std::unique_ptr data member.
3072         - Drop GlyphMetricsMap default constructor and let the compiler generate it
3073           instead. This required using inline initialization for m_filledPrimaryPage.
3074
3075         (WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):
3076         - Make m_metrics data member private as it does not need to be public.
3077         - Make setMetricsForIndex(unsigned index, const T& metrics) setter private
3078           as it does not need to be public.
3079         - Make GlyphMetricsPage(const T& initialValue) constructor explicit as it
3080           takes only 1 parameter.
3081
3082         (WebCore::GlyphMetricsMap<T>::locatePageSlowCase):
3083         - Use HashMap::ensure() to make the code a bit nicer.
3084
3085 2016-07-14  Simon Fraser  <simon.fraser@apple.com>
3086
3087         [iOS WK2] When scrolling apple.com/music on iPad Pro in landscape, left-hand tiles appear first
3088         https://bugs.webkit.org/show_bug.cgi?id=159798
3089         rdar://problem/27362717
3090
3091         Reviewed by Tim Horton.
3092
3093         In out-of-visible tiled layers, we always allocated the top-left tile, wasting
3094         memory and causing ugliness when scrolling that layer into view. This happened
3095         because getTileIndexRangeForRect() had no way to express the fact that no tiles
3096         should be created.
3097
3098         Fix getTileIndexRangeForRect() to return a bool, and fix callers to respect the
3099         return value.
3100
3101         Test: compositing/tiling/offscreen-tiled-layer.html
3102
3103         * platform/graphics/ca/GraphicsLayerCA.cpp:
3104         (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
3105         * platform/graphics/ca/TileGrid.cpp:
3106         (WebCore::TileGrid::setNeedsDisplayInRect):
3107         (WebCore::TileGrid::tilesWouldChangeForCoverageRect):
3108         (WebCore::TileGrid::getTileIndexRangeForRect):
3109         (WebCore::TileGrid::revalidateTiles):
3110         (WebCore::TileGrid::ensureTilesForRect):
3111         (WebCore::TileGrid::extent):
3112         * platform/graphics/ca/TileGrid.h:
3113
3114 2016-07-14  John Wilander  <wilander@apple.com>
3115
3116         Remove credentials in URL when accessed through location.href
3117         https://bugs.webkit.org/show_bug.cgi?id=139562
3118         <rdar://problem/27331164>
3119
3120         Reviewed by Brent Fulgham.
3121
3122         Test: http/tests/security/location-href-clears-username-password.html
3123
3124         The reason for this change is to not allow scripts on the page to
3125         exfiltrate username and password from the URL.
3126
3127         * page/Location.cpp:
3128         (WebCore::Location::href):
3129             Now checks if there is a username or password in the URL. If so,
3130             it copies the URL and removes the username and password.
3131
3132 2016-07-14  Javier Fernandez  <jfernandez@igalia.com>
3133
3134         [css-grid] Handle min-content/max-content with orthogonal flows
3135         https://bugs.webkit.org/show_bug.cgi?id=159294
3136
3137         Reviewed by Darin Adler.
3138
3139         Currently there is no support for orthogonal flows in many aspects of the
3140         Grid Layout logic.
3141
3142         The Grid sizing algorithm should be adapted to this scenario, hence this
3143         patch focus on the min-content and max-content functions, used to resolve
3144         content based track sizes.
3145
3146         There are still issues related to alignment and sizes using percentages,
3147         but they will be addressed in different patches.
3148
3149         Tests: fast/css-grid-layout/grid-item-positioning-with-orthogonal-flows.html
3150                fast/css-grid-layout/grid-item-sizing-with-orthogonal-flows.html
3151                fast/css-grid-layout/grid-item-spanning-and-orthogonal-flows.html
3152                fast/css-grid-layout/grid-track-sizing-with-orthogonal-flows.html
3153                fast/css-grid-layout/grid-track-sizing-with-percentages-and-orthogonal-flows.html
3154
3155         * rendering/RenderBox.cpp:
3156         (WebCore::RenderBox::computeLogicalWidthInRegion):
3157         * rendering/RenderGrid.cpp:
3158         (WebCore::RenderGrid::GridSizingData::advanceNextState):
3159         (WebCore::RenderGrid::GridSizingData::isValidTransitionForDirection):
3160         (WebCore::RenderGrid::computeTrackSizesForDirection):
3161         (WebCore::RenderGrid::repeatTracksSizingIfNeeded): Added.
3162         (WebCore::RenderGrid::layoutBlock):
3163         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
3164         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
3165         (WebCore::hasOverrideContainingBlockContentSizeForChild):
3166         (WebCore::overrideContainingBlockContentSizeForChild):
3167         (WebCore::setOverrideContainingBlockContentSizeForChild):
3168         (WebCore::shouldClearOverrideContainingBlockContentSizeForChild):
3169         (WebCore::RenderGrid::gridTrackSize):
3170         (WebCore::RenderGrid::isOrthogonalChild): Added.
3171         (WebCore::RenderGrid::logicalHeightForChild):
3172         (WebCore::RenderGrid::flowAwareDirectionForChild): Added.
3173         (WebCore::RenderGrid::minSizeForChild):
3174         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
3175         (WebCore::RenderGrid::minContentForChild):
3176         (WebCore::RenderGrid::maxContentForChild):
3177         (WebCore::RenderGrid::placeItemsOnGrid):
3178         (WebCore::RenderGrid::layoutPositionedObject):
3179         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
3180         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild): Added.
3181         (WebCore::RenderGrid::gridAreaBreadthForChild):
3182         (WebCore::RenderGrid::columnAxisPositionForChild):
3183         (WebCore::RenderGrid::rowAxisPositionForChild):
3184         (WebCore::RenderGrid::findChildLogicalPosition):
3185         * rendering/RenderGrid.h:
3186         (WebCore::RenderGrid::SizingOperation): This enum has been moved to the header file.
3187         (WebCore::RenderGrid::m_hasAnyOrthogonalChild): New class attribute to know if there are any orthogonal grid items.
3188         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
3189         (WebCore::RenderGrid::logicalHeightForChild):
3190         (WebCore::RenderGrid::gridAreaBreadthForChild):
3191         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
3192
3193
3194
3195 2016-07-14  Chris Dumez  <cdumez@apple.com>
3196
3197         Use emptyString() instead of "" when possible
3198         https://bugs.webkit.org/show_bug.cgi?id=159789
3199
3200         Reviewed by Alex Christensen.
3201
3202         Use emptyString() instead of "" when possible to reduce String allocations.
3203
3204         * Modules/webdatabase/Database.cpp:
3205         (WebCore::Database::performOpenAndVerify):
3206         * css/CSSSelector.h:
3207         * css/StyleProperties.cpp:
3208         (WebCore::MutableStyleProperties::removeProperty):
3209         (WebCore::MutableStyleProperties::removeCustomProperty):
3210         * editing/TextCheckingHelper.cpp:
3211         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
3212         (WebCore::TextCheckingHelper::findFirstBadGrammar):
3213         * editing/TypingCommand.h:
3214         (WebCore::TypingCommand::create):
3215         * fileapi/FileReaderLoader.cpp:
3216         (WebCore::FileReaderLoader::cleanup):
3217         * inspector/InspectorStyleSheet.cpp:
3218         (WebCore::fillMediaListChain):
3219         * page/UserContentURLPattern.cpp:
3220         (WebCore::UserContentURLPattern::parse):
3221         * platform/graphics/MediaPlayer.cpp:
3222         (WebCore::MediaPlayer::load):
3223         * platform/gtk/DataObjectGtk.h:
3224         (WebCore::DataObjectGtk::clearURIList):
3225         * platform/network/curl/ResourceHandleCurl.cpp:
3226         (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
3227         * platform/network/curl/ResourceHandleManager.h:
3228         * rendering/RenderLayerCompositor.cpp:
3229         (WebCore::RenderLayerCompositor::layerTreeAsText):
3230         * rendering/RenderListMarker.cpp:
3231         (WebCore::RenderListMarker::updateContent):
3232         * rendering/style/RenderStyle.cpp:
3233         (WebCore::RenderStyle::noneDashboardRegions):
3234         * rendering/svg/SVGTextMetrics.cpp:
3235         (WebCore::SVGTextMetrics::SVGTextMetrics):
3236         * xml/XPathParser.cpp:
3237         (WebCore::XPath::Parser::lexString):
3238
3239 2016-07-14  Brent Fulgham  <bfulgham@apple.com>
3240
3241         editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc 
3242         https://bugs.webkit.org/show_bug.cgi?id=142969
3243         <rdar://problem/27331095>
3244
3245         Reviewed by Alex Christensen.
3246
3247         Fix based on a Blink change (patch by <rouslan@chromium.org>):
3248         <https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>
3249
3250         Test: editing/spelling/copy-paste-crash.html
3251               editing/spelling/spellcheck-async.html
3252
3253         * editing/SpellChecker.cpp:
3254         (WebCore::SpellCheckRequest::didSucceed):
3255         (WebCore::SpellCheckRequest::didCancel):
3256
3257 2016-07-14  Zalan Bujtas  <zalan@apple.com>
3258
3259         ImageBuffer's succes flag should be set to false at the very beginning of the c'tor.
3260         https://bugs.webkit.org/show_bug.cgi?id=159784
3261
3262         Reviewed by Simon Fraser.
3263
3264         No change in functionality.
3265
3266         * platform/graphics/cg/ImageBufferCG.cpp:
3267         (WebCore::ImageBuffer::ImageBuffer):
3268
3269 2016-07-14  Alex Christensen  <achristensen@webkit.org>
3270
3271         Use SocketProvider to create SocketStreamHandles
3272         https://bugs.webkit.org/show_bug.cgi?id=159774
3273
3274         Reviewed by Brady Eidson.
3275
3276         No new tests.  No change in behaviour.
3277         
3278         In r202930 I introduced the SocketProvider, but I used it to make a WebSocketChannel
3279         instead of a SocketStreamHandle, which is the class I want to make into an interface
3280         and proxy the web traffic over to the NetworkProcess.
3281
3282         * CMakeLists.txt:
3283         * Modules/websockets/ThreadableWebSocketChannel.cpp: Added.
3284         (WebCore::ThreadableWebSocketChannel::create):
3285         I removed this in 202930, so this is restoring it from that patch, hence the old copyright.
3286         * Modules/websockets/ThreadableWebSocketChannel.h:
3287         (WebCore::ThreadableWebSocketChannel::ThreadableWebSocketChannel):
3288         * Modules/websockets/WebSocket.cpp:
3289         (WebCore::WebSocket::connect):
3290         * Modules/websockets/WebSocketChannel.cpp:
3291         (WebCore::WebSocketChannel::WebSocketChannel):
3292         (WebCore::WebSocketChannel::connect):
3293         * Modules/websockets/WebSocketChannel.h:
3294         (WebCore::WebSocketChannel::create):
3295         * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
3296         (WebCore::WorkerThreadableWebSocketChannel::WorkerThreadableWebSocketChannel):
3297         (WebCore::WorkerThreadableWebSocketChannel::resume):
3298         (WebCore::WorkerThreadableWebSocketChannel::Peer::Peer):
3299         (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveMessageError):
3300         (WebCore::WorkerThreadableWebSocketChannel::Bridge::Bridge):
3301         (WebCore::WorkerThreadableWebSocketChannel::Bridge::~Bridge):
3302         (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
3303         (WebCore::WorkerThreadableWebSocketChannel::Bridge::initialize):
3304         * Modules/websockets/WorkerThreadableWebSocketChannel.h:
3305         (WebCore::WorkerThreadableWebSocketChannel::create):
3306         (WebCore::WorkerThreadableWebSocketChannel::Bridge::create):
3307         * WebCore.xcodeproj/project.pbxproj:
3308         * inspector/InspectorOverlay.cpp:
3309         (WebCore::InspectorOverlay::overlayPage):
3310         * loader/EmptyClients.cpp:
3311         (WebCore::EmptyEditorClient::registerRedoStep):
3312         (WebCore::EmptySocketProvider::createWebSocketChannel): Deleted.
3313         * loader/EmptyClients.h:
3314         * page/SocketProvider.cpp: Added.
3315         (WebCore::SocketProvider::createSocketStreamHandle):
3316         * page/SocketProvider.h:
3317         (WebCore::SocketProvider::~SocketProvider): Deleted.
3318         * platform/network/cf/SocketStreamHandle.h:
3319         * svg/graphics/SVGImage.cpp:
3320         (WebCore::SVGImage::dataChanged):
3321
3322 2016-07-14  Brady Eidson  <beidson@apple.com>
3323
3324         "User delete" tests are flakey timeouts (and/or DatabaseProcess crashes).
3325         https://bugs.webkit.org/show_bug.cgi?id=158741
3326
3327         Reviewed by Alex Christensen.
3328
3329         No new tests (Covered by existing tests in some configurations)
3330
3331         - Check if a database hard delete is complete in more places.
3332         - Asynchronously clear out the hard close protector instead of synchronously.
3333         
3334         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
3335         (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
3336         (WebCore::IDBServer::UniqueIDBDatabase::didPerformUnconditionalDeleteBackingStore):
3337         (WebCore::IDBServer::UniqueIDBDatabase::didFinishHandlingVersionChange):
3338         (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
3339         (WebCore::IDBServer::UniqueIDBDatabase::transactionCompleted):
3340         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
3341         (WebCore::IDBServer::UniqueIDBDatabase::maybeFinishHardClose):
3342         (WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
3343         (WebCore::IDBServer::UniqueIDBDatabase::doneWithHardClose): Deleted.
3344
3345         * Modules/indexeddb/server/UniqueIDBDatabase.h:
3346         (WebCore::IDBServer::UniqueIDBDatabase::hardClosedForUserDelete):
3347
3348         * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
3349         (WebCore::IDBServer::UniqueIDBDatabaseConnection::didAbortTransaction):
3350
3351 2016-07-13  Brent Fulgham  <bfulgham@apple.com>
3352
3353         CSSStyleSheet members should clear their owner node when destroyed
3354         https://bugs.webkit.org/show_bug.cgi?id=117470
3355
3356         Reviewed by Chris Dumez.
3357
3358         Make sure that CSSStyleSheet members are detached from their owner node when
3359         the owning object is destroyed.
3360
3361         I audited other CSSStyleSheet uses, and found one other place where the owner node was not
3362         being cleared during destruction. The Inspector also uses CSSStyleSheet, but seems to
3363         handle the node ownership properly.
3364
3365         Fix based on a Blink change (patch by <haraken@chromium.org>):
3366         <https://chromium.googlesource.com/chromium/blink/+/c4949bfdeb2a613701afa1410bdae70531b8f6bf>
3367
3368         Also includes a follow-up fix (patch by <haraken@chromium.org>):
3369         <https://chromium.googlesource.com/chromium/blink/+/9c3932dc80b33429db3a5873cb266b726c8a19bf>
3370
3371         No test case. Was found by the Chromium team through review of their crash traces under minor DOM GC.
3372
3373         * contentextensions/ContentExtensionStyleSheet.cpp:
3374         (WebCore::ContentExtensions::ContentExtensionStyleSheet::~ContentExtensionStyleSheet):
3375         * contentextensions/ContentExtensionStyleSheet.h:
3376         * dom/InlineStyleSheetOwner.cpp:
3377         (WebCore::InlineStyleSheetOwner::~InlineStyleSheetOwner):
3378         (WebCore::authorStyleSheetsForElement):
3379
3380 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
3381
3382         Fix the !ENABLE(WEB_SOCKETS) build after r202930
3383         https://bugs.webkit.org/show_bug.cgi?id=159768
3384
3385         Reviewed by Alex Christensen.
3386
3387         * loader/EmptyClients.cpp:
3388         * loader/EmptyClients.h:
3389         * page/SocketProvider.h:
3390         * workers/WorkerGlobalScope.cpp:
3391         (WebCore::WorkerGlobalScope::WorkerGlobalScope):
3392         * workers/WorkerThread.cpp:
3393         (WebCore::WorkerThread::WorkerThread):
3394
3395 2016-07-14  Youenn Fablet  <youenn@apple.com>
3396
3397         DOMIterators should be assigned a correct prototype
3398         https://bugs.webkit.org/show_bug.cgi?id=159115
3399
3400         Reviewed by Chris Dumez.
3401
3402         Default iterator object internal prototype property is the Iterator prototype as defined in
3403         http://heycam.github.io/webidl/#dfn-iterator-prototype-object.
3404         Linking DOMIterator prototype to IteratorPrototype.
3405         This allows adding @@iterator property to the result of entries, keys and values methods.
3406         This in turns allow doing for-of loops on them.
3407
3408         Covered by updated test.
3409
3410         * ForwardingHeaders/runtime/IteratorPrototype.h: Added.
3411         * bindings/js/JSDOMIterator.h: Setting correct prototype and marking next prototype property as enumerable.
3412
3413 2016-07-14  Youenn Fablet  <youenn@apple.com>
3414
3415         Remove support for value iterators from JSDOMIterator
3416         https://bugs.webkit.org/show_bug.cgi?id=159293
3417
3418         Reviewed by Chris Dumez.
3419
3420         Value iterators are now handled without using DOMIterator.
3421         Since FontFaceSet is using DOMIterator as an intermediate step towards supporting set-like,
3422         entries and forEach implementation should be made compliant with set-like.
3423         This means that item value should be passed instead of an index in entries iterator and forEach callback.
3424