[EME] Add support of multi keys from different sessions in CDMinstanceClearKey
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2018-01-23  Yacine Bandou  <yacine.bandou_ext@softathome.com>
2
3         [EME] Add support of multi keys from different sessions in CDMinstanceClearKey
4         https://bugs.webkit.org/show_bug.cgi?id=180083
5
6         Reviewed by Xabier Rodriguez-Calvar.
7
8         Add support of multi keys from different MediaKeySession in CDMInstanceClearKey.
9
10         Currently the CDMInstanceClearKey manages two "m_keys", one is a WTF::Vector
11         where it stores the list of last added keys, an other which is defined in the
12         ClearKeyState::singleton it is a WTF::HashMap, in this last one, it stores the
13         keys lists of each created session.
14
15         The method "keys()" of CDMInstanceClearKey returns the first "m_keys" which
16         contains just the list of last keys.
17
18         The goal of this commit is to return all keys lists of all sessions, thus
19         we remove the "m_keys" which is WTF::Vector and we modify the method
20         "keys()" to return all keys lists, which is stored in "m_keys" WTF::HashMap,
21         in one Vector instead of return just the list of last keys.
22
23         * platform/encryptedmedia/clearkey/CDMClearKey.cpp:
24         (WebCore::CDMInstanceClearKey::keys const):
25         (WebCore::CDMInstanceClearKey::updateLicense):
26         * platform/encryptedmedia/clearkey/CDMClearKey.h:
27
28 2018-01-22  Simon Fraser  <simon.fraser@apple.com>
29
30         Optimize building the non-fast scrollable region with multiple iframes
31         https://bugs.webkit.org/show_bug.cgi?id=181971
32
33         Reviewed by Zalan Bujtas.
34
35         AsyncScrollingCoordinator::frameViewLayoutUpdated() is called every time a subframe lays out.
36         We don't need to eagerly update the non-fast scrollable region at this time; we can just mark
37         it dirty, and rely on the existing scrolling tree commit code to recompute it.
38
39         On my machine this makes fast/frames/lots-of-objects.html no longer a timeout.
40
41         * page/scrolling/AsyncScrollingCoordinator.cpp:
42         (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):
43
44 2018-01-22  Jiewen Tan  <jiewen_tan@apple.com>
45
46         [WebAuthN] Implement PublicKeyCredential's [[Create]] with a dummy authenticator
47         https://bugs.webkit.org/show_bug.cgi?id=181928
48         <rdar://problem/36459893>
49
50         Reviewed by Brent Fulgham.
51
52         This patch implements PublicKeyCredential's [[Create]] from https://www.w3.org/TR/webauthn/#createCredential
53         as of 5 December 2017. In order to do testing, a dummy authenticator is implemented to exercise a failure
54         and a pass path. A number of dependencies need to be resolved later in order to comply with the spec.
55         Also, the current architecture of handling async WebAuthN operations including dispatching, timeout, and aborting
56         might need a redesign once the underlying authenticator is clear. Since this is our first attempt to implement
57         a prototype, all those limitations, in my opinion, can be marked as non-blocking to accelerate the whole
58         process. Those limitations will then be addressed once the first prototype is finshed.
59
60         Tests: http/tests/webauthn/public-key-credential-create-with-invalid-parameters.https.html
61                http/tests/webauthn/public-key-credential-same-origin-with-ancestors-2.https.html
62                http/tests/webauthn/public-key-credential-same-origin-with-ancestors.https.html
63                http/wpt/webauthn/idl.https.html
64                http/wpt/webauthn/public-key-credential-create-failure.https.html
65                http/wpt/webauthn/public-key-credential-create-success.https.html
66
67         * Modules/credentialmanagement/BasicCredential.h:
68         * Modules/credentialmanagement/BasicCredential.idl:
69         * Modules/credentialmanagement/CredentialsContainer.cpp:
70         (WebCore::CredentialsContainer::PendingPromise::PendingPromise):
71         (WebCore::CredentialsContainer::dispatchTask):
72         (WebCore::CredentialsContainer::get):
73         (WebCore::CredentialsContainer::isCreate):
74         (WebCore::CredentialsContainer::preventSilentAccess const):
75         (WebCore::CredentialsContainer::preventSilentAccess): Deleted.
76         * Modules/credentialmanagement/CredentialsContainer.h:
77         (WebCore::CredentialsContainer::PendingPromise::create):
78         * Modules/webauthn/Authenticator.cpp: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.cpp.
79         (WebCore::Authenticator::singleton):
80         (WebCore::Authenticator::makeCredential const):
81         * Modules/webauthn/Authenticator.h: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredentialCreationOptions.h.
82         * Modules/webauthn/AuthenticatorAssertionResponse.cpp:
83         (WebCore::AuthenticatorAssertionResponse::authenticatorData const):
84         (WebCore::AuthenticatorAssertionResponse::signature const):
85         (WebCore::AuthenticatorAssertionResponse::userHandle const):
86         (WebCore::AuthenticatorAssertionResponse::~AuthenticatorAssertionResponse): Deleted.
87         (WebCore::AuthenticatorAssertionResponse::authenticatorData): Deleted.
88         (WebCore::AuthenticatorAssertionResponse::signature): Deleted.
89         (WebCore::AuthenticatorAssertionResponse::userHandle): Deleted.
90         * Modules/webauthn/AuthenticatorAssertionResponse.h:
91         (WebCore::AuthenticatorAssertionResponse::create):
92         * Modules/webauthn/AuthenticatorAttestationResponse.cpp:
93         (WebCore::AuthenticatorAttestationResponse::attestationObject const):
94         (WebCore::AuthenticatorAttestationResponse::~AuthenticatorAttestationResponse): Deleted.
95         (WebCore::AuthenticatorAttestationResponse::attestationObject): Deleted.
96         * Modules/webauthn/AuthenticatorAttestationResponse.h:
97         (WebCore::AuthenticatorAttestationResponse::create):
98         * Modules/webauthn/AuthenticatorResponse.cpp:
99         (WebCore::AuthenticatorResponse::clientDataJSON const):
100         (WebCore::AuthenticatorResponse::~AuthenticatorResponse): Deleted.
101         (WebCore::AuthenticatorResponse::clientDataJSON): Deleted.
102         * Modules/webauthn/AuthenticatorResponse.h:
103         * Modules/webauthn/AuthenticatorResponse.idl:
104         * Modules/webauthn/PublicKeyCredential.cpp:
105         (WebCore::PublicKeyCredentialInternal::produceClientDataJson):
106         (WebCore::PublicKeyCredentialInternal::produceClientDataJsonHash):
107         (WebCore::PublicKeyCredentialInternal::getIdFromAttestationObject):
108         (WebCore::PublicKeyCredential::PublicKeyCredential):
109         (WebCore::PublicKeyCredential::discoverFromExternalSource):
110         (WebCore::PublicKeyCredential::create):
111         (WebCore::PublicKeyCredential::rawId const):
112         (WebCore::PublicKeyCredential::response const):
113         (WebCore::PublicKeyCredential::getClientExtensionResults const):
114         (WebCore::PublicKeyCredential::rawId): Deleted.
115         (WebCore::PublicKeyCredential::response): Deleted.
116         (WebCore::PublicKeyCredential::getClientExtensionResults): Deleted.
117         * Modules/webauthn/PublicKeyCredential.h:
118         * Modules/webauthn/PublicKeyCredential.idl:
119         * Modules/webauthn/PublicKeyCredentialCreationOptions.h:
120         (): Deleted.
121         * Modules/webauthn/PublicKeyCredentialDescriptor.h:
122         * Modules/webauthn/PublicKeyCredentialDescriptor.idl:
123         * Sources.txt:
124         * WebCore.xcodeproj/project.pbxproj:
125         * bindings/js/JSAuthenticatorResponseCustom.cpp: Copied from Source/WebCore/Modules/webauthn/AuthenticatorAttestationResponse.cpp.
126         (WebCore::toJSNewlyCreated):
127         (WebCore::toJS):
128         * bindings/js/JSBasicCredentialCustom.cpp: Copied from Source/WebCore/Modules/webauthn/AuthenticatorResponse.cpp.
129         (WebCore::toJSNewlyCreated):
130         (WebCore::toJS):
131         * bindings/js/JSBindingsAllInOne.cpp:
132
133 2018-01-22  Myles C. Maxfield  <mmaxfield@apple.com>
134
135         [Cocoa] Support font collections
136         https://bugs.webkit.org/show_bug.cgi?id=181826
137         <rdar://problem/36455137>
138
139         Reviewed by Dean Jackson.
140
141         Use the CoreText call CTFontManagerCreateFontDescriptorsFromData() to get all the descriptors inside
142         the collection file. We select which one by using the fragment identifier at the end of the url linking
143         to the remote font. For example, to select the 4th font inside a TTC file, the @font-face block would
144         look like:
145
146         @font-face {
147             font-family: "MyFont";
148             src: url("path/to/font.ttc#4");
149         }
150
151         Note that these numbers are 1-indexed.
152
153         The CSS Fonts spec states:
154         > Fragment identifiers are used to indicate which font to load. If a container format lacks a defined
155         > fragment identifier scheme, implementations should use a simple 1-based indexing scheme (e.g.
156         > "font-collection#1" for the first font, "font-collection#2" for the second font).
157
158         Not only are TTC font collections supported, but WOFF2 font collections are also supported, which is
159         increasingly important web standard.
160
161         No new tests because I don't have a font collection file with the appropriate license for the
162         WebKit repository. I tested manually.
163
164         * css/CSSFontFaceSource.cpp:
165         (WebCore::CSSFontFaceSource::load):
166         * loader/cache/CachedFont.cpp:
167         (WebCore::CachedFont::calculateIndex const):
168         (WebCore::CachedFont::ensureCustomFontData):
169         (WebCore::CachedFont::createCustomFontData):
170         * loader/cache/CachedFont.h:
171         * platform/graphics/cairo/FontCustomPlatformData.h:
172         * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
173         (WebCore::createFontCustomPlatformData):
174         * platform/graphics/mac/FontCustomPlatformData.cpp:
175         (WebCore::createFontCustomPlatformData):
176         * platform/graphics/mac/FontCustomPlatformData.h:
177         * platform/graphics/win/FontCustomPlatformData.cpp:
178         (WebCore::createFontCustomPlatformData):
179         * platform/graphics/win/FontCustomPlatformData.h:
180         * platform/graphics/win/FontCustomPlatformDataCairo.cpp:
181         (WebCore::createFontCustomPlatformData):
182
183 2018-01-22  Simon Fraser  <simon.fraser@apple.com>
184
185         REGRESSION (r227011): fast/frames/hidpi-position-iframe-on-device-pixel.html times out
186         https://bugs.webkit.org/show_bug.cgi?id=181959
187
188         Reviewed by Zalan Bujtas.
189
190         This test creates 300 iframes, which became slow after r227011 because they all became part
191         of the non-fast scrollable region, slowing down ScrollingCoordinator::absoluteEventTrackingRegionsForFrame().
192
193         Fix by not adding non-scrollable iframes, and making FrameView::isScrollable() more efficient for frames
194         that have not done layout yet.
195
196         * page/FrameView.cpp:
197         (WebCore::FrameView::isScrollable):
198         (WebCore::FrameView::addChild):
199
200 2018-01-22  Dan Bernstein  <mitz@apple.com>
201
202         Fixed building for macOS 10.12 with the macOS 10.13 SDK after r227156.
203
204         * Configurations/WebCore.xcconfig:
205
206 2018-01-22  Simon Fraser  <simon.fraser@apple.com>
207
208         REGRESSION (r226981): ASSERTION FAILED: startY >= 0 && endY <= height && startY < endY in WebCore::FEMorphology::platformApplyGeneric
209         https://bugs.webkit.org/show_bug.cgi?id=181836
210
211         Reviewed by Tim Horton.
212         
213         All the filters that use ParallelJobs<> has the same type of bug where very wide but not tall
214         filter regions could result in computing an optimalThreadNumber that was greater than the
215         number of rows to process, which resulted in jobs with zero rows to process.
216
217         Since we split the work by rows, cap the maximum number of threads to height/8 so that each job
218         has at least 8 rows of pixels to process. Add some assertions to detect jobs with zero rows.
219
220         FEMorphology was also using implicit float -> int conversion to detect integer overflow of radius,
221         so change that to use explicit clamping.
222         
223         Tests: svg/filters/feLighting-parallel-jobs.svg
224                svg/filters/feTurbulence-parallel-jobs-wide.svg
225
226         * platform/graphics/filters/FELighting.cpp:
227         (WebCore::FELighting::platformApplyGenericPaint):
228         (WebCore::FELighting::platformApplyGeneric):
229         * platform/graphics/filters/FEMorphology.cpp:
230         (WebCore::FEMorphology::platformApplyGeneric):
231         (WebCore::FEMorphology::platformApply):
232         (WebCore::FEMorphology::platformApplyDegenerate):
233         (WebCore::FEMorphology::platformApplySoftware):
234         * platform/graphics/filters/FETurbulence.cpp:
235         (WebCore::FETurbulence::fillRegion const):
236         (WebCore::FETurbulence::platformApplySoftware):
237
238 2018-01-22  Eric Carlson  <eric.carlson@apple.com>
239
240         Resign NowPlaying status when no media element is eligible
241         https://bugs.webkit.org/show_bug.cgi?id=181914
242         <rdar://problem/35294116>
243
244         Reviewed by Jer Noble.
245
246         No new tests, these changes prevent existing tests from crashing.
247
248         * html/HTMLMediaElement.h:
249         * html/MediaElementSession.cpp:
250         (WebCore::MediaElementSession::playbackPermitted const): Return early when the media 
251         element has been suspended.
252         (WebCore::MediaElementSession::canShowControlsManager const): Return false when the
253         media element has been suspended.
254         (WebCore::isMainContentForPurposesOfAutoplay): Return early if it isn't safe to update
255         style because HitTest can force a layout.
256         (WebCore::MediaElementSession::updateIsMainContent const): Ditto.
257
258 2018-01-22  Alex Christensen  <achristensen@webkit.org>
259
260         Begin removing QTKit code
261         https://bugs.webkit.org/show_bug.cgi?id=181951
262
263         Reviewed by Jer Noble.
264
265         QTKit was being used on El Capitan and before.
266
267         * Configurations/WebCore.xcconfig:
268         * SourcesMac.txt:
269         * WebCore.xcodeproj/project.pbxproj:
270         * platform/graphics/MediaPlayer.cpp:
271         (WebCore::buildMediaEnginesVector):
272         (WebCore::MediaPlayer::supportsType):
273         * platform/graphics/mac/MediaPlayerPrivateQTKit.h: Removed.
274         * platform/graphics/mac/MediaPlayerPrivateQTKit.mm: Removed.
275         * platform/graphics/mac/MediaTimeQTKit.h: Removed.
276         * platform/graphics/mac/MediaTimeQTKit.mm: Removed.
277         * platform/mac/WebVideoFullscreenController.mm:
278         (-[WebVideoFullscreenController setVideoElement:]):
279         (-[WebVideoFullscreenController updatePowerAssertions]):
280
281 2018-01-22  Per Arne Vollan  <pvollan@apple.com>
282
283         [Win] Null pointer crash under WebCore::RenderStyle::colorIncludingFallback.
284         https://bugs.webkit.org/show_bug.cgi?id=181801
285         <rdar://problem/35614900>
286
287         Reviewed by Brent Fulgham.
288
289         Do not paint synchronously when popup items have been added or changed while the popup is visible.
290         If new popup items have been added after the popup was shown, a synchronous paint operation will
291         possibly access their style before it is ready, leading to a null pointer crash. The invalidated
292         area will be painted asynchronously.
293
294         No new tests. To reproduce this crash, it is necessary to open a popup with JavaScript, add new
295         popup items, and then end the test. Opening the popup can be done by sending a mousedown event
296         with the eventsender. However, on Windows the mousedown event is sent synchronously, and will
297         block as long as the popup is open and running the popup event loop. This means no JS can be
298         executed until the popup is closed, causing the test to always time out before new popup items
299         can be added. I have verified the fix with a manual test case.
300
301         * platform/win/PopupMenuWin.cpp:
302         (WebCore::PopupMenuWin::updateFromElement):
303
304 2018-01-22  Chris Dumez  <cdumez@apple.com>
305
306         RELEASE_ASSERT(registration) hit in SWServer::installContextData(const ServiceWorkerContextData&)
307         https://bugs.webkit.org/show_bug.cgi?id=181941
308         <rdar://problem/36744892>
309
310         Reviewed by Youenn Fablet.
311
312         Make sure we clear SWServer::m_pendingContextDatas & SWServer::m_pendingJobs as needed
313         when clearing Website data. Otherwise, we will hit assertion when those gets processed
314         after the connection to the SW process has been established (not to mentioned we failed
315         to clear some in-memory data even though the user asked us to).
316
317         * workers/service/server/SWServer.cpp:
318         (WebCore::SWServer::clearAll):
319         (WebCore::SWServer::clear):
320
321 2018-01-22  Ryosuke Niwa  <rniwa@webkit.org>
322
323         Blob conversion and sanitization doesn't work with Microsoft Word for Mac 2011
324         https://bugs.webkit.org/show_bug.cgi?id=181616
325         <rdar://problem/36484908>
326
327         Reviewed by Wenson Hsieh.
328
329         The bug was caused by WebContentReader::readHTML and WebContentMarkupReader::readHTML not sanitizing plain HTML string
330         as done for web archives even when custom pasteboard data is enabled. Fixed the bug by doing the sanitization.
331
332         Unfortunately, we can't make file URLs available in this case because WebContent process doesn't have sandbox extensions
333         to access local files referenced by the HTML source in the clipboard, and we can't make WebContent process request for
334         a sandbox extension¸on an arbitrary local file, as it would defeat the whole point of sandboxing.
335
336         Instead, we strip away all HTML attributes referencing a URL whose scheme is not HTTP, HTTPS, or data when sanitizing
337         text/html from the clipboard to avoid exposing local file paths, which can reveal privacy & security sensitive data
338         such as the user's full name, and the location of private containers of other applications in the system.
339
340         Tests: PasteHTML.DoesNotSanitizeHTMLWhenCustomPasteboardDataIsDisabled
341                PasteHTML.DoesNotStripFileURLsWhenCustomPasteboardDataIsDisabled
342                PasteHTML.ExposesHTMLTypeInDataTransfer
343                PasteHTML.KeepsHTTPURLs
344                PasteHTML.SanitizesHTML
345                PasteHTML.StripsFileURLs
346
347         * editing/cocoa/WebContentReaderCocoa.mm:
348         (WebCore::WebContentReader::readHTML): Fixed the bug by sanitizing the markup, and stripping away file URLs.
349         (WebCore::WebContentMarkupReader::readHTML): Ditto.
350         * editing/markup.cpp:
351         (WebCore::removeSubresourceURLAttributes): Added.
352         (WebCore::sanitizeMarkup): Added.
353         * editing/markup.h:
354
355 2018-01-22  Chris Dumez  <cdumez@apple.com>
356
357         Add release logging to help debug issues related to service workers
358         https://bugs.webkit.org/show_bug.cgi?id=181935
359         <rdar://problem/36735900>
360
361         Reviewed by Brady Eidson.
362
363         * workers/service/ServiceWorker.cpp:
364         (WebCore::ServiceWorker::ServiceWorker):
365         (WebCore::ServiceWorker::scheduleTaskToUpdateState):
366         (WebCore::ServiceWorker::postMessage):
367         (WebCore::ServiceWorker::isAlwaysOnLoggingAllowed const):
368         * workers/service/ServiceWorker.h:
369         * workers/service/ServiceWorkerContainer.cpp:
370         (WebCore::ServiceWorkerContainer::addRegistration):
371         (WebCore::ServiceWorkerContainer::removeRegistration):
372         (WebCore::ServiceWorkerContainer::updateRegistration):
373         (WebCore::ServiceWorkerContainer::jobFailedWithException):
374         (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
375         (WebCore::ServiceWorkerContainer::jobResolvedWithUnregistrationResult):
376         (WebCore::ServiceWorkerContainer::startScriptFetchForJob):
377         (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
378         (WebCore::ServiceWorkerContainer::jobFailedLoadingScript):
379         (WebCore::ServiceWorkerContainer::isAlwaysOnLoggingAllowed const):
380         * workers/service/ServiceWorkerContainer.h:
381         * workers/service/ServiceWorkerRegistration.cpp:
382         (WebCore::ServiceWorkerRegistration::ServiceWorkerRegistration):
383         (WebCore::ServiceWorkerRegistration::updateStateFromServer):
384         (WebCore::ServiceWorkerRegistration::scheduleTaskToFireUpdateFoundEvent):
385         * workers/service/server/SWServer.cpp:
386         (WebCore::SWServer::scriptContextFailedToStart):
387         (WebCore::SWServer::didFinishInstall):
388         (WebCore::SWServer::didFinishActivation):
389         (WebCore::SWServer::terminateWorkerInternal):
390         * workers/service/server/SWServerJobQueue.cpp:
391         (WebCore::SWServerJobQueue::didResolveRegistrationPromise):
392         (WebCore::SWServerJobQueue::runRegisterJob):
393
394 2018-01-22  Youenn Fablet  <youenn@apple.com>
395
396         Safari Tech Preview can't use GitHub login at forums.swift.org
397         https://bugs.webkit.org/show_bug.cgi?id=181908
398         <rdar://problem/36715111>
399
400         Reviewed by Chris Dumez.
401
402         Test: http/wpt/service-workers/navigation-redirect.https.html
403
404         For subresource loads, redirections will not change who is in charge of continuing the load (service worker or network process).
405         For navigation loads, we need to match the registration for every redirection since this is using the Manual redirect mode.
406         This allows starting the load with a service worker and finishing the load with another service worker, which will become the controller.
407
408         Implement this by wrapping the registration matching of an URL within DocumentLoader::matchRegistration.
409         Use that method in DocumentLoader::redirectReceived.
410
411         * loader/DocumentLoader.cpp:
412         (WebCore::DocumentLoader::matchRegistration):
413         (WebCore::doRegistrationsMatch):
414         (WebCore::DocumentLoader::redirectReceived):
415         (WebCore::DocumentLoader::startLoadingMainResource):
416         * loader/DocumentLoader.h:
417
418 2018-01-22  Antti Koivisto  <antti@apple.com>
419
420         REGRESSION (Safari 11): Buttons inside a fieldset legend cannot be clicked on in Safari 11
421         https://bugs.webkit.org/show_bug.cgi?id=179666
422         <rdar://problem/35534292>
423
424         Reviewed by Zalan Bujtas.
425
426         The legend element of a fieldset is in the border area, outside the clip rect.
427         With overflow:hidden mouse events won't reach it.
428
429         Test case by Dhaya Benmessaoud.
430
431         Test: fast/forms/legend-overflow-hidden-hit-test.html
432
433         * rendering/RenderBlock.cpp:
434         (WebCore::RenderBlock::nodeAtPoint):
435         (WebCore::RenderBlock::hitTestExcludedChildrenInBorder):
436
437         Add a special case to hit testing to handle legend, similarly to what is done for painting.
438
439         * rendering/RenderBlock.h:
440
441 2018-01-22  Joanmarie Diggs  <jdiggs@igalia.com>
442
443         AX: Implement support for Graphics ARIA roles
444         https://bugs.webkit.org/show_bug.cgi?id=181796
445
446         Reviewed by Chris Fleizach.
447
448         Add mappings for the three new roles (graphics-document, graphics-object,
449         and graphics-symbol) as per the Graphics Accessibility API Mappings spec.
450
451         No new tests; instead, new test cases added to roles-computedRoleString.html
452         and roles-exposed.html.
453
454         * accessibility/AccessibilityObject.cpp:
455         (WebCore::initializeRoleMap):
456         (WebCore::AccessibilityObject::computedRoleString const):
457         * accessibility/AccessibilityObject.h:
458         * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
459         (atkRole):
460         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
461         (-[WebAccessibilityObjectWrapper determineIsAccessibilityElement]):
462         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
463         (createAccessibilityRoleMap):
464         (-[WebAccessibilityObjectWrapper subrole]):
465         (-[WebAccessibilityObjectWrapper roleDescription]):
466
467 2018-01-22  Antti Koivisto  <antti@apple.com>
468
469         REGRESSION(r224535): Can't write reviews in the App Store
470         https://bugs.webkit.org/show_bug.cgi?id=181936
471         <rdar://problem/36670246>
472
473         Reviewed by Zalan Bujtas.
474
475         * page/LayoutContext.cpp:
476         (WebCore::LayoutContext::updateStyleForLayout):
477
478         r224535 was about media queries but it also removed a seemingly spurious call to SyleScope::didChangeStyleSheetEnvironment
479         from the path that does not involve media queries.
480         Turns out UITextContentView somehow depended on it, so revert this specific change.
481
482 2018-01-22  Brady Eidson  <beidson@apple.com>
483
484         In WebKit2, make the MessagePortChannelRegistry live in the UI process.
485         https://bugs.webkit.org/show_bug.cgi?id=181922
486
487         Reviewed by Andy Estes.
488
489         No new tests (Refactor, no behavior change)
490
491         Add encoder/decoders and EXPORT a whole bunch of stuff.
492         
493         * WebCore.xcodeproj/project.pbxproj:
494
495         * dom/MessagePort.h:
496
497         * dom/messageports/MessagePortChannel.cpp:
498         (WebCore::MessagePortChannel::processForPort):
499         * dom/messageports/MessagePortChannel.h:
500
501         * dom/messageports/MessagePortChannelProvider.h:
502         * dom/messageports/MessagePortChannelRegistry.h:
503
504         * dom/messageports/MessageWithMessagePorts.h:
505         (WebCore::MessageWithMessagePorts::encode const):
506         (WebCore::MessageWithMessagePorts::decode):
507
508 2018-01-22  Youenn Fablet  <youenn@apple.com>
509
510         Fetch Headers from an Opaque response should be filtered out
511         https://bugs.webkit.org/show_bug.cgi?id=181926
512
513         Reviewed by Chris Dumez.
514
515         Covered by updated test.
516
517         Refactor to use the same FetchResponse::create for Cache API and cloning.
518         In this method, ensure that response and headers are filtered correctly according response tainting.
519         Make also sure that synthetic responses do not get filtered (not needed since created by JavaScript).
520
521         Introduce helper routine to set the header map of a resource response.
522         Use this routine when cloning a synthetic response as in that case, m_internalResponse has no header at all.
523
524         * Modules/cache/DOMCache.cpp:
525         (WebCore::DOMCache::updateRecords):
526         * Modules/fetch/FetchResponse.cpp:
527         (WebCore::FetchResponse::create):
528         (WebCore::FetchResponse::clone):
529         * Modules/fetch/FetchResponse.h:
530         * platform/network/ResourceResponseBase.cpp:
531         (WebCore::ResourceResponseBase::setHTTPHeaderFields):
532         * platform/network/ResourceResponseBase.h:
533         * testing/ServiceWorkerInternals.cpp:
534         (WebCore::ServiceWorkerInternals::createOpaqueWithBlobBodyResponse):
535
536 2018-01-22  Javier Fernandez  <jfernandez@igalia.com>
537
538         [css-align] 'overflow' keyword must precede the self-position and content-position value
539         https://bugs.webkit.org/show_bug.cgi?id=181793
540
541         Reviewed by Antti Koivisto.
542
543         There were several discussions to avoid ambiguities with the complex
544         values, specially when it comes to define the place-xxx shorthands.
545
546         One of the sources of problems is the 'overflow-position' keyword. The
547         CSS WG has decided to change the syntax of all the CSS Box Alignment
548         properties so that the 'overflow-position' keyword always precede the
549         'self-position' or the 'content-position' keywords.
550
551         https://github.com/w3c/csswg-drafts/issues/1446#event-1125715434
552
553         In order to apply this change to the Content Distribution properties'
554         (align-content and justify-content) syntax I had to completely
555         re-implement their parsing function. Thanks to this I addressed also
556         the issue with the content-distribution fallback, which cannot be
557         specified explicitly now.
558
559         https://github.com/w3c/csswg-drafts/issues/1002#ref-commit-c38cac4
560
561         No new tests, just rebaselined the expected results of the test cases affected.
562
563         Despite the so many layout tests affected by this change, it's
564         unlikely that it might break any content in current web
565         sites. This patch changes the new CSS syntax, obviously backward
566         compatible, defined by the new CSS Box Alignment. The
567         'overflow-position' keyword is only used by the layout models
568         implementing the new spec, so far only CSS Grid Layout.
569         Considering that CSS Grid has been shipped last year, it's unlikely
570         that many sites are using the new CSS values.
571
572         * css/CSSComputedStyleDeclaration.cpp:
573         (WebCore::valueForItemPositionWithOverflowAlignment):
574         (WebCore::valueForContentPositionAndDistributionWithOverflowAlignment):
575         * css/CSSContentDistributionValue.cpp:
576         (WebCore::CSSContentDistributionValue::customCSSText const):
577         * css/StyleBuilderConverter.h:
578         (WebCore::StyleBuilderConverter::convertSelfOrDefaultAlignmentData):
579         * css/parser/CSSPropertyParser.cpp:
580         (WebCore::consumeOverflowPositionKeyword):
581         (WebCore::consumeContentPositionKeyword):
582         (WebCore::consumeContentDistributionOverflowPosition):
583         (WebCore::consumeSelfPositionOverflowPosition):
584
585 2018-01-22  Chris Nardi  <csnardi1@gmail.com>
586
587         Parse calc() in CSS media queries
588         https://bugs.webkit.org/show_bug.cgi?id=181716
589
590         calc() was previously unsupported inside of media queries. This change
591         adds in support for parsing calc inside of media queries.
592
593         Reviewed by Antti Koivisto.
594
595         Tests: Imported web-platform-tests/css/mediaqueries
596
597         * css/MediaQueryExpression.cpp:
598         (WebCore::featureWithValidIdent): Updated function to take a CSSPrimitiveValue.
599         (WebCore::featureWithValidDensity): Updated function to take a CSSPrimitiveValue instead of a CSSParserToken.
600         (WebCore::featureWithValidPositiveLength): Ditto.
601         (WebCore::featureExpectingPositiveInteger): Ditto.
602         (WebCore::featureWithPositiveInteger): Ditto.
603         (WebCore::featureWithPositiveNumber): Ditto.
604         (WebCore::featureWithZeroOrOne): Ditto.
605         (WebCore::MediaQueryExpression::MediaQueryExpression): Use CSSPropertyParserHelpers for consuming.
606         * css/MediaQueryExpression.h:
607         * css/parser/CSSPropertyParserHelpers.cpp:
608         (WebCore::CSSPropertyParserHelpers::consumeResolution): Added function for use in media query expression parsing.
609         * css/parser/CSSPropertyParserHelpers.h:
610         * css/parser/MediaQueryParser.cpp:
611         (WebCore::MediaQueryParser::readRestrictor): Updated functions to take a CSSParserTokenRange in order to use CSSPropertyParserHelpers.
612         (WebCore::MediaQueryParser::readMediaNot): Ditto.
613         (WebCore::MediaQueryParser::readMediaType): Ditto.
614         (WebCore::MediaQueryParser::readAnd): Ditto.
615         (WebCore::MediaQueryParser::readFeatureStart): Ditto.
616         (WebCore::MediaQueryParser::readFeature): Ditto.
617         (WebCore::MediaQueryParser::readFeatureColon): Ditto.
618         (WebCore::MediaQueryParser::readFeatureValue): Ditto.
619         (WebCore::MediaQueryParser::readFeatureEnd): Ditto.
620         (WebCore::MediaQueryParser::skipUntilComma): Ditto.
621         (WebCore::MediaQueryParser::skipUntilBlockEnd): Ditto.
622         (WebCore::MediaQueryParser::processToken): Ditto.
623         (WebCore::MediaQueryParser::parseInternal): Ditto.
624         (WebCore::MediaQueryData::clear): Removed reference to m_valueList
625         (WebCore::MediaQueryData::addExpression): Use CSSParserTokenRange.
626         (WebCore::MediaQueryData::lastExpressionValid): New helper function.
627         (WebCore::MediaQueryData::removeLastExpression): New helper function.
628         * css/parser/MediaQueryParser.h:
629
630 2018-01-22  Zan Dobersek  <zdobersek@igalia.com>
631
632         [Cairo] Refactor PlatformContextCairo::drawSurfaceToContext() into a Cairo operation
633         https://bugs.webkit.org/show_bug.cgi?id=181930
634
635         Reviewed by Carlos Garcia Campos.
636
637         Move the PlatformContextCairo::drawSurfaceToContext() code into the
638         Cairo namespace as an operation, renaming it to drawSurface(). Mirroring
639         other operations, the PlatformContextCairo object is now passed through
640         a reference as the first argument to the function, and cairo_t context
641         object is retrieved from that.
642
643         Call sites of the PlatformContextCairo::drawSurfaceToContext() method
644         are adjusted to now call Cairo::drawSurface() and properly pass the
645         PlatformContextCairo object to the function.
646
647         No new tests -- no change in functionality.
648
649         * platform/graphics/cairo/CairoOperations.cpp:
650         (WebCore::Cairo::prepareForStroking): Make this static.
651         (WebCore::Cairo::drawPatternToCairoContext):
652         (WebCore::Cairo::drawNativeImage):
653         (WebCore::Cairo::drawSurface):
654         * platform/graphics/cairo/CairoOperations.h:
655         * platform/graphics/cairo/PlatformContextCairo.cpp:
656         (WebCore::drawPatternToCairoContext): Deleted.
657         (WebCore::PlatformContextCairo::drawSurfaceToContext): Deleted.
658         * platform/graphics/cairo/PlatformContextCairo.h:
659         * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
660         (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::paintCurrentFrame):
661
662 2018-01-22  Manuel Rego Casasnovas  <rego@igalia.com>
663
664         [css-grid] Spanning Grid item has too much space at the bottom / is too high
665         https://bugs.webkit.org/show_bug.cgi?id=181677
666
667         Reviewed by Javier Fernandez.
668
669         In IndefiniteSizeStrategy::findUsedFlexFraction() we were not
670         subtracting the size of the gutters when we call findFrUnitSize().
671         If an item spans several tracks, we cannot pass the maxContentForChild()
672         directly, we need to subtract the gutters as they are treated
673         as fixed size tracks in the algorithm.
674
675         The spec text is pretty clear regarding this
676         (https://drafts.csswg.org/css-grid/#algo-find-fr-size):
677         "Let leftover space be the space to fill minus the base sizes
678          of the non-flexible grid tracks."
679
680         Gutters are treated as fixed-size tracks for the purpose
681         of the track sizing algorithm, so we need to subtract them from the
682         leftover space while finding the size of an "fr".
683
684         Tests: imported/w3c/web-platform-tests/css/css-grid/layout-algorithm/grid-find-fr-size-gutters-001.html
685                imported/w3c/web-platform-tests/css/css-grid/layout-algorithm/grid-find-fr-size-gutters-002.html
686
687         * rendering/GridTrackSizingAlgorithm.cpp:
688         (WebCore::GridTrackSizingAlgorithm::findFrUnitSize const):
689         (WebCore::IndefiniteSizeStrategy::findUsedFlexFraction const):
690
691 2018-01-21  Ryosuke Niwa  <rniwa@webkit.org>
692
693         Turning off custom pasteboard data doesn't actually turn it off in WK2
694         https://bugs.webkit.org/show_bug.cgi?id=181920
695         <rdar://problem/36686429>
696
697         Reviewed by Wenson Hsieh.
698
699         Replaced the global settings for custom pasteboard data by regular runtime enabled flags.
700
701         * dom/DataTransfer.cpp:
702         (WebCore::DataTransfer::getDataForItem const):
703         (WebCore::DataTransfer::shouldSuppressGetAndSetDataToAvoidExposingFilePaths const):
704         (WebCore::DataTransfer::setDataFromItemList):
705         (WebCore::DataTransfer::types const):
706         (WebCore::DataTransfer::commitToPasteboard):
707         * dom/DataTransferItemList.cpp:
708         (WebCore::shouldExposeTypeInItemList):
709         * editing/Editor.cpp:
710         (WebCore::createDataTransferForClipboardEvent):
711         * editing/cocoa/WebContentReaderCocoa.mm:
712         (WebCore::createFragmentAndAddResources):
713         (WebCore::WebContentReader::readWebArchive):
714         * page/DeprecatedGlobalSettings.cpp:
715         (WebCore::DeprecatedGlobalSettings::defaultCustomPasteboardDataEnabled): Deleted.
716         * page/DeprecatedGlobalSettings.h:
717         (WebCore::DeprecatedGlobalSettings::setCustomPasteboardDataEnabled): Deleted.
718         (WebCore::DeprecatedGlobalSettings::customPasteboardDataEnabled): Deleted.
719         * page/RuntimeEnabledFeatures.h:
720         (WebCore::RuntimeEnabledFeatures::setCustomPasteboardDataEnabled):
721         (WebCore::RuntimeEnabledFeatures::customPasteboardDataEnabled const):
722         * testing/InternalSettings.cpp:
723         (WebCore::InternalSettings::Backup::Backup):
724         (WebCore::InternalSettings::Backup::restoreTo):
725         (WebCore::InternalSettings::setCustomPasteboardDataEnabled):
726
727 2018-01-21  Wenson Hsieh  <wenson_hsieh@apple.com>
728
729         Add a new feature flag for EXTRA_ZOOM_MODE and reintroduce AdditionalFeatureDefines.h
730         https://bugs.webkit.org/show_bug.cgi?id=181918
731
732         Reviewed by Tim Horton.
733
734         Add EXTRA_ZOOM_MODE to FeatureDefines.xconfig (off by default). No change in behavior.
735
736         * Configurations/FeatureDefines.xcconfig:
737
738 2018-01-19  Ryosuke Niwa  <rniwa@webkit.org>
739
740         Release assertion in canExecuteScript when executing scripts during page cache restore
741         https://bugs.webkit.org/show_bug.cgi?id=181902
742
743         Reviewed by Antti Koivisto.
744
745         The crash was caused by an erroneous instantiation of ScriptDisallowedScope::InMainThread in CachedPage::restore.
746         It can execute arbitrary scripts since CachedFrame::open can update style, layout, and evaluate media queries.
747
748         This is fine because there is no way to put this page back into a page cache until the load is commited via
749         FrameLoader::commitProvisionalLoad is invoked later which only happens after CachedPage::restore had exited.
750
751         Also added a release assert to make sure this condition holds.
752
753         Tests: fast/history/page-cache-execute-script-during-restore.html
754                fast/history/page-cache-navigate-during-restore.html
755
756         * history/CachedPage.cpp:
757         (WebCore::CachedPageRestorationScope::CachedPageRestorationScope): Added.
758         (WebCore::CachedPageRestorationScope::~CachedPageRestorationScope): Added.
759         (WebCore::CachedPage::restore): Don't instantiate ScriptDisallowedScope::InMainThread. Set isRestoringCachedPage
760         on the cached pate to release-assert that there won't be any attempt to put this very page back into the cache.
761         * history/PageCache.cpp:
762         (WebCore::canCachePage): Added a release assert to make sure the page which is in the process of being restored
763         from the page cache is not put into the page cache.
764         * page/Page.h:
765         (WebCore::Page::setIsRestoringCachedPage): Added.
766         (WebCore::Page::isRestoringCachedPage const): Added.
767
768 2018-01-21  Eric Carlson  <eric.carlson@apple.com>
769
770         Resign NowPlaying status when no media element is eligible
771         https://bugs.webkit.org/show_bug.cgi?id=181914
772         <rdar://problem/35294116>
773
774         Reviewed by Jer Noble.
775
776         Updated API test.
777
778         * html/HTMLMediaElement.cpp:
779         (WebCore::HTMLMediaElement::removedFromAncestor): Call mediaSession->clientCharacteristicsChanged
780         so NowPlaying status will be updated.
781
782         * html/MediaElementSession.cpp:
783         (WebCore::MediaElementSession::canShowControlsManager const): Return false when being queried
784         for NowPlaying status in an inactive document.
785
786         * platform/audio/PlatformMediaSessionManager.cpp:
787         (WebCore::PlatformMediaSessionManager::updateNowPlayingInfoIfNecessary): Implement in for all
788         ports.
789         * platform/audio/PlatformMediaSessionManager.h:
790         (WebCore::PlatformMediaSessionManager::registeredAsNowPlayingApplication const):
791         * platform/audio/ios/MediaSessionManagerIOS.h:
792         * platform/audio/mac/MediaSessionManagerMac.h:
793         * platform/audio/mac/MediaSessionManagerMac.mm:
794         (WebCore::MediaSessionManagerMac::updateNowPlayingInfo): Call MRMediaRemoteSetCanBeNowPlayingApplication
795         whenever status changes.
796         (WebCore::PlatformMediaSessionManager::updateNowPlayingInfoIfNecessary): Deleted, implemented
797         in the base class.
798
799 2018-01-21  Jer Noble  <jer.noble@apple.com>
800
801         REGRESSION (macOS 10.13.2): imported/w3c/web-platform-tests/media-source/mediasource-* LayoutTests failing
802         https://bugs.webkit.org/show_bug.cgi?id=181891
803
804         Reviewed by Eric Carlson.
805
806         In macOS 10.13.2, CoreMedia changed the definition of CMSampleBufferGetDuration() to return
807         the presentation duration rather than the decode duration. For media streams where those two
808         durations are identical (or at least, closely similar), this isn't a problem. But the media
809         file used in the WPT tests have an unusual frame cadence: decode durations go {3000, 1, 5999,
810         1, 5999,...} and presentation durations go {3000, 2999, 3000, 2999}. This caused one check in
811         the "Coded Frame Processing" algorithm to begin failing, where it checks that the delta
812         between the last sample's decode time and the new decode time is no more than 2x as far as
813         the last sample's duration. That's not a problem as long as the "duration" is the "decode
814         duration" and the samples are all adjacent. Once the "duration" is "presentation duration",
815         all the assumptions in the algorithm are invalidated. In the WPT test case, the delta between
816         decode times is 5999, and 2 * the presentation duration is 5998, causing all samples up to
817         the next sync sample to be dropped.
818
819         To work around this change in behavior, we'll adopt the same technique used by Mozilla's MSE
820         implementation, which was done for similar reasons. Rather than track the "last frame duration",
821         we'll record the "greatest frame duration", and use actual decode timestamps to derive this
822         duration. The "greatest frame duration" field will be reset at the same times as "last frame
823         duration", and will be used only in the part of the algorithm that checks for large decode
824         timestamp gaps.
825
826         * Modules/mediasource/SourceBuffer.cpp:
827         (WebCore::SourceBuffer::TrackBuffer::TrackBuffer):
828         (WebCore::SourceBuffer::resetParserState):
829         (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
830
831 2018-01-21  Andy Estes  <aestes@apple.com>
832
833         [ios] LayoutTest imported/w3c/web-platform-tests/payment-request/rejects_if_not_active.https.html is crashing in JSC::JSONParse
834         https://bugs.webkit.org/show_bug.cgi?id=177832
835         <rdar://problem/34805315>
836
837         Reviewed by Tim Horton.
838
839         Test: http/tests/paymentrequest/rejects_if_not_active.https.html
840
841         * Modules/paymentrequest/PaymentRequest.cpp:
842         (WebCore::PaymentRequest::show): Rejected promise if the document is not active.
843
844 2018-01-20  Brady Eidson  <beidson@apple.com>
845
846         Make garbage collection of MessagePort objects be asynchronous.
847         https://bugs.webkit.org/show_bug.cgi?id=181910
848
849         Reviewed by Andy Estes.
850
851         No new tests (Covered by existing tests, including GC-specific ones).
852
853         The basic premise here is as follows:
854         - You can *always* GC a MessagePort that is closed
855         - You can *always* GC a MessagePort that has no onmessage handler, as incoming messages cannot 
856           possibly revive it.
857         - You can GC a MessagePort, even if it has a message handler, as long as there are no messages 
858           in flight between it and the remote port, and as long as the remote port is "maybe eligible for GC."
859           
860         A MessagePort is considered "maybe eligible for GC" once hasPendingActivity is asked once.
861         
862         A MessagePort loses "maybe eligible for GC" status once it is used for sending or receiving a message.
863         
864         The changes to MessagePort.cpp implement the above with a tiny little bool-driven state machine.
865         * dom/MessagePort.cpp:
866         (WebCore::MessagePort::postMessage):
867         (WebCore::MessagePort::disentangle):
868         (WebCore::MessagePort::registerLocalActivity):
869         (WebCore::MessagePort::start):
870         (WebCore::MessagePort::close):
871         (WebCore::MessagePort::contextDestroyed):
872         (WebCore::MessagePort::dispatchMessages):
873         (WebCore::MessagePort::hasPendingActivity const):
874         (WebCore::MessagePort::isLocallyReachable const):
875         (WebCore::MessagePort::addEventListener):
876         (WebCore::MessagePort::removeEventListener):
877         * dom/MessagePort.h:
878
879         - Remove the lock and any background-thread code paths
880         - Add ASSERT(isMainThread())s throughout
881         * dom/messageports/MessagePortChannel.cpp:
882         (WebCore::MessagePortChannel::MessagePortChannel):
883         (WebCore::MessagePortChannel::includesPort):
884         (WebCore::MessagePortChannel::entanglePortWithProcess):
885         (WebCore::MessagePortChannel::disentanglePort):
886         (WebCore::MessagePortChannel::closePort):
887         (WebCore::MessagePortChannel::postMessageToRemote):
888         (WebCore::MessagePortChannel::takeAllMessagesForPort):
889         (WebCore::MessagePortChannel::checkRemotePortForActivity):
890         (WebCore::MessagePortChannel::hasAnyMessagesPendingOrInFlight const):
891         * dom/messageports/MessagePortChannel.h:
892         
893         Add a callback for a MessagePortChannel to go ask the remote MessagePort object about local activity:
894         * dom/messageports/MessagePortChannelProvider.h:
895         * dom/messageports/MessagePortChannelProviderImpl.cpp:
896         (WebCore::MessagePortChannelProviderImpl::checkRemotePortForActivity):
897         (WebCore::MessagePortChannelProviderImpl::checkProcessLocalPortForActivity):
898         (WebCore::MessagePortChannelProviderImpl::hasMessagesForPorts_temporarySync): Deleted.
899         * dom/messageports/MessagePortChannelProviderImpl.h:
900         
901         - Remove the lock and any background-thread code paths
902         - Add ASSERT(isMainThread())s throughout
903         * dom/messageports/MessagePortChannelRegistry.cpp:
904         (WebCore::MessagePortChannelRegistry::messagePortChannelCreated):
905         (WebCore::MessagePortChannelRegistry::messagePortChannelDestroyed):
906         (WebCore::MessagePortChannelRegistry::didEntangleLocalToRemote):
907         (WebCore::MessagePortChannelRegistry::didDisentangleMessagePort):
908         (WebCore::MessagePortChannelRegistry::didCloseMessagePort):
909         (WebCore::MessagePortChannelRegistry::didPostMessageToRemote):
910         (WebCore::MessagePortChannelRegistry::takeAllMessagesForPort):
911         (WebCore::MessagePortChannelRegistry::checkRemotePortForActivity):
912         (WebCore::MessagePortChannelRegistry::existingChannelContainingPort):
913         (WebCore::MessagePortChannelRegistry::hasMessagesForPorts_temporarySync): Deleted.
914         * dom/messageports/MessagePortChannelRegistry.h:
915
916 2018-01-20  Andy Estes  <aestes@apple.com>
917
918         [Apple Pay] Stop eagerly loading PassKit.framework
919         https://bugs.webkit.org/show_bug.cgi?id=181911
920         <rdar://problem/36555369>
921
922         Reviewed by Tim Horton.
923
924         r226458 and r226123 added code that caused PassKit.framework to be eagerly loaded when
925         initializing a WKWebView. This is costly and should only be done when Apple Pay is first used.
926
927         To avoid eagerly loading PassKit, this patch does two things:
928
929         1. Instead of sending the available payment networks as part of WebPageCreationParameters,
930         PaymentCoordinator asks for them using a syncrhonous message the first time they are needed.
931         2. Instead of setting the Apple Pay preference to false when PassKit can't be loaded,
932         the following API entry points check for a missing PassKit and return false, or throw
933         exceptions, or reject promises:
934             - ApplePaySession.canMakePayments()
935             - ApplePaySession.canMakePaymentsWithActiveCard()
936             - ApplePaySession.openPaymentSetup()
937             - ApplePaySession.begin()
938
939         No new tests for (1), which causes no change in behavior. (2) was manually verified by
940         locally moving aside PassKit.framework, but that's not possible to do in an automated test.
941
942         * Modules/applepay/PaymentCoordinator.cpp:
943         (WebCore::PaymentCoordinator::PaymentCoordinator):
944         (WebCore::PaymentCoordinator::validatedPaymentNetwork const):
945         (WebCore::toHashSet): Deleted.
946         * Modules/applepay/PaymentCoordinator.h:
947         * Modules/applepay/PaymentCoordinatorClient.h:
948         * loader/EmptyClients.cpp:
949         * page/MainFrame.cpp:
950         (WebCore::MainFrame::MainFrame):
951
952         Removed PaymentCoordinator::m_availablePaymentNetworks and made
953         PaymentCoordinator::validatedPaymentNetwork() call
954         PaymentCoordinatorClient::validatedPaymentNetwork() instead.
955
956         * page/PageConfiguration.h:
957
958         Removed availablePaymentNetworks from PageConfiguration.
959
960         * testing/Internals.cpp:
961         (WebCore::Internals::Internals):
962         * testing/MockPaymentCoordinator.cpp:
963         (WebCore::MockPaymentCoordinator::validatedPaymentNetwork):
964         * testing/MockPaymentCoordinator.h:
965
966         Implemented PaymentCoordinatorClient::validatedPaymentNetwork().
967
968 2018-01-20  Jer Noble  <jer.noble@apple.com>
969
970         Release ASSERT when reloading Vimeo page @ WebCore: WebCore::Document::updateLayout
971         https://bugs.webkit.org/show_bug.cgi?id=181840
972         <rdar://problem/36186214>
973
974         Reviewed by Simon Fraser.
975
976         Test: media/video-fullscreen-reload-crash.html
977
978         Short circuit play() or pause() operations if the document is suspended or stopped.
979
980         * html/HTMLMediaElement.cpp:
981         (WebCore::HTMLMediaElement::playInternal):
982         (WebCore::HTMLMediaElement::pauseInternal):
983
984 2018-01-20  Youenn Fablet  <youenn@apple.com>
985
986         fetch redirect is incompatible with "no-cors" mode
987         https://bugs.webkit.org/show_bug.cgi?id=181866
988         <rdar://problem/35827140>
989
990         Reviewed by Chris Dumez.
991
992         Covered by updated tests.
993
994         Return a network error when no-cors mode and redirect mode is manual or error.
995         Update preflight implementation to no longer use manual redirect mode to simulate https://fetch.spec.whatwg.org/#http-network-or-cache-fetch.
996         Instead implement redirectReceived callback to treat any redirect response as the preflight response.
997
998         * loader/cache/CachedResourceLoader.cpp:
999         (WebCore::CachedResourceLoader::canRequest):
1000         * loader/CrossOriginPreflightChecker.cpp:
1001         (WebCore::CrossOriginPreflightChecker::redirectReceived):
1002         (WebCore::CrossOriginPreflightChecker::startPreflight):
1003         * loader/CrossOriginPreflightChecker.h:
1004
1005 2018-01-19  Wenson Hsieh  <wenson_hsieh@apple.com>
1006
1007         [macOS] [WK2] Drag location is computed incorrectly when dragging content from subframes
1008         https://bugs.webkit.org/show_bug.cgi?id=181896
1009         <rdar://problem/35479043>
1010
1011         Reviewed by Tim Horton.
1012
1013         In r218837, I packaged most of the information needed to start a drag into DragItem, which is propagated to the client layer
1014         via the startDrag codepath. However, this introduced a bug in computing the event position and drag location in window
1015         coordinates. Consider the case where we're determining the drag image offset for a dragged element in a subframe:
1016
1017         Before the patch, the drag location (which starts out in the subframe's content coordinates) would be converted to root view
1018         coordinates, which would then be converted to mainframe content coordinates, which would then be converted to window coordinates
1019         using the mainframe's view. After the patch, we carry out the same math until the last step, where we erroneously use the
1020         _subframe's_ view to convert to window coordinates from content coordinates. This results in the position of the iframe relative
1021         to the mainframe being accounted for twice.
1022
1023         To fix this, we simply use the main frame's view to convert from mainframe content coordinates to window coordinates while
1024         computing the drag location. As for the event position in window coordinates, this is currently unused by any codepath in WebKit,
1025         so we can just remove it altogether.
1026
1027         Since this bug only affects drag and drop in the macOS WebKit2 port, there's currently no way to test this. I'll be using
1028         <https://bugs.webkit.org/show_bug.cgi?id=181898> to track adding test support for drag and drop on macOS WebKit2. Manually tested
1029         dragging in both WebKit1 and WebKit2 on macOS. dragLocationInWindowCoordinates isn't used at all for iOS drag and drop.
1030
1031         * page/DragController.cpp:
1032         (WebCore::DragController::doSystemDrag):
1033         * platform/DragItem.h:
1034         (WebCore::DragItem::encode const):
1035         (WebCore::DragItem::decode):
1036
1037 2018-01-19  Ryan Haddad  <ryanhaddad@apple.com>
1038
1039         Unreviewed, rolling out r227235.
1040
1041         The test for this change consistently times out on High
1042         Sierra.
1043
1044         Reverted changeset:
1045
1046         "Support for preconnect Link headers"
1047         https://bugs.webkit.org/show_bug.cgi?id=181657
1048         https://trac.webkit.org/changeset/227235
1049
1050 2018-01-19  Youenn Fablet  <youenn@apple.com>
1051
1052         Cache storage errors like Quota should trigger console messages
1053         https://bugs.webkit.org/show_bug.cgi?id=181879
1054         <rdar://problem/36669048>
1055
1056         Reviewed by Chris Dumez.
1057
1058         Covered by rebased test.
1059
1060         * Modules/cache/DOMCache.cpp:
1061         (WebCore::DOMCache::retrieveRecords):
1062         (WebCore::DOMCache::batchDeleteOperation):
1063         (WebCore::DOMCache::batchPutOperation):
1064         * Modules/cache/DOMCacheEngine.cpp:
1065         (WebCore::DOMCacheEngine::errorToException):
1066         (WebCore::DOMCacheEngine::logErrorAndConvertToException):
1067         * Modules/cache/DOMCacheEngine.h:
1068         * Modules/cache/DOMCacheStorage.cpp:
1069         (WebCore::DOMCacheStorage::retrieveCaches):
1070         (WebCore::DOMCacheStorage::doOpen):
1071         (WebCore::DOMCacheStorage::doRemove):
1072
1073 2018-01-19  Youenn Fablet  <youenn@apple.com>
1074
1075         Do not go to the storage process when registering a service worker client if there is no service worker registered
1076         https://bugs.webkit.org/show_bug.cgi?id=181740
1077         <rdar://problem/36650400>
1078
1079         Reviewed by Chris Dumez.
1080
1081         Register a document as service worker client only if there is an existing service worker connection.
1082         This allows not creating any connection if no service worker is registered.
1083
1084         Add internals API to test whether a service worker connection was created or not.
1085         This is used by API tests that cover the changes.
1086
1087         * dom/Document.cpp:
1088         (WebCore::Document::privateBrowsingStateDidChange): No need to create a service worker connection if client is not registered yet.
1089         (WebCore::Document::setServiceWorkerConnection): No need to unregister/register if service worker connection is the same.
1090         Similarly, if Document is to be destroyed or suspended, we should not register it.
1091         * loader/DocumentLoader.cpp:
1092         (WebCore::DocumentLoader::commitData):
1093         * testing/Internals.cpp:
1094         (WebCore::Internals::hasServiceWorkerConnection):
1095         * testing/Internals.h:
1096         * testing/Internals.idl:
1097         * workers/service/ServiceWorkerProvider.cpp:
1098         (WebCore::ServiceWorkerProvider::registerServiceWorkerClients):
1099         * workers/service/ServiceWorkerProvider.h:
1100
1101 2018-01-19  Dean Jackson  <dino@apple.com>
1102
1103         REGRESSION (r221092): Swipe actions are hard to perform in FastMail app
1104         https://bugs.webkit.org/show_bug.cgi?id=181817
1105         <rdar://problem/35274055>
1106
1107         Add a setting for controlling whether touch listeners are passive
1108         by default on document/window/body.
1109
1110         Updated existing test.
1111
1112         * dom/EventTarget.cpp:
1113         (WebCore::EventTarget::addEventListener):
1114         * page/Settings.yaml:
1115
1116 2018-01-19  Daniel Bates  <dabates@apple.com>
1117
1118         Update frame-ancestor directive to match Content Security Policy Level 3
1119         https://bugs.webkit.org/show_bug.cgi?id=178891
1120         <rdar://problem/35209458>
1121
1122         Reviewed by Alex Christensen.
1123
1124         Derived from Blink e667cc2e501fabab3605b838e4ee0d642a9c4a59:
1125         <https://chromium.googlesource.com/chromium/src.git/+/e667cc2e501fabab3605b838e4ee0d642a9c4a59>
1126
1127         Update frame-ancestor directive to match against the origin of the ancestor document per the
1128         Content Security Policy Level 3 spec.: <https://w3c.github.io/webappsec-csp/> (15 January 2018).
1129         Specifically this change in behavior was made to CSP 3 in <https://github.com/w3c/webappsec/issues/311>.
1130         In earlier versions of the spec, the frame-ancestor directive matched against the URL of the
1131         ancestor document.
1132
1133         Disregarding allow-same-origin sandboxed iframes, a document with policy "frame-ancestor 'self'"
1134         will be blocked from loading in a sandboxed iframe as a result of this change.
1135
1136         Tests: http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-allow-same-origin-sandboxed-cross-url-allow.html
1137                http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html
1138
1139         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
1140         (WebCore::checkFrameAncestors):
1141
1142 2018-01-19  Basuke Suzuki  <Basuke.Suzuki@sony.com>
1143
1144         [Curl] Add timeout support to XMLHttpRequest
1145         https://bugs.webkit.org/show_bug.cgi?id=181876
1146
1147         Reviewed by Alex Christensen 
1148
1149         * platform/network/ResourceRequestBase.cpp:
1150         * platform/network/curl/CurlContext.cpp:
1151         (WebCore::CurlHandle::setTimeout):
1152         * platform/network/curl/CurlContext.h:
1153         * platform/network/curl/CurlRequest.cpp:
1154         (WebCore::CurlRequest::setupTransfer):
1155         (WebCore::CurlRequest::didCompleteTransfer):
1156         * platform/network/curl/ResourceError.h:
1157         * platform/network/curl/ResourceErrorCurl.cpp:
1158         (WebCore::ResourceError::httpError):
1159
1160 2018-01-19  Yoav Weiss  <yoav@yoav.ws>
1161
1162         Support for preconnect Link headers
1163         https://bugs.webkit.org/show_bug.cgi?id=181657
1164
1165         Reviewed by Darin Adler.
1166
1167         Move the preconnect functionality into its own function, and
1168         also call this function when Link headers are processed.
1169
1170         Test: http/tests/preconnect/link-header-rel-preconnect-http.php
1171
1172         * loader/LinkLoader.cpp:
1173         (WebCore::LinkLoader::loadLinksFromHeader): Call preconnectIfNeeded.
1174         (WebCore::LinkLoader::preconnectIfNeeded): Preconnect to a host functionality moved here.
1175         (WebCore::LinkLoader::loadLink): Call preconnectIfNeeded.
1176         * loader/LinkLoader.h:
1177
1178 2018-01-19  Joseph Pecoraro  <pecoraro@apple.com>
1179
1180         AppCache: Log a Deprecation warning to the Console when AppCache is used
1181         https://bugs.webkit.org/show_bug.cgi?id=181778
1182
1183         Reviewed by Alex Christensen.
1184
1185         * html/HTMLHtmlElement.cpp:
1186         (WebCore::HTMLHtmlElement::insertedByParser):
1187
1188 2018-01-19  Chris Dumez  <cdumez@apple.com>
1189
1190         ASSERT(registration || isTerminating()) hit in SWServerWorker::skipWaiting()
1191         https://bugs.webkit.org/show_bug.cgi?id=181761
1192         <rdar://problem/36594564>
1193
1194         Reviewed by Youenn Fablet.
1195
1196         There is a short period of time, early in the registration process where a
1197         SWServerWorker object exists for a registration but is not in the registration's
1198         installing/waiting/active slots yet. As a result, if a registration is cleared
1199         during this period (for e.g. due to the user clearing all website data), that
1200         SWServerWorker will not be terminated. We then hit assertion later on when this
1201         worker is trying to do things (like call skipWaiting).
1202
1203         To address the issue, we now keep a reference this SWServerWorker on the
1204         registration, via a new SWServerRegistration::m_preInstallationWorker data member.
1205         When the registration is cleared, we now take care of terminating this worker.
1206
1207         No new tests, covered by existing tests that crash flakily in debug builds.
1208
1209         * workers/WorkerThread.cpp:
1210         (WebCore::WorkerThread::stop):
1211         if the mutex is locked, then the worker thread is still starting. We spin the
1212         runloop and try to stop again later. This avoids the deadlock shown in
1213         Bug 181763 as the worker thread may need to interact with the main thread
1214         during startup.
1215
1216         * workers/service/server/SWServer.cpp:
1217         (WebCore::SWServer::installContextData):
1218         * workers/service/server/SWServerJobQueue.cpp:
1219         (WebCore::SWServerJobQueue::scriptContextFailedToStart):
1220         (WebCore::SWServerJobQueue::install):
1221         * workers/service/server/SWServerRegistration.cpp:
1222         (WebCore::SWServerRegistration::~SWServerRegistration):
1223         (WebCore::SWServerRegistration::setPreInstallationWorker):
1224         (WebCore::SWServerRegistration::clear):
1225         * workers/service/server/SWServerRegistration.h:
1226         (WebCore::SWServerRegistration::preInstallationWorker const):
1227
1228 2018-01-19  Chris Dumez  <cdumez@apple.com>
1229
1230         Service worker registrations restored from disk may not be reused when the JS calls register() again
1231         https://bugs.webkit.org/show_bug.cgi?id=181810
1232         <rdar://problem/36591711>
1233
1234         Reviewed by Youenn Fablet.
1235
1236         The issue was that when restoring a registration from disk, we would not set its active worker right
1237         away. We only set it later in installContextData(). installContextData() is only called after we’ve
1238         launched the service worker process and established a connection to it.
1239
1240         However, we would start processing jobs (such as registrations) before we’ve established the connection
1241         to the service worker process. SWServerJobQueue::runRegisterJob(), in order to reuse an existing
1242         registration checks the registration’s active worker has the right script URL. The issue was that when
1243         this code would execute, we may not have set the registration’s active service worker yet, in which case,
1244         we would update the existing registration instead of reusing it as-is.
1245
1246         To address the issue, we now delay the processing of jobs until the connection to the service worker
1247         process has been established and we've installed all pending contexts via installContextData().
1248
1249         Changed is covered by new API test.
1250
1251         * workers/service/server/SWServer.cpp:
1252         (WebCore::SWServer::Connection::scheduleJobInServer):
1253         (WebCore::SWServer::scheduleJob):
1254         (WebCore::SWServer::serverToContextConnectionCreated):
1255         * workers/service/server/SWServer.h:
1256
1257 2018-01-19  James Craig  <jcraig@apple.com>
1258
1259         AX: when invert colors is on, double-invert image and picture elements in UserAgentStyleSheet
1260         https://bugs.webkit.org/show_bug.cgi?id=181281
1261         <rdar://problem/36291776>
1262
1263         Reviewed by Simon Fraser.
1264
1265         Updated "Smart Invert" to include img and picture element inversion and tests.
1266
1267         Tests: accessibility/smart-invert-reference.html
1268                accessibility/smart-invert.html
1269
1270         * css/html.css:
1271         (@media (inverted-colors)):
1272         (img:not(picture>img), picture, video):
1273
1274 2018-01-19  Chris Dumez  <cdumez@apple.com>
1275
1276         The WebContent process should not process incoming IPC while waiting for a sync IPC reply
1277         https://bugs.webkit.org/show_bug.cgi?id=181560
1278
1279         Reviewed by Ryosuke Niwa.
1280
1281         Add internals API for testing purposes.
1282
1283         Test: fast/misc/testIncomingSyncIPCMessageWhileWaitingForSyncReply.html
1284
1285         * page/ChromeClient.h:
1286         * testing/Internals.cpp:
1287         (WebCore::Internals::testIncomingSyncIPCMessageWhileWaitingForSyncReply):
1288         * testing/Internals.h:
1289         * testing/Internals.idl:
1290
1291 2018-01-19  Keith Miller  <keith_miller@apple.com>
1292
1293         HaveInternalSDK includes should be "#include?"
1294         https://bugs.webkit.org/show_bug.cgi?id=179670
1295
1296         Reviewed by Dan Bernstein.
1297
1298         * Configurations/Base.xcconfig:
1299
1300 2018-01-19  Daniel Bates  <dabates@apple.com>
1301
1302         Fix misspelling; substitute willDetachRenderer for willDetatchRenderer.
1303
1304         * html/HTMLPlugInImageElement.cpp:
1305         (WebCore::HTMLPlugInImageElement::willDetachRenderers):
1306         * plugins/PluginViewBase.h:
1307         (WebCore::PluginViewBase::willDetachRenderer):
1308         (WebCore::PluginViewBase::willDetatchRenderer): Deleted.
1309
1310 2018-01-19  Jonathan Bedard  <jbedard@apple.com>
1311
1312         Unreviewed build fix, remove unused lambda captures.
1313
1314         * dom/messageports/MessagePortChannel.cpp:
1315         (WebCore::MessagePortChannel::takeAllMessagesForPort):
1316         * dom/messageports/MessagePortChannelRegistry.cpp:
1317         (WebCore::MessagePortChannelRegistry::messagePortChannelCreated):
1318
1319 2018-01-19  Antoine Quint  <graouts@apple.com>
1320
1321         [Web Animations] Expose timing properties (delay, endDelay, fill, iterationStart, iterations, direction) and getComputedTiming()
1322         https://bugs.webkit.org/show_bug.cgi?id=181857
1323         <rdar://problem/36660081>
1324
1325         Reviewed by Dean Jackson.
1326
1327         We start the work to implement the rest of the Web Animations timing and animation model by exposing more properties on
1328         AnimationEffectTiming to control delay (delay, endDelay), looping (iterationStart, iterations), fill and direction.
1329         Additionally, we expose the getComputedTiming() method on AnimationEffect, although it currently lacks some computed
1330         properties that will come in later patch as we implement various processes defined by the spec. We also update the
1331         existing duration() method on AnimationEffectTiming to be called iterationDuration() to match the terms used in the
1332         specification.
1333
1334         Finally, we make all new properties, and update existing ones, that expose a time value go through the new utility
1335         function secondsToWebAnimationsAPITime() to guarantee rounded values with microseconds precision, as advised by
1336         the Web Animations specification.
1337
1338         * CMakeLists.txt:
1339         * DerivedSources.make:
1340         * Sources.txt:
1341         * WebCore.xcodeproj/project.pbxproj:
1342         * animation/AnimationEffect.cpp:
1343         (WebCore::AnimationEffect::localTime const):
1344         (WebCore::AnimationEffect::getComputedTiming):
1345         * animation/AnimationEffect.h:
1346         * animation/AnimationEffect.idl:
1347         * animation/AnimationEffectTiming.cpp:
1348         (WebCore::AnimationEffectTiming::AnimationEffectTiming):
1349         (WebCore::AnimationEffectTiming::setIterationStart):
1350         (WebCore::AnimationEffectTiming::setIterations):
1351         (WebCore::AnimationEffectTiming::bindingsDuration const):
1352         (WebCore::AnimationEffectTiming::setBindingsDuration):
1353         (WebCore::AnimationEffectTiming::endTime const):
1354         (WebCore::AnimationEffectTiming::activeDuration const):
1355         * animation/AnimationEffectTiming.h:
1356         * animation/AnimationEffectTiming.idl:
1357         * animation/AnimationPlaybackEvent.cpp:
1358         (WebCore::AnimationPlaybackEvent::bindingsCurrentTime const):
1359         (WebCore::AnimationPlaybackEvent::bindingsTimelineTime const):
1360         * animation/AnimationTimeline.cpp:
1361         (WebCore::AnimationTimeline::bindingsCurrentTime):
1362         * animation/ComputedTimingProperties.h: Added.
1363         * animation/ComputedTimingProperties.idl: Added. We set nullable double values to a default value of "null" since
1364         otherwise setting those properties to a null value would not set the properties in the converted JS dictionary.
1365         * animation/KeyframeEffect.cpp:
1366         (WebCore::KeyframeEffect::create): Handle new timing properties passed in the KeyframeEffectOptions dictionary.
1367         (WebCore::KeyframeEffect::applyAtLocalTime):
1368         (WebCore::KeyframeEffect::getAnimatedStyle):
1369         (WebCore::KeyframeEffect::startOrStopAccelerated):
1370         * animation/WebAnimation.cpp:
1371         (WebCore::WebAnimation::bindingsStartTime const):
1372         (WebCore::WebAnimation::bindingsCurrentTime const):
1373         (WebCore::WebAnimation::effectEndTime const):
1374         (WebCore::WebAnimation::timeToNextRequiredTick const):
1375         * animation/WebAnimationUtilities.h: Added.
1376         (WebCore::secondsToWebAnimationsAPITime):
1377
1378 2018-01-19  Alex Christensen  <achristensen@webkit.org>
1379
1380         Remove dead networking code
1381         https://bugs.webkit.org/show_bug.cgi?id=181813
1382
1383         Reviewed by Tim Horton.
1384
1385         CFURLConnection is only used on Windows.
1386
1387         * platform/network/cf/ResourceError.h:
1388         * platform/network/cf/ResourceRequest.h:
1389         (WebCore::ResourceRequest::encodingRequiresPlatformData const):
1390         * platform/network/cf/ResourceRequestCFNet.cpp:
1391         (WebCore::findCFURLRequestCopyContentDispositionEncodingFallbackArrayFunction):
1392         (WebCore::ResourceRequest::doUpdatePlatformRequest):
1393         (WebCore::ResourceRequest::doUpdatePlatformHTTPBody):
1394         (WebCore::ResourceRequest::doUpdateResourceRequest):
1395         (WebCore::ResourceRequest::setStorageSession):
1396         * platform/network/cf/ResourceResponse.h:
1397         (WebCore::ResourceResponse::ResourceResponse):
1398
1399 2018-01-19  Alex Christensen  <achristensen@webkit.org>
1400
1401         Remove unused WebViewPrivate _allowCookies
1402         https://bugs.webkit.org/show_bug.cgi?id=181812
1403
1404         Reviewed by Tim Horton.
1405
1406         This SPI was in the original iOS upstreaming and has not been used in many years.
1407
1408         * platform/network/ResourceRequestBase.cpp:
1409         (WebCore::ResourceRequestBase::setDefaultAllowCookies): Deleted.
1410         (WebCore::ResourceRequestBase::defaultAllowCookies): Deleted.
1411         * platform/network/ResourceRequestBase.h:
1412         (WebCore::ResourceRequestBase::ResourceRequestBase):
1413
1414 2018-01-18  Brady Eidson  <beidson@apple.com>
1415
1416         Make in-process MessagePorts be (mostly) asynchronous
1417         https://bugs.webkit.org/show_bug.cgi?id=181454
1418
1419         Reviewed by Alex Christensen.
1420
1421         No new tests (Covered *brutally* by existing tests)
1422
1423         Part of making MessagePorts be a thing we can pass across processes is making them work async.
1424         
1425         The existing "MessagePortChannel" method of abstraction was not cut out for this.
1426         This patch gets rid of MessagePortChannel and adds a new MessagePortChannelProvider abstraction.
1427         It then gets the new machinery working in-process (with some pieces of out-of-process in place)
1428
1429         One synchronous behavior this patch maintains is the hasPendingActivity() check used to support GC.
1430         That will (creatively) be made async in the next followup.
1431         
1432         More generally from MessagePorts, this patch also adds a "MessageWithMessagePorts" object to be used
1433         with all forms of postMessage(). Much better.
1434         
1435         * CMakeLists.txt:
1436         * Sources.txt:
1437         * WebCore.xcodeproj/project.pbxproj:
1438
1439         * dom/InProcessMessagePortChannel.cpp: Removed.
1440         * dom/InProcessMessagePortChannel.h: Removed.
1441         * dom/MessagePortChannel.cpp: Removed.
1442         * dom/MessagePortChannel.h: Removed.
1443
1444         * dom/MessageChannel.cpp:
1445         (WebCore::MessageChannel::create):
1446         (WebCore::MessageChannel::MessageChannel):
1447         (WebCore::m_port2): Deleted.
1448         * dom/MessageChannel.h:
1449         (WebCore::MessageChannel::create): Deleted.
1450
1451         * dom/MessagePort.cpp:
1452         (WebCore::MessagePort::create):
1453         (WebCore::MessagePort::MessagePort):
1454         (WebCore::MessagePort::~MessagePort):
1455         (WebCore::MessagePort::entangle):
1456         (WebCore::MessagePort::postMessage):
1457         (WebCore::MessagePort::disentangle):
1458         (WebCore::MessagePort::messageAvailable):
1459         (WebCore::MessagePort::start):
1460         (WebCore::MessagePort::close):
1461         (WebCore::MessagePort::contextDestroyed):
1462         (WebCore::MessagePort::dispatchMessages):
1463         (WebCore::MessagePort::hasPendingActivity const):
1464         (WebCore::MessagePort::locallyEntangledPort const):
1465         (WebCore::MessagePort::disentanglePorts):
1466         (WebCore::MessagePort::entanglePorts):
1467         (WebCore::MessagePort::entangleWithRemote): Deleted.
1468         * dom/MessagePort.h:
1469
1470         * dom/MessagePortIdentifier.h:
1471         (WebCore::MessagePortIdentifier::logString const):
1472
1473         * dom/ScriptExecutionContext.cpp:
1474         (WebCore::ScriptExecutionContext::processMessageWithMessagePortsSoon):
1475         (WebCore::ScriptExecutionContext::dispatchMessagePortEvents):
1476         (WebCore::ScriptExecutionContext::processMessagePortMessagesSoon): Deleted.
1477         * dom/ScriptExecutionContext.h:
1478
1479         Add a single object that represents two intertwined ports, tracks their pending
1480         messages, tracks which process they're in, etc etc:
1481         * dom/messageports/MessagePortChannel.cpp: Added.
1482         (WebCore::MessagePortChannel::create):
1483         (WebCore::MessagePortChannel::MessagePortChannel):
1484         (WebCore::MessagePortChannel::~MessagePortChannel):
1485         (WebCore::MessagePortChannel::includesPort):
1486         (WebCore::MessagePortChannel::entanglePortWithProcess):
1487         (WebCore::MessagePortChannel::disentanglePort):
1488         (WebCore::MessagePortChannel::closePort):
1489         (WebCore::MessagePortChannel::postMessageToRemote):
1490         (WebCore::MessagePortChannel::takeAllMessagesForPort):
1491         (WebCore::MessagePortChannel::hasAnyMessagesPendingOrInFlight const):
1492         * dom/messageports/MessagePortChannel.h: Added.
1493         (WebCore::MessagePortChannel::port1 const):
1494         (WebCore::MessagePortChannel::port2 const):
1495         (WebCore::MessagePortChannel::logString const):
1496
1497         Abstraction for creating and operating on MessagePorts in a potentially cross-process way:
1498         * dom/messageports/MessagePortChannelProvider.cpp: Added.
1499         (WebCore::MessagePortChannelProvider::singleton):
1500         (WebCore::MessagePortChannelProvider::setSharedProvider):
1501         * dom/messageports/MessagePortChannelProvider.h: Added.
1502         (WebCore::MessagePortChannelProvider::~MessagePortChannelProvider):
1503
1504         Adds a concrete implementation of that provider to be used in-process (e.g. WK1):
1505         * dom/messageports/MessagePortChannelProviderImpl.cpp: Added.
1506         (WebCore::MessagePortChannelProviderImpl::~MessagePortChannelProviderImpl):
1507         (WebCore::MessagePortChannelProviderImpl::performActionOnAppropriateThread):
1508         (WebCore::MessagePortChannelProviderImpl::createNewMessagePortChannel):
1509         (WebCore::MessagePortChannelProviderImpl::entangleLocalPortInThisProcessToRemote):
1510         (WebCore::MessagePortChannelProviderImpl::messagePortDisentangled):
1511         (WebCore::MessagePortChannelProviderImpl::messagePortClosed):
1512         (WebCore::MessagePortChannelProviderImpl::postMessageToRemote):
1513         (WebCore::MessagePortChannelProviderImpl::takeAllMessagesForPort):
1514         (WebCore::MessagePortChannelProviderImpl::hasMessagesForPorts_temporarySync):
1515         * dom/messageports/MessagePortChannelProviderImpl.h: Added.
1516
1517         Adds a main thread object to handle the set of all MessagePortChannels that are open.
1518         For now it lives in the WebProcess, but for out-of-process it will live in the UIProcess:
1519         * dom/messageports/MessagePortChannelRegistry.cpp: Added.
1520         (WebCore::MessagePortChannelRegistry::~MessagePortChannelRegistry):
1521         (WebCore::MessagePortChannelRegistry::didCreateMessagePortChannel):
1522         (WebCore::MessagePortChannelRegistry::messagePortChannelCreated):
1523         (WebCore::MessagePortChannelRegistry::messagePortChannelDestroyed):
1524         (WebCore::MessagePortChannelRegistry::didEntangleLocalToRemote):
1525         (WebCore::MessagePortChannelRegistry::didDisentangleMessagePort):
1526         (WebCore::MessagePortChannelRegistry::didCloseMessagePort):
1527         (WebCore::MessagePortChannelRegistry::didPostMessageToRemote):
1528         (WebCore::MessagePortChannelRegistry::takeAllMessagesForPort):
1529         (WebCore::MessagePortChannelRegistry::hasMessagesForPorts_temporarySync): This is named against style
1530           and weird on purpose - to call attention to how bad it is and how it's temporary.
1531         (WebCore::MessagePortChannelRegistry::existingChannelContainingPort):
1532         * dom/messageports/MessagePortChannelRegistry.h: Added.
1533
1534         Add an object that represents a "SerializedScriptValue for the message payload and the ports
1535         that are being transferred along with that payload". This is used in all forms of postMessage():
1536         * dom/messageports/MessageWithMessagePorts.cpp: Added.
1537         * dom/messageports/MessageWithMessagePorts.h: Added.
1538
1539         * page/DOMWindow.cpp:
1540         (WebCore::PostMessageTimer::PostMessageTimer):
1541         (WebCore::PostMessageTimer::event):
1542         (WebCore::DOMWindow::postMessage):
1543
1544         * platform/Logging.h:
1545
1546         * workers/DedicatedWorkerGlobalScope.cpp:
1547         (WebCore::DedicatedWorkerGlobalScope::postMessage):
1548
1549         * workers/Worker.cpp:
1550         (WebCore::Worker::postMessage):
1551
1552         * workers/WorkerGlobalScopeProxy.h:
1553
1554         * workers/WorkerMessagingProxy.cpp:
1555         (WebCore::WorkerMessagingProxy::postMessageToWorkerObject):
1556         (WebCore::WorkerMessagingProxy::postMessageToWorkerGlobalScope):
1557         * workers/WorkerMessagingProxy.h:
1558
1559         * workers/WorkerObjectProxy.h:
1560
1561         * workers/service/ServiceWorker.cpp:
1562         (WebCore::ServiceWorker::postMessage):
1563
1564         * workers/service/ServiceWorkerClient.cpp:
1565         (WebCore::ServiceWorkerClient::postMessage):
1566
1567         * workers/service/context/SWContextManager.cpp:
1568         (WebCore::SWContextManager::postMessageToServiceWorker):
1569
1570         * workers/service/context/ServiceWorkerThread.cpp:
1571         (WebCore::fireMessageEvent):
1572         (WebCore::ServiceWorkerThread::postMessageToServiceWorker):
1573         * workers/service/context/ServiceWorkerThread.h:
1574
1575 2018-01-18  Ryan Haddad  <ryanhaddad@apple.com>
1576
1577         Unreviewed build fix, removed unused lambda capture.
1578
1579         * workers/service/context/SWContextManager.cpp:
1580         (WebCore::SWContextManager::ServiceWorkerTerminationRequest::ServiceWorkerTerminationRequest):
1581
1582 2018-01-18  Chris Dumez  <cdumez@apple.com>
1583
1584         We should be able to terminate service workers that are unresponsive
1585         https://bugs.webkit.org/show_bug.cgi?id=181563
1586         <rdar://problem/35280031>
1587
1588         Reviewed by Alex Christensen.
1589
1590         Test: http/tests/workers/service/postmessage-after-terminating-hung-worker.html
1591
1592         * workers/service/context/SWContextManager.cpp:
1593         (WebCore::SWContextManager::terminateWorker):
1594         Before calling WorkerThread::stop(), set a timer with the given timeout parameter.
1595         If the worker thread has not stopped when the timer fires, forcefully exit the
1596         service worker process. The StorageProcess will take care of relaunching the
1597         service worker process if it exits abruptly.
1598
1599         (WebCore::SWContextManager::serviceWorkerFailedToTerminate):
1600         Log error message if we failed to terminate a service worker and call exit().
1601
1602         (WebCore::SWContextManager::ServiceWorkerTerminationRequest::ServiceWorkerTerminationRequest):
1603
1604         * workers/service/context/SWContextManager.h:
1605
1606 2018-01-18  Youenn Fablet  <youenn@apple.com>
1607
1608         Do not go to the storage process when loading a main resource if there is no service worker registered
1609         https://bugs.webkit.org/show_bug.cgi?id=181395
1610
1611         Reviewed by Chris Dumez.
1612
1613         No observable behavior change.
1614         Instead of creating a connection to know whether there is a potential service worker,
1615         Ask the service worker provider that will use the connection if needed.
1616         Otherwise, it will use a default value provided by the UIProcess.
1617
1618         Tested by cleaning all service workers and checking the computed value of the default value,
1619         then observing whether pages registering service workers work well.
1620
1621         * loader/DocumentLoader.cpp:
1622         (WebCore::DocumentLoader::startLoadingMainResource):
1623         * workers/service/ServiceWorkerProvider.cpp:
1624         (WebCore::ServiceWorkerProvider::mayHaveServiceWorkerRegisteredForOrigin):
1625         * workers/service/ServiceWorkerProvider.h:
1626
1627 2018-01-18  Dan Bernstein  <mitz@apple.com>
1628
1629         [Xcode] Streamline and future-proof target-macOS-version-dependent build setting definitions
1630         https://bugs.webkit.org/show_bug.cgi?id=181803
1631
1632         Reviewed by Tim Horton.
1633
1634         * Configurations/Base.xcconfig: Updated.
1635         * Configurations/DebugRelease.xcconfig: Ditto.
1636         * Configurations/FeatureDefines.xcconfig: Adopted macOSTargetConditionals helpers.
1637         * Configurations/Version.xcconfig: Updated.
1638         * Configurations/macOSTargetConditionals.xcconfig: Added. Defines helper build settings
1639           useful for defining settings that depend on the target macOS version.
1640
1641 2018-01-18  Chris Dumez  <cdumez@apple.com>
1642
1643         Service Workers restored from persistent storage have 'redundant' state
1644         https://bugs.webkit.org/show_bug.cgi?id=181749
1645         <rdar://problem/36556486>
1646
1647         Reviewed by Youenn Fablet.
1648
1649         Tested by new API test.
1650
1651         * workers/service/server/SWServer.cpp:
1652         (WebCore::SWServer::installContextData):
1653         Make sure the SWServerWorker's state is set to "activated" after it is assigned to
1654         the registrations' active slot. Otherwise, it stays in its default state (redundant).
1655
1656 2018-01-18  Antti Koivisto  <antti@apple.com>
1657
1658         REGRESSION(r225650): The scores of MotionMark tests Multiply and Leaves dropped by 8%
1659         https://bugs.webkit.org/show_bug.cgi?id=181460
1660         <rdar://problem/36379776>
1661
1662         Reviewed by Ryosuke Niwa.
1663
1664         * css/parser/CSSParser.cpp:
1665         (WebCore::CSSParserContext::CSSParserContext):
1666
1667         Don't do the expensive security origin test if the supplied sheet base URL is null. This
1668         is true for rules coming from the same document.
1669
1670 2018-01-18  Antti Koivisto  <antti@apple.com>
1671
1672         REGRESSION (r223604): Setting :before/after pseudo element on <noscript> asserts
1673         https://bugs.webkit.org/show_bug.cgi?id=181795
1674         <rdar://problem/36334524>
1675
1676         Reviewed by David Kilzer.
1677
1678         <noscript> disallows renderer generation outside CSS mechanisms, however we would still construct
1679         PseudoElements for them during style resolution. These were never removed properly because the
1680         pseudo element removal was tied to render tree teardown. Without proper removal the associated
1681         animations were also not canceled.
1682
1683         Test: fast/css-generated-content/noscript-pseudo-anim-crash.html
1684
1685         * dom/Element.cpp:
1686         (WebCore::Element::removedFromAncestor):
1687
1688         Take care to get rid of PseudoElements when the element is removed from the tree.
1689         This also cancels any associated animations.
1690
1691 2018-01-18  Chris Fleizach  <cfleizach@apple.com>
1692
1693         AX: Aria-activedescendant not supported
1694         https://bugs.webkit.org/show_bug.cgi?id=161734
1695         <rdar://problem/28202679>
1696
1697         Reviewed by Joanmarie Diggs.
1698
1699         When a combo-box owns/controls a list/listbox/grid/tree, the owned element needs to check the active-descendant of the combobox when
1700         checking if it has selected children. 
1701         The target of the selection change notification should also be the owned element in these cases.
1702
1703         Test: accessibility/aria-combobox-controlling-list.html
1704
1705         * accessibility/AccessibilityObject.cpp:
1706         (WebCore::AccessibilityObject::selectedListItem):
1707         * accessibility/AccessibilityObject.h:
1708         * accessibility/AccessibilityRenderObject.cpp:
1709         (WebCore::AccessibilityRenderObject::targetElementForActiveDescendant const):
1710         (WebCore::AccessibilityRenderObject::handleActiveDescendantChanged):
1711         (WebCore::AccessibilityRenderObject::canHaveSelectedChildren const):
1712         (WebCore::AccessibilityRenderObject::selectedChildren):
1713         * accessibility/AccessibilityRenderObject.h:
1714         * accessibility/mac/AXObjectCacheMac.mm:
1715         (WebCore::AXObjectCache::postPlatformNotification):
1716
1717 2018-01-17  Per Arne Vollan  <pvollan@apple.com>
1718
1719         REGRESSION (r224780): Text stroke not applied to video captions.
1720         https://bugs.webkit.org/show_bug.cgi?id=181743
1721         <rdar://problem/35874338>
1722
1723         Reviewed by Simon Fraser.
1724
1725         Tests: media/track/track-css-visible-stroke-expected.html
1726                media/track/track-css-visible-stroke.html
1727
1728         After r224780, it is no longer possible to mix text stroke styles with webkit
1729         legacy text stroke styles.
1730
1731         * css/StyleResolver.cpp:
1732         (WebCore::isValidCueStyleProperty):
1733         * page/CaptionUserPreferencesMediaAF.cpp:
1734         (WebCore::CaptionUserPreferencesMediaAF::captionsTextEdgeCSS const):
1735
1736 2018-01-18  Andy Estes  <aestes@apple.com>
1737
1738         [Payment Request] Support a default shipping address for Apple Pay
1739         https://bugs.webkit.org/show_bug.cgi?id=181754
1740         <rdar://problem/36009733>
1741
1742         Reviewed by Brady Eidson.
1743
1744         Move shippingContact from ApplePayPaymentRequest to ApplePayRequestBase. This allows
1745         merchants to specify a default shipping address when using Apple Pay with Payment Request.
1746
1747         This also fixes a bug found during testing where
1748         +[NSPersonNameComponentsFormatter localizedStringFromPersonNameComponents:style:options:]
1749         would throw an exception when passed a nil NSPersonNameComponents.
1750
1751         Test: http/tests/ssl/applepay/ApplePayRequestShippingContact.https.html
1752
1753         * Modules/applepay/ApplePayPaymentRequest.h:
1754         * Modules/applepay/ApplePayPaymentRequest.idl:
1755         * Modules/applepay/ApplePayRequestBase.cpp:
1756         (WebCore::convertAndValidate):
1757         * Modules/applepay/ApplePayRequestBase.h:
1758         * Modules/applepay/ApplePayRequestBase.idl:
1759         * Modules/applepay/ApplePaySession.cpp:
1760         (WebCore::convertAndValidate):
1761         * Modules/applepay/ApplePaySessionPaymentRequest.h:
1762         (WebCore::ApplePaySessionPaymentRequest::version const):
1763         (WebCore::ApplePaySessionPaymentRequest::setVersion):
1764         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
1765         (WebCore::convert):
1766         * Modules/applepay/paymentrequest/ApplePayRequest.idl:
1767         * testing/MockPaymentCoordinator.cpp:
1768         (WebCore::MockPaymentCoordinator::showPaymentUI):
1769         (WebCore::MockPaymentCoordinator::completeMerchantValidation):
1770         * testing/MockPaymentCoordinator.h:
1771
1772 2018-01-18  Wenson Hsieh  <wenson_hsieh@apple.com>
1773
1774         [iOS] Specify -[NSURL _title] for the associated URL when copying an image element
1775         https://bugs.webkit.org/show_bug.cgi?id=181783
1776         <rdar://problem/35785445>
1777
1778         Reviewed by Ryosuke Niwa.
1779
1780         Always specify the -[NSURL _title] to be either the title specified in a PasteboardImage's inner PasteboardURL,
1781         or if no title is specified, fall back to the user-visible URL string. This is because at least one internal
1782         client always tries to use the -_title property to determine the title of a pasted URL, or if none is specified,
1783         the -suggestedName. Since we need to set suggestedName to the preferred file name of the copied image and we
1784         don't want the suggested name to become the title of the link, we need to explicitly set the link title.
1785
1786         In doing so, this patch also fixes a bug wherein we forget to set the _title of the NSURL we're registering to
1787         an NSItemProvider.
1788
1789         Tests:  ActionSheetTests.CopyImageElementWithHREFAndTitle (new)
1790                 ActionSheetTests.CopyImageElementWithHREF (modified)
1791
1792         * platform/ios/PlatformPasteboardIOS.mm:
1793         (WebCore::PlatformPasteboard::write):
1794
1795 2018-01-17  Jer Noble  <jer.noble@apple.com>
1796
1797         WebVTT served via HLS never results in cues
1798         https://bugs.webkit.org/show_bug.cgi?id=181773
1799
1800         Reviewed by Eric Carlson.
1801
1802         Test: http/tests/media/hls/hls-webvtt-tracks.html
1803
1804         Three independant errors conspired to keep in-band WebVTT samples from parsing:
1805
1806         - The definition of ISOWebVTTCue::boxTypeName() was incorrect.
1807         - ISOWebVTTCue::parse() didn't call it's superclass's parse() method (leading to an incorrect size and offset).
1808         - Use String::fromUTF8() rather than String.adopt(StringVector&&).
1809
1810         * platform/graphics/iso/ISOVTTCue.cpp:
1811         (WebCore::ISOWebVTTCue::parse):
1812         * platform/graphics/iso/ISOVTTCue.h:
1813         (WebCore::ISOWebVTTCue::boxTypeName):
1814
1815 2018-01-17  John Wilander  <wilander@apple.com>
1816
1817         Resource Load Statistics: Block cookies for prevalent resources without user interaction
1818         https://bugs.webkit.org/show_bug.cgi?id=177394
1819         <rdar://problem/34613960>
1820
1821         Reviewed by Alex Christensen.
1822
1823         Tests: http/tests/resourceLoadStatistics/add-blocking-to-redirect.html
1824                http/tests/resourceLoadStatistics/non-prevalent-resources-can-access-cookies-in-a-third-party-context.html
1825                http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html
1826                http/tests/resourceLoadStatistics/remove-partitioning-in-redirect.html
1827
1828         * platform/network/NetworkStorageSession.h:
1829             Now exports NetworkStorageSession::nsCookieStorage().
1830         * platform/network/cf/NetworkStorageSessionCFNet.cpp:
1831         (WebCore::NetworkStorageSession::setPrevalentDomainsToPartitionOrBlockCookies):
1832             Fixes the FIXME.
1833
1834 2018-01-17  Dean Jackson  <dino@apple.com>
1835
1836         Remove linked-on test for Snow Leopard
1837         https://bugs.webkit.org/show_bug.cgi?id=181770
1838
1839         Reviewed by Eric Carlson.
1840
1841         Remove a very old linked-on-or-after test.
1842
1843         * platform/graphics/ca/GraphicsLayerCA.cpp:
1844
1845 2018-01-17  Matt Lewis  <jlewis3@apple.com>
1846
1847         Unreviewed, rolling out r227098.
1848
1849         This broke the build.
1850
1851         Reverted changeset:
1852
1853         "Remove linked-on test for Snow Leopard"
1854         https://bugs.webkit.org/show_bug.cgi?id=181770
1855         https://trac.webkit.org/changeset/227098
1856
1857 2018-01-17  Dean Jackson  <dino@apple.com>
1858
1859         Remove linked-on test for Snow Leopard
1860         https://bugs.webkit.org/show_bug.cgi?id=181770
1861
1862         Reviewed by Eric Carlson.
1863
1864         Remove a very old linked-on-or-after test.
1865
1866         * platform/graphics/ca/GraphicsLayerCA.cpp:
1867
1868 2018-01-17  Stephan Szabo  <stephan.szabo@sony.com>
1869
1870         [Curl] Use ResourceRequest::encodeWithPlatformData()
1871         https://bugs.webkit.org/show_bug.cgi?id=181768
1872
1873         Reviewed by Alex Christensen.
1874
1875         No new tests, assertion hit in downstream port, should be covered by
1876         existing tests.
1877
1878         * platform/network/curl/ResourceRequest.h:
1879         (WebCore::ResourceRequest::encodeWithPlatformData const):
1880         (WebCore::ResourceRequest::decodeWithPlatformData):
1881
1882 2018-01-17  Eric Carlson  <eric.carlson@apple.com>
1883
1884         Use existing RGB colorspace instead of creating a new one
1885         https://bugs.webkit.org/show_bug.cgi?id=181765
1886         <rdar://problem/36595753>
1887
1888         Reviewed by Dean Jackson.
1889
1890         * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm:
1891         (WebCore::ScreenDisplayCaptureSourceMac::createDisplayStream): Use sRGBColorSpaceRef instead
1892         of creating a new static colorspace.
1893
1894 2018-01-17  Matt Lewis  <jlewis3@apple.com>
1895
1896         Unreviewed, rolling out r227076.
1897
1898         This breaks internal builds
1899
1900         Reverted changeset:
1901
1902         "Resource Load Statistics: Block cookies for prevalent
1903         resources without user interaction"
1904         https://bugs.webkit.org/show_bug.cgi?id=177394
1905         https://trac.webkit.org/changeset/227076
1906
1907 2018-01-17  Ryosuke Niwa  <rniwa@webkit.org>
1908
1909         input and textarea elements should reveal selection in setSelection when focused
1910         https://bugs.webkit.org/show_bug.cgi?id=181715
1911         <rdar://problem/36570546>
1912
1913         Reviewed by Zalan Bujtas.
1914
1915         Made input and textarea elements reveal selection in FrameSelection::setSelection instead of by directly
1916         invoking FrameSelection::revealSelection in their respective updateFocusAppearance to unify code paths.
1917
1918         Also added options to reveal selection up to the main frame to SetSelectionOption to be used in iOS.
1919
1920         * editing/FrameSelection.cpp:
1921         (WebCore::FrameSelection::FrameSelection):
1922         (WebCore::FrameSelection::moveWithoutValidationTo): Takes SelectionRevealMode as an argument and converts
1923         sets appropriate selection options.
1924         (WebCore::FrameSelection::setSelection): Reconstruct SelectionRevealMode out of selection option sets.
1925         (WebCore::FrameSelection::updateAndRevealSelection):
1926         * editing/FrameSelection.h:
1927         (WebCore::FrameSelection): Added RevealSelectionUpToMainFrame as a SelectionRevealMode and replaced
1928         m_shouldRevealSelection by m_selectionRevealMode.
1929         * html/HTMLInputElement.cpp:
1930         (WebCore::HTMLInputElement::updateFocusAppearance): Pass SelectionRevealMode to HTMLTextFormControlElement's
1931         select and restoreCachedSelection instead of directly invoking FrameSelection::revealSelection.
1932         * html/HTMLTextAreaElement.cpp:
1933         (WebCore::HTMLTextAreaElement::updateFocusAppearance): Ditto.
1934         * html/HTMLTextFormControlElement.cpp:
1935         (WebCore::HTMLTextFormControlElement::select):
1936         (WebCore::HTMLTextFormControlElement::setSelectionRange):
1937         (WebCore::HTMLTextFormControlElement::restoreCachedSelection):
1938         * html/HTMLTextFormControlElement.h:
1939
1940 2018-01-17  Michael Catanzaro  <mcatanzaro@igalia.com>
1941
1942         WEBKIT_FRAMEWORK should not modify file-global include directories
1943         https://bugs.webkit.org/show_bug.cgi?id=181656
1944
1945         Reviewed by Konstantin Tokarev.
1946
1947         * CMakeLists.txt:
1948         * PlatformWPE.cmake:
1949
1950 2018-01-17  Michael Catanzaro  <mcatanzaro@igalia.com>
1951
1952         [GTK] Try even harder not to static link WTF into libwebkit2gtk
1953         https://bugs.webkit.org/show_bug.cgi?id=181751
1954
1955         Reviewed by Alex Christensen.
1956
1957         We don't want two copies of WTF. It should only be in libjavascriptcoregtk.
1958
1959         * PlatformGTK.cmake:
1960
1961 2018-01-17  Zalan Bujtas  <zalan@apple.com>
1962
1963         Multicol: RenderMultiColumnFlow should not inherit the flow state
1964         https://bugs.webkit.org/show_bug.cgi?id=181762
1965         <rdar://problem/35448565>
1966
1967         Reviewed by Simon Fraser.
1968
1969         Do not compute the inherited flow state flag for RenderMultiColumnFlow.
1970         It is (by definition) always inside a fragmented flow.
1971
1972         Test: fast/multicol/crash-when-out-of-flow-positioned-becomes-in-flow.html
1973
1974         * rendering/RenderObject.cpp:
1975         (WebCore::RenderObject::computedFragmentedFlowState):
1976
1977 2018-01-17  Alex Christensen  <achristensen@webkit.org>
1978
1979         Deprecate Application Cache
1980         https://bugs.webkit.org/show_bug.cgi?id=181764
1981
1982         Reviewed by Geoffrey Garen.
1983
1984         * features.json:
1985
1986 2018-01-17  Wenson Hsieh  <wenson_hsieh@apple.com>
1987
1988         [iOS simulator] API test WKAttachmentTests.InjectedBundleReplaceURLWhenPastingImage is failing
1989         https://bugs.webkit.org/show_bug.cgi?id=181758
1990
1991         Reviewed by Tim Horton.
1992
1993         This test is failing because Editor::clientReplacementURLForResource expects a MIME type, but on iOS, the type
1994         paramter passed into WebContentReader::readImage is a UTI; subsequently, the bundle editing delegate receives
1995         a MIME type that's actually a UTI, which is incorrect. To address this, ensure that a MIME type is passed to
1996         bundle SPI by converting the type in WebContentReader::readImage to a MIME type.
1997
1998         * editing/cocoa/WebContentReaderCocoa.mm:
1999         (WebCore::WebContentReader::readImage):
2000
2001 2018-01-17  Antti Koivisto  <antti@apple.com>
2002
2003         REGRESSION (r226385?): Crash in com.apple.WebCore: WebCore::MediaQueryEvaluator::evaluate const + 32
2004         https://bugs.webkit.org/show_bug.cgi?id=181742
2005         <rdar://problem/36334726>
2006
2007         Reviewed by David Kilzer.
2008
2009         Test: fast/media/mediaqueryevaluator-crash.html
2010
2011         * css/MediaQueryEvaluator.cpp:
2012         (WebCore::MediaQueryEvaluator::MediaQueryEvaluator):
2013
2014         Use WeakPtr<Document> instead of a plain Frame pointer.
2015
2016         (WebCore::MediaQueryEvaluator::evaluate const):
2017
2018         Get the frame via document.
2019
2020         * css/MediaQueryEvaluator.h:
2021         * dom/Document.cpp:
2022         (WebCore::Document::prepareForDestruction):
2023
2024         Take care to clear style resolver.
2025
2026 2018-01-17  Youenn Fablet  <youenn@apple.com>
2027
2028         Put fetch request keepAlive behind a runtime flag
2029         https://bugs.webkit.org/show_bug.cgi?id=181592
2030
2031         Reviewed by Chris Dumez.
2032
2033         No change of behavior.
2034
2035         * Modules/fetch/FetchRequest.idl:
2036         * page/RuntimeEnabledFeatures.h:
2037         (WebCore::RuntimeEnabledFeatures::fetchAPIKeepAliveEnabled const):
2038         (WebCore::RuntimeEnabledFeatures::setFetchAPIKeepAliveEnabled):
2039
2040 2018-01-17  Per Arne Vollan  <pvollan@apple.com>
2041
2042         [Win] Use switch when converting from ResourceRequestCachePolicy to platform cache policy.
2043         https://bugs.webkit.org/show_bug.cgi?id=181686
2044
2045         Reviewed by Alex Christensen.
2046
2047         No new tests, covered by existing tests.
2048
2049         A switch will make the function easier on the eyes. Also, use the function in places where the ResourceRequestCachePolicy
2050         is just casted to a platform cache policy.
2051
2052         * platform/network/cf/ResourceRequestCFNet.cpp:
2053         (WebCore::toPlatformRequestCachePolicy):
2054
2055 2018-01-17  John Wilander  <wilander@apple.com>
2056
2057         Resource Load Statistics: Block cookies for prevalent resources without user interaction
2058         https://bugs.webkit.org/show_bug.cgi?id=177394
2059         <rdar://problem/34613960>
2060
2061         Reviewed by Alex Christensen.
2062
2063         Tests: http/tests/resourceLoadStatistics/add-blocking-to-redirect.html
2064                http/tests/resourceLoadStatistics/non-prevalent-resources-can-access-cookies-in-a-third-party-context.html
2065                http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html
2066                http/tests/resourceLoadStatistics/remove-partitioning-in-redirect.html
2067
2068         * platform/network/NetworkStorageSession.h:
2069             Now exports NetworkStorageSession::nsCookieStorage().
2070         * platform/network/cf/NetworkStorageSessionCFNet.cpp:
2071         (WebCore::NetworkStorageSession::setPrevalentDomainsToPartitionOrBlockCookies):
2072             Fixes the FIXME.
2073
2074 2018-01-17  Daniel Bates  <dabates@apple.com>
2075
2076         REGRESSION (r222795): Cardiogram never signs in
2077         https://bugs.webkit.org/show_bug.cgi?id=181693
2078         <rdar://problem/36286293>
2079
2080         Reviewed by Ryosuke Niwa.
2081
2082         Exempt Cardiogram from the XHR header restrictions in r222795.
2083
2084         Following r222795 only Dashboard widgets are allowed to set arbitrary XHR headers.
2085         However Cardiogram also depends on such functionality.
2086
2087         Test: fast/xmlhttprequest/set-dangerous-headers-from-file-when-setting-enabled.html
2088
2089         * page/Settings.yaml:
2090         * platform/RuntimeApplicationChecks.h:
2091         * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
2092         (WebCore::IOSApplication::isCardiogram):
2093         * xml/XMLHttpRequest.cpp:
2094         (WebCore::XMLHttpRequest::setRequestHeader):
2095
2096 2018-01-17  Daniel Bates  <dabates@apple.com>
2097
2098         ASSERTION FAILED: !m_completionHandler in PingHandle::~PingHandle()
2099         https://bugs.webkit.org/show_bug.cgi?id=181746
2100         <rdar://problem/36586248>
2101
2102         Reviewed by Chris Dumez.
2103
2104         Call PingHandle::pingLoadComplete() with an error when NSURLConnection queries
2105         whether the ping is able to respond to an authentication request. (Pings do not
2106         respond to authenticate requests.) It will call the completion handler, nullify
2107         the completion handler, and deallocate the PingHandle. Nullifying the completion
2108         handler is necessary to avoid the assertion failure in ~PingHandle().
2109
2110         Test: http/tests/misc/before-unload-load-image.html
2111
2112         * platform/network/PingHandle.h:
2113
2114 2018-01-17  Daniel Bates  <dabates@apple.com>
2115
2116         WebCoreResourceHandleAsOperationQueueDelegate/ResourceHandleCFURLConnectionDelegateWithOperationQueue may
2117         be deleted in main thread callback
2118         https://bugs.webkit.org/show_bug.cgi?id=181747
2119         <rdar://problem/36588120>
2120
2121         Reviewed by Alex Christensen.
2122
2123         Retain the delegate (e.g. WebCoreResourceHandleAsOperationQueueDelegate) before scheduling
2124         a main thread callback and blocking on a semaphore for its reply because the main thread
2125         callback can do anything, including deleting the delegate, before the non-main thread
2126         has a chance to execute. For instance, a PingHandle will delete itself (and hence delete
2127         its resource handle delegate) in most of the code paths invoked by the delegate.
2128
2129         * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
2130         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):
2131         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
2132         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
2133         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace):
2134         * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
2135         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]):
2136         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]):
2137         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
2138         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willCacheResponse:]):
2139
2140 2018-01-17  Chris Dumez  <cdumez@apple.com>
2141
2142         'fetch' event may be sent to a service worker before its state is set to 'activated'
2143         https://bugs.webkit.org/show_bug.cgi?id=181698
2144         <rdar://problem/36554856>
2145
2146         Reviewed by Youenn Fablet.
2147
2148         'fetch' event may be sent to a service worker before its state is set to 'activated'.
2149         When the registration's active worker needs to intercept a load, and its state is 'activating',
2150         we queue the request to send the fetch event in SWServerWorker::m_whenActivatedHandlers.
2151         Once the SWServerWorker::setState() is called with 'activated' state, we then call the
2152         handlers in m_whenActivatedHandlers to make send the fetch event now that the worker is
2153         activated. The issue is that even though the worker is activated and its state was set to
2154         'activated' on Storage process side, we had not yet notified the ServiceWorker process
2155         of the service worker's new state yet.
2156
2157         To address the issue, we now make sure that SWServerWorker::m_whenActivatedHandlers are
2158         called *after* we've sent the IPC to the ServiceWorker process to update the worker's
2159         state to 'activated'. Also, we now call ServiceWorkerFetch::dispatchFetchEvent()
2160         asynchronously in a postTask() as the service worker's state is also updated asynchronously
2161         in a postTask. This is as per specification [1], which says to "queue a task" to fire
2162         the fetch event.
2163
2164         [1] https://w3c.github.io/ServiceWorker/#on-fetch-request-algorithm (step 18)
2165
2166         No new tests, covered by imported/w3c/web-platform-tests/service-workers/service-worker/fetch-waits-for-activate.https.html
2167         which hits the new assertion without the fix.
2168
2169         * workers/service/context/ServiceWorkerFetch.cpp:
2170         (WebCore::ServiceWorkerFetch::dispatchFetchEvent):
2171         Add assertions to make sure that we dispatch the fetch event on the right worker and
2172         that the worker is in 'activated' state.
2173
2174         * workers/service/context/ServiceWorkerThread.cpp:
2175         (WebCore::ServiceWorkerThread::postFetchTask):
2176         Queue a task to fire the fetch event as per:
2177         - https://w3c.github.io/ServiceWorker/#on-fetch-request-algorithm (step 18)
2178         We need to match the specification exactly here or things will happen in the wrong
2179         order. In particular, things like "update registration state" and "update worker state"
2180         might happen *after* firing the fetch event, even though the IPC for "update registration/worker
2181         state" was sent before the "fire fetch event" one, because the code for updating a registration/
2182         worker state already queues a task, as per the specification.
2183
2184         * workers/service/server/SWServerRegistration.cpp:
2185         (WebCore::SWServerRegistration::updateWorkerState):
2186         * workers/service/server/SWServerRegistration.h:
2187         * workers/service/server/SWServerWorker.cpp:
2188         (WebCore::SWServerWorker::setState):
2189         Move code to send the IPC to the Service Worker process whenever the service worker's state
2190         needs to be updated from SWServerRegistration::updateWorkerState() to SWServerWorker::setState().
2191         This way, we can make sure the IPC is sent *before* we call the m_whenActivatedHandlers handlers,
2192         as they may also send IPC to the Service Worker process, and we need to make sure this IPC happens
2193         after so that the service worker is in the right state.
2194
2195 2018-01-17  Stephan Szabo  <stephan.szabo@sony.com>
2196
2197         Page.cpp only sees forward declaration of ApplicationStateChangeListener when ENABLE(VIDEO) is off
2198         https://bugs.webkit.org/show_bug.cgi?id=181713
2199
2200         Reviewed by Darin Adler.
2201
2202         No new tests (build fix).
2203
2204         * page/Page.cpp: Add include for ApplicationStateChangeListener
2205
2206 2018-01-17  Wenson Hsieh  <wenson_hsieh@apple.com>
2207
2208         Add injected bundle SPI to replace subresource URLs when dropping or pasting rich content
2209         https://bugs.webkit.org/show_bug.cgi?id=181637
2210         <rdar://problem/36508471>
2211
2212         Reviewed by Tim Horton.
2213
2214         Before carrying out blob URL conversion for pasted or dropped rich content, let the editor client replace
2215         subresource URLs in WebKit2 by calling out to new injected bundle SPI. See comments below for more detail.
2216
2217         Tests:  WKAttachmentTests.InjectedBundleReplaceURLsWhenPastingAttributedString
2218                 WKAttachmentTests.InjectedBundleReplaceURLWhenPastingImage
2219
2220         * editing/Editor.cpp:
2221         (WebCore::Editor::clientReplacementURLForResource):
2222         * editing/Editor.h:
2223
2224         Add a new helper to call out to the editor client for a URL string to replace a given ArchiveResource. In
2225         WebKit2, this calls out to the injected bundle's new `replacementURLForResource` SPI hook.
2226
2227         * editing/cocoa/WebContentReaderCocoa.mm:
2228         (WebCore::shouldReplaceSubresourceURL):
2229         (WebCore::replaceRichContentWithAttachments):
2230         (WebCore::replaceSubresourceURLsWithURLsFromClient):
2231
2232         Add a new static helper to replace subresource URLs in the given DocumentFragment with URLs supplied by the
2233         editor client. Additionally builds a list of ArchiveResources that have not been replaced, for use at call sites
2234         so that we don't unnecessarily create more Blobs for ArchiveResources that have already been replaced.
2235
2236         (WebCore::createFragmentAndAddResources):
2237         (WebCore::sanitizeMarkupWithArchive):
2238
2239         Tweak web content reading codepaths to first replace subresource URLs with editor-client-supplied URLs.
2240
2241         (WebCore::WebContentReader::readImage):
2242         (WebCore::shouldConvertToBlob): Deleted.
2243
2244         Rename this helper to shouldReplaceSubresourceURL, blob URL replacement is no longer the only scenario in which
2245         we replace resource URLs, but in both cases, we still want to ignore `http:`-family and `data:` URLs.
2246
2247         * loader/EmptyClients.cpp:
2248         * page/EditorClient.h:
2249
2250 2018-01-17  Yacine Bandou  <yacine.bandou_ext@softathome.com>
2251         [EME][GStreamer] Add the full-sample encryption support in the GStreamer ClearKey decryptor
2252         https://bugs.webkit.org/show_bug.cgi?id=180080
2253
2254         Reviewed by Xabier Rodriguez-Calvar.
2255
2256         Currently the GStreamer clearKey decryptor doesn't support the full-sample encryption,
2257         where the buffer is entirely encrypted, it supports only the sub-sample encryption.
2258
2259         Test: media/encrypted-media/clearKey/clearKey-cenc-audio-playback-mse.html
2260
2261         * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
2262         (webKitMediaClearKeyDecryptorDecrypt):
2263
2264 2018-01-17  Zan Dobersek  <zdobersek@igalia.com>
2265
2266         Unreviewed follow-up to r227051.
2267
2268         * platform/graphics/cairo/CairoOperations.h: Fix declaration of the
2269         fillRoundedRect() function by removing the bool parameter that's not
2270         used at all in the definition. This went unspotted due to the unified
2271         source build including the implementation file before fillRoundedRect()
2272         usage in GrapihcsContextCairo.cpp, leaving the declaration undefined
2273         and instead using the definition directly.
2274
2275 2018-01-17  Zan Dobersek  <zdobersek@igalia.com>
2276
2277         [Cairo] Don't mirror global alpha and image interpolation quality state values in PlatformContextCairo
2278         https://bugs.webkit.org/show_bug.cgi?id=181725
2279
2280         Reviewed by Carlos Garcia Campos.
2281
2282         Don't duplicate global alpha and image interpolation quality state
2283         values on the PlatformContextCairo. Instead, retrieve them from
2284         the managing GraphicsContextState when necessary.
2285
2286         For Cairo operations, the FillSource and StrokeSource containers now
2287         store the global alpha value, using it during the operation executions.
2288         For drawNativeImage(), the global alpha and interpolation quality values
2289         are passed through arguments.
2290
2291         In PlatformContextCairo, the two values are no longer stored on the
2292         internally-managed stack, and the getter-setter pairs for the two values
2293         are removed. In drawSurfaceToContext(), the two values are now expected
2294         to be passed through the method arguments.
2295
2296         No new tests -- no change in behavior.
2297
2298         * platform/graphics/cairo/CairoOperations.cpp:
2299         (WebCore::Cairo::prepareForFilling):
2300         (WebCore::Cairo::prepareForStroking):
2301         (WebCore::Cairo::drawPathShadow):
2302         (WebCore::Cairo::fillCurrentCairoPath):
2303         (WebCore::Cairo::FillSource::FillSource):
2304         (WebCore::Cairo::StrokeSource::StrokeSource):
2305         (WebCore::Cairo::strokeRect):
2306         (WebCore::Cairo::strokePath):
2307         (WebCore::Cairo::drawGlyphs):
2308         (WebCore::Cairo::drawNativeImage):
2309         (WebCore::Cairo::State::setGlobalAlpha): Deleted.
2310         (WebCore::Cairo::State::setImageInterpolationQuality): Deleted.
2311         * platform/graphics/cairo/CairoOperations.h:
2312         * platform/graphics/cairo/GraphicsContextCairo.cpp:
2313         (WebCore::GraphicsContext::drawNativeImage):
2314         (WebCore::GraphicsContext::setPlatformAlpha):
2315         (WebCore::GraphicsContext::setPlatformImageInterpolationQuality):
2316         * platform/graphics/cairo/PlatformContextCairo.cpp:
2317         (WebCore::PlatformContextCairo::save):
2318         (WebCore::PlatformContextCairo::drawSurfaceToContext):
2319         (WebCore::PlatformContextCairo::State::State): Deleted.
2320         (WebCore::PlatformContextCairo::setImageInterpolationQuality): Deleted.
2321         (WebCore::PlatformContextCairo::imageInterpolationQuality const): Deleted.
2322         (WebCore::PlatformContextCairo::globalAlpha const): Deleted.
2323         (WebCore::PlatformContextCairo::setGlobalAlpha): Deleted.
2324         * platform/graphics/cairo/PlatformContextCairo.h:
2325         * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
2326         (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::paintCurrentFrame):
2327
2328 2018-01-17  Philippe Normand  <pnormand@igalia.com>
2329
2330         REGRESSION(r226973/r226974): Four multimedia tests failing
2331         https://bugs.webkit.org/show_bug.cgi?id=181696
2332
2333         Reviewed by Carlos Garcia Campos.
2334
2335         This patch reverts some of the changes of the above revisions so as to fix layout test failures.
2336
2337         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2338         (WebCore::MediaPlayerPrivateGStreamer::handleMessage): Properly
2339         prepare stalled event when an error was detected.
2340         (WebCore::MediaPlayerPrivateGStreamer::processBufferingStats): Revert to previous version.
2341         (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired): Ditto.
2342         (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress const):
2343         Emit progress event also when streaming but not when an error was
2344         detected.
2345         (WebCore::MediaPlayerPrivateGStreamer::totalBytes const): use isLiveStream like everywhere else.
2346         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
2347         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
2348         (webkit_web_src_init): Revert to keep-alive FALSE by default.
2349
2350 2018-01-17  Zan Dobersek  <zdobersek@igalia.com>
2351
2352         [Cairo] Move prepareForFilling(), prepareForStroking() code to CairoOperations
2353         https://bugs.webkit.org/show_bug.cgi?id=181721
2354
2355         Reviewed by Carlos Garcia Campos.
2356
2357         Move the prepareForFilling() and prepareForStroking() code off of the
2358         PlatformContextCairo class and into static functions inside the
2359         CairoOperations implementation files. The original methods weren't
2360         called from any place other than the Cairo operations, and they only
2361         operated with the cairo_t object that's stored in and retrievable from
2362         the PlatformContextCairo object.
2363
2364         No new tests -- no change in behavior.
2365
2366         * platform/graphics/cairo/CairoOperations.cpp:
2367         (WebCore::Cairo::reduceSourceByAlpha):
2368         (WebCore::Cairo::prepareCairoContextSource):
2369         (WebCore::Cairo::clipForPatternFilling):
2370         (WebCore::Cairo::prepareForFilling):
2371         (WebCore::Cairo::prepareForStroking):
2372         (WebCore::Cairo::drawPathShadow):
2373         (WebCore::Cairo::fillCurrentCairoPath):
2374         (WebCore::Cairo::strokeRect):
2375         (WebCore::Cairo::strokePath):
2376         (WebCore::Cairo::drawGlyphs):
2377         * platform/graphics/cairo/PlatformContextCairo.cpp:
2378         (WebCore::reduceSourceByAlpha): Deleted.
2379         (WebCore::prepareCairoContextSource): Deleted.
2380         (WebCore::PlatformContextCairo::prepareForFilling): Deleted.
2381         (WebCore::PlatformContextCairo::prepareForStroking): Deleted.
2382         (WebCore::PlatformContextCairo::clipForPatternFilling): Deleted.
2383         * platform/graphics/cairo/PlatformContextCairo.h:
2384
2385 2018-01-17  Zan Dobersek  <zdobersek@igalia.com>
2386
2387         [Cairo] Use one-time ShadowBlur objects when performing shadowing
2388         https://bugs.webkit.org/show_bug.cgi?id=181720
2389
2390         Reviewed by Carlos Garcia Campos.
2391
2392         Don't maintain a ShadowBlur object in the PlatformContextCairo class.
2393         Instead, use temporary ShadowBlur objects whenever shadowing is needed,
2394         providing all the shadow state information to it and drawing shadow into
2395         the given GraphicsContext object.
2396
2397         ShadowBlur constructors are cleaned up. The 'shadows ignored' argument
2398         can now also be provided to the variant that accepts explicit shadow
2399         attributes, but the argument is false by default.
2400
2401         In CairoOperations, the ShadowBlurUsage functionality is rolled into the
2402         new ShadowState class. ShadowState parameter is now used for operations
2403         that might need to perform shadow painting. Call sites are modified
2404         accordingly.
2405
2406         Cairo::State::setShadowValues() and Cairo::State::clearShadow() are
2407         removed, since the ShadowBlur object that was modified through those is
2408         being removed from the PlatformContextCairo class. We still have to flip
2409         the Y-axis of the shadow offset in GraphicsContext::setPlatformShadow()
2410         when shadows are ignoring transformations.
2411
2412         No new tests -- no change in behavior.
2413
2414         * platform/graphics/ShadowBlur.cpp:
2415         (WebCore::ShadowBlur::ShadowBlur):
2416         * platform/graphics/ShadowBlur.h:
2417         * platform/graphics/cairo/CairoOperations.cpp:
2418         (WebCore::Cairo::drawPathShadow):
2419         (WebCore::Cairo::drawGlyphsShadow):
2420         (WebCore::Cairo::ShadowState::ShadowState):
2421         (WebCore::Cairo::ShadowState::isVisible const):
2422         (WebCore::Cairo::ShadowState::isRequired const):
2423         (WebCore::Cairo::fillRect):
2424         (WebCore::Cairo::fillRoundedRect):
2425         (WebCore::Cairo::fillRectWithRoundedHole):
2426         (WebCore::Cairo::fillPath):
2427         (WebCore::Cairo::strokeRect):
2428         (WebCore::Cairo::strokePath):
2429         (WebCore::Cairo::drawGlyphs):
2430         (WebCore::Cairo::drawNativeImage):
2431         (WebCore::Cairo::State::setShadowValues): Deleted.
2432         (WebCore::Cairo::State::clearShadow): Deleted.
2433         (WebCore::Cairo::ShadowBlurUsage::ShadowBlurUsage): Deleted.
2434         (WebCore::Cairo::ShadowBlurUsage::required const): Deleted.
2435         * platform/graphics/cairo/CairoOperations.h:
2436         * platform/graphics/cairo/FontCairo.cpp:
2437         (WebCore::FontCascade::drawGlyphs):
2438         * platform/graphics/cairo/GraphicsContextCairo.cpp:
2439         (WebCore::GraphicsContext::restorePlatformState):
2440         (WebCore::GraphicsContext::drawNativeImage):
2441         (WebCore::GraphicsContext::fillPath):
2442         (WebCore::GraphicsContext::strokePath):
2443         (WebCore::GraphicsContext::fillRect):
2444         (WebCore::GraphicsContext::setPlatformShadow):
2445         (WebCore::GraphicsContext::clearPlatformShadow):
2446         (WebCore::GraphicsContext::strokeRect):
2447         (WebCore::GraphicsContext::platformFillRoundedRect):
2448         (WebCore::GraphicsContext::fillRectWithRoundedHole):
2449         * platform/graphics/cairo/PlatformContextCairo.cpp:
2450         (WebCore::PlatformContextCairo::drawSurfaceToContext):
2451         * platform/graphics/cairo/PlatformContextCairo.h:
2452         (WebCore::PlatformContextCairo::shadowBlur): Deleted.
2453         * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
2454         (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::paintCurrentFrame):
2455
2456 2018-01-17  Zan Dobersek  <zdobersek@igalia.com>
2457
2458         CanvasImageData: createImageData() parameter should not be nullable
2459         https://bugs.webkit.org/show_bug.cgi?id=181670
2460
2461         Reviewed by Sam Weinig.
2462
2463         createImageData() method on the CanvasImageData interface should not
2464         treat the ImageData parameter as nullable, but should instead reject any
2465         null values with a TypeError, as demanded by the specification.
2466
2467         No new tests -- current tests covering createImageData(null) are updated
2468         to properly cover new behavior of throwing a TypeError exception.
2469
2470         * html/canvas/CanvasImageData.idl:
2471         * html/canvas/CanvasRenderingContext2DBase.cpp:
2472         (WebCore::CanvasRenderingContext2DBase::createImageData const):
2473         * html/canvas/CanvasRenderingContext2DBase.h:
2474
2475 2018-01-16  Fujii Hironori  <Hironori.Fujii@sony.com>
2476
2477         [CMake] Remove WebCoreDerivedSources library target
2478         https://bugs.webkit.org/show_bug.cgi?id=181664
2479
2480         Reviewed by Carlos Garcia Campos.
2481
2482         After unified source build has been introduced, CMake Visual
2483         Studio build suffers complicated unnecessary recompilation issues
2484         because Visual Studio invokes scripts twice in both WebCore and
2485         WebCoreDerivedSources projects (Bug 181117).
2486
2487         WebCoreDerivedSources library has been introduced in r198766 to
2488         avoid command line length limit of CMake Ninja build on macOS.
2489         Fortunately, unified source build has reduced the number of source
2490         files to compile, WebCore doesn't need to be split anymore.
2491
2492         No new tests (No behavior change)
2493
2494         * CMakeLists.txt: Replaced WebCore_DERIVED_SOURCES with WebCore_SOURCES. Removed WebCoreDerivedSources library target.
2495         Do not compile each JavaScript Builtins.cpp files because the unified source WebCoreJSBuiltins.cpp is already included.
2496         * PlatformGTK.cmake: Replaced WebCore_DERIVED_SOURCES with WebCore_SOURCES.
2497         * PlatformWin.cmake: Ditto.
2498
2499 2018-01-16  Simon Fraser  <simon.fraser@apple.com>
2500
2501         Can't scroll iframe after toggling it to display:none and back
2502         https://bugs.webkit.org/show_bug.cgi?id=181708
2503         rdar://problem/13234778
2504
2505         Reviewed by Tim Horton.
2506
2507         Nothing updated the FrameView's set of scrollable areas when a subframe came back from display:none.
2508         Mirror the existing virtual removeChild() by making addChild() virtual, and using it to mark
2509         the FrameView's scrollable area set as dirty.
2510
2511         Test: tiled-drawing/scrolling/non-fast-region/non-fast-scrollable-region-hide-show-iframe.html
2512
2513         * page/FrameView.cpp:
2514         (WebCore::FrameView::addChild):
2515         * page/FrameView.h:
2516         * platform/ScrollView.h:
2517
2518 2018-01-16  Chris Dumez  <cdumez@apple.com>
2519
2520         SWServerWorker::m_contextConnectionIdentifier may get out of date
2521         https://bugs.webkit.org/show_bug.cgi?id=181687
2522         <rdar://problem/36548111>
2523
2524         Reviewed by Brady Eidson.
2525
2526         SWServerWorker::m_contextConnectionIdentifier may get out of date. This happens when the
2527         context process crashes and is relaunched.
2528
2529         No new tests, added assertion in terminateWorkerInternal() that hits without this fix.
2530
2531         * workers/service/server/SWServer.cpp:
2532         (WebCore::SWServer::runServiceWorker):
2533         (WebCore::SWServer::terminateWorkerInternal):
2534         (WebCore::SWServer::unregisterServiceWorkerClient):
2535         * workers/service/server/SWServerWorker.h:
2536         (WebCore::SWServerWorker::setContextConnectionIdentifier):
2537
2538 2018-01-16  Jer Noble  <jer.noble@apple.com>
2539
2540         Reset MediaSourcePrivateAVFObjC's m_sourceBufferWithSelectedVideo when the underlying SourceBufferPrivate is removed.
2541         https://bugs.webkit.org/show_bug.cgi?id=181707
2542         <rdar://problem/34809474>
2543
2544         Reviewed by Eric Carlson.
2545
2546         Test: media/media-source/media-source-remove-unload-crash.html
2547
2548         * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
2549         (WebCore::MediaSourcePrivateAVFObjC::removeSourceBuffer):
2550
2551 2018-01-12  Jiewen Tan  <jiewen_tan@apple.com>
2552
2553         [WebAuthN] Implement dummy WebAuthN IDLs
2554         https://bugs.webkit.org/show_bug.cgi?id=181627
2555         <rdar://problem/36459864>
2556
2557         Reviewed by Alex Christensen.
2558
2559         This patch implements dummy WebAuthN IDLs and connect them with Credential Management as well.
2560         All implementations in this patch are subject to change when real implementations land. The
2561         purpose here on the other hand is to have IDLs, bindings and implementations connected. This
2562         patch should handle all IDLs that we need.
2563
2564         No tests.
2565
2566         * CMakeLists.txt:
2567         * DerivedSources.make:
2568         * Modules/credentialmanagement/CredentialCreationOptions.h:
2569         * Modules/credentialmanagement/CredentialCreationOptions.idl:
2570         * Modules/credentialmanagement/CredentialRequestOptions.h:
2571         * Modules/credentialmanagement/CredentialRequestOptions.idl:
2572         * Modules/webauthn/AuthenticatorAssertionResponse.cpp: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp.
2573         (WebCore::AuthenticatorAssertionResponse::AuthenticatorAssertionResponse):
2574         (WebCore::AuthenticatorAssertionResponse::~AuthenticatorAssertionResponse):
2575         (WebCore::AuthenticatorAssertionResponse::authenticatorData):
2576         (WebCore::AuthenticatorAssertionResponse::signature):
2577         (WebCore::AuthenticatorAssertionResponse::userHandle):
2578         * Modules/webauthn/AuthenticatorAssertionResponse.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
2579         * Modules/webauthn/AuthenticatorAssertionResponse.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
2580         * Modules/webauthn/AuthenticatorAttestationResponse.cpp: Copied from Source/WebCore/Modules/credentialmanagement/CredentialCreationOptions.h.
2581         (WebCore::AuthenticatorAttestationResponse::AuthenticatorAttestationResponse):
2582         (WebCore::AuthenticatorAttestationResponse::~AuthenticatorAttestationResponse):
2583         (WebCore::AuthenticatorAttestationResponse::attestationObject):
2584         * Modules/webauthn/AuthenticatorAttestationResponse.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
2585         * Modules/webauthn/AuthenticatorAttestationResponse.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
2586         * Modules/webauthn/AuthenticatorResponse.cpp: Copied from Source/WebCore/Modules/credentialmanagement/CredentialCreationOptions.h.
2587         (WebCore::AuthenticatorResponse::AuthenticatorResponse):
2588         (WebCore::AuthenticatorResponse::~AuthenticatorResponse):
2589         (WebCore::AuthenticatorResponse::clientDataJSON):
2590         * Modules/webauthn/AuthenticatorResponse.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
2591         * Modules/webauthn/AuthenticatorResponse.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
2592         * Modules/webauthn/PublicKeyCredential.cpp:
2593         (WebCore::PublicKeyCredential::rawId):
2594         (WebCore::PublicKeyCredential::response):
2595         (WebCore::PublicKeyCredential::getClientExtensionResults):
2596         (WebCore::PublicKeyCredential::isUserVerifyingPlatformAuthenticatorAvailable):
2597         * Modules/webauthn/PublicKeyCredential.h:
2598         * Modules/webauthn/PublicKeyCredential.idl:
2599         * Modules/webauthn/PublicKeyCredentialCreationOptions.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
2600         * Modules/webauthn/PublicKeyCredentialCreationOptions.idl: Added.
2601         * Modules/webauthn/PublicKeyCredentialDescriptor.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialCreationOptions.h.
2602         * Modules/webauthn/PublicKeyCredentialDescriptor.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
2603         * Modules/webauthn/PublicKeyCredentialRequestOptions.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialCreationOptions.h.
2604         * Modules/webauthn/PublicKeyCredentialRequestOptions.idl: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
2605         * Modules/webauthn/PublicKeyCredentialType.h: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
2606         * Modules/webauthn/PublicKeyCredentialType.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
2607         * Sources.txt:
2608         * WebCore.xcodeproj/project.pbxproj:
2609         * bindings/js/WebCoreBuiltinNames.h:
2610
2611 2018-01-16  Zalan Bujtas  <zalan@apple.com>
2612
2613         AX: Do not trigger layout in updateBackingStore() unless it is safe to do so
2614         https://bugs.webkit.org/show_bug.cgi?id=181703
2615         <rdar://problem/36365706>
2616
2617         Reviewed by Ryosuke Niwa.
2618
2619         Document::isSafeToUpdateStyleOrLayout() can tell whether it is safe to run layout.
2620
2621         Unable to create test with WebInspector involved. 
2622
2623         * accessibility/AccessibilityObject.cpp:
2624         (WebCore::AccessibilityObject::updateBackingStore):
2625         * dom/Document.cpp:
2626         (WebCore::Document::isSafeToUpdateStyleOrLayout const):
2627         (WebCore::Document::updateStyleIfNeeded):
2628         (WebCore::Document::updateLayout):
2629         (WebCore::isSafeToUpdateStyleOrLayout): Deleted.
2630         * dom/Document.h:
2631
2632 2018-01-16  Ryan Haddad  <ryanhaddad@apple.com>
2633
2634         Unreviewed, rolling out r226962.
2635
2636         The LayoutTest added with this change is a flaky timeout.
2637
2638         Reverted changeset:
2639
2640         "Support for preconnect Link headers"
2641         https://bugs.webkit.org/show_bug.cgi?id=181657
2642         https://trac.webkit.org/changeset/226962
2643
2644 2018-01-16  Simon Fraser  <simon.fraser@apple.com>
2645
2646         Text looks bad on some CSS spec pages
2647         https://bugs.webkit.org/show_bug.cgi?id=181700
2648         rdar://problem/36552107
2649
2650         Reviewed by Tim Horton.
2651
2652         When making new tiles in a TileController, we failed to set their "supports antialiased layer text"
2653         setting, so tile caches could end up with a mixture of layers that do and do not support
2654         antialiased layer text.
2655
2656         No tests because the tiled drawing tests don't dump out tiles inside of tile caches.
2657
2658         * platform/graphics/ca/TileController.cpp:
2659         (WebCore::TileController::createTileLayer):
2660
2661 2018-01-16  Said Abou-Hallawa  <sabouhallawa@apple.com>
2662
2663         REGRESSION(r221292): svg/animations/animateTransform-pattern-transform.html crashes with security assertion
2664         https://bugs.webkit.org/show_bug.cgi?id=179986
2665
2666         Reviewed by Simon Fraser.
2667
2668         This patch reverts all or parts of the following changes-sets
2669             <http://trac.webkit.org/changeset/221292>
2670             <http://trac.webkit.org/changeset/197967>
2671             <http://trac.webkit.org/changeset/196670>
2672
2673         A JS statement like this:
2674             var item = text.x.animVal.getItem(0);
2675
2676         Creates the following C++ objects:
2677             SVGAnimatedListPropertyTearOff<SVGLengthListValues> for 'text.x'
2678             SVGListPropertyTearOff<SVGLengthListValues> for 'text.x.animVal'
2679             SVGPropertyTearOff<SVGLengthValue> for 'text.x.animVal.getItem(0)'
2680
2681         If 'item' changes, the attribute 'x' of the element '<text>' will change
2682         as well. But this binding works only in one direction. If the attribute
2683         'x' of the element '<text>' changes, e.g.:
2684
2685             text.setAttribute('x', '10,20,30');
2686
2687         This will detach 'item' from the element <text> and any further changes 
2688         in 'item' won't affect the attribute 'x' of element <text>.
2689
2690         The one direction binding can only work if this chain of tear-off objects
2691         is kept connected. This is implemented by RefCounted back pointers from
2692         SVGPropertyTearOff and SVGListPropertyTearOff to SVGAnimatedListPropertyTearOff.
2693
2694         The security crashes and the memory leaks are happening because of the
2695         raw forward pointers:
2696             -- SVGAnimatedListPropertyTearOff maintains raw pointers of type
2697                SVGListPropertyTearOff for m_baseVal and m_animVal
2698             -- The m_wrappers and m_animatedWrappers of SVGAnimatedListPropertyTearOff
2699                are vectors of raw pointer Vector<SVGLength*>
2700
2701         To control the life cycle of the raw pointers, SVGListPropertyTearOff and
2702         SVGPropertyTearOff call SVGAnimatedListPropertyTearOff::propertyWillBeDeleted()
2703         to notify it they are going to be deleted. In propertyWillBeDeleted(), we
2704         clear the pointers so they are not used after being freed. This mechanism
2705         has been error-prone and we've never got it 100% right.
2706
2707         The solution we need to adopt with SVG tear-off objects is the following:
2708             -- All the forward pointers should be weak pointers.
2709             -- All the back pointers should be ref pointers.
2710
2711         This solution may not look intuitive but it solves the bugs and keeps the
2712         one direction binding. The forward weak pointers allows the tear-off
2713         objects to go aways if no reference from JS exists. The back ref pointers
2714         maintains the chain of objects and guarantees the correct binding.
2715
2716         * svg/SVGPathSegList.h:
2717         * svg/SVGTransformList.h:
2718         * svg/properties/SVGAnimatedListPropertyTearOff.h:
2719         (WebCore::SVGAnimatedListPropertyTearOff::baseVal):
2720         (WebCore::SVGAnimatedListPropertyTearOff::animVal):
2721         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
2722         * svg/properties/SVGAnimatedProperty.h:
2723         (WebCore::SVGAnimatedProperty::isAnimatedListTearOff const):
2724         (WebCore::SVGAnimatedProperty::propertyWillBeDeleted): Deleted.
2725         * svg/properties/SVGAnimatedPropertyTearOff.h:
2726         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
2727         * svg/properties/SVGListProperty.h:
2728         (WebCore::SVGListProperty::initializeValuesAndWrappers):
2729         (WebCore::SVGListProperty::getItemValuesAndWrappers):
2730         (WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers):
2731         (WebCore::SVGListProperty::replaceItemValuesAndWrappers):
2732         (WebCore::SVGListProperty::removeItemValuesAndWrappers):
2733         (WebCore::SVGListProperty::appendItemValuesAndWrappers):
2734         (WebCore::SVGListProperty::createWeakPtr const):
2735         * svg/properties/SVGListPropertyTearOff.h:
2736         (WebCore::SVGListPropertyTearOff::removeItemFromList):
2737         (WebCore::SVGListPropertyTearOff::~SVGListPropertyTearOff): Deleted.
2738         * svg/properties/SVGPropertyTearOff.h:
2739         (WebCore::SVGPropertyTearOff::createWeakPtr const):
2740         (WebCore::SVGPropertyTearOff::~SVGPropertyTearOff):
2741
2742 2018-01-16  Eric Carlson  <eric.carlson@apple.com>
2743
2744         AVSampleBufferDisplayLayer should be flushed when application activates
2745         https://bugs.webkit.org/show_bug.cgi?id=181623
2746         <rdar://problem/36487738>
2747
2748         Reviewed by Darin Adler.
2749
2750         No new tests, I wasn't able to reproduce it in a test.
2751
2752         * WebCore.xcodeproj/project.pbxproj:
2753         * dom/Document.cpp:
2754         (WebCore::Document::addApplicationStateChangeListener): New.
2755         (WebCore::Document::removeApplicationStateChangeListener): Ditto.
2756         (WebCore::Document::forEachApplicationStateChangeListener): Ditto.
2757         * dom/Document.h:
2758
2759         * html/HTMLMediaElement.cpp:
2760         (WebCore::HTMLMediaElement::registerWithDocument): Register for application state changes.
2761         (WebCore::HTMLMediaElement::unregisterWithDocument): Unregister.
2762         (WebCore::HTMLMediaElement::applicationWillResignActive): Pass through to the player.
2763         (WebCore::HTMLMediaElement::applicationDidBecomeActive): Ditto.
2764         * html/HTMLMediaElement.h:
2765
2766         * page/ApplicationStateChangeListener.h: Added.
2767         (WebCore::ApplicationStateChangeListener::applicationWillResignActive):
2768         (WebCore::ApplicationStateChangeListener::applicationDidBecomeActive):
2769         * page/Page.cpp:
2770         (WebCore::Page::forEachDocument):
2771         (WebCore::Page::applicationWillResignActive):
2772         (WebCore::Page::applicationDidEnterBackground):
2773         (WebCore::Page::applicationWillEnterForeground):
2774         (WebCore::Page::applicationDidBecomeActive):
2775         * page/Page.h:
2776         * platform/graphics/MediaPlayer.cpp:
2777         (WebCore::MediaPlayer::applicationWillResignActive):
2778         (WebCore::MediaPlayer::applicationDidBecomeActive):
2779         * platform/graphics/MediaPlayer.h:
2780         * platform/graphics/MediaPlayerPrivate.h:
2781         (WebCore::MediaPlayerPrivateInterface::applicationWillResignActive):
2782         (WebCore::MediaPlayerPrivateInterface::applicationDidBecomeActive):
2783
2784         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
2785         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
2786         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC): Switch
2787         to release logging.
2788         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Ditto.
2789         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueCorrectedVideoSample): Split out of enqueueVideoSample.
2790         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSample): Move code that updates
2791         the display later to enqueueCorrectedVideoSample. Rearrange logic to the image painter sample
2792         buffer has the correct timestamp.
2793         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::layerErrorDidChange): Switch to release logging.
2794         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::layerStatusDidChange): Ditto.
2795         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::applicationDidBecomeActive): f the display
2796         layer is in the "failed" state, flush the renderer and update the display mode.
2797         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayers): Switch to release logging.
2798         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Ditto.
2799         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::cancelLoad): Ditto.
2800         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::prepareToPlay): Ditto.
2801         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Ditto.
2802         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::play): Ditto.
2803         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::pause): Ditto.
2804         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVolume): Ditto.
2805         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setMuted): Ditto.
2806         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateReadyState) Ditto.:
2807         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::logChannel const): Ditto.
2808         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateSampleTimes): Deleted.
2809
2810 2018-01-16  Michael Catanzaro  <mcatanzaro@igalia.com>
2811
2812         PAL should link to JavaScriptCore rather than WTF
2813         https://bugs.webkit.org/show_bug.cgi?id=181683
2814
2815         Reviewed by Konstantin Tokarev.
2816
2817         Do not link directly to JavaScriptCore. Get it via PAL.
2818
2819         * CMakeLists.txt:
2820
2821 2018-01-16  Zach Li  <zachli@apple.com>
2822
2823         Add pop-up policy support in website policies.
2824         https://bugs.webkit.org/show_bug.cgi?id=181544.
2825         rdar://problem/30521400.
2826
2827         Reviewed by Alex Christensen.
2828
2829         * loader/DocumentLoader.h:
2830         Introduce pop-up policy getter and setter. Initialize
2831         the policy as Default.
2832         (WebCore::DocumentLoader::popUpPolicy const):
2833         (WebCore::DocumentLoader::setPopUpPolicy):
2834         * page/DOMWindow.cpp:
2835         (WebCore::DOMWindow::allowPopUp):
2836         Pop-up policy specified on a per-page basis holds
2837         precedence over the global policy. If no pop-up policy
2838         is specified during navigation, global policy is used.
2839
2840 2018-01-16  Jer Noble  <jer.noble@apple.com>
2841
2842         Crash playing audio-only HLS stream via hls.js (MSE)
2843         https://bugs.webkit.org/show_bug.cgi?id=181691
2844         <rdar://problem/32967295>
2845
2846         Reviewed by Eric Carlson.
2847
2848         Add a weak-link check to the block called by -[AVSampleBufferDisplayLayer requestMediaDataWhenReadyOnQueue:usingBlock:].
2849
2850         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2851         (WebCore::SourceBufferPrivateAVFObjC::trackDidChangeEnabled):
2852         (WebCore::SourceBufferPrivateAVFObjC::notifyClientWhenReadyForMoreSamples):
2853         (WebCore::SourceBufferPrivateAVFObjC::setVideoLayer):
2854
2855 2018-01-16  Simon Fraser  <simon.fraser@apple.com>
2856
2857         Rename applyHorizontalScale/applyVerticalScale in SVG filters, and related cleanup
2858         https://bugs.webkit.org/show_bug.cgi?id=181684
2859
2860         Reviewed by Alex Christensen.
2861
2862         Rename the confusing applyHorizontalScale/applyVerticalScale to scaledByFilterResolution(),
2863         and have it take and return a FloatSize. Change callers to do math in terms of FloatSizes.
2864
2865         Add inflate(size) to each of the rect classes.
2866
2867         * platform/graphics/FloatRect.h:
2868         (WebCore::FloatRect::inflate):
2869         * platform/graphics/IntRect.h:
2870         (WebCore::IntRect::inflate):
2871         * platform/graphics/LayoutRect.h:
2872         (WebCore::LayoutRect::inflate):
2873         * platform/graphics/filters/FEDisplacementMap.cpp:
2874         (WebCore::FEDisplacementMap::platformApplySoftware):
2875         * platform/graphics/filters/FEDropShadow.cpp:
2876         (WebCore::FEDropShadow::determineAbsolutePaintRect):
2877         (WebCore::FEDropShadow::platformApplySoftware):
2878         * platform/graphics/filters/FEGaussianBlur.cpp:
2879         (WebCore::FEGaussianBlur::calculateUnscaledKernelSize):
2880         (WebCore::FEGaussianBlur::calculateKernelSize):
2881         (WebCore::FEGaussianBlur::determineAbsolutePaintRect):
2882         (WebCore::FEGaussianBlur::platformApplySoftware):
2883         * platform/graphics/filters/FEGaussianBlur.h:
2884         * platform/graphics/filters/FEMorphology.cpp:
2885         (WebCore::FEMorphology::determineAbsolutePaintRect):
2886         (WebCore::FEMorphology::platformApplySoftware):
2887         * platform/graphics/filters/FEOffset.cpp:
2888         (WebCore::FEOffset::determineAbsolutePaintRect):
2889         (WebCore::FEOffset::platformApplySoftware):
2890         * platform/graphics/filters/Filter.h:
2891         (WebCore::Filter::setSourceImage):
2892         (WebCore::Filter::scaledByFilterResolution const):
2893         (WebCore::Filter::applyHorizontalScale const): Deleted.
2894         (WebCore::Filter::applyVerticalScale const): Deleted.
2895         * platform/graphics/filters/FilterOperations.cpp:
2896         (WebCore::outsetSizeForBlur):
2897         * rendering/FilterEffectRenderer.h:
2898         * svg/graphics/filters/SVGFilter.cpp:
2899         (WebCore::SVGFilter::scaledByFilterResolution const):
2900         (WebCore::SVGFilter::applyHorizontalScale const): Deleted.
2901         (WebCore::SVGFilter::applyVerticalScale const): Deleted.
2902         * svg/graphics/filters/SVGFilter.h:
2903
2904 2018-01-16  Fujii Hironori  <Hironori.Fujii@sony.com>
2905
2906         [CMake][Mac] Fix the build errors
2907         https://bugs.webkit.org/show_bug.cgi?id=181665
2908
2909         Reviewed by Alex Christensen.
2910
2911         No new tests (No behavior change)
2912
2913         * CMakeLists.txt: Added Modules/paymentrequest/MerchantValidationEvent.idl to compile.
2914         * PlatformMac.cmake: Added Modules/paymentrequest/MerchantValidationEvent.cpp to compile.
2915         Added workers/service/context and Modules/applicationmanifest as forwarding header paths.
2916
2917 2018-01-16  Wenson Hsieh  <wenson_hsieh@apple.com>
2918
2919         [Attachment Support] Provide the `src` of an attachment to the UI delegate when an attachment is inserted
2920         https://bugs.webkit.org/show_bug.cgi?id=181638
2921         <rdar://problem/36508702>
2922
2923         Reviewed by Dan Bernstein.
2924
2925         Adjust the `didInsertAttachment` codepath to additionally propagate the attachment element's `src`.
2926         Additionally, fix an issue with insertion and removal client notifications wherein the client can receive
2927         insertion calls without corresponding removal calls, or vice versa. This is an existing issue, but matters more
2928         now because we actually need to access the attachment element for its `src` when propagating changes to the
2929         client. See below for details.
2930
2931         Test: WKAttachmentTests.AttachmentUpdatesWhenInsertingRichMarkup
2932
2933         * dom/Document.h:
2934         (WebCore::Document::attachmentElementsByIdentifier const):
2935         * editing/Editor.cpp:
2936         (WebCore::Editor::notifyClientOfAttachmentUpdates):
2937         * page/EditorClient.h:
2938         (WebCore::EditorClient::didInsertAttachment):
2939         * page/Frame.cpp:
2940         (WebCore::Frame::setDocument):
2941
2942         When a Frame's document changes, inform the client that the attachments in the previous document are going away.
2943         For each attachment currently connected to the document, we have either (1) already informed the client that it
2944         was inserted, or (2) the attachment is pending an insertion call to the client. If (1) is the case, then we'll
2945         tell the client that the attachment is removed, which will balance out the earlier insertion call. If (2) is the
2946         case, then we'll remove the previously inserted attachment identifier from the set of attachment identifiers
2947         pending insertion, and the client won't be informed of insertions or removals.
2948
2949 2018-01-16  Antoine Quint  <graouts@apple.com>
2950
2951         Use traits for animation timing functions
2952         https://bugs.webkit.org/show_bug.cgi?id=181651
2953
2954         Reviewed by Dean Jackson.
2955
2956         Cleaning up Dean's previous patch as suggested by Darin's post-commit review comments. The
2957         downcast function can match const automatically and it's a better style to put the * inside
2958         the downcast call rather than outside.
2959
2960         * css/CSSComputedStyleDeclaration.cpp:
2961         (WebCore::createTimingFunctionValue):
2962         * platform/animation/TimingFunction.cpp:
2963         (WebCore::operator<<):
2964         (WebCore::TimingFunction::transformTime const):
2965         * platform/animation/TimingFunction.h:
2966         * platform/graphics/ca/cocoa/PlatformCAAnimationCocoa.mm:
2967         (WebCore::toCAMediaTimingFunction):
2968
2969 2018-01-16  Philippe Normand  <pnormand@igalia.com>
2970
2971         [GStreamer] Live streaming cleanups
2972         https://bugs.webkit.org/show_bug.cgi?id=181672
2973
2974         Reviewed by Michael Catanzaro.
2975
2976         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2977         (WebCore::MediaPlayerPrivateGStreamer::handleMessage): Switch to
2978         streaming code path when no content-length was reported by the
2979         http source element.
2980         (WebCore::MediaPlayerPrivateGStreamer::totalBytes const): Return early when streaming.
2981         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
2982         (CachedResourceStreamingClient::responseReceived): Emit headers as
2983         an element message, like souphttpsrc.
2984
2985 2018-01-15  Philippe Normand  <pnormand@igalia.com>
2986
2987         [GStreamer] misc fixes and cleanups
2988         https://bugs.webkit.org/show_bug.cgi?id=181647
2989
2990         Reviewed by Michael Catanzaro.
2991
2992         * platform/graphics/MediaPlayer.cpp:
2993         (WebCore::convertEnumerationToString): New utility function to convert preload enum to string.
2994         * platform/graphics/MediaPlayerEnums.h: Ditto.
2995         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2996         (WebCore::MediaPlayerPrivateGStreamer::load): Debug tweak
2997         (WebCore::MediaPlayerPrivateGStreamer::prepareToPlay): Ditto
2998         (WebCore::MediaPlayerPrivateGStreamer::play): Ditto
2999         (WebCore::MediaPlayerPrivateGStreamer::paused const): Ditto
3000         (WebCore::MediaPlayerPrivateGStreamer::processBufferingStats): Prevent useless state update.
3001         (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired): Ditto.
3002         (WebCore::MediaPlayerPrivateGStreamer::updateStates): Debug tweak.
3003         (WebCore::MediaPlayerPrivateGStreamer::setDownloadBuffering): Ditto.
3004         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
3005         Remove useless handlesSyncMessage method.
3006         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
3007         (WebCore::MediaPlayerPrivateGStreamerBase::setMuted): Prevent useless state update.
3008         (WebCore::MediaPlayerPrivateGStreamerBase::muted const): Debug tweak.
3009         (WebCore::MediaPlayerPrivateGStreamerBase::setStreamVolumeElement): Ditto.
3010         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
3011         (webkit_web_src_init): Enable keepAlive by default like in souphttpsrc.
3012         (webKitWebSrcStart): Debug tweak.
3013         (webKitWebSrcQueryWithParent): Ditto.
3014         (webKitWebSrcNeedData): Ditto.
3015         (CachedResourceStreamingClient::responseReceived): Change appsrc
3016         stream-type when we wan't seek. Also update caps like souphttpsrc
3017         does.
3018         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Add forward declaration of MediaPlayer.
3019         * platform/graphics/gstreamer/mse/MediaSourceClientGStreamerMSE.cpp:
3020         (WebCore::MediaSourceClientGStreamerMSE::append): Fix compilation warning.
3021
3022 2018-01-16  Yacine Bandou  <yacine.bandou_ext@softathome.com>
3023
3024         [WPE] Two clearkey tests failing since r226621
3025         https://bugs.webkit.org/show_bug.cgi?id=181532
3026
3027         Reviewed by Xabier Rodriguez-Calvar.
3028
3029         Whith a fake initData, we can have a pssh size nul, thus we should check it.
3030         We saw this issue in the subtest "initData longer than 64Kb characters" in
3031         the clearkey-generate-request-disallowed-input layout test.
3032
3033         * platform/encryptedmedia/clearkey/CDMClearKey.cpp:
3034         (WebCore::extractKeyidsLocationFromCencInitData):
3035
3036 2018-01-15  Yoav Weiss  <yoav@yoav.ws>
3037
3038         Support for preconnect Link headers
3039         https://bugs.webkit.org/show_bug.cgi?id=181657
3040
3041         Reviewed by Darin Adler.
3042
3043         Move the preconnect functionality into its own function, and
3044         also call this function when Link headers are processed.
3045
3046         Test: http/tests/preconnect/link-header-rel-preconnect-http.php
3047
3048         * loader/LinkLoader.cpp:
3049         (WebCore::LinkLoader::loadLinksFromHeader): Call preconnect.
3050         (WebCore::LinkLoader::preconnect): Preconnect to a host functionality moved here.
3051         (WebCore::LinkLoader::preload): Renamed `preloadIfNeeded` to `preload`.
3052         (WebCore::LinkLoader::loadLink): Call preconnect.
3053         * loader/LinkLoader.h:
3054
3055 2018-01-15  Michael Catanzaro  <mcatanzaro@igalia.com>
3056
3057         Improve use of ExportMacros
3058         https://bugs.webkit.org/show_bug.cgi?id=181652
3059
3060         Reviewed by Konstantin Tokarev.
3061
3062         Remove a comment.
3063
3064         * platform/PlatformExportMacros.h:
3065
3066 2018-01-15  Konstantin Tokarev  <annulen@yandex.ru>
3067
3068         image-rendering should affect scaling of border-image
3069         https://bugs.webkit.org/show_bug.cgi?id=169440
3070
3071         Reviewed by Michael Catanzaro.
3072
3073         Test: fast/borders/border-image-pixelated.html
3074
3075         * rendering/style/NinePieceImage.cpp:
3076         (WebCore::NinePieceImage::paint):
3077
3078 2018-01-15  Tomas Popela  <tpopela@redhat.com>
3079
3080         2.19.3 ACCELERATED_2D_CANVAS support is broken
3081         https://bugs.webkit.org/show_bug.cgi?id=180799
3082
3083         Reviewed by Michael Catanzaro.
3084
3085         * html/canvas/CanvasRenderingContext2DBase.cpp:
3086         (WebCore::CanvasRenderingContext2DBase::didDraw):
3087
3088 2018-01-15  Basuke Suzuki  <Basuke.Suzuki@sony.com>
3089
3090         [Curl] Enable HTTP/2
3091         https://bugs.webkit.org/show_bug.cgi?id=181551
3092
3093         Reviewed by Michael Catanzaro.
3094
3095         Start supporting HTTP/2 protocol. The first step is just enabling the HTTP/2 on Curl backend.
3096         Next step will be to enable multiplexing feature.
3097
3098         No new tests because we don't have HTTP/2 test backend yet.
3099
3100         * platform/network/curl/CurlContext.cpp:
3101         (WebCore::CurlContext::isHttp2Enabled const):
3102         (WebCore::CurlHandle::enableHttp):
3103         (WebCore::CurlHandle::enableHttpGetRequest):
3104         (WebCore::CurlHandle::enableHttpHeadRequest):
3105         (WebCore::CurlHandle::enableHttpPostRequest):
3106         (WebCore::CurlHandle::enableHttpPutRequest):
3107         (WebCore::CurlHandle::setHttpCustomRequest):
3108         * platform/network/curl/CurlContext.h:
3109
3110 2018-01-15  Dean Jackson  <dino@apple.com>
3111
3112         Use a helper function for checked arithmetic in WebGL validation
3113         https://bugs.webkit.org/show_bug.cgi?id=181620
3114         <rdar://problem/36485879>
3115
3116         Reviewed by Eric Carlson.
3117
3118         Eric recommended using a templated helper function to do
3119         a common arithmetic check in WebGL validation.
3120
3121         * html/canvas/WebGL2RenderingContext.cpp:
3122         (WebCore::WebGL2RenderingContext::validateIndexArrayConservative):
3123         * html/canvas/WebGLRenderingContext.cpp:
3124         (WebCore::WebGLRenderingContext::validateIndexArrayConservative):
3125         * html/canvas/WebGLRenderingContextBase.cpp:
3126         (WebCore::WebGLRenderingContextBase::validateIndexArrayPrecise):
3127         (WebCore::WebGLRenderingContextBase::validateDrawArrays):
3128         (WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0):
3129         (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0):
3130         * html/canvas/WebGLRenderingContextBase.h:
3131         (WebCore::WebGLRenderingContextBase::checkedAddAndMultiply): New helper.
3132
3133 2018-01-15  Dean Jackson  <dino@apple.com>
3134
3135         Use traits for animation timing functions
3136         https://bugs.webkit.org/show_bug.cgi?id=181651
3137         <rdar://problem/36525328>
3138
3139         Reviewed by Antoine Quint.
3140
3141         Use the type traits for TimingFunction classes, so
3142         we can is<> and downcast<>.
3143
3144         * css/CSSComputedStyleDeclaration.cpp:
3145         (WebCore::createTimingFunctionValue):
3146         * platform/animation/TimingFunction.cpp:
3147         (WebCore::TimingFunction::transformTime const):
3148         * platform/animation/TimingFunction.h:
3149         * platform/graphics/ca/GraphicsLayerCA.cpp:
3150         (WebCore::animationHasStepsTimingFunction):
3151         (WebCore::animationHasFramesTimingFunction):
3152         * platform/graphics/ca/cocoa/PlatformCAAnimationCocoa.mm:
3153         (WebCore::toCAMediaTimingFunction):
3154
3155 2018-01-15  Youenn Fablet  <youenn@apple.com>
3156
3157         RealtimeMediaSource should be ThreadSafeRefCounted
3158         https://bugs.webkit.org/show_bug.cgi?id=181649
3159
3160         Reviewed by Eric Carlson.
3161
3162         Difficult to write a test as this is really racy.
3163         RealtimeIncomingVideoSourceCocoa::OnFrame is taking a reference on a background thread
3164         to send a task to the main thread.
3165         This requires it to be thread safe ref counted.
3166
3167         * platform/mediastream/RealtimeMediaSource.h:
3168
3169 2018-01-15  Philippe Normand  <pnormand@igalia.com>
3170
3171         Prevent useless MediaPlayer mute state notifications
3172         https://bugs.webkit.org/show_bug.cgi?id=181646
3173
3174         Reviewed by Carlos Garcia Campos.
3175
3176         On GTK port the mute change notification was triggering the test
3177         runner to think the whole page mute state had changed and that
3178         media elements were muted. The simplest solution is to propagate
3179         the notification only if the state actually changed.
3180
3181         * platform/graphics/MediaPlayer.cpp:
3182         (WebCore::MediaPlayer::muteChanged): Propagate mute notification
3183         only if the mute state actually changed.
3184
3185 2018-01-15  Sebastian Dröge  <sebastian@centricular.com>
3186
3187         [GStreamer] Don't wait for draw condition variable when shutting down.
3188         https://bugs.webkit.org/show_bug.cgi?id=180978
3189
3190         Reviewed by Carlos Garcia Campos.
3191
3192         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
3193         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
3194         (WebCore::MediaPlayerPrivateGStreamerBase::cancelRepaint):
3195         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
3196         By also waiting for the draw condition variable while shutting down,
3197         it is possible that the GStreamer video sink is waiting for the main
3198         thread to actually render the current frame, while at the same time
3199         the main thread is waiting for the GStreamer video sink to shut down,
3200         resulting in a deadlock.
3201
3202 2018-01-13  Minsheng Liu  <lambda@liu.ms>
3203
3204         MathML Lengths should take zoom level into account
3205         https://bugs.webkit.org/show_bug.cgi?id=180029
3206
3207         Reviewed by Frédéric Wang.
3208
3209         The patch applies the effective zoom factor to physical units in toUserUnits().
3210
3211         Test: mathml/presentation/mspace-units-with-zoom.html
3212
3213         * rendering/mathml/RenderMathMLBlock.cpp:
3214         (WebCore::toUserUnits):
3215
3216 2018-01-12  Chris Dumez  <cdumez@apple.com>
3217
3218         ASSERTION FAILED: registration || isTerminating() in WebCore::SWServerWorker::skipWaiting()
3219         https://bugs.webkit.org/show_bug.cgi?id=181603
3220         <rdar://problem/36476050>
3221
3222         Reviewed by Youenn Fablet.
3223
3224         No new tests, covered by existing tests that crash flakily.
3225
3226         * workers/service/server/SWServer.cpp:
3227         (WebCore::SWServer::terminateWorkerInternal):
3228         If the connection to the context process is gone, make sure we make the worker as terminated
3229         so that it does not stay in Running state and in SWServer::m_runningOrTerminatingWorkers.
3230
3231         * workers/service/server/SWServerRegistration.cpp:
3232         (WebCore::SWServerRegistration::~SWServerRegistration):
3233         Add assertions to make sure none of the registration's workers are still running when
3234         the registration is destroyed.
3235
3236         (WebCore::SWServerRegistration::updateRegistrationState):
3237         Make sure registration workers that are overwritten are not still running.
3238
3239         * workers/service/server/SWServerWorker.cpp:
3240         (WebCore::SWServerWorker::setState):
3241         If a worker's state is set to redundant, make sure we also terminate it.
3242
3243 2018-01-12  Commit Queue  <commit-queue@webkit.org>
3244
3245         Unreviewed, rolling out r226927.
3246         https://bugs.webkit.org/show_bug.cgi?id=181621
3247
3248         Breaks 32-bit and iOS release for some reason that i don't
3249         understand yet (Requested by dino on #webkit).
3250
3251         Reverted changeset:
3252
3253         "Use a helper function for checked arithmetic in WebGL
3254         validation"
3255         https://bugs.webkit.org/show_bug.cgi?id=181620
3256         https://trac.webkit.org/changeset/226927
3257
3258 2018-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
3259
3260         Data URL fonts split in the middle of an alphabet cause random letters to disappear
3261         https://bugs.webkit.org/show_bug.cgi?id=175845
3262         <rdar://problem/33996578>
3263
3264         Reviewed by Brent Fulgham.
3265
3266         It is fairly common practice for a font foundry to split a font up into two files such that a semi-random
3267         half of the alphabet is present in one of the files, and the other half is present in the other file. This
3268         practice involves representing the files as data URLs, so as to minimize the time it takes to load them.
3269
3270         Because resource loading is asynchronous (even for data URLs), it is possible today to get a paint after
3271         the first file is loaded but before the second file is loaded. Indeed, because of the way font fallback
3272         works, we will never start loading the second file until a layout has occurred with the first font.
3273
3274         Because a site usually only uses this pattern for a handful of fonts, and I've never seen this pattern
3275         being used for CJK fonts, it isn't very expensive to opportunistically decode these data URLs eagerly.
3276         Using this method doesn't actually guarantee that the two fonts will load in between successive paints,
3277         but it at least makes this much more likely. This patch implements this strategy, along with a size
3278         threshold to make sure that we won't decode any super large data URLs when it isn't necessary.
3279
3280         Test: fast/text/font-load-data-partitioned-alphabet.html
3281
3282         * css/CSSFontFace.cpp:
3283         (WebCore::CSSFontFace::opportunisticallyStartFontDataURLLoading):
3284         * css/CSSFontFace.h:
3285         * css/CSSFontFaceSource.cpp:
3286         (WebCore::CSSFontFaceSource::opportunisticallyStartFontDataURLLoading):
3287         * css/CSSFontFaceSource.h:
3288         * css/CSSFontSelector.cpp:
3289         (WebCore::CSSFontSelector::opportunisticallyStartFontDataURLLoading):
3290         * css/CSSFontSelector.h:
3291         * platform/graphics/FontCascadeFonts.cpp:
3292         (WebCore::opportunisticallyStartFontDataURLLoading):
3293         (WebCore::FontCascadeFonts::glyphDataForVariant):
3294         * platform/graphics/FontSelector.h:
3295
3296 2018-01-12  Alex Christensen  <achristensen@webkit.org>
3297
3298         History state should be updated during client redirects with asynchronous policy decisions
3299         https://bugs.webkit.org/show_bug.cgi?id=181358
3300         <rdar://problem/35547689>
3301
3302         Reviewed by Andy Estes.
3303
3304         When decidePolicyForNavigationAction is responded to asynchronously during a client redirect, 
3305         HistoryController::updateForRedirectWithLockedBackForwardList does not update the history because
3306         the document loader has not been marked as a client redirect because the FrameLoader only looks
3307         at its provisional document loader to mark it as a client redirect.  When decidePolicyForNavigationAction
3308         is responded to asynchronously, though, the FrameLoader's provisional document loader has moved to 
3309         its policy document loader.  To get both asynchronous and synchronous cases, let's just mark the document
3310         loader as a client redirect whether it's the provisional or policy document loader.
3311
3312         Covered by a new API test.
3313
3314         * loader/FrameLoader.cpp:
3315         (WebCore::FrameLoader::loadURL):
3316         (WebCore::FrameLoader::loadPostRequest):
3317
3318 2018-01-12  Dean Jackson  <dino@apple.com>
3319
3320         Use a helper function for checked arithmetic in WebGL validation
3321         https://bugs.webkit.org/show_bug.cgi?id=181620
3322         <rdar://problem/36485879>
3323
3324         Reviewed by Eric Carlson.
3325
3326         Eric recommended using a templated helper function to do
3327         a common arithmetic check in WebGL validation.
3328
3329         * html/canvas/WebGL2RenderingContext.cpp:
3330         (WebCore::WebGL2RenderingContext::validateIndexArrayConservative):
3331         * html/canvas/WebGLRenderingContext.cpp:
3332         (WebCore::WebGLRenderingContext::validateIndexArrayConservative):
3333         * html/canvas/WebGLRenderingContextBase.cpp:
3334         (WebCore::WebGLRenderingContextBase::checkedAddAndMultiply): New helper.
3335         (WebCore::WebGLRenderingContextBase::validateIndexArrayPrecise):
3336         (WebCore::WebGLRenderingContextBase::validateDrawArrays):
3337         (WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0):
3338         (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0):
3339         * html/canvas/WebGLRenderingContextBase.h:
3340
3341 2018-01-12  Myles C. Maxfield  <mmaxfield@apple.com>
3342
3343         [Cocoa] CTFontCopyDefaultCascadeListForLanguages() can return nullptr
3344         https://bugs.webkit.org/show_bug.cgi?id=181615
3345         <rdar://problem/36334637>
3346
3347         Reviewed by Jon Lee.
3348
3349         Speculative fix. We are getting crash reports saying that this call can return nullptr, and we
3350         don't check for it.
3351
3352         No new tests because I couldn't find the specific input that causes it to return nullptr. (I
3353         tried running this code with every 0, 1, and 2 length locale string, every weight value, and
3354         every italic value, and couldn't get it to crash. I also inspected the code to figure out what
3355         values would cause it to return nullptr, and I couldn't find anything other than if the system
3356         has a totally busted font setup.)
3357
3358         * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
3359         (WebCore::SystemFontDatabase::computeCascadeList):
3360
3361 2018-01-11  Dean Jackson  <dino@apple.com>
3362
3363         [WebGL] Simulated vertexAttrib0 can sometimes cause OUT_OF_MEMORY errors
3364         https://bugs.webkit.org/show_bug.cgi?id=181558
3365         <rdar://problem/36189833>
3366
3367         Reviewed by Eric Carlson.
3368
3369         Very large element indices in the ELEMENT_ARRAY_BUFFER meant that
3370         our simulated vertexAttrib0 buffer might be too large. We need
3371         to check for out-of-memory, but we can also detect some of the issues
3372         earlier in our validation code. Additionally, make sure that we don't
3373         accidentally cast an unsigned to a signed.
3374
3375         Test: fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies.html
3376
3377         * html/canvas/WebGL2RenderingContext.cpp:
3378         (WebCore::WebGL2RenderingContext::validateIndexArrayConservative): Update validation
3379         code to look for overflow, rather than relying on looking for sign changes.
3380         * html/canvas/WebGLRenderingContext.cpp:
3381         (WebCore::WebGLRenderingContext::validateIndexArrayConservative): Ditto.
3382         * html/canvas/WebGLRenderingContextBase.cpp:
3383         (WebCore::WebGLRenderingContextBase::validateIndexArrayPrecise):
3384         (WebCore::WebGLRenderingContextBase::drawArrays): Check that we were able to simulate.
3385         (WebCore::WebGLRenderingContextBase::drawElements):
3386         (WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0): Update validation code, and
3387         use GC3Duint, since that's what the indicies are.
3388         (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Ditto.
3389         (WebCore::WebGLRenderingContextBase::drawArraysInstanced): Check that we were able to simulate.
3390         (WebCore::WebGLRenderingContextBase::drawElementsInstanced):
3391         * html/canvas/WebGLRenderingContextBase.h:
3392