Allow LocalStorage by default for file URLs.
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-25  Brady Eidson  <beidson@apple.com>
2
3         Allow LocalStorage by default for file URLs.
4         https://bugs.webkit.org/show_bug.cgi?id=160169
5
6         Reviewed by Brent Fulgham.
7
8         Test: storage/domstorage/localstorage/file-can-access.html
9
10         * page/SecurityOrigin.cpp:
11         (WebCore::SecurityOrigin::canAccessStorage): Remove the m_universalAccess check for local URLs.
12
13 2016-07-25  Nan Wang  <n_wang@apple.com>
14
15         AX: AccessibilityRenderObject is adding duplicated children when CSS first-letter is being used.
16         https://bugs.webkit.org/show_bug.cgi?id=160155
17
18         Reviewed by Chris Fleizach.
19
20         We were adding the same text node twice if CSS first-letter selector was being used. Added a
21         check for the inline continuation so that we only add it once. 
22
23         Test: accessibility/mac/css-first-letter-children.html
24
25         * accessibility/AccessibilityRenderObject.cpp:
26         (WebCore::firstChildConsideringContinuation):
27
28 2016-07-25  Wenson Hsieh  <wenson_hsieh@apple.com>
29
30         Media controls on apple.com don't disappear when movie finishes playing
31         https://bugs.webkit.org/show_bug.cgi?id=160068
32         <rdar://problem/26668526>
33
34         Reviewed by Darin Adler.
35
36         When a video ends, it should cause media controls to hide. While current logic
37         mostly accounts for this, it does not account for programmatic seeks causing
38         the video to lose its 'ended' status before querying for whether or not to
39         show media controls.
40
41         Three new API tests: large-video-seek-after-ending.html
42         large-video-hides-controls-after-seek-to-end.html
43         large-video-seek-to-beginning-and-play-after-ending.html
44
45         * html/HTMLMediaElement.cpp:
46         (WebCore::HTMLMediaElement::mediaPlayerTimeChanged):
47         (WebCore::HTMLMediaElement::setPlaying):
48         * html/MediaElementSession.cpp:
49         (WebCore::MediaElementSession::canControlControlsManager):
50         * html/MediaElementSession.h:
51
52 2016-07-25  Frederic Wang  <fwang@igalia.com>
53
54         Introduce a MathMLOperatorElement class
55         https://bugs.webkit.org/show_bug.cgi?id=160034
56
57         Reviewed by Darin Adler.
58
59         No new tests, rendering is unchaned.
60
61         * CMakeLists.txt: Add MathMLOperatorElement to the build file.
62         * WebCore.xcodeproj/project.pbxproj: Ditto.
63         * mathml/MathMLAllInOne.cpp: Ditto.
64         * mathml/MathMLOperatorElement.cpp: New DOM class for <mo> element.
65         (WebCore::MathMLOperatorElement::MathMLOperatorElement):
66         (WebCore::MathMLOperatorElement::create):
67         (WebCore::MathMLOperatorElement::parseAttribute): Handle mo attributes.
68         (WebCore::MathMLOperatorElement::createElementRenderer): Create RenderMathMLOperator.
69         * mathml/MathMLOperatorElement.h: Declare a class deriving from MathMLTextElement.
70         * mathml/MathMLTextElement.cpp: Remove all the RenderMathMLOperator parts.
71         (WebCore::MathMLTextElement::MathMLTextElement): Remove inline keyword so that the class can
72         be overriden.
73         (WebCore::MathMLTextElement::parseAttribute): Remove code handled in MathMLOperatorElement.
74         (WebCore::MathMLTextElement::createElementRenderer): Ditto.
75         * mathml/MathMLTextElement.h: Make class and members overridable.
76         * mathml/mathtags.in: Map mo to MathMLOperatorElement.
77         * rendering/mathml/RenderMathMLOperator.cpp:
78         (WebCore::RenderMathMLOperator::RenderMathMLOperator): Make the constructor take a
79         MathMLOperatorElement.
80         * rendering/mathml/RenderMathMLOperator.h: Ditto.
81
82 2016-07-25  Darin Adler  <darin@apple.com>
83
84         Speed up make process slightly by improving "list of files" idiom
85         https://bugs.webkit.org/show_bug.cgi?id=160164
86
87         Reviewed by Mark Lam.
88
89         * DerivedSources.make: Change rules that build lists of files to only run when
90         DerivedSources.make has been modified since the last time they were run. Since the
91         list of files are inside this file, this is safe, and this is faster than always
92         comparing and regenerating the file containing the list of files each time.
93
94 2016-07-24  Wenson Hsieh  <wenson_hsieh@apple.com>
95
96         The web process hangs when computing elements-based snap points for a container with large max scroll offset
97         https://bugs.webkit.org/show_bug.cgi?id=152605
98         <rdar://problem/25353661>
99
100         Reviewed by Simon Fraser.
101
102         Fixes a bug in the computation of axis snap points. The ScrollSnapPoints object, which tracks
103         snap points along a particular axis, has two flags, hasRepeat and usesElements. For elements-
104         based snapping, both flags would be turned on, since StyleBuilderConverter::convertScrollSnapPoints
105         short-circuits for elements-based snapping and does not default usesRepeat to false. To address this,
106         we make ScrollSnapPoints not repeat(100%) by default.
107
108         Test: css3/scroll-snap/scroll-snap-elements-container-larger-than-children.html
109
110         * css/StyleBuilderConverter.h:
111         (WebCore::StyleBuilderConverter::convertScrollSnapPoints): Deleted.
112         * rendering/style/StyleScrollSnapPoints.cpp:
113         (WebCore::ScrollSnapPoints::ScrollSnapPoints):
114
115 2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>
116
117         REGRESSION(r200931): Invalid cast in highestAncestorToWrapMarkup()
118         https://bugs.webkit.org/show_bug.cgi?id=160163
119
120         Reviewed by Michael Catanzaro.
121
122         Since r200931 the result of enclosingNodeOfType() in highestAncestorToWrapMarkup() is downcasted to Element, but
123         the result of enclosingNodeOfType() can be a Node that is not an Element, in this case is Text. The cast is not
124         needed at all since that node is passed to editingIgnoresContent() and selectionFromContentsOfNode() and both
125         receive a Node not an Element.
126
127         * editing/markup.cpp:
128         (WebCore::highestAncestorToWrapMarkup): Remove invalid cast.
129
130 2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>
131
132         [Coordinated Graphics] ASSERTION FAILED: m_coordinator->isFlushingLayerChanges() in fast/repaint/animation-after-layer-scroll.html
133         https://bugs.webkit.org/show_bug.cgi?id=160156
134
135         Reviewed by Michael Catanzaro.
136
137         So, we fixed an assertion in r203663, but now is hitting the next one. As explained in bug #160142, flush
138         compositing state can be triggered in tests by RenderLayerCompositor::layerTreeAsText(), without the coordinator
139         even noticing it, so the assert can be just removed.
140
141         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
142         (WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly): Remove incorrect assert.
143
144 2016-07-25  Zalan Bujtas  <zalan@apple.com>
145
146         EllipsisBox ctor's isVertical parameter should read isHorizontal.
147         https://bugs.webkit.org/show_bug.cgi?id=160153
148
149         Reviewed by Andreas Kling.
150
151         It indicates whether the ellipsis box is horizontal. (both the callsites
152         and the parent class use isHorizontal)
153
154         No change in functionality.
155
156         * rendering/EllipsisBox.cpp:
157         (WebCore::EllipsisBox::EllipsisBox):
158         * rendering/EllipsisBox.h:
159
160 2016-07-25  Sergio Villar Senin  <svillar@igalia.com>
161
162         [css-grid] Implement repeat(auto-fit)
163         https://bugs.webkit.org/show_bug.cgi?id=159771
164
165         Reviewed by Darin Adler.
166
167         The auto-fit keyword works exactly as the already implemented auto-fill except that all
168         empty tracks collapse (became 0px). Absolutely positioned items do not participate on the
169         layout of the grid so they are not considered (a grid with only absolutely positioned items
170         is considered an empty grid).
171
172         Whenever a track collapses the gutters on either side do also collapse. When a collapsed
173         track's gutters collapse, they coincide exactly. If one side of a collapsed track does not
174         have a gutter then collapsing its gutters results in no gutter on either "side" of the
175         collapsed track.
176
177         In practice this means that is not possible to know the gap between 2 consecutive auto
178         repeat tracks without examining some others whenever there are collapsed tracks.
179
180         Uncommented the auto-fit cases from Mozilla tests. They have to be adapted as the reftest
181         machinery requires all the content to be rendered in the original 800x600 viewport.
182
183         Tests: fast/css-grid-layout/grid-auto-fit-columns.html
184         fast/css-grid-layout/grid-auto-fit-rows.html
185         fast/css-grid-layout/mozilla/grid-repeat-auto-fill-fit-005-part-1.html
186         fast/css-grid-layout/mozilla/grid-repeat-auto-fill-fit-005-part-2.html
187
188         * css/CSSComputedStyleDeclaration.cpp:
189         (WebCore::valueForGridTrackList): Use the newly added trackSizesForComputedStyle().
190         * rendering/RenderGrid.cpp:
191         (WebCore::RenderGrid::computeTrackBasedLogicalHeight):
192         (WebCore::RenderGrid::computeTrackSizesForDirection):
193         (WebCore::RenderGrid::isEmptyAutoRepeatTrack):
194         (WebCore::RenderGrid::gridGapForDirection): Returns the gap directly from the style.
195         (WebCore::RenderGrid::guttersSize): Computes the gap between a startLine and an
196         endLine. This method may need to inspect some other surrounding tracks to compute the gap.
197         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
198         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
199         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
200         (WebCore::RenderGrid::gridTrackSize):
201         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
202         (WebCore::RenderGrid::computeAutoRepeatTracksCount):
203         (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat): Returns a Vector with the auto
204         repeat tracks that are going to be collapsed because they're empty.
205         (WebCore::RenderGrid::placeItemsOnGrid):
206         (WebCore::RenderGrid::trackSizesForComputedStyle): Used by ComputedStyle logic to print the
207         size of tracks. Added in order to hide the actual contents of m_columnPositions and
208         m_rowPositions to the outter world.
209         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
210         (WebCore::RenderGrid::gridAreaBreadthForChild):
211         (WebCore::RenderGrid::populateGridPositionsForDirection): Added some extra code to compute
212         gaps as they cannot be directly added between tracks in case of having collapsed tracks.
213         (WebCore::RenderGrid::columnAxisOffsetForChild):
214         (WebCore::RenderGrid::rowAxisOffsetForChild):
215         (WebCore::RenderGrid::offsetBetweenTracks): Deleted.
216         * rendering/RenderGrid.h: Made some API private. Added new required methods/attributes.
217
218         * css/CSSComputedStyleDeclaration.cpp:
219         (WebCore::valueForGridTrackList):
220         * rendering/RenderGrid.cpp:
221         (WebCore::RenderGrid::computeTrackBasedLogicalHeight):
222         (WebCore::RenderGrid::computeTrackSizesForDirection):
223         (WebCore::RenderGrid::hasAutoRepeatEmptyTracks):
224         (WebCore::RenderGrid::isEmptyAutoRepeatTrack):
225         (WebCore::RenderGrid::gridGapForDirection):
226         (WebCore::RenderGrid::guttersSize):
227         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
228         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
229         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
230         (WebCore::RenderGrid::gridTrackSize):
231         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
232         (WebCore::RenderGrid::computeAutoRepeatTracksCount):
233         (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat):
234         (WebCore::RenderGrid::placeItemsOnGrid):
235         (WebCore::RenderGrid::trackSizesForComputedStyle):
236         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
237         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
238         (WebCore::RenderGrid::gridAreaBreadthForChild):
239         (WebCore::RenderGrid::populateGridPositionsForDirection):
240         (WebCore::RenderGrid::columnAxisOffsetForChild):
241         (WebCore::RenderGrid::rowAxisOffsetForChild):
242         (WebCore::RenderGrid::offsetBetweenTracks): Deleted.
243         * rendering/RenderGrid.h:
244
245 2016-07-24  Frederic Wang  <fwang@igalia.com>
246
247         Move parsing of display, displaystyle and mathvariant attributes into MathML element classes
248         https://bugs.webkit.org/show_bug.cgi?id=159623
249
250         Reviewed by Brent Fulgham.
251
252         No new tests, already covered by existing tests.
253
254         * mathml/MathMLElement.cpp:
255         (WebCore::MathMLElement::parseMathVariantAttribute): Move helper function to parse the
256         mathvariant attribute.
257         (WebCore::MathMLElement::getSpecifiedDisplayStyle): Helper function to set the displaystyle
258         value from the attribute specified on the MathML element.
259         (WebCore::MathMLElement::getSpecifiedMathVariant): Helper function to set the mathvariant
260         value from the attribute specified on the MathML element.
261         * mathml/MathMLElement.h: Move the enum for mathvariant values and declare new members.
262         (WebCore::MathMLElement::acceptsDisplayStyleAttribute): Indicate whether the element accepts
263         displaystyle attribute (false for most of them).
264         (WebCore::MathMLElement::acceptsMathVariantAttribute): Indicate whether the element accepts
265         mathvariant attribute (false for most of them).
266         * mathml/MathMLInlineContainerElement.cpp:
267         (WebCore::MathMLInlineContainerElement::acceptsDisplayStyleAttribute): Add mstyle and mtable
268         to the list of elements accepting the displaystyle attribute.
269         (WebCore::MathMLInlineContainerElement::acceptsMathVariantAttribute): Add mstyle to the list
270         of elements accepting the mathvariant attribute.
271         (WebCore::MathMLInlineContainerElement::parseAttribute): Mark displaystyle and mathvariant
272         dirty if necessary. Also use the new accepts*Attribute function.
273         * mathml/MathMLInlineContainerElement.h: Declare overridden accepts*Attribute members.
274         * mathml/MathMLMathElement.cpp:
275         (WebCore::MathMLMathElement::getSpecifiedDisplayStyle): Override acceptsDisplayStyleAttribute
276         so that the display attribute is also used to set the default value if the displaystyle
277         attribute is absent.
278         (WebCore::MathMLMathElement::parseAttribute): Mark displaystyle and mathvariant dirty if
279         necessary. We directly MathMLElement::parseAttribute to avoid duplicate work.
280         * mathml/MathMLMathElement.h: Add the math tag to the list of elements accepting the
281         displaystyle and mathvariant attributes. Declare overridden getSpecifiedDisplayStyle.
282         * mathml/MathMLTextElement.cpp:
283         (WebCore::MathMLTextElement::parseAttribute): Mark mathvariant as dirty.
284         * mathml/MathMLTextElement.h: Add token elements to the list of elements accepting the
285         mathvariant attribute.
286         * rendering/mathml/MathMLStyle.cpp:
287         (WebCore::MathMLStyle::updateStyleIfNeeded): Use the new MathMLElement::MathVariant enum.
288         (WebCore::MathMLStyle::resolveMathMLStyle):  We no longer parse the display value to
289         initialize the default value on the math tag, because this is handled in
290         getSpecifiedDisplayStyle. In general, we also just call getSpecifiedDisplayStyle and
291         getSpecifiedMathVariant on the MathML elements instead of parsing the displaystyle and
292         mathvariant attributes here.
293         (WebCore::MathMLStyle::parseMathVariant): Deleted. This is moved into MathMLElement.
294         * rendering/mathml/MathMLStyle.h: Use the new MathMLElement::MathVariant enum.
295         * rendering/mathml/RenderMathMLToken.cpp: Ditto.
296         (WebCore::mathVariant): Ditto.
297         (WebCore::RenderMathMLToken::updateMathVariantGlyph): Ditto.
298
299 2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>
300
301         Unreviewed. Remove unneeded header includes from CoordinatedGraphicsLayer.
302
303         Not only thjey are not needed, they are a layer violation, CoordinatedGraphicsLayer shouldn't know anything
304         about Page, Frame and FrameView.
305
306         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
307         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
308
309 2016-07-24  Youenn Fablet  <youenn@apple.com>
310
311         [Fetch API] Request should be created with any HeadersInit data
312         https://bugs.webkit.org/show_bug.cgi?id=159672
313
314         Reviewed by Sam Weinig.
315
316         Made Request use JSBuiltinConstructor.
317         This allows initializing newly created Request with a JS built-in function, initializeFetchRequest.
318         initializeFetchRequest can call @fillFetchHeaders internal built-in to handle any HeadersInit data.
319         Future effort should be made to migrate more initialization code in initializeFetchRequest.
320
321         Made window and worker fetch function as a JS built-in.
322         This becomes more handy as these new functions can construct the Request object.
323         They can then call a single private function that takes a Request object as input.
324         Updated DOMWindowFetch and WorkerGlobalScopeFetch code accordingly.
325
326         To enable this, the binding generator is updated to support runtime-enabled JS built-in functions and
327         private functions atttached to global objects.
328
329         Covered by existing and modified tests.
330         Binding generator test covered by updated binding tests.
331
332         * CMakeLists.txt: Adding DOMWindowFetch.js, FetchRequest.js and WorkerGlobalScopeFetch.js built-in files.
333         * DerivedSources.make: Ditto.
334         * Modules/fetch/DOMWindowFetch.cpp: Removed overloaded fetch and updated according new signature.
335         (WebCore::DOMWindowFetch::fetch):
336         * Modules/fetch/DOMWindowFetch.h: Ditto.
337         * Modules/fetch/DOMWindowFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
338         * Modules/fetch/DOMWindowFetch.js: Added.
339         (fetch):
340         * Modules/fetch/FetchHeaders.h:
341         (WebCore::FetchHeaders::setGuard): Used by FetchRequest when initializing headers.
342         * Modules/fetch/FetchRequest.cpp: 
343         (WebCore::buildHeaders): Removed as implemented in JS.
344         (WebCore::FetchRequest::initializeOptions): Added to handle most of the dictionary initialization.
345         (WebCore::FetchRequest::initializeWith): Method called from built-in constructor function.
346         (WebCore::FetchRequest::setBody): Corresponding to @setBody private method.
347         (WebCore::buildBody): Deleted.
348         * Modules/fetch/FetchRequest.h:
349         * Modules/fetch/FetchRequest.idl:
350         * Modules/fetch/FetchRequest.js: Added.
351         (initializeFetchRequest): Implements fetch Request(input, init) constructor.
352         * Modules/fetch/FetchResponse.cpp:
353         (WebCore::FetchResponse::fetch): Removed the construction of FetchRequest in fetch method since it is done by JS built-in code.
354         * Modules/fetch/FetchResponse.h:
355         * Modules/fetch/WorkerGlobalScopeFetch.cpp: Removed overloaded fetch and updated according new signature.
356         (WebCore::WorkerGlobalScopeFetch::fetch):
357         * Modules/fetch/WorkerGlobalScopeFetch.h: Ditto.
358         * Modules/fetch/WorkerGlobalScopeFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
359         * Modules/fetch/WorkerGlobalScopeFetch.js: Added.
360         (fetch):
361         * bindings/js/WebCoreBuiltinNames.h: Adding fetchRequest, setBody and Request private identifiers.
362         * bindings/scripts/CodeGenerator.pm:
363         (WK_lcfirst): Replacing dOM by dom.
364         * bindings/scripts/CodeGeneratorJS.pm:
365         (GenerateImplementation): Adding support for runtime-enabled built-in methods and private methods.
366         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
367         (WebCore::JSTestGlobalObject::finishCreation):
368         (WebCore::jsTestGlobalObjectInstanceFunctionTestPrivateFunction):
369         * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
370         (-[DOMTestGlobalObject testJSBuiltinFunction]):
371         * bindings/scripts/test/TestGlobalObject.idl: Adding tests for runtime-enabled global built-in methods and private methods.
372
373 2016-07-24  Nan Wang  <n_wang@apple.com>
374
375         AX: Video Controls: Volume cannot be adjusted using VO.
376         https://bugs.webkit.org/show_bug.cgi?id=160107
377
378         Reviewed by Dean Jackson.
379
380         The volume slider in video tag had 0.01 step which caused the screen reader adjusting it slowly.
381         Changed the step to 0.05 and added the aria-valuetext attribute to the slider, so that the value
382         is spoken in percentage. 
383
384         Test: accessibility/mac/video-volume-slider-accessibility.html
385
386         * Modules/mediacontrols/mediaControlsApple.js:
387         (Controller.prototype.createControls):
388         (Controller.prototype.handleVolumeSliderInput):
389         (Controller.prototype.updateVolume):
390
391 2016-07-24  David Kilzer  <ddkilzer@apple.com>
392
393         REGRESSION (r203106): Crash in WebCore::MathMLElement::parseMathMLLength()
394         <https://webkit.org/b/160111>
395         <rdar://problem/27506489>
396
397         Reviewed by Chris Dumez.
398
399         Test: mathml/mpadded-crash.html
400
401         * mathml/MathMLElement.cpp:
402         (WebCore::skipLeadingAndTrailingWhitespace): Change to take
403         StringView parameter instead of String to avoid creating a
404         temporary String that's released on return.
405
406 2016-07-24  Carlos Garcia Campos  <cgarcia@igalia.com>
407
408         [Coordinated Graphics] ASSERTION FAILED: !m_flushingLayers in fast/repaint/animation-after-layer-scroll.html
409         https://bugs.webkit.org/show_bug.cgi?id=160142
410
411         Reviewed by Michael Catanzaro.
412
413         This only happens in layout tests, because it happens when RenderLayerCompositor::layerTreeAsText() is
414         called. The thing is that CoordinatedGraphicsLayer::flushCompositingState() calls notifyFlushRequired() that
415         checks if the coordinator is flusing layers and if not it calls RenderLayerCompositor::notifyFlushRequired() and
416         returns early. This normally works because the coodinator is the one starting the layer flush, so that when
417         RenderLayerCompositor::flushPendingLayerChanges() is called the coordinator is always flusing layers. But
418         RenderLayerCompositor::layerTreeAsText() calls RenderLayerCompositor::flushPendingLayerChanges() directly, so at
419         that moment the coordinator is not flusing layers, what causes that
420         CoordinatedGraphicsLayer::flushCompositingState() ends up calling RenderLayerCompositor::notifyFlushRequired()
421         that schedules a new flush while flusing layers causing the
422         assertion. CoordinatedGraphicsLayer::flushCompositingState() is always called from
423         CompositingCoordinator::flushPendingLayerChanges() or RenderLayerCompositor::flushPendingLayerChanges() so we
424         never need to call RenderLayerCompositor::notifyFlushRequired() from there.
425
426         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
427         (WebCore::CoordinatedGraphicsLayer::notifyFlushRequired): This is void now since the return value is not checked anywhere.
428         (WebCore::CoordinatedGraphicsLayer::flushCompositingState): Remove the call to notifyFlushRequired().
429         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
430
431 2016-07-24  Darin Adler  <darin@apple.com>
432
433         Adding a new WebCore JavaScript built-in source file does not trigger rebuild of WebCoreJSBuiltins*
434         https://bugs.webkit.org/show_bug.cgi?id=160115
435
436         Reviewed by Youenn Fablet.
437
438         * DerivedSources.make: Added a missing dependency so the rule that builds WebCore_BUILTINS_WRAPPERS
439         kicks in when the list of WebCore_BUILTINS_SOURCES is modified. Also added another missing dependency
440         so that changes to the JavaScript built-ins Python scripts will also trigger WebCore_BUILTINS_WRAPPERS.
441
442         * make-generated-sources.sh: Removed. Was unused.
443
444 2016-07-23  Zalan Bujtas  <zalan@apple.com>
445
446         Stop isEmpty() from leaking out of SVG.
447         https://bugs.webkit.org/show_bug.cgi?id=160121
448
449         Reviewed by Simon Fraser.
450
451         It's unclear what isEmpty() actually means and it doesn't bring any value to Render* classes.
452
453         No change in functionality.
454
455         * editing/CompositeEditCommand.cpp:
456         (WebCore::CompositeEditCommand::addBlockPlaceholderIfNeeded):
457         * rendering/RenderElement.h:
458         * rendering/RenderListItem.cpp:
459         (WebCore::RenderListItem::isEmpty): Deleted.
460         * rendering/RenderListItem.h:
461         * rendering/RenderObject.h:
462         (WebCore::RenderObject::isEmpty): Deleted.
463         * rendering/RenderRubyRun.cpp:
464         (WebCore::RenderRubyRun::removeChild):
465         (WebCore::RenderRubyRun::isEmpty): Deleted.
466         * rendering/RenderRubyRun.h:
467         * rendering/mathml/RenderMathMLFenced.cpp:
468         (WebCore::RenderMathMLFenced::updateFromElement):
469         (WebCore::RenderMathMLFenced::addChild):
470         * rendering/mathml/RenderMathMLRoot.cpp:
471         (WebCore::RenderMathMLRoot::paint):
472         * rendering/svg/RenderSVGShape.h:
473
474 2016-07-23  Zalan Bujtas  <zalan@apple.com>
475
476         table*BorderAdjoiningCell and borderAdjoiningCell* should take reference instead of RenderTableCell*.
477         https://bugs.webkit.org/show_bug.cgi?id=160123
478
479         Reviewed by Simon Fraser.
480
481         No change in functionality.
482
483         * rendering/RenderTable.cpp:
484         (WebCore::RenderTable::tableStartBorderAdjoiningCell):
485         (WebCore::RenderTable::tableEndBorderAdjoiningCell):
486         * rendering/RenderTable.h:
487         * rendering/RenderTableCell.cpp:
488         (WebCore::RenderTableCell::computeCollapsedStartBorder):
489         (WebCore::RenderTableCell::computeCollapsedEndBorder):
490         * rendering/RenderTableCell.h:
491         (WebCore::RenderTableCell::borderAdjoiningCellBefore):
492         (WebCore::RenderTableCell::borderAdjoiningCellAfter):
493         * rendering/RenderTableCol.cpp:
494         (WebCore::RenderTableCol::borderAdjoiningCellStartBorder):
495         (WebCore::RenderTableCol::borderAdjoiningCellEndBorder):
496         (WebCore::RenderTableCol::borderAdjoiningCellBefore):
497         (WebCore::RenderTableCol::borderAdjoiningCellAfter):
498         * rendering/RenderTableCol.h:
499         * rendering/RenderTableRow.cpp:
500         (WebCore::RenderTableRow::borderAdjoiningStartCell):
501         (WebCore::RenderTableRow::borderAdjoiningEndCell):
502         * rendering/RenderTableRow.h:
503         * rendering/RenderTableSection.cpp:
504         (WebCore::RenderTableSection::borderAdjoiningStartCell):
505         (WebCore::RenderTableSection::borderAdjoiningEndCell):
506         * rendering/RenderTableSection.h:
507
508 2016-07-23  Zalan Bujtas  <zalan@apple.com>
509
510         Remove unused enum and stale comment from RenderObject.
511         https://bugs.webkit.org/show_bug.cgi?id=160122
512
513         Reviewed by Simon Fraser.
514
515         No change in functionality.
516
517         * rendering/RenderBox.h:
518
519 2016-07-23  Carlos Garcia Campos  <cgarcia@igalia.com>
520
521         [Coordinated Graphics] Lots of flaky tests
522         https://bugs.webkit.org/show_bug.cgi?id=160118
523
524         Reviewed by Michael Catanzaro.
525
526         Since the GTK+ ported to threaded compositor (coordinated graphics) there are a lot of flaky tests in the
527         bots. In manu of the cases the diff shows a different size in the FrameView layer.
528
529         This happens for tests run in the same WTR after fast/fixed-layout/fixed-layout.html. This is what happens:
530
531          1.- Test fast/fixed-layout/fixed-layout.html runs and sets fixed layout to true and fixed layout size to 400x400
532          2.- When it finishes TestController::resetStateToConsistentValues() is called.
533          3.- Blank URL is loaded after state has been updated
534          4.- Then Reset message is handled in the web process and Internals::resetToConsistentState() resets the fixed
535              layout state and size.
536          5.- onresize happens and the handler set in fast/fixed-layout/fixed-layout.html is invoked setting the fixed
537              layout to true and size to 400x400 again.
538          6.- about_blank is then loaded with the fixed layout enabled, as well as other tests after this one.
539
540         In addition to this, coordinated graphics uses a fixedVisibleContentRect in ScrollView that is never reset.
541
542         * platform/ScrollView.cpp:
543         (WebCore::ScrollView::unscaledVisibleContentSizeIncludingObscuredArea): Only use m_fixedVisibleContentRect when
544         fixed layout is enabled.
545         (WebCore::ScrollView::unscaledUnobscuredVisibleContentSize): Ditto.
546         (WebCore::ScrollView::visibleContentRectInternal): Ditto.
547         * testing/Internals.cpp:
548         (WebCore::Internals::resetToConsistentState): Reset also the m_fixedVisibleContentRect.
549
550 2016-07-23  Carlos Garcia Campos  <cgarcia@igalia.com>
551
552         [Coordinated Graphics] Test imported/blink/svg/custom/svg-image-layers-crash.html crashes
553         https://bugs.webkit.org/show_bug.cgi?id=160078
554
555         Reviewed by Michael Catanzaro.
556
557         This is a merge of Blink r155373.
558         https://chromiumcodereview.appspot.com/20789004
559
560         Disable accelerated compositing for SVGImage content layers. SVGImageChromeClient does not support it.
561
562         Fixes imported/blink/svg/custom/svg-image-layers-crash.html.
563
564         * svg/graphics/SVGImage.cpp:
565         (WebCore::SVGImage::dataChanged):
566
567 2016-07-23  Commit Queue  <commit-queue@webkit.org>
568
569         Unreviewed, rolling out r203641.
570         https://bugs.webkit.org/show_bug.cgi?id=160116
571
572         It broke make-based builds (Requested by youenn on #webkit).
573
574         Reverted changeset:
575
576         "[Fetch API] Request should be created with any HeadersInit
577         data"
578         https://bugs.webkit.org/show_bug.cgi?id=159672
579         http://trac.webkit.org/changeset/203641
580
581 2016-07-23  Youenn Fablet  <youenn@apple.com>
582
583         [Fetch API] Request should be created with any HeadersInit data
584         https://bugs.webkit.org/show_bug.cgi?id=159672
585
586         Reviewed by Sam Weinig.
587
588         Made Request use JSBuiltinConstructor.
589         This allows initializing newly created Request with a JS built-in function, initializeFetchRequest.
590         initializeFetchRequest can call @fillFetchHeaders internal built-in to handle any HeadersInit data.
591         Future effort should be made to migrate more initialization code in initializeFetchRequest.
592
593         Made window and worker fetch function as a JS built-in.
594         This becomes more handy as these new functions can construct the Request object.
595         They can then call a single private function that takes a Request object as input.
596         Updated DOMWindowFetch and WorkerGlobalScopeFetch code accordingly.
597
598         To enable this, the binding generator is updated to support runtime-enabled JS built-in functions and
599         private functions atttached to global objects.
600
601         Covered by existing and modified tests.
602         Binding generator test covered by updated binding tests.
603
604         * CMakeLists.txt: Adding DOMWindowFetch.js, FetchRequest.js and WorkerGlobalScopeFetch.js built-in files.
605         * DerivedSources.make: Ditto.
606         * Modules/fetch/DOMWindowFetch.cpp: Removed overloaded fetch and updated according new signature.
607         (WebCore::DOMWindowFetch::fetch):
608         * Modules/fetch/DOMWindowFetch.h: Ditto.
609         * Modules/fetch/DOMWindowFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
610         * Modules/fetch/DOMWindowFetch.js: Added.
611         (fetch):
612         * Modules/fetch/FetchHeaders.h:
613         (WebCore::FetchHeaders::setGuard): Used by FetchRequest when initializing headers.
614         * Modules/fetch/FetchRequest.cpp: 
615         (WebCore::buildHeaders): Removed as implemented in JS.
616         (WebCore::FetchRequest::initializeOptions): Added to handle most of the dictionary initialization.
617         (WebCore::FetchRequest::initializeWith): Method called from built-in constructor function.
618         (WebCore::FetchRequest::setBody): Corresponding to @setBody private method.
619         (WebCore::buildBody): Deleted.
620         * Modules/fetch/FetchRequest.h:
621         * Modules/fetch/FetchRequest.idl:
622         * Modules/fetch/FetchRequest.js: Added.
623         (initializeFetchRequest): Implements fetch Request(input, init) constructor.
624         * Modules/fetch/FetchResponse.cpp:
625         (WebCore::FetchResponse::fetch): Removed the construction of FetchRequest in fetch method since it is done by JS built-in code.
626         * Modules/fetch/FetchResponse.h:
627         * Modules/fetch/WorkerGlobalScopeFetch.cpp: Removed overloaded fetch and updated according new signature.
628         (WebCore::WorkerGlobalScopeFetch::fetch):
629         * Modules/fetch/WorkerGlobalScopeFetch.h: Ditto.
630         * Modules/fetch/WorkerGlobalScopeFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
631         * Modules/fetch/WorkerGlobalScopeFetch.js: Added.
632         (fetch):
633         * bindings/js/WebCoreBuiltinNames.h: Adding fetchRequest, setBody and Request private identifiers.
634         * bindings/scripts/CodeGenerator.pm:
635         (WK_lcfirst): Replacing dOM by dom.
636         * bindings/scripts/CodeGeneratorJS.pm:
637         (GenerateImplementation): Adding support for runtime-enabled built-in methods and private methods.
638         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
639         (WebCore::JSTestGlobalObject::finishCreation):
640         (WebCore::jsTestGlobalObjectInstanceFunctionTestPrivateFunction):
641         * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
642         (-[DOMTestGlobalObject testJSBuiltinFunction]):
643         * bindings/scripts/test/TestGlobalObject.idl: Adding tests for runtime-enabled global built-in methods and private methods.
644
645 2016-07-23  Frederic Wang  <fwang@igalia.com>
646
647         Reset font-style on the <math> element
648         https://bugs.webkit.org/show_bug.cgi?id=160074
649
650         Reviewed by Darin Adler.
651
652         Mathematical formulas with italic font-style render poorly (slanted operators, mathvariant
653         italic etc). We align on Gecko and make the user agent stylesheet reset the font-style to
654         'normal' by default. This addresses the concrete use case of formula inside theorem or
655         proposition statements, which are often written in italic.
656
657         Test: mathml/presentation/math-font-style.html
658
659         * css/mathml.css:
660         (math): Reset the font-style to normal.
661
662 2016-07-23  Frederic Wang  <fwang@igalia.com>
663
664         [MathML] PaintInfo state is not properly restored after applyTransform.
665         https://bugs.webkit.org/show_bug.cgi?id=160077
666
667         Reviewed by Simon Fraser.
668
669         PaintInfo::applyTransform modifies PaintInfo::rect and the original state is not properly
670         restored by GraphicsContextStateSaver. To avoid some weird rendering bugs in MathOperator
671         and RenderMathMLMenclose, we follow what is done in SVG renderers and make a copy of the
672         original PaintInfo before applying the transform.
673
674         Test: mathml/presentation/bug160077.html
675
676         * rendering/mathml/MathOperator.cpp:
677         (WebCore::MathOperator::paint):
678         * rendering/mathml/RenderMathMLMenclose.cpp:
679         (WebCore::RenderMathMLMenclose::paint):
680
681 2016-07-23  Youenn Fablet  <youenn@apple.com>
682
683         [Fetch API] Fetch response stream should enqueue Uint8Array
684         https://bugs.webkit.org/show_bug.cgi?id=160083
685
686         Reviewed by Sam Weinig.
687
688         Covered by updated tests.
689
690         Before enqueuing, ReadableStreamController::enqueue will convert ArrayBuffer as Uint8Array.
691         It also returns a boolean whether the operation is successful or not.
692
693         If returned value is false, calling code will stop loading or if everything is loaded it will refrain from closing the stream.
694         The enqueuing should be succesful except in OutOfMemory cases. This case is not yet handled in test cases.
695
696         Updated the code to remove templated enqueuing as Fetch has no use of it.
697
698         * Modules/fetch/FetchBody.cpp:
699         (WebCore::FetchBody::consumeAsStream): Do not close the stream if enqueuing failed.
700         * Modules/fetch/FetchBodyOwner.cpp:
701         (WebCore::FetchBodyOwner::blobChunk): Stop blob loading if enqueuing failed.
702         * Modules/fetch/FetchResponse.cpp:
703         (WebCore::FetchResponse::BodyLoader::didReceiveData): Stop resource loading if enqueuing failed.
704         (WebCore::FetchResponse::consumeBodyAsStream): Ditto.
705         * Modules/fetch/FetchResponseSource.h:
706         * bindings/js/ReadableStreamController.h:
707         (WebCore::ReadableStreamController::enqueue):
708         (WebCore::ReadableStreamController::enqueue<RefPtr<JSC::ArrayBuffer>>): Deleted.
709
710 2016-07-22  Youenn Fablet  <youenn@apple.com>
711
712         Use a private property to implement FetchResponse.body getter
713         https://bugs.webkit.org/show_bug.cgi?id=159808
714
715         Reviewed by Sam Weinig.
716
717         Covered by existing test sets.
718
719         Previously, body was handled as a CachedAttribute.
720         Using a private property will allow direct use of this property from JS built-ins which will allow easier
721         handling of ReadableStream cloning in Response.clone.
722         Also, this allows removing some binding custom code.
723
724         Updated redirect and error static methods to take NewObject keyword, as this removes a search into cached wrappers.
725         Ditto for createReadableStreamSource.
726
727         * CMakeLists.txt: Removing JSFetchResponseCustom.cpp.
728         * Modules/fetch/FetchResponse.idl: Adding createReadableStreamSource and isDisturbed private functions.
729         Making body getter a JSBuiltin.
730         * Modules/fetch/FetchResponse.js:
731         (body): Adding getter which will call createReadableStreamSource if needed.
732         * WebCore.xcodeproj/project.pbxproj: Removing JSFetchResponseCustom.cpp.
733         * bindings/js/JSFetchResponseCustom.cpp: Removed.
734         * bindings/js/ReadableStreamController.cpp:
735         (WebCore::createReadableStream): Deleted.
736         (WebCore::getReadableStreamReader): Deleted.
737         * bindings/js/ReadableStreamController.h: Removing unneeded ReadableStream helper routine now that they can be
738         handled within JS built-in code.
739         * bindings/js/WebCoreBuiltinNames.h: Adding @createReadableStreamSource, @isDisturbed  and @Response identifiers.
740
741 2016-07-22  Zalan Bujtas  <zalan@apple.com>
742
743         Handle cases when IOSurface initialization fails.
744         https://bugs.webkit.org/show_bug.cgi?id=160006
745         <rdar://problem/27495102>
746
747         Reviewed by Tim Horton and Simon Fraser.
748
749         This is an additional fix to r203514 to check if IOSurface initialization was successful.
750
751         Unable to test.
752
753         * platform/graphics/cg/ImageBufferCG.cpp:
754         (WebCore::ImageBuffer::ImageBuffer):
755         * platform/graphics/cocoa/IOSurface.h: Merge 2 c'tors.
756         * platform/graphics/cocoa/IOSurface.mm: Remove redundant IOSurface::create() code.  
757         (WebCore::IOSurface::create):
758         (WebCore::IOSurface::createFromImage):
759         (WebCore::IOSurface::IOSurface):
760         (WebCore::IOSurface::convertToFormat):
761
762 2016-07-22  Wenson Hsieh  <wenson_hsieh@apple.com>
763
764         Media controls should be displayed for media in media documents
765         https://bugs.webkit.org/show_bug.cgi?id=160104
766         <rdar://problem/27438936>
767
768         Reviewed by Myles C. Maxfield.
769
770         Make videos that would otherwise not have been large enough or have the right
771         aspect ratio cause media controls to appear. This is because media elements in
772         a media document are implied to be main content.
773
774         Added a new API test.
775
776         * html/MediaElementSession.cpp:
777         (WebCore::MediaElementSession::canControlControlsManager):
778
779 2016-07-22  Myles C. Maxfield  <mmaxfield@apple.com>
780
781         All dancers with bunny ears are female
782         https://bugs.webkit.org/show_bug.cgi?id=160102
783         <rdar://problem/27453479>
784
785         Reviewed by Simon Fraser.
786
787         In r203330 I added support for new emoji group candidates. I accidentally
788         missed one of the new emoji code points.
789
790         Tests: editing/deleting/delete-emoji.html:
791                fast/text/emoji-gender-2-9.html:
792                fast/text/emoji-gender-9.html:
793                fast/text/emoji-gender-fe0f-9.html:
794
795         * platform/text/CharacterProperties.h:
796         (WebCore::isEmojiGroupCandidate):
797
798 2016-07-22  Chris Dumez  <cdumez@apple.com>
799
800         Parameter to HTMLCollection.item() / namedItem() should be mandatory
801         https://bugs.webkit.org/show_bug.cgi?id=160099
802
803         Reviewed by Sam Weinig.
804
805         Parameter to HTMLCollection.item() / namedItem() should be mandatory:
806         - https://dom.spec.whatwg.org/#interface-htmlcollection
807         - https://html.spec.whatwg.org/multipage/infrastructure.html#htmlformcontrolscollection
808         - https://html.spec.whatwg.org/multipage/infrastructure.html#the-htmloptionscollection-interface
809
810         Firefox and Chrome agree with the specification.
811
812         No new tests, rebaselined existing tests.
813
814         * bindings/js/JSHTMLFormControlsCollectionCustom.cpp:
815         (WebCore::JSHTMLFormControlsCollection::namedItem):
816         * html/HTMLCollection.idl:
817         * html/HTMLFormControlsCollection.idl:
818         * html/HTMLOptionsCollection.idl:
819
820 2016-07-22  Chris Dumez  <cdumez@apple.com>
821
822         First parameter to Window.getComputedStyle() should be mandatory and non-nullable
823         https://bugs.webkit.org/show_bug.cgi?id=160097
824
825         Reviewed by Ryosuke Niwa.
826
827         First parameter to Window.getComputedStyle() should be mandatory and
828         non-nullable:
829         - https://drafts.csswg.org/cssom/#extensions-to-the-window-interface
830
831         Firefox and Chrome agree with the specification.
832
833         Test: fast/dom/Window/getComputedStyle-missing-parameter.html
834
835         * css/CSSComputedStyleDeclaration.cpp:
836         (WebCore::ComputedStyleExtractor::ComputedStyleExtractor):
837         (WebCore::CSSComputedStyleDeclaration::CSSComputedStyleDeclaration):
838         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
839         (WebCore::CSSComputedStyleDeclaration::copyProperties):
840         (WebCore::CSSComputedStyleDeclaration::length):
841         (WebCore::CSSComputedStyleDeclaration::item):
842         (WebCore::CSSComputedStyleDeclaration::getPropertyValue):
843         * css/CSSComputedStyleDeclaration.h:
844         * dom/Document.idl:
845         * inspector/InspectorCSSAgent.cpp:
846         (WebCore::InspectorCSSAgent::getComputedStyleForNode):
847         * page/DOMWindow.cpp:
848         (WebCore::DOMWindow::getComputedStyle):
849         * page/DOMWindow.h:
850         * page/DOMWindow.idl:
851         * testing/Internals.cpp:
852         (WebCore::Internals::computedStyleIncludingVisitedInfo):
853         * testing/Internals.h:
854         * testing/Internals.idl:
855
856 2016-07-22  Brady Eidson  <beidson@apple.com>
857
858         Removing IndexedDatabases that have stored blobs doesn't remove the blob files.
859         https://bugs.webkit.org/show_bug.cgi?id=160089
860
861         Reviewed by Darin Adler.
862
863         Tested by API test IndexedDB.StoreBlobThenDelete.
864
865         Blob filenames exist in the IDB directory with the name "[0-9]+.blob".
866         
867         That is, one or more digits, followed by ".blob".
868         
869         So when we delete an IndexedDB.sqlite3 and related files, we should delete those blob files as well.
870         
871         * Modules/indexeddb/server/IDBServer.cpp:
872         (WebCore::IDBServer::removeAllDatabasesForOriginPath):
873
874 2016-07-22  Chris Dumez  <cdumez@apple.com>
875
876         Fix default parameter values for window.alert() / prompt() / confirm()
877         https://bugs.webkit.org/show_bug.cgi?id=160085
878
879         Reviewed by Ryosuke Niwa.
880
881         Fix default parameter values for window.alert() / prompt() / confirm() to
882         match the specification:
883         - https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
884
885         They should default to the empty string, not the string "undefined".
886
887         Firefox and chrome agree with the specification.
888
889         No new tests, updated existing test.
890
891         * page/DOMWindow.h:
892         * page/DOMWindow.idl:
893
894 2016-07-22  Daniel Bates  <dabates@apple.com>
895
896         CSP: object-src and plugin-types directives are not respected for plugin replacements
897         https://bugs.webkit.org/show_bug.cgi?id=159761
898         <rdar://problem/27365724>
899
900         Reviewed by Brent Fulgham.
901
902         Apply the Content Security Policy (CSP) object-src and plugin-types directives to content that will
903         load with a plugin replacement.
904
905         Tests: security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html
906                security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html
907                security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html
908                security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html
909                security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html
910                security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html
911                security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html
912                security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html
913
914         * html/HTMLPlugInImageElement.cpp:
915         (WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent): Added.
916         (WebCore::HTMLPlugInImageElement::requestObject): Only request loading plugin content if we
917         are allowed to load such content.
918         * html/HTMLPlugInImageElement.h:
919         * loader/SubframeLoader.cpp:
920         (WebCore::SubframeLoader::pluginIsLoadable): Removed code to check CSP as we will check CSP
921         earlier in HTMLPlugInImageElement::requestObject().
922         (WebCore::SubframeLoader::requestPlugin): Ditto.
923         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Deleted; moved implementation
924         to HTMLPlugInImageElement::allowedToLoadPluginContent().
925         (WebCore::SubframeLoader::requestObject): Deleted.
926         * loader/SubframeLoader.h:
927         * page/csp/ContentSecurityPolicy.cpp:
928         (WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded): Changed signature from a non-const
929         function to a const function since these functions do not modify |this|.
930         * page/csp/ContentSecurityPolicy.h: 
931
932 2016-07-22  Chris Dumez  <cdumez@apple.com>
933
934         Parameters to Node.replaceChild() / insertBefore() should be mandatory
935         https://bugs.webkit.org/show_bug.cgi?id=160091
936
937         Reviewed by Darin Adler.
938
939         Parameters to Node.replaceChild() / insertBefore() should be mandatory:
940         - https://dom.spec.whatwg.org/#node
941
942         The compatibility risk should be low since Firefox and Chrome both agree
943         with the specification and because it does not make much sense to omit
944         parameters when using this API.
945
946         No new tests, rebaselined existing tests.
947
948         * bindings/js/JSNodeCustom.cpp:
949         (WebCore::JSNode::insertBefore):
950         (WebCore::JSNode::replaceChild):
951
952 2016-07-22  Chris Dumez  <cdumez@apple.com>
953
954         Parameter to Node.contains() should be mandatory
955         https://bugs.webkit.org/show_bug.cgi?id=160084
956
957         Reviewed by Darin Adler.
958
959         Parameter to Node.contains() should be mandatory as per the
960         specification:
961         - https://dom.spec.whatwg.org/#node
962
963         The compatibility risk should be low because both Firefox and Chrome
964         both agree with the specification. Also, it does not make much sense
965         to call this API without parameter.
966
967         No new tests, rebaselined existing tests.
968
969         * dom/Node.idl:
970
971 2016-07-22  Said Abou-Hallawa  <sabouhallawa@apple.com>
972
973         [iOS] REGRESSION(203378): PDFDocumentImage::updateCachedImageIfNeeded() uses the unscaled size when deciding whether to cache the PDF image
974         https://bugs.webkit.org/show_bug.cgi?id=159933
975
976         Reviewed by Simon Fraser.
977
978         We need to use the scaled size when deciding whether to cache the PDF image
979         or not. This is because ImageBuffer takes the display resolution into account
980         which gives higher resolution for the image when zooming.
981
982         * platform/graphics/cg/PDFDocumentImage.cpp:
983         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
984
985 2016-07-22  Chris Dumez  <cdumez@apple.com>
986
987         First parameter to getElementById() should be mandatory
988         https://bugs.webkit.org/show_bug.cgi?id=160087
989
990         Reviewed by Darin Adler.
991
992         First parameter to getElementById() should be mandatory:
993         - https://dom.spec.whatwg.org/#nonelementparentnode
994         - https://www.w3.org/TR/SVG/struct.html#InterfaceSVGSVGElement
995
996         Both Firefox and Chrome agree with the specification.
997
998         Test: svg/dom/SVGSVGElement-getElementById.html
999
1000         * dom/NonElementParentNode.idl:
1001         * svg/SVGSVGElement.idl:
1002
1003 2016-07-22  Chris Dumez  <cdumez@apple.com>
1004
1005         Parameter to Node.lookupPrefix() / lookupNamespaceURI() / isDefaultNamespace() should be mandatory
1006         https://bugs.webkit.org/show_bug.cgi?id=160086
1007
1008         Reviewed by Darin Adler.
1009
1010         Parameter to Node.lookupPrefix() / lookupNamespaceURI() / isDefaultNamespace()
1011         should be mandatory:
1012         - https://dom.spec.whatwg.org/#node
1013
1014         Firefox and Chrome both agree with the specification.
1015
1016         No new tests, rebaselined existing tests.
1017
1018         * dom/Node.idl:
1019
1020 2016-07-22  Chris Dumez  <cdumez@apple.com>
1021
1022         Parameter to Node.compareDocumentPosition() should be mandatory and non-nullable
1023         https://bugs.webkit.org/show_bug.cgi?id=160071
1024
1025         Reviewed by Ryosuke Niwa.
1026
1027         
1028         Parameter to Node.compareDocumentPosition() should be mandatory and
1029         non-nullable:
1030         - https://dom.spec.whatwg.org/#interface-node
1031
1032         Firefox and Chrome agree with the specification so the compatibility
1033         risk should be low. Also, it does not make much sense to call this
1034         operation without parameter.
1035
1036         No new tests, rebaselined existing tests.
1037
1038         * accessibility/AccessibilityObject.cpp:
1039         (WebCore::rangeClosestToRange):
1040         * dom/AuthorStyleSheets.cpp:
1041         (WebCore::AuthorStyleSheets::addStyleSheetCandidateNode):
1042         * dom/Node.cpp:
1043         (WebCore::compareDetachedElementsPosition):
1044         (WebCore::Node::compareDocumentPosition):
1045         * dom/Node.h:
1046         * dom/Node.idl:
1047         * dom/Position.h:
1048         (WebCore::operator<):
1049         * html/HTMLFormElement.cpp:
1050         (WebCore::HTMLFormElement::formElementIndexWithFormAttribute):
1051         (WebCore::HTMLFormElement::formElementIndex):
1052         * rendering/RenderNamedFlowThread.cpp:
1053         (WebCore::RenderNamedFlowThread::nextRendererForElement):
1054         (WebCore::compareRenderNamedFlowFragments):
1055         (WebCore::RenderNamedFlowThread::registerNamedFlowContentElement):
1056
1057 2016-07-22  Konstantin Tokarev  <annulen@yandex.ru>
1058
1059         [cmake] Removed obsolete plugins/win directory
1060         https://bugs.webkit.org/show_bug.cgi?id=160081
1061
1062         Reviewed by Per Arne Vollan.
1063
1064         It was removed in r178219.
1065
1066         No new tests needed.
1067
1068         * PlatformWin.cmake:
1069
1070 2016-07-22  Youenn Fablet  <youenn@apple.com>
1071
1072         run-builtins-generator-tests should be able to test WebCore builtins wrapper with more than one file
1073         https://bugs.webkit.org/show_bug.cgi?id=159921
1074
1075         Reviewed by Brian Burg.
1076
1077         Covered by existing and added built-ins tests.
1078
1079         Updating built system according ---wrappers-only new meaning.
1080         builtin generator is now called for each individual built-in file plus once for WebCore wrapper files.
1081         WebCore wrapper files allow handling things like conditionally guarded features.
1082         They also remove the need to use built-ins macros outside generated code.
1083
1084         * CMakeLists.txt:
1085         * DerivedSources.make:
1086
1087 2016-07-21  Frederic Wang  <fwang@igalia.com>
1088
1089         Move parsing of accentunder and accent attributes from renderer to element classes
1090         https://bugs.webkit.org/show_bug.cgi?id=159625
1091
1092         Reviewed by Brent Fulgham.
1093
1094         We introduce a new MathMLUnderOverElement that is used for elements munder, mover and
1095         munderover in order to create RenderMathMLUnderOver and parse and expose the values of the
1096         accent and accentunder attributes. This is one more step toward moving MathML attribute
1097         parsing to the DOM (bug 156536). We also do minor clean-up for this and previous renderer
1098         classes that no longer do attribute parsing: the MathMLNames namespace is no longer necessary
1099         and constructors can take a more accurate element type.
1100
1101         No new tests, already covered by existing test.
1102
1103         * CMakeLists.txt: Add MathMLUnderOverElement files.
1104         * WebCore.xcodeproj/project.pbxproj: Ditto.
1105         * mathml/MathMLAllInOne.cpp: Ditto.
1106         * mathml/MathMLElement.cpp:
1107         (WebCore::MathMLElement::cachedBooleanAttribute): Add parsing of boolean attributes.
1108         * mathml/MathMLElement.h: New type and helper functions for boolean attributes.
1109         * mathml/MathMLInlineContainerElement.cpp:
1110         (WebCore::MathMLInlineContainerElement::createElementRenderer): Remove handling of
1111         under/over/underover elements.
1112         * mathml/MathMLScriptsElement.cpp:
1113         (WebCore::MathMLScriptsElement::MathMLScriptsElement): Remove inline keyword to avoid link
1114         errors now that MathMLUnderOverElement overrides that class.
1115         * mathml/MathMLScriptsElement.h: Allow MathMLUnderOverElement to override this class.
1116         * mathml/MathMLUnderOverElement.cpp:
1117         (WebCore::MathMLUnderOverElement::MathMLUnderOverElement):
1118         (WebCore::MathMLUnderOverElement::create):
1119         (WebCore::MathMLUnderOverElement::accent): Helper function to access the accent value.
1120         (WebCore::MathMLUnderOverElement::accentUnder): Helper function to access the accentunder value.
1121         (WebCore::MathMLUnderOverElement::parseAttribute): Make accent and accentunder dirty.
1122         (WebCore::MathMLUnderOverElement::createElementRenderer): Create RenderMathMLUnderOver
1123         * mathml/MathMLUnderOverElement.h:
1124         * mathml/mathtags.in: Map under/over/underover to MathMLUnderOverElement.
1125         * rendering/mathml/RenderMathMLFraction.cpp: Remove MathMLNames and make the constructor
1126         take a MathMLFractionElement.
1127         (WebCore::RenderMathMLFraction::RenderMathMLFraction):
1128         * rendering/mathml/RenderMathMLFraction.h:
1129         * rendering/mathml/RenderMathMLPadded.cpp: Remove MathMLNames and make the constructor
1130         take a MathMLPaddedElement.
1131         (WebCore::RenderMathMLPadded::RenderMathMLPadded):
1132         * rendering/mathml/RenderMathMLPadded.h:
1133         * rendering/mathml/RenderMathMLScripts.cpp: Remove MathMLNames and make the constructor
1134         take a MathMLScriptsElement. Also rename scriptsElement() to element().
1135         (WebCore::RenderMathMLScripts::RenderMathMLScripts):
1136         (WebCore::RenderMathMLScripts::element):
1137         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
1138         (WebCore::RenderMathMLScripts::scriptsElement): Deleted.
1139         * rendering/mathml/RenderMathMLScripts.h:
1140         * rendering/mathml/RenderMathMLUnderOver.cpp: Remove MathMLNames and make the constructor
1141         take a RenderMathMLUnderOver.
1142         (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver):
1143         (WebCore::RenderMathMLUnderOver::element):
1144         (WebCore::RenderMathMLUnderOver::hasAccent): Use the helper functions for accent and accentunder.
1145         * rendering/mathml/RenderMathMLUnderOver.h:
1146
1147 2016-07-21  Chris Dumez  <cdumez@apple.com>
1148
1149         Parameter to Node.isSameNode() / isEqualNode() should be mandatory
1150         https://bugs.webkit.org/show_bug.cgi?id=160070
1151
1152         Reviewed by Ryosuke Niwa.
1153
1154         Parameter to Node.isSameNode() / isEqualNode() should be mandatory as
1155         per the specification:
1156         - https://dom.spec.whatwg.org/#interface-node
1157
1158         Chrome and Firefox agree with the specification (although Firefox does
1159         not support isSameNode()).
1160
1161         No new tests, rebaselined existing tests.
1162
1163         * dom/Node.idl:
1164
1165 2016-07-21  Chris Dumez  <cdumez@apple.com>
1166
1167         Parameter to Document.createEvent() should be mandatory
1168         https://bugs.webkit.org/show_bug.cgi?id=160065
1169
1170         Reviewed by Darin Adler.
1171
1172         Parameter to Document.createEvent() should be mandatory as per the
1173         specification:
1174         - https://dom.spec.whatwg.org/#document
1175
1176         We already throw anyway when the parameter is omitted because we use
1177         "undefined" as event type, which is invalid. However, we throw the
1178         wrong exception.
1179
1180         Firefox and Chrome agree with the specification here.
1181
1182         No new tests, rebaselined existing tests.
1183
1184         * dom/Document.idl:
1185
1186 2016-07-21  Brian Burg  <bburg@apple.com>
1187
1188         REGRESSION(r62549): Objective-C DOM bindings sometimes fail to regenerate when CodeGenerator.pm is modified
1189         https://bugs.webkit.org/show_bug.cgi?id=160031
1190
1191         Reviewed by Darin Adler.
1192
1193         This bug was caused by a refactoring 6 years ago. Not all uses of a variable
1194         were renamed, so the ObjC bindings target pattern was not specifying any
1195         build scripts as target dependencies.
1196
1197         * DerivedSources.make: Standardize on {COMMON,JS,DOM}_BINDINGS_SCRIPTS.
1198
1199 2016-07-21  Darin Adler  <darin@apple.com>
1200
1201         Remove unneeded content attribute name "playsinline"
1202         https://bugs.webkit.org/show_bug.cgi?id=160069
1203
1204         Reviewed by Chris Dumez.
1205
1206         * html/HTMLVideoElement.idl: Removed explicit content attribute name on Reflect
1207         attribute since it is the same as the name that the code generator will generate.
1208
1209 2016-07-21  Chris Dumez  <cdumez@apple.com>
1210
1211         Make parameters to Element.getElementsBy*() operations mandatory
1212         https://bugs.webkit.org/show_bug.cgi?id=160060
1213
1214         Reviewed by Darin Adler.
1215
1216         Make parameters to Element.getElementsBy*() operations mandatory to
1217         match the specification:
1218         - https://dom.spec.whatwg.org/#interface-element
1219
1220         Firefox and Chrome agree with the specification so the compatibility
1221         risk should be low.
1222
1223         It makes very little sense to call these operations without parameter,
1224         especially considering WebKit uses the string "undefined" if the
1225         parameter is omitted.
1226
1227         No new tests, rebaselined existing tests.
1228
1229         * dom/Element.idl:
1230
1231 2016-07-21  Chris Dumez  <cdumez@apple.com>
1232
1233         Make parameters mandatory for attribute-related API on Element
1234         https://bugs.webkit.org/show_bug.cgi?id=160059
1235
1236         Reviewed by Ryosuke Niwa.
1237
1238         Make parameters mandatory for attribute-related API on Element to match
1239         the specification:
1240         - https://dom.spec.whatwg.org/#element
1241
1242         Firefox and Chrome agree with the specification. Calling this API
1243         without the parameters does not make much sense, especially considering
1244         WebKit uses the string "undefined" when the parameter is omitted.
1245
1246         No new tests, rebaselined existing tests.
1247
1248         * dom/Element.idl:
1249
1250 2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>
1251
1252         Remove support for deprecated SPI inlineMediaPlaybackRequiresPlaysInlineAttribute
1253         https://bugs.webkit.org/show_bug.cgi?id=160066
1254
1255         Reviewed by Dean Jackson.
1256
1257         r203520 deprecated inlineMediaPlaybackRequiresPlaysInlineAttribute in favor of
1258         allowsInlineMediaPlaybackWithPlaysInlineAttribute and
1259         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute. The old
1260         inlineMediaPlaybackRequiresPlaysInlineAttribute is SPI and was never released
1261         to the public. Therefore, it can be removed safely.
1262
1263         No new tests because there is no behavior change.
1264
1265         * page/Settings.cpp:
1266         * page/Settings.in:
1267         * testing/InternalSettings.cpp:
1268         (WebCore::InternalSettings::Backup::Backup): Deleted.
1269         (WebCore::InternalSettings::Backup::restoreTo): Deleted.
1270         (WebCore::InternalSettings::setInlineMediaPlaybackRequiresPlaysInlineAttribute): Deleted.
1271         * testing/InternalSettings.h:
1272         * testing/InternalSettings.idl:
1273
1274 2016-07-21  Dean Jackson  <dino@apple.com>
1275
1276         REGRESSION (r202927): The internal size of the ImageBuffer is scaled twice by the context scaleFactor
1277         https://bugs.webkit.org/show_bug.cgi?id=159981
1278         <rdar://problem/27429465>
1279
1280         Reviewed by Myles Maxfield.
1281
1282         The change to propagate color spaces through ImageBuffers created an
1283         alternate version of createCompatibleBuffer. This version accidentally
1284         attempted to take the display resolution (i.e. hidpi) into account
1285         when creating the buffer, which meant it was being applied twice.
1286
1287         The fix is simply to remove that logic. The caller of the method
1288         will take the resolution into account, the same way they did
1289         with the old createCompatibleBuffer method.
1290
1291         Test: fast/hidpi/pdf-image-scaled.html
1292
1293         * platform/graphics/cg/ImageBufferCG.cpp:
1294         (WebCore::ImageBuffer::createCompatibleBuffer): Don't calculate
1295         a resolution - just use the value of 1.0.
1296
1297 2016-07-21  John Wilander  <wilander@apple.com>
1298
1299         Block mixed content synchronous XHR
1300         https://bugs.webkit.org/show_bug.cgi?id=105462
1301         <rdar://problem/13666424>
1302
1303         Reviewed by Brent Fulgham.
1304
1305         Test: http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame.html
1306
1307         * loader/DocumentThreadableLoader.cpp:
1308         (WebCore::DocumentThreadableLoader::loadRequest):
1309
1310 2016-07-21  Chris Dumez  <cdumez@apple.com>
1311
1312         Make parameters to Document.getElementsBy*() operations mandatory
1313         https://bugs.webkit.org/show_bug.cgi?id=160050
1314
1315         Reviewed by Daniel Bates.
1316
1317         Make parameters to Document.getElementsBy*() operations mandatory to
1318         match the specification:
1319         - https://dom.spec.whatwg.org/#interface-document
1320
1321         Firefox and Chrome agree with the specification so the compatibility
1322         risk should be low.
1323
1324         It makes very little sense to call these operations without parameter,
1325         especially considering WebKit uses the string "undefined" if the
1326         parameter is omitted.
1327
1328         No new tests, rebaselined existing tests.
1329
1330         * dom/Document.idl:
1331
1332 2016-07-21  Nan Wang  <n_wang@apple.com>
1333
1334         AX: aria-label not being used correctly in accessible name calculation of heading
1335         https://bugs.webkit.org/show_bug.cgi?id=160009
1336
1337         Reviewed by Chris Fleizach.
1338
1339         Actually we are exposing the correct information for heading objects. On macOS, 
1340         VoiceOver should handle the logic that picks the right information to speak.
1341         On iOS, VoiceOver is speaking the static text child instead of the heading object.
1342         So we should set the accessibilityLabel of the static text based on the parent's 
1343         alternate label.
1344
1345         Test: accessibility/ios-simulator/heading-with-aria-label.html
1346
1347         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
1348         (-[WebAccessibilityObjectWrapper _accessibilityTraitsFromAncestors]):
1349
1350 2016-07-21  Saam Barati  <sbarati@apple.com>
1351
1352         op_add/ValueAdd should be an IC in all JIT tiers
1353         https://bugs.webkit.org/show_bug.cgi?id=159649
1354
1355         Reviewed by Benjamin Poulain.
1356
1357         * ForwardingHeaders/jit/JITMathICForwards.h: Added.
1358
1359 2016-07-21  Chris Dumez  <cdumez@apple.com>
1360
1361         Make parameters mandatory for Document.create*() operations
1362         https://bugs.webkit.org/show_bug.cgi?id=160047
1363
1364         Reviewed by Ryosuke Niwa.
1365
1366         Make parameters mandatory for Document.create*() operations:
1367         createTextNode(), createComment(), createCDataSection(),
1368         createAttribute() and createProcessingInstruction().
1369
1370         This matches the specification:
1371         - https://dom.spec.whatwg.org/#interface-document
1372
1373         Firefox and Chrome both agree with the specification so the
1374         compatibility risk should be low. Also WebKit uses the string
1375         "undefined" when the parameter is omitted, which is not very
1376         helpful.
1377
1378         No new tests, rebaselined existing tests.
1379
1380         * dom/Document.idl:
1381
1382 2016-07-21  Chris Dumez  <cdumez@apple.com>
1383
1384         Fix null handling of SVGAngle/SVGLength.valueAsString attribute
1385         https://bugs.webkit.org/show_bug.cgi?id=160025
1386
1387         Reviewed by Ryosuke Niwa.
1388
1389         Fix null handling of SVGAngle/SVGLength.valueAsString attribute
1390         to match the specification:
1391         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGAngle
1392         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGLength
1393
1394         In particular, this patch drops [TreatNullAs=EmptyString] IDL
1395         extended attribute from this attribute. This is not supposed
1396         to change behavior given that both "" and "null" are invalid
1397         numbers and the specification says to throw a SYNTAX_ERR in
1398         this case.
1399
1400         However, WebKit currently ignores assignments to "" instead
1401         of throwing. As a result, assigning to null will now throw
1402         instead of being ignored. The compatibility risk should be
1403         low because both Firefox and Chrome throw when assigning
1404         null.
1405
1406         I did not change the behavior when assigning to "" because
1407         it is a bit out of scope for this patch and browsers to not
1408         seem to agree:
1409         - Firefox throws
1410         - Chrome set value to "0"
1411         - WebKit ignores the assignment
1412
1413         The specification seems to agree with Firefox as far as I
1414         can tell given that "" is not a valid number as per:
1415         - https://www.w3.org/TR/css3-values/#numbers
1416
1417         Test: svg/dom/valueAsString-null.html
1418
1419         * svg/SVGAngle.idl:
1420         * svg/SVGLength.idl:
1421
1422 2016-07-21  Chris Dumez  <cdumez@apple.com>
1423
1424         Fix null handling of HTMLFontElement.color
1425         https://bugs.webkit.org/show_bug.cgi?id=160036
1426
1427         Reviewed by Ryosuke Niwa.
1428
1429         Fix null handling of HTMLFontElement.color to match the specification:
1430         - https://html.spec.whatwg.org/#htmlfontelement
1431
1432         We are supposed to treat null as the empty string. Both Firefox and
1433         Chrome agree with the specification.
1434
1435         No new tests, rebaselined existing tests.
1436
1437         * html/HTMLFontElement.idl:
1438
1439 2016-07-21  Chris Dumez  <cdumez@apple.com>
1440
1441         Fix null handling for several HTMLTableElement attributes
1442         https://bugs.webkit.org/show_bug.cgi?id=160041
1443
1444         Reviewed by Ryosuke Niwa.
1445
1446         Fix null handling for several HTMLTableElement attributes to match the
1447         specification:
1448         - https://html.spec.whatwg.org/#HTMLTableElement-partial
1449
1450         The attributes in question are 'bicolor', 'cellSpacing' and
1451         'cellPadding'. We are supposed to treat null as the empty string for
1452         these attributes.
1453
1454         Firefox and Chrome both agree with the specification.
1455
1456         No new tests, rebaselined existing tests.
1457
1458         * html/HTMLTableElement.idl:
1459
1460 2016-07-21  Chris Dumez  <cdumez@apple.com>
1461
1462         Fix null handling for HTMLObjectElement.border
1463         https://bugs.webkit.org/show_bug.cgi?id=160040
1464
1465         Reviewed by Ryosuke Niwa.
1466
1467         Fix null handling for HTMLObjectElement.border to match the specification:
1468         - https://html.spec.whatwg.org/#HTMLObjectElement-partial
1469
1470         We are supposed to treat null as the empty string.
1471
1472         Both Firefox and Chrome agree with the specification.
1473
1474         No new tests, rebaselined existing tests.
1475
1476         * html/HTMLObjectElement.idl:
1477
1478 2016-07-21  Chris Dumez  <cdumez@apple.com>
1479
1480         Fix null handling for td.bgColor / tr.bgColor
1481         https://bugs.webkit.org/show_bug.cgi?id=160043
1482
1483         Reviewed by Ryosuke Niwa.
1484
1485         Fix null handling for td.bgColor / tr.bgColor to match the
1486         specification:
1487         - https://html.spec.whatwg.org/#HTMLTableCellElement-partial
1488         - https://html.spec.whatwg.org/#HTMLTableRowElement-partial
1489
1490         We are supposed to treat null as the empty string.
1491
1492         Firefox and Chrome both agree with the specification.
1493
1494         No new tests, rebaselined existing tests.
1495
1496         * html/HTMLTableCellElement.idl:
1497         * html/HTMLTableRowElement.idl:
1498
1499 2016-07-21  Chris Dumez  <cdumez@apple.com>
1500
1501         Fix null handling for several HTMLBodyElement attributes
1502         https://bugs.webkit.org/show_bug.cgi?id=160044
1503
1504         Reviewed by Ryosuke Niwa.
1505
1506         Fix null handling for several HTMLBodyElement attributes to match the
1507         specification:
1508         - https://html.spec.whatwg.org/#HTMLBodyElement-partial
1509
1510         The attributes in question are: 'text', 'link', 'vlink', 'alink' and
1511         'bgcolor'.
1512
1513         We are supposed to treat null as the empty string for these attributes.
1514
1515         Firefox and Chrome both agree with the specification.
1516
1517         No new tests, rebaselined existing tests.
1518
1519         * html/HTMLBodyElement.idl:
1520
1521 2016-07-21  Chris Dumez  <cdumez@apple.com>
1522
1523         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight
1524         https://bugs.webkit.org/show_bug.cgi?id=160037
1525
1526         Reviewed by Ryosuke Niwa.
1527
1528         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight to
1529         match the specification:
1530         - https://html.spec.whatwg.org/#HTMLIFrameElement-partial
1531
1532         We are supposed to treat null as the empty string. Both Firefox and
1533         Chrome agree with the specification.
1534
1535         No new tests, rebaselined existing tests.
1536
1537         * html/HTMLIFrameElement.idl:
1538
1539 2016-07-21  Chris Dumez  <cdumez@apple.com>
1540
1541         Fix null handling for HTMLImageElement.border
1542         https://bugs.webkit.org/show_bug.cgi?id=160039
1543
1544         Reviewed by Ryosuke Niwa.
1545
1546         Fix null handling for HTMLImageElement.border to match the specification:
1547         - https://html.spec.whatwg.org/#HTMLImageElement-partial
1548
1549         We are supposed to treat null as the empty string.
1550
1551         Both Firefox and Chrome agree with the specification.
1552
1553         No new tests, rebaselined existing tests.
1554
1555         * html/HTMLImageElement.idl:
1556
1557 2016-07-21  Daniel Bates  <dabates@apple.com>
1558
1559         REGRESSION: Plugin replaced YouTube Flash videos always have the same width
1560         https://bugs.webkit.org/show_bug.cgi?id=159998
1561         <rdar://problem/27462285>
1562
1563         Reviewed by Simon Fraser.
1564
1565         Fixes an issue where the width of a plugin replaced YouTube video loaded via an HTML embed
1566         element would always have the same width regardless of value of the width attribute.
1567
1568         For YouTube Flash videos the YouTube plugin replacement substitutes a shadow DOM subtree
1569         for the default renderer of an HTML embed element. The root of this shadow DOM subtree
1570         is an HTML div element. Currently we set inline styles on this <div> when it is instantiated.
1571         In particular, we set inline display and position to "inline-block" and "relative", respectively,
1572         and set an invalid height and width (we specify a font weight value instead of a CSS length value
1573         - this causes an ASSERT_NOT_REACHED() assertion failure in StyleBuilderConverter::convertLengthSizing()
1574         in a debug build). These styles never worked as intended and we ultimately created an inline
1575         renderer (ignoring display "inline-block") that had auto width and height. Instead it is sufficient
1576         to remove all these inline styles and create a RenderBlockFlow renderer for this <div> so that it
1577         renders as a block, non-replaced element to achieve the intended illusion that the <embed> is a
1578         single element.
1579
1580         * html/shadow/YouTubeEmbedShadowElement.cpp: Remove unused header HTMLEmbedElement.h and include
1581         header RenderBlockFlow.h. Also update copyright in license block.
1582         (WebCore::YouTubeEmbedShadowElement::YouTubeEmbedShadowElement): Remove inline styles as these
1583         never worked as intended.
1584         (WebCore::YouTubeEmbedShadowElement::createElementRenderer): Override; create a block-flow
1585         renderer for us so that we layout as a block, non-replaced element.
1586         * html/shadow/YouTubeEmbedShadowElement.h:
1587
1588 2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>
1589
1590         [iPhone] Playing a video on tudou.com plays only sound, no video
1591         https://bugs.webkit.org/show_bug.cgi?id=159967
1592         <rdar://problem/26964090>
1593
1594         Reviewed by Jon Lee, Jeremy Jones, and Anders Carlsson.
1595
1596         WebKit recently starting honoring the playsinline and webkit-playsinline
1597         attribute on iPhones. However, because these attributes previously did
1598         nothing, some sites (such as Todou) were setting them on their content
1599         and expecting that they are not honored. In this specific case, the
1600         video is absolutely positioned to be 1 pixel x 1 pixel.
1601
1602         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
1603         property on their WKWebView, which would honor the webkit-playsinline
1604         attribute. Safari on iPhones didn't do this.
1605
1606         In order to not break these existing apps, it's important that the
1607         allowsInlineMediaPlayback preference still allows webkit-playsinline
1608         videos to play inline in apps using WKWebView. However, in Safari, these
1609         videos should play fullscreen. (Todou videos have webkit-playsinline
1610         but not playsinline.)
1611
1612         Therefore, in Safari, videos with playsinline should be inline, but
1613         videos with webkit-playsinline should be fullscreen. In apps using
1614         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
1615         playsinline should be inline, and videos with webkit-playsinline should
1616         also be inline. Videos on iPad and Mac should all be inline by default.
1617
1618         We can create some truth tables for the cases which need to be covered:
1619
1620         All apps on Mac / iPad:
1621         Presence of playsinline | Presence of webkit-playsinline | Result
1622         ========================|================================|===========
1623         Not present             | Not present                    | Inline
1624         Present                 | Not present                    | Inline
1625         Not Present             | Present                        | Inline
1626         Present                 | Present                        | Inline
1627
1628         Safari on iPhone:
1629         Presence of playsinline | Presence of webkit-playsinline | Result
1630         ========================|================================|===========
1631         Not present             | Not present                    | Fullscreen
1632         Present                 | Not present                    | Inline
1633         Not Present             | Present                        | Fullscreen
1634         Present                 | Present                        | Inline
1635
1636         App on iPhone which sets allowsInlineMediaPlayback:
1637         Presence of playsinline | Presence of webkit-playsinline | Result
1638         ========================|================================|===========
1639         Not present             | Not present                    | Fullscreen
1640         Present                 | Not present                    | Inline
1641         Not Present             | Present                        | Inline
1642         Present                 | Present                        | Inline
1643
1644         The way to distinguish Safari from another app is to create an SPI
1645         boolean preference which Safari can set. This is already how the
1646         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
1647         which Safari sets but other apps don't. However, this preference is
1648         no longer sufficient because Safari should now be discriminating
1649         between the playsinline and webkit-playsinline attributes. Therefore,
1650         this preference should be extended to two boolean preferences, which
1651         this patch adds:
1652
1653         allowsInlineMediaPlaybackWithPlaysInlineAttribute
1654         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
1655
1656         Safari on iPhone will set
1657         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
1658         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
1659         false. Other apps on iPhone will get their defaults values (because they
1660         are SPI) which means they will both be true. On iPad and Mac, apps will
1661         use the defaults values where both are false.
1662
1663         This patch adds support for these two preferences, but does not remove
1664         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
1665         I will remove the exising preference as soon as I update Safari to migrate
1666         off of it.
1667
1668         Test: media/video-playsinline.html
1669
1670         * html/MediaElementSession.cpp:
1671         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
1672         * page/Settings.cpp:
1673         * page/Settings.in:
1674         * testing/InternalSettings.cpp:
1675         (WebCore::InternalSettings::Backup::Backup):
1676         (WebCore::InternalSettings::Backup::restoreTo):
1677         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
1678         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
1679         * testing/InternalSettings.h:
1680         * testing/InternalSettings.idl:
1681
1682 2016-07-21  Ryosuke Niwa  <rniwa@webkit.org>
1683
1684         Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
1685         https://bugs.webkit.org/show_bug.cgi?id=160011
1686
1687         Reviewed by Chris Dumez.
1688
1689         Add a null pointer check for renderer() call.
1690
1691         Unfortunately no new tests since we don't have a reproduction.
1692
1693         * editing/DeleteSelectionCommand.cpp:
1694         (WebCore::DeleteSelectionCommand::doApply):
1695
1696 2016-07-21  Chris Dumez  <cdumez@apple.com>
1697
1698         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
1699         https://bugs.webkit.org/show_bug.cgi?id=160030
1700
1701         Reviewed by Sam Weinig.
1702
1703         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
1704         as per the specification:
1705         - https://dom.spec.whatwg.org/#domimplementation
1706
1707         Firefox and Chrome both agree with the specification. However, those
1708         parameters were marked as optional in WebKit. Calling this function
1709         without parameters would create a document element whose tag is the
1710         string "undefined", which does not seem helpful. This patch thus
1711         aligns our behavior with the specification and other browsers.
1712
1713         No new tests, rebaselined existing tests.
1714
1715         * dom/DOMImplementation.idl:
1716
1717 2016-07-21  Chris Dumez  <cdumez@apple.com>
1718
1719         Kill legacy valueToStringWithNullCheck() utility function
1720         https://bugs.webkit.org/show_bug.cgi?id=159991
1721
1722         Reviewed by Sam Weinig.
1723
1724         Kill legacy valueToStringWithNullCheck() utility function. Treating null as
1725         a null string is legacy behavior so drop this function so that people are
1726         not tempted to use it. We should be using either:
1727         1. JSValue::toWTFString() for non-nullable DOMStrings
1728         2. valueToStringWithUndefinedOrNullCheck() for nullable DOMStrings
1729         3. valueToStringTreatingNullAsEmptyString() for strings with [TreatNullAs=EmptyString]
1730
1731         No new tests, no web-exposed behavior change.
1732
1733         * bindings/js/JSDOMBinding.cpp:
1734         (WebCore::valueToStringWithNullCheck): Deleted.
1735         * bindings/js/JSDOMBinding.h:
1736         * bindings/js/JSHTMLFrameElementCustom.cpp:
1737         (WebCore::JSHTMLFrameElement::setLocation):
1738         * html/HTMLFrameElement.idl:
1739
1740 2016-07-21  Zalan Bujtas  <zalan@apple.com>
1741
1742         Do not keep invalid IOSurface in ImageBufferData.
1743         https://bugs.webkit.org/show_bug.cgi?id=160005
1744         <rdar://problem/27208636>
1745
1746         Reviewed by Simon Fraser.
1747
1748         When we fail to initialize the IOSurface for the accelerated context, we switch over to
1749         the non-accelerated code path. Since ImageBufferData::surface is used to indicate whether
1750         the graphics context is in accelerated mode, we need to reset it when the initialization fails.
1751
1752         Unable to create a test case.
1753
1754         * platform/graphics/cg/ImageBufferCG.cpp:
1755         (WebCore::ImageBuffer::ImageBuffer):
1756
1757 2016-07-21  Chris Dumez  <cdumez@apple.com>
1758
1759         playsInline IDL attribute has the wrong casing
1760         https://bugs.webkit.org/show_bug.cgi?id=160029
1761         <rdar://problem/27474031>
1762
1763         Reviewed by Jon Lee.
1764
1765         Fix case from video.playsinline to video.playsInline in order to match
1766         the specification:
1767         - https://html.spec.whatwg.org/multipage/embedded-content.html#the-video-element:dom-video-playsinline
1768
1769         It still reflects the "playsinline" content attribute though, as per
1770         the specification:
1771         - https://html.spec.whatwg.org/multipage/embedded-content.html#dom-video-playsinline
1772
1773         No new tests, updated existing test.
1774
1775         * html/HTMLVideoElement.idl:
1776
1777 2016-07-21  Chris Dumez  <cdumez@apple.com>
1778
1779         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
1780         https://bugs.webkit.org/show_bug.cgi?id=160026
1781
1782         Reviewed by Sam Weinig.
1783
1784         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
1785         attribute as it does not match the specification:
1786         - https://html.spec.whatwg.org/multipage/scripting.html#canvascompositing
1787
1788         It does not change web-exposed behavior because assigning to "" or "null"
1789         gets ignored as those are not valid operations.
1790
1791         Test: fast/canvas/context-globalCompositeOperation-null.html
1792
1793         * html/canvas/CanvasRenderingContext2D.idl:
1794
1795 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
1796
1797         [GTK][Threaded Compositor] Overlay scrollbars shouldn't be a requirement of the threaded compositor
1798         https://bugs.webkit.org/show_bug.cgi?id=160020
1799
1800         Reviewed by Michael Catanzaro.
1801
1802         It has been a requirement only because we didn't really know why frame scrollbars were not rendered when using
1803         the threaded compositor. The reason is that RenderView doesn't use layers for FrameView scrollbars by default,
1804         unless using overlay scrollbars. When using the threaded compositor we really need layers for the FrameView
1805         scrollbars even when not using overlay scrollbars.
1806
1807         * platform/gtk/ScrollbarThemeGtk.cpp:
1808         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): Stop enforcing overlay scrollbars when threaded compositor is enabled.
1809         * rendering/RenderLayerCompositor.cpp:
1810         (WebCore::RenderLayerCompositor::shouldCompositeOverflowControls): Always use layers for scrollbars when
1811         threaded compositor is enabled.
1812
1813 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
1814
1815         [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
1816         https://bugs.webkit.org/show_bug.cgi?id=160014
1817
1818         Reviewed by Michael Catanzaro.
1819
1820         In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
1821         ImageBuffer cairo implementation.
1822
1823         * platform/graphics/cairo/ImageBufferCairo.cpp:
1824         (WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.
1825
1826 2016-07-21  Miguel Gomez  <magomez@igalia.com>
1827
1828         [GTK] The GSTREAMER_GL path in MediaPlayerPrivateGStreamerBase::paintToTextureMapper() is missing a mutex lock
1829         https://bugs.webkit.org/show_bug.cgi?id=160018
1830
1831         Reviewed by Philippe Normand.
1832
1833         Lock the video sample mutex while accessing it.
1834
1835         Covered by existent tests.
1836
1837         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1838         (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
1839
1840 2016-07-21  Miguel Gomez  <magomez@igalia.com>
1841
1842         [Threaded Compositor] Flickering when zooming in/out in maps.google.com
1843         https://bugs.webkit.org/show_bug.cgi?id=154069
1844
1845         Reviewed by Carlos Garcia Campos.
1846
1847         Add a new extra buffer to GraphicsContext3D when using the Threaded Compositor,
1848         so it doesn't have to reuse the buffers that are still waiting for composition.
1849
1850         Covered by existing tests.
1851
1852         * platform/graphics/GraphicsContext3D.h:
1853         Add a new texture to use for the rendering. Remove the compositor fbo we were using.
1854         * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
1855         (WebCore::GraphicsContext3D::GraphicsContext3D):
1856         Initialize the new texture and remove the previous fbo related code.
1857         (WebCore::GraphicsContext3D::~GraphicsContext3D):
1858         Properly destroy the new texture and remove the previous fbo related code.
1859         * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
1860         (WebCore::GraphicsContext3D::reshapeFBOs):
1861         Allocate the new texture and remove the previous fbo allocation.
1862         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
1863         (WebCore::GraphicsContext3D::prepareTexture):
1864         Use a single fbo with three textures instead of two fbos with a texture each.
1865         Rotate the three textures usage so:
1866         - m_texture becomes m_compositorTexture to be pushed to the compositor.
1867         - m_intermediateTexture becomes m_texture to receive the next rendering.
1868         - m_compositorTexture becomes m_intermediateTexture.
1869         And add a glFlush() to ensure that the gl commands are sent to the pipeline.
1870         * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
1871         (WebCore::GraphicsContext3D::reshapeFBOs):
1872         Allocate the new texture.
1873
1874 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
1875
1876         [GTK][Threaded Compositor] Web view background colors don't work
1877         https://bugs.webkit.org/show_bug.cgi?id=159465
1878
1879         Reviewed by Michael Catanzaro.
1880
1881         * rendering/RenderLayerBacking.cpp:
1882         (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): Initialize frame view layer opacity for platforms not
1883         using the tiled cache layer.
1884
1885 2016-07-20  Youenn Fablet  <youenn@apple.com>
1886
1887         [XHR] Cache response JS object in case of arraybuffer and blob response types
1888         https://bugs.webkit.org/show_bug.cgi?id=128903
1889
1890         Reviewed by Alex Christensen.
1891
1892         Covered by existing and modified tests.
1893
1894         Making response getter a JS builtin that caches response in @response private slot.
1895         Handling invalidation of cached response with @responseCacheIsValid new private method.
1896         Handling creation of cached response with @retrieveResponse new private method which reuses most of
1897         JSXMLHttpRequest::response previous code.
1898
1899         Caching of responses is activated whenever load ended without any error for blob and arraybuffer response types.
1900
1901         Caching of response for document is also activated in case the response getter is used but not if responseXML getter is used.
1902
1903         * CMakeLists.txt: Adding XMLHttpRequest.js.
1904         * DerivedSources.make: Ditto.
1905         * bindings/js/JSXMLHttpRequestCustom.cpp:
1906         (WebCore::JSXMLHttpRequest::retrieveResponse): Implements creation of to-be-cached response.
1907         (WebCore::JSXMLHttpRequest::response): Deleted.
1908         * bindings/js/WebCoreBuiltinNames.h: Adding new private names.
1909         * xml/XMLHttpRequest.cpp:
1910         (WebCore::XMLHttpRequest::didCacheResponse): Renamed from didCacheResponseJSON as all response types are now cached.
1911         (WebCore::XMLHttpRequest::didCacheResponseJSON): Deleted.
1912         * xml/XMLHttpRequest.h:
1913         * xml/XMLHttpRequest.idl:
1914
1915 2016-07-20  Youenn Fablet  <youenn@apple.com>
1916
1917         Remove crossOriginRequestPolicy from ThreadableLoaderOptions
1918         https://bugs.webkit.org/show_bug.cgi?id=159417
1919
1920         Reviewed by Alex Christensen.
1921
1922         No observable change.
1923
1924         * Modules/fetch/FetchLoader.cpp:
1925         (WebCore::FetchLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
1926         * fileapi/FileReaderLoader.cpp:
1927         (WebCore::FileReaderLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
1928         * inspector/InspectorNetworkAgent.cpp:
1929         (WebCore::InspectorNetworkAgent::loadResource): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
1930         * loader/DocumentThreadableLoader.cpp:
1931         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
1932         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest): UseAccessControl -> FetchOptions::Mode::Cors.
1933         (WebCore::DocumentThreadableLoader::redirectReceived): Ditto.
1934         (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
1935         (WebCore::DocumentThreadableLoader::loadRequest): Use NoCors as option passed to ResourceLoader. This allows
1936         desactivating ResourceLoader CORS checks as they are done in DocumentThreadableLoader right now. In the future,
1937         these checks should be moved to ResourceLoader and DocumentThreadableLoader should directly pass the fetch mode
1938         option.
1939         (WebCore::DocumentThreadableLoader::isAllowedRedirect): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
1940         * loader/ThreadableLoader.cpp:
1941         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing CrossOriginRequestPolicy.
1942         * loader/ThreadableLoader.h: Ditto.
1943         * loader/WorkerThreadableLoader.cpp:
1944         (WebCore::LoaderTaskOptions::LoaderTaskOptions): Ditto.
1945         * page/EventSource.cpp:
1946         (WebCore::EventSource::connect): UseAccessControl -> FetchOptions::Mode::Cors.
1947         * workers/Worker.cpp:
1948         (WebCore::Worker::create): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
1949         * workers/WorkerGlobalScope.cpp:
1950         (WebCore::WorkerGlobalScope::importScripts): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
1951         * workers/WorkerScriptLoader.cpp:
1952         (WebCore::WorkerScriptLoader::loadSynchronously):
1953         (WebCore::WorkerScriptLoader::loadAsynchronously):
1954         * workers/WorkerScriptLoader.h:
1955         * xml/XMLHttpRequest.cpp:
1956         (WebCore::XMLHttpRequest::createRequest):
1957
1958 2016-07-20  Chris Dumez  <cdumez@apple.com>
1959
1960         Fix null handling of several Document attributes
1961         https://bugs.webkit.org/show_bug.cgi?id=159997
1962
1963         Reviewed by Ryosuke Niwa.
1964
1965         Fix null handling of the following Document attributes: title, cookie
1966         and domain.
1967
1968         In WebKit, they were all marked as [TreatNullAs=EmptyString], which
1969         does not match the specification:
1970         - https://html.spec.whatwg.org/multipage/dom.html#document
1971
1972         Details for each attribute:
1973         - title: null is now treated as the string "null", thus setting the
1974           document title to "null". This matches Firefox and Chrome.
1975         - cookie: adds a "null" cookie instead of being a no-op. This matches
1976                   both Firefox and Chrome.
1977         - domain: Calls setDomain(String("null")) instead of
1978                   setDomain(String()). This throws an exception because "null"
1979                   is not a suffix of the effective domain name. The behavior
1980                   is the same in Firefox and Chrome. Previously, we were
1981                   already throwing an exception since setting the domain to
1982                   the empty string throws, as per the specification.
1983
1984         Test: http/tests//dom/document-attributes-null-handling.html
1985
1986         * dom/Document.idl:
1987
1988 2016-07-20  Commit Queue  <commit-queue@webkit.org>
1989
1990         Unreviewed, rolling out r203471.
1991         https://bugs.webkit.org/show_bug.cgi?id=160003
1992
1993         many iOS-simulator tests are failing (Requested by litherum on
1994         #webkit).
1995
1996         Reverted changeset:
1997
1998         "[iPhone] Playing a video on tudou.com plays only sound, no
1999         video"
2000         https://bugs.webkit.org/show_bug.cgi?id=159967
2001         http://trac.webkit.org/changeset/203471
2002
2003 2016-07-19  Ryosuke Niwa  <rniwa@webkit.org>
2004
2005         iOS: Cannot paste images in RTF content
2006         https://bugs.webkit.org/show_bug.cgi?id=159964
2007         <rdar://problem/27442806>
2008
2009         Reviewed by Enrica Casucci.
2010
2011         The bug was caused by setDefersLoading(true) not deferring image loading for the parsed fragment.
2012         Worked around this bug by disabling image loading while parsing the document fragment.
2013
2014         * editing/ios/EditorIOS.mm:
2015         (WebCore::Editor::createFragmentAndAddResources):
2016
2017 2016-07-20  Brady Eidson  <beidson@apple.com>
2018
2019         Address a small FIXME in IDB code.
2020         https://bugs.webkit.org/show_bug.cgi?id=159999
2021
2022         Reviewed by Andy Estes.
2023
2024         No new tests (No behavior change).
2025
2026         * Modules/indexeddb/IDBRequest.cpp:
2027         (WebCore::IDBRequest::IDBRequest):
2028         
2029         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
2030         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier): Deleted.
2031         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
2032
2033 2016-07-20  Brady Eidson  <beidson@apple.com>
2034
2035         Remove some "modernFoo"s from IndexedDB code.
2036         https://bugs.webkit.org/show_bug.cgi?id=159985
2037
2038         Reviewed by Andy Estes.
2039
2040         No new tests (No known behavior change).
2041
2042         * Modules/indexeddb/IDBCursor.cpp:
2043         (WebCore::IDBCursor::IDBCursor):
2044         (WebCore::IDBCursor::~IDBCursor):
2045         (WebCore::IDBCursor::sourcesDeleted):
2046         (WebCore::IDBCursor::effectiveObjectStore):
2047         (WebCore::IDBCursor::transaction):
2048         (WebCore::IDBCursor::direction):
2049         (WebCore::IDBCursor::update):
2050         (WebCore::IDBCursor::advance):
2051         (WebCore::IDBCursor::continueFunction):
2052         (WebCore::IDBCursor::uncheckedIterateCursor):
2053         (WebCore::IDBCursor::deleteFunction):
2054         (WebCore::IDBCursor::setGetResult):
2055         
2056         * Modules/indexeddb/IDBIndex.cpp:
2057         (WebCore::IDBIndex::IDBIndex):
2058         (WebCore::IDBIndex::~IDBIndex):
2059         (WebCore::IDBIndex::hasPendingActivity):
2060         (WebCore::IDBIndex::name):
2061         (WebCore::IDBIndex::objectStore):
2062         (WebCore::IDBIndex::keyPath):
2063         (WebCore::IDBIndex::unique):
2064         (WebCore::IDBIndex::multiEntry):
2065         (WebCore::IDBIndex::openCursor):
2066         (WebCore::IDBIndex::doCount):
2067         (WebCore::IDBIndex::openKeyCursor):
2068         (WebCore::IDBIndex::doGet):
2069         (WebCore::IDBIndex::doGetKey):
2070         (WebCore::IDBIndex::markAsDeleted):
2071         * Modules/indexeddb/IDBIndex.h:
2072         
2073         * Modules/indexeddb/IDBObjectStore.cpp:
2074         (WebCore::IDBObjectStore::transaction):
2075         (WebCore::IDBObjectStore::deleteFunction): Deleted.
2076         (WebCore::IDBObjectStore::modernDelete): Deleted.
2077         * Modules/indexeddb/IDBObjectStore.h:
2078         
2079         * bindings/js/JSIDBIndexCustom.cpp:
2080         (WebCore::JSIDBIndex::visitAdditionalChildren):
2081
2082 2016-07-20  Chris Dumez  <cdumez@apple.com>
2083
2084         Stop using valueToStringWithNullCheck() in JSCSSStyleDeclaration::putDelegate()
2085         https://bugs.webkit.org/show_bug.cgi?id=159982
2086
2087         Reviewed by Ryosuke Niwa.
2088
2089         valueToStringWithNullCheck() treats null as the null String() which is
2090         legacy / non standard behavior. The specification says we should treat
2091         null as the empty string:
2092         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
2093
2094         Therefore, we should be using valueToStringTreatingNullAsEmptyString() instead.
2095
2096         In practice, there is no web-exposed behavior change because
2097         MutableStyleProperties::setProperty() removes the property wether the
2098         value is the null String or the empty String.
2099
2100         This behavior is correct since the specification says that we should
2101         remove the property if the value is the empty string:
2102         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty (step 4)
2103
2104         I added test coverage to make sure we behave according to specification.
2105         This test is passing in Firefox, Chrome and in WebKit (before and after
2106         my change).
2107
2108         Test: fast/css/CSSStyleDeclaration-property-setter.html
2109
2110         * bindings/js/JSCSSStyleDeclarationCustom.cpp:
2111         (WebCore::JSCSSStyleDeclaration::putDelegate):
2112
2113 2016-07-20  Chris Dumez  <cdumez@apple.com>
2114
2115         Fix null handling of HTMLFrameElement.marginWidth / marginHeight
2116         https://bugs.webkit.org/show_bug.cgi?id=159987
2117
2118         Reviewed by Ryosuke Niwa.
2119
2120         Fix null handling of HTMLFrameElement.marginWidth / marginHeight:
2121         - https://html.spec.whatwg.org/multipage/obsolete.html#htmlframeelement
2122
2123         We are supposed to treat null as the empty string but we treat it as
2124         the string "null".
2125
2126         Firefox and Chrome both match the specification.
2127
2128         No new tests, updated existing tests.
2129
2130         * html/HTMLFrameElement.idl:
2131
2132 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
2133
2134         Pausing autoplayed media should not remove all restrictions for that media element
2135         https://bugs.webkit.org/show_bug.cgi?id=159988
2136
2137         Reviewed by Jon Lee.
2138
2139         Localizes the removal of behavior restrictions introduced in r203464 upon pausing an
2140         autoplaying video to just affect the hiding or showing of the media controller. This
2141         prevents pages from using Javascript to start playing autoplaying videos that have
2142         been paused by the user.
2143
2144         * html/HTMLMediaElement.cpp:
2145         (WebCore::HTMLMediaElement::pause):
2146
2147 2016-07-20  Myles C. Maxfield  <mmaxfield@apple.com>
2148
2149         [iPhone] Playing a video on tudou.com plays only sound, no video
2150         https://bugs.webkit.org/show_bug.cgi?id=159967
2151         <rdar://problem/26964090>
2152
2153         Reviewed by Jon Lee.
2154
2155         WebKit recently starting honoring the playsinline and webkit-playsinline
2156         attribute on iPhones. However, because these attributes previously did
2157         nothing, some sites (such as Todou) were setting them on their content
2158         and expecting that they are not honored. In this specific case, the
2159         video is absolutely positioned to be 1 pixel x 1 pixel.
2160
2161         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
2162         property on their WKWebView, which would honor the webkit-playsinline
2163         attribute. Safari on iPhones didn't do this.
2164
2165         In order to not break these existing apps, it's important that the
2166         allowsInlineMediaPlayback preference still allows webkit-playsinline
2167         videos to play inline in apps using WKWebView. However, in Safari, these
2168         videos should play fullscreen. (Todou videos have webkit-playsinline
2169         but not playsinline.)
2170
2171         Therefore, in Safari, videos with playsinline should be inline, but
2172         videos with webkit-playsinline should be fullscreen. In apps using
2173         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
2174         playsinline should be inline, and videos with webkit-playsinline should
2175         also be inline. Videos on iPad and Mac should all be inline by default.
2176
2177         We can create some truth tables for the cases which need to be covered:
2178
2179         All apps on Mac / iPad:
2180         Presence of playsinline | Presence of webkit-playsinline | Result
2181         ========================|================================|===========
2182         Not present             | Not present                    | Inline
2183         Present                 | Not present                    | Inline
2184         Not Present             | Present                        | Inline
2185         Present                 | Present                        | Inline
2186
2187         Safari on iPhone:
2188         Presence of playsinline | Presence of webkit-playsinline | Result
2189         ========================|================================|===========
2190         Not present             | Not present                    | Fullscreen
2191         Present                 | Not present                    | Inline
2192         Not Present             | Present                        | Fullscreen
2193         Present                 | Present                        | Inline
2194
2195         App on iPhone which sets allowsInlineMediaPlayback:
2196         Presence of playsinline | Presence of webkit-playsinline | Result
2197         ========================|================================|===========
2198         Not present             | Not present                    | Fullscreen
2199         Present                 | Not present                    | Inline
2200         Not Present             | Present                        | Inline
2201         Present                 | Present                        | Inline
2202
2203         The way to distinguish Safari from another app is to create an SPI
2204         boolean preference which Safari can set. This is already how the
2205         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
2206         which Safari sets but other apps don't. However, this preference is
2207         no longer sufficient because Safari should now be discriminating
2208         between the playsinline and webkit-playsinline attributes. Therefore,
2209         this preference should be extended to two boolean preferences, which
2210         this patch adds:
2211
2212         allowsInlineMediaPlaybackWithPlaysInlineAttribute
2213         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
2214
2215         Safari on iPhone will set
2216         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
2217         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
2218         false. Other apps on iPhone will get their defaults values (because they
2219         are SPI) which means they will both be true. On iPad and Mac, apps will
2220         use the defaults values where both are false.
2221
2222         This patch adds support for these two preferences, but does not remove
2223         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
2224         I will remove the exising preference as soon as I update Safari to migrate
2225         off of it.
2226
2227         Test: media/video-playsinline.html
2228
2229         * html/MediaElementSession.cpp:
2230         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
2231         * page/Settings.cpp:
2232         * page/Settings.in:
2233         * testing/InternalSettings.cpp:
2234         (WebCore::InternalSettings::Backup::Backup):
2235         (WebCore::InternalSettings::Backup::restoreTo):
2236         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
2237         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
2238         * testing/InternalSettings.h:
2239         * testing/InternalSettings.idl:
2240
2241 2016-07-20  Chris Dumez  <cdumez@apple.com>
2242
2243         Get rid of custom bindings code for XMLHttpRequest.open()
2244         https://bugs.webkit.org/show_bug.cgi?id=159984
2245
2246         Reviewed by Ryosuke Niwa.
2247
2248         Get rid of custom bindings code for XMLHttpRequest.open() as the
2249         bindings generator is able to generate it.
2250
2251         Relevant specification:
2252         - https://xhr.spec.whatwg.org/#xmlhttprequest
2253
2254         The issue is that legacy content prevents treating the 'async' argument
2255         being undefined identical from it being omitted. However, this can be
2256         achieved by using overloading in IDL, like in the specification.
2257
2258         No new tests, already covered by the following tests:
2259         - http/tests/xmlhttprequest/basic-auth.html
2260         - http/tests/xmlhttprequest/open-async-overload.html
2261
2262         * bindings/js/JSXMLHttpRequestCustom.cpp:
2263         (WebCore::SendFunctor::SendFunctor): Deleted.
2264         (WebCore::SendFunctor::line): Deleted.
2265         (WebCore::SendFunctor::column): Deleted.
2266         (WebCore::SendFunctor::url): Deleted.
2267         (WebCore::SendFunctor::operator()): Deleted.
2268         * xml/XMLHttpRequest.cpp:
2269         (WebCore::XMLHttpRequest::open):
2270         * xml/XMLHttpRequest.h:
2271         * xml/XMLHttpRequest.idl:
2272
2273 2016-07-20  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
2274
2275         Mark overriden methods in WebCore/svg final classes as final
2276         https://bugs.webkit.org/show_bug.cgi?id=159966
2277
2278         Reviewed by Michael Catanzaro.
2279
2280         Update WebCore/svg classes so that overriden methods in final classes are marked final.
2281
2282         * svg/SVGAElement.h:
2283         * svg/SVGAltGlyphDefElement.h:
2284         * svg/SVGAltGlyphItemElement.h:
2285         * svg/SVGAnimateTransformElement.h:
2286         * svg/SVGAnimatedColor.h:
2287         * svg/SVGCircleElement.h:
2288         * svg/SVGClipPathElement.h:
2289         * svg/SVGCursorElement.h:
2290         * svg/SVGDefsElement.h:
2291         * svg/SVGDescElement.h:
2292         * svg/SVGEllipseElement.h:
2293         * svg/SVGFEMergeNodeElement.h:
2294         * svg/SVGFilterElement.h:
2295         * svg/SVGFontElement.h:
2296         * svg/SVGFontFaceElement.h:
2297         * svg/SVGFontFaceFormatElement.h:
2298         * svg/SVGFontFaceNameElement.h:
2299         * svg/SVGFontFaceSrcElement.h:
2300         * svg/SVGFontFaceUriElement.h:
2301         * svg/SVGForeignObjectElement.h:
2302         * svg/SVGGElement.h:
2303         * svg/SVGGlyphElement.h:
2304         * svg/SVGGlyphRefElement.h:
2305         * svg/SVGHKernElement.h:
2306         * svg/SVGImageElement.h:
2307         * svg/SVGLineElement.h:
2308         * svg/SVGMPathElement.h:
2309         * svg/SVGMaskElement.h:
2310         * svg/SVGMetadataElement.h:
2311         * svg/SVGMissingGlyphElement.h:
2312         * svg/SVGPathBuilder.h:
2313         * svg/SVGPathByteStreamBuilder.h:
2314         * svg/SVGPathByteStreamSource.h:
2315         * svg/SVGPathElement.h:
2316         * svg/SVGPathSegArcAbs.h:
2317         * svg/SVGPathSegArcRel.h:
2318         * svg/SVGPathSegClosePath.h:
2319         * svg/SVGPathSegCurvetoCubicAbs.h:
2320         * svg/SVGPathSegCurvetoCubicRel.h:
2321         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
2322         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
2323         * svg/SVGPathSegCurvetoQuadraticAbs.h:
2324         * svg/SVGPathSegCurvetoQuadraticRel.h:
2325         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
2326         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
2327         * svg/SVGPathSegLinetoAbs.h:
2328         * svg/SVGPathSegLinetoHorizontalAbs.h:
2329         * svg/SVGPathSegLinetoHorizontalRel.h:
2330         * svg/SVGPathSegLinetoRel.h:
2331         * svg/SVGPathSegLinetoVerticalAbs.h:
2332         * svg/SVGPathSegLinetoVerticalRel.h:
2333         * svg/SVGPathSegListBuilder.h:
2334         * svg/SVGPathSegListSource.h:
2335         * svg/SVGPathSegMovetoAbs.h:
2336         * svg/SVGPathSegMovetoRel.h:
2337         * svg/SVGPathStringSource.h:
2338         * svg/SVGPathTraversalStateBuilder.h:
2339         * svg/SVGPatternElement.h:
2340         * svg/SVGRectElement.h:
2341         * svg/SVGScriptElement.h:
2342         * svg/SVGStopElement.h:
2343         * svg/SVGStyleElement.h:
2344         * svg/SVGSwitchElement.h:
2345         * svg/SVGTRefElement.cpp:
2346         * svg/SVGTitleElement.h:
2347         * svg/SVGToOTFFontConversion.cpp:
2348         * svg/SVGUnknownElement.h:
2349         * svg/SVGVKernElement.h:
2350         * svg/SVGViewElement.h:
2351         * svg/SVGZoomEvent.h:
2352         * svg/animation/SVGSMILElement.cpp:
2353         * svg/graphics/SVGImage.h:
2354         * svg/graphics/SVGImageClients.h:
2355         * svg/graphics/SVGImageForContainer.h:
2356         * svg/graphics/filters/SVGFEImage.h:
2357         * svg/graphics/filters/SVGFilter.h:
2358         * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
2359         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
2360         * svg/properties/SVGAnimatedPropertyTearOff.h:
2361         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
2362         * svg/properties/SVGMatrixTearOff.h:
2363         * svg/properties/SVGPathSegListPropertyTearOff.h:
2364
2365 2016-07-20  Brady Eidson  <beidson@apple.com>
2366
2367         Transition most IDB interfaces from ScriptExecutionContext to ExecState.
2368         https://bugs.webkit.org/show_bug.cgi?id=159975
2369
2370         Reviewed by Alex Christensen.
2371
2372         No new tests (No known behavior change).
2373
2374         * Modules/indexeddb/IDBCursor.cpp:
2375         (WebCore::IDBCursor::continueFunction):
2376         (WebCore::IDBCursor::deleteFunction):
2377         * Modules/indexeddb/IDBCursor.h:
2378         * Modules/indexeddb/IDBCursor.idl:
2379
2380         * Modules/indexeddb/IDBDatabase.idl:
2381
2382         * Modules/indexeddb/IDBFactory.cpp:
2383         (WebCore::IDBFactory::cmp):
2384         * Modules/indexeddb/IDBFactory.h:
2385         * Modules/indexeddb/IDBFactory.idl:
2386
2387         * Modules/indexeddb/IDBIndex.cpp:
2388         (WebCore::IDBIndex::openCursor):
2389         (WebCore::IDBIndex::count):
2390         (WebCore::IDBIndex::doCount):
2391         (WebCore::IDBIndex::openKeyCursor):
2392         (WebCore::IDBIndex::get):
2393         (WebCore::IDBIndex::doGet):
2394         (WebCore::IDBIndex::getKey):
2395         (WebCore::IDBIndex::doGetKey):
2396         * Modules/indexeddb/IDBIndex.h:
2397         * Modules/indexeddb/IDBIndex.idl:
2398
2399         * Modules/indexeddb/IDBKeyRange.cpp:
2400         (WebCore::IDBKeyRange::only): Deleted.
2401         * Modules/indexeddb/IDBKeyRange.h:
2402
2403         * Modules/indexeddb/IDBObjectStore.cpp:
2404         (WebCore::IDBObjectStore::openCursor):
2405         (WebCore::IDBObjectStore::get):
2406         (WebCore::IDBObjectStore::putOrAdd):
2407         (WebCore::IDBObjectStore::deleteFunction):
2408         (WebCore::IDBObjectStore::doDelete):
2409         (WebCore::IDBObjectStore::modernDelete):
2410         (WebCore::IDBObjectStore::clear):
2411         (WebCore::IDBObjectStore::createIndex):
2412         (WebCore::IDBObjectStore::count):
2413         (WebCore::IDBObjectStore::doCount):
2414         * Modules/indexeddb/IDBObjectStore.h:
2415         * Modules/indexeddb/IDBObjectStore.idl:
2416
2417         * Modules/indexeddb/IDBTransaction.cpp:
2418         (WebCore::IDBTransaction::requestOpenCursor):
2419         (WebCore::IDBTransaction::doRequestOpenCursor):
2420         (WebCore::IDBTransaction::requestGetRecord):
2421         (WebCore::IDBTransaction::requestGetValue):
2422         (WebCore::IDBTransaction::requestGetKey):
2423         (WebCore::IDBTransaction::requestIndexRecord):
2424         (WebCore::IDBTransaction::requestCount):
2425         (WebCore::IDBTransaction::requestDeleteRecord):
2426         (WebCore::IDBTransaction::requestClearObjectStore):
2427         (WebCore::IDBTransaction::requestPutOrAdd):
2428         * Modules/indexeddb/IDBTransaction.h:
2429
2430         * inspector/InspectorIndexedDBAgent.cpp:
2431
2432 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
2433
2434         Media controls don't appear when pausing a small autoplaying video
2435         https://bugs.webkit.org/show_bug.cgi?id=159972
2436         <rdar://problem/27180657>
2437
2438         Reviewed by Beth Dakin.
2439
2440         When pausing an autoplaying video, remove behavior restrictions for the
2441         initial user gesture and show media controls.
2442
2443         New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.
2444
2445         * html/HTMLMediaElement.cpp:
2446         (WebCore::HTMLMediaElement::pause):
2447
2448 2016-07-20  Chris Dumez  <cdumez@apple.com>
2449
2450         Fix null handling of HTMLMediaElement.mediaGroup
2451         https://bugs.webkit.org/show_bug.cgi?id=159974
2452
2453         Reviewed by Eric Carlson.
2454
2455         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
2456         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
2457
2458         null is supposed to be treated as the String "null". This patch aligns
2459         our behavior with the specification. I tested Firefox and Chrome but both
2460         do not have this attribute on HTMLMediaElement.
2461
2462         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
2463         generator as HTMLMediaElement.mediaGroup was the last user.
2464
2465         No new tests, rebaselined existing test.
2466
2467         * bindings/scripts/CodeGeneratorJS.pm:
2468         (JSValueToNative):
2469         * bindings/scripts/IDLAttributes.txt:
2470         * html/HTMLMediaElement.idl:
2471
2472 2016-07-20  Chris Dumez  <cdumez@apple.com>
2473
2474         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
2475         https://bugs.webkit.org/show_bug.cgi?id=159959
2476
2477         Reviewed by Alexey Proskuryakov.
2478
2479         CSSStyleDeclaration.setProperty() should be able to unsert "important"
2480         on a property as per the latest specification:
2481         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
2482         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
2483
2484         Firefox and Chrome match the specification here but WebKit was ignoring calls
2485         to setProperty() if there is already an "important" property wit this name
2486         and if the new property does not have the "important" flag set.
2487
2488         This behavior was added a long time ago via Bug 60007. However, it does not
2489         match the latest specification or other browsers.
2490
2491         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
2492
2493         * css/StyleProperties.cpp:
2494         (WebCore::MutableStyleProperties::addParsedProperty):
2495         Drop code that was added via Bug 60007 as this behavior no longer matches the
2496         specification or other browsers. The layout test added in Bug 60007 fails in
2497         other browsers and was updated in this patch to match the specification.
2498
2499 2016-07-20  Commit Queue  <commit-queue@webkit.org>
2500
2501         Unreviewed, rolling out r203423.
2502         https://bugs.webkit.org/show_bug.cgi?id=159977
2503
2504         The test for this change is failing on Mac Release WK2
2505         (Requested by ryanhaddad on #webkit).
2506
2507         Reverted changeset:
2508
2509         "HTMLVideoElement frames do not update on iOS when src is a
2510         MediaStream blob"
2511         https://bugs.webkit.org/show_bug.cgi?id=159833
2512         http://trac.webkit.org/changeset/203423
2513
2514 2016-07-20  Chris Dumez  <cdumez@apple.com>
2515
2516         Fix null handling of HTMLSelectElement.value attribute
2517         https://bugs.webkit.org/show_bug.cgi?id=159925
2518
2519         Reviewed by Benjamin Poulain.
2520
2521         Fix null handling of HTMLSelectElement.value attribute:
2522         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
2523
2524         We were treating null as the null String which would end up setting
2525         selectedIndex to -1. However, we should treat null as the String "null"
2526         which would set the selectedIndex to the index of the <option> element
2527         whose value is "null".
2528
2529         Firefox and Chrome match the specification.
2530
2531         Test: fast/dom/HTMLSelectElement/value-null-handling.html
2532
2533         * html/HTMLSelectElement.cpp:
2534         (WebCore::HTMLSelectElement::setValue):
2535         * html/HTMLSelectElement.idl:
2536
2537 2016-07-20  Chris Dumez  <cdumez@apple.com>
2538
2539         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
2540         https://bugs.webkit.org/show_bug.cgi?id=159962
2541         <rdar://problem/21439264>
2542
2543         Reviewed by David Kilzer.
2544
2545         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
2546         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
2547         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
2548         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
2549         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
2550         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
2551         ResourceLoadSuspender object is alive.
2552
2553         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
2554         the style resolver.
2555
2556         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
2557         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
2558         is better because it manages a resolutionNestingDepth counter internally to make sure
2559         it only calls LoaderStrategy::resumePendingRequests() once all
2560         PostResolutionCallbackDisabler instances are destroyed.
2561
2562         No new tests, there is no easy way to reproduce the crashes.
2563
2564         * dom/Document.cpp:
2565         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
2566         * loader/LoaderStrategy.cpp:
2567         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
2568         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
2569         * loader/LoaderStrategy.h:
2570
2571 2016-07-19  Youenn Fablet  <youenn@apple.com>
2572
2573         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
2574         https://bugs.webkit.org/show_bug.cgi?id=159932
2575
2576         Reviewed by Alex Christensen.
2577
2578         Covered by existing tests.
2579
2580         Refactoring Headers initializeWith to use the new built-in internal that implements
2581         https://fetch.spec.whatwg.org/#concept-headers-fill.
2582
2583         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
2584         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
2585
2586         * CMakeLists.txt: Adding FetchHeadersInternals.js
2587         * DerivedSources.make: Ditto.
2588         * Modules/fetch/FetchHeaders.js:
2589         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
2590         * Modules/fetch/FetchInternals.js: Added.
2591         (fillFetchHeaders):
2592         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
2593         that the checks are done in the order defined by the spec.
2594         (WebCore::FetchResponse::setStatus):
2595         (WebCore::FetchResponse::initializeWith):
2596         (WebCore::isNullBodyStatus): Deleted.
2597         * Modules/fetch/FetchResponse.h:
2598         * Modules/fetch/FetchResponse.idl:
2599         * Modules/fetch/FetchResponse.js:
2600         (initializeFetchResponse): New built-in internal.
2601         * WebCore.xcodeproj/project.pbxproj:
2602         * bindings/js/WebCoreBuiltinNames.h:
2603
2604 2016-07-19  Chris Dumez  <cdumez@apple.com>
2605
2606         Fix null handling of SVGScriptElement.type attribute
2607         https://bugs.webkit.org/show_bug.cgi?id=159927
2608
2609         Reviewed by Benjamin Poulain.
2610
2611         Fix null handling of SVGScriptElement.type attribute:
2612         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
2613
2614         We were treating null as the null String which would end up removing
2615         the 'type' content attribute. However, we should treat null as the
2616         String "null".
2617
2618         Firefox and Chrome match the specification.
2619
2620         No new tests, updated existing test.
2621
2622         * svg/SVGScriptElement.idl:
2623
2624 2016-07-19  Chris Dumez  <cdumez@apple.com>
2625
2626         Fix null handling of several HTMLDocument attributes
2627         https://bugs.webkit.org/show_bug.cgi?id=159923
2628
2629         Reviewed by Benjamin Poulain.
2630
2631         Fix null handling of several HTMLDocument attributes:
2632         - https://html.spec.whatwg.org/multipage/dom.html#document
2633         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
2634
2635         In particular, null handling was incorrect in WebKit for 'dir',
2636         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
2637
2638         Firefox and Chrome match the specification.
2639
2640         Test: fast/dom/HTMLDocument/null-handling.html
2641
2642         * html/HTMLDocument.idl:
2643
2644 2016-07-19  Chris Dumez  <cdumez@apple.com>
2645
2646         Document.createElementNS() / createAttributeNS() parameters should be mandatory
2647         https://bugs.webkit.org/show_bug.cgi?id=159938
2648
2649         Reviewed by Benjamin Poulain.
2650
2651         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
2652         - https://dom.spec.whatwg.org/#document
2653
2654         They were optional in WebKit. However, Firefox and Chrome both match the
2655         specification.
2656
2657         No new tests, rebaselined existing tests.
2658
2659         * dom/Document.idl:
2660
2661 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
2662
2663         Use getElementById for attribute matching if the attribute name is html's id
2664         https://bugs.webkit.org/show_bug.cgi?id=159960
2665
2666         Reviewed by Chris Dumez.
2667
2668         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
2669         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
2670
2671         If we are not in quirks mode, IdForStyleResolution has the same value
2672         as the Id attribute. We can use the same optimization for both cases.
2673
2674         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
2675                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
2676
2677         * dom/SelectorQuery.cpp:
2678         (WebCore::canBeUsedForIdFastPath):
2679         (WebCore::findIdMatchingType):
2680         (WebCore::SelectorDataList::SelectorDataList):
2681         (WebCore::selectorForIdLookup):
2682         (WebCore::filterRootById):
2683
2684 2016-07-19  Chris Dumez  <cdumez@apple.com>
2685
2686         Drop SVGElement.xmlbase attribute
2687         https://bugs.webkit.org/show_bug.cgi?id=159926
2688
2689         Reviewed by Benjamin Poulain.
2690
2691         Drop SVGElement.xmlbase attribute as it is no longer part of the
2692         specification:
2693         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
2694
2695         Both Firefox and Chrome have already dropped support for
2696         SVGElement.xmlbase.
2697
2698         Chrome's intent to remove:
2699         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
2700
2701         Test: svg/dom/SVGElement-xmlbase.html
2702
2703         * svg/SVGElement.cpp:
2704         (WebCore::SVGElement::removedFrom): Deleted.
2705         * svg/SVGElement.h:
2706         * svg/SVGElement.idl:
2707
2708 2016-07-19  Chris Dumez  <cdumez@apple.com>
2709
2710         Align CSSStyleDeclaration.setProperty() with the specification
2711         https://bugs.webkit.org/show_bug.cgi?id=159955
2712
2713         Reviewed by Benjamin Poulain.
2714
2715         Align CSSStyleDeclaration.setProperty() with the specification:
2716         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
2717
2718         In particular, the following changes were needed:
2719         1. The 'value' parameter should not be optional
2720         2. The 'priority' parameter should treat null as the empty string
2721            rather than the string "null".
2722         3. The 'priority' parameter's default value should be the empty string,
2723            not the string "undefined".
2724         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
2725            is not the empty string and is not an ASCII case-insensitive match
2726            for the string "important".
2727
2728         Chrome matches the specification entirely.
2729         Firefox matches the specification with the exception that it does a
2730         case-sensitive match for "important".
2731
2732         Test: fast/css/CSSStyleDeclaration-setProperty.html
2733
2734         * css/CSSStyleDeclaration.idl:
2735         * css/PropertySetCSSStyleDeclaration.cpp:
2736         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
2737
2738 2016-07-19  Daniel Bates  <dabates@apple.com>
2739
2740         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
2741         https://bugs.webkit.org/show_bug.cgi?id=159841
2742         <rdar://problem/27381684>
2743
2744         Reviewed by Brent Fulgham.
2745
2746         Implement a first pass at sending multiple violation reports so as to more closely
2747         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
2748         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
2749
2750         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
2751                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
2752                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
2753                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2754                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2755                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
2756                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
2757                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
2758                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
2759                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2760                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2761                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
2762                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
2763                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
2764                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
2765                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2766                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2767                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
2768                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
2769                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
2770                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
2771                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2772                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2773                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
2774                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
2775                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
2776
2777         * page/csp/ContentSecurityPolicy.cpp:
2778         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
2779         is allowed by all of the policies with the specified disposition.
2780         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
2781         all of the enforced policies.
2782         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
2783         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
2784         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
2785         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
2786         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
2787         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
2788         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
2789         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
2790         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
2791         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
2792         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
2793         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
2794         report-only policies so that we only allow the resource for the former. As a side effect of this change
2795         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
2796         for more details.
2797         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
2798         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
2799         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
2800         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
2801         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
2802         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
2803         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
2804         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
2805         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
2806         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
2807         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
2808         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
2809         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
2810         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
2811         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
2812         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
2813         * page/csp/ContentSecurityPolicy.h:
2814         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
2815
2816 2016-07-19  Chris Dumez  <cdumez@apple.com>
2817
2818         Fix null handling of HTMLScriptElement.text attribute
2819         https://bugs.webkit.org/show_bug.cgi?id=159943
2820
2821         Reviewed by Benjamin Poulain.
2822
2823         Fix null handling of HTMLScriptElement.text attribute:
2824         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
2825
2826         We should treat null as the "null" String but we were treating it as
2827         the empty string.
2828
2829         Firefox and Chrome match the specification.
2830
2831         No new tests, rebaselined existing test.
2832
2833         * html/HTMLScriptElement.idl:
2834
2835 2016-07-19  Chris Dumez  <cdumez@apple.com>
2836
2837         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
2838         https://bugs.webkit.org/show_bug.cgi?id=159934
2839
2840         Reviewed by Benjamin Poulain.
2841
2842         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
2843         non-standard and we want to drop support for it from the bindings generator.
2844
2845         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
2846         given that both a missing/empty attribute result in using the default
2847         autocapitalization mode and that autocapitalize returns the empty string by
2848         default.
2849
2850         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
2851
2852         * html/HTMLFormElement.idl:
2853         * html/HTMLInputElement.idl:
2854         * html/HTMLTextAreaElement.idl:
2855
2856 2016-07-19  Zalan Bujtas  <zalan@apple.com>
2857
2858         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
2859         https://bugs.webkit.org/show_bug.cgi?id=159952
2860
2861         Reviewed by Simon Fraser.
2862
2863         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
2864         where the container (RenderView) of one of the dirty subtrees is dirty.
2865         See r203415.
2866  
2867         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
2868
2869         * page/FrameView.cpp:
2870         (WebCore::FrameView::scheduleRelayoutOfSubtree):
2871
2872 2016-07-19  Dean Jackson  <dino@apple.com>
2873
2874         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
2875         https://bugs.webkit.org/show_bug.cgi?id=159948
2876         <rdar://problem/27391012>
2877
2878         Reviewed by Simon Fraser.
2879
2880         There is an iOS bug (<rdar://problem/27416744>) that is causing us
2881         to not always get a color space on CGContextRefs. Investigation of this
2882         exposed some optimizations we can take when we are creating ImageBuffers.
2883         In particular, if we have a bitmap context or an IOSurfaceContext we
2884         can simply copy their color space using API. Otherwise we stick with
2885         the existing CGContextCopyDeviceColorSpace.
2886
2887         Lastly, if for some reason we are unable to copy the device color space,
2888         we should fall back to sRGB.
2889
2890         * platform/graphics/cg/ImageBufferCG.cpp:
2891         (WebCore::ImageBuffer::createCompatibleBuffer):
2892         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
2893
2894
2895 2016-07-19  George Ruan  <gruan@apple.com>
2896
2897         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
2898         https://bugs.webkit.org/show_bug.cgi?id=159833
2899         <rdar://problem/27379487>
2900
2901         Reviewed by Eric Carlson.
2902
2903         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
2904
2905         * WebCore.xcodeproj/project.pbxproj:
2906         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
2907         of RefPtr<T>
2908         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
2909         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
2910         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
2911         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
2912         observers and AVSampleBufferDisplayLayer
2913         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
2914         is available.
2915         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
2916         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
2917         for enqueuing sample buffers to the active video track.
2918         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
2919         exists.
2920         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
2921         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
2922         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
2923         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
2924         new SampleBuffer is available.
2925         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
2926         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
2927         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
2928         MediaPlayerPrivateMediaSourceAVFObjC.mm
2929         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
2930         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
2931         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
2932         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
2933         * platform/mediastream/MediaStreamPrivate.cpp:
2934         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
2935         * platform/mediastream/MediaStreamTrackPrivate.cpp:
2936         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
2937         is available.
2938         * platform/mediastream/MediaStreamTrackPrivate.h:
2939         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
2940         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
2941         * platform/mediastream/RealtimeMediaSource.cpp:
2942         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
2943         * platform/mediastream/RealtimeMediaSource.h:
2944         * platform/mediastream/mac/AVVideoCaptureSource.mm:
2945         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
2946
2947 2016-07-19  Anders Carlsson  <andersca@apple.com>
2948
2949         Get rid of a #define private public hack in WebCore
2950         https://bugs.webkit.org/show_bug.cgi?id=159953
2951
2952         Reviewed by Dan Bernstein.
2953
2954         Use @package instead.
2955
2956         * bindings/objc/DOMInternal.h:
2957         * bindings/objc/DOMObject.h:
2958
2959 2016-07-19  Andreas Kling  <akling@apple.com>
2960
2961         Fix SharedBuffer leak in MockContentFilter::replacementData().
2962         <https://webkit.org/b/159945>
2963
2964         Reviewed by Andy Estes.
2965
2966         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
2967         Since this is in the mock filter, it only affected layout tests.
2968
2969         * testing/MockContentFilter.cpp:
2970         (WebCore::MockContentFilter::replacementData):
2971
2972 2016-07-19  Zalan Bujtas  <zalan@apple.com>
2973
2974         theguardian.co.uk crossword puzzles are sometimes not displaying text
2975         https://bugs.webkit.org/show_bug.cgi?id=159924
2976         <rdar://problem/27409483>
2977
2978         Reviewed by Simon Fraser.
2979
2980         This patch fixes the case when
2981         - 2 disjoint subtrees are dirty
2982         - RenderView is also dirty.
2983         and we end up not laying out one of the 2 subtrees.
2984
2985         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
2986         we already have a pending full layout which means that any previous subtree layouts have already been
2987         converted to full layouts.
2988         However this assumption is incorrect. RenderView can get dirty without checking if there's
2989         already a pending subtree layout.
2990         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
2991         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
2992         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
2993         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
2994         This patch implements the second option.
2995
2996         Test: fast/misc/subtree-layouts.html
2997
2998         * page/FrameView.cpp:
2999         (WebCore::FrameView::scheduleRelayoutOfSubtree):
3000
3001 2016-07-19  Anders Carlsson  <andersca@apple.com>
3002
3003         Some payment authorization status values should keep the sheet active
3004         https://bugs.webkit.org/show_bug.cgi?id=159936
3005         rdar://problem/26756701
3006
3007         Reviewed by Tim Horton.
3008
3009         * Modules/applepay/ApplePaySession.cpp:
3010         (WebCore::ApplePaySession::completePayment):
3011         Keep the sheet active if the status isn't a final state status.
3012
3013         * Modules/applepay/PaymentAuthorizationStatus.h:
3014         (WebCore::isFinalStateStatus):
3015         Add a new helper function that returns whether a given payment authorization status is "final",
3016         meaning that once that status has been passed to completePayment, the session is finished.
3017
3018 2016-07-19  Nan Wang  <n_wang@apple.com>
3019
3020         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
3021         https://bugs.webkit.org/show_bug.cgi?id=159910
3022
3023         Reviewed by Chris Fleizach.
3024
3025         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
3026         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
3027         fixed a word navigation issue based on that.
3028
3029         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
3030
3031         * accessibility/AXObjectCache.cpp:
3032         (WebCore::AXObjectCache::traverseToOffsetInRange):
3033         (WebCore::AXObjectCache::rangeForNodeContents):
3034         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
3035         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
3036         (WebCore::AXObjectCache::rightWordRange):
3037         (WebCore::AXObjectCache::previousBoundary):
3038         * accessibility/AXObjectCache.h:
3039         (WebCore::AXObjectCache::isNodeInUse):
3040
3041 2016-07-19  Youenn Fablet  <youenn@apple.com>
3042
3043         [Streams API] ReadableStreamController methods should throw if its stream is not readable
3044         https://bugs.webkit.org/show_bug.cgi?id=159871
3045
3046         Reviewed by Xabier Rodriguez-Calvar.
3047
3048         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
3049         Covered by rebased and/or modified tests.
3050
3051         * Modules/streams/ReadableStreamController.js:
3052         (enqueue): Throwing a TypeError if controlled stream is not readable.
3053         (close): Ditto.
3054
3055 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
3056
3057         Bubbles appear split for a brief moment in Messages
3058         https://bugs.webkit.org/show_bug.cgi?id=159915
3059         rdar://problem/27182267
3060
3061         Reviewed by David Hyatt.
3062
3063         RenderView::repaintRootContents() had a long-standing bug in WebView when the
3064         view is scrolled. repaint() uses visualOverflowRect() but, for the 
3065         RenderView, the visualOverflowRect() is the initial containing block
3066         which is anchored at 0,0. When the view is scrolled it's clipped out and
3067         calls to repaintRootContents() have no effect.
3068         
3069         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
3070         will clip it to the view if necessary.
3071
3072         Test: fast/repaint/scrolled-view-full-repaint.html
3073
3074         * rendering/RenderView.cpp:
3075         (WebCore::RenderView::repaintRootContents):
3076
3077 2016-07-19  Dan Bernstein  <mitz@apple.com>
3078
3079         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
3080
3081         * bindings/js/JSDOMGlobalObject.cpp:
3082         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
3083
3084 2016-07-19  Youenn Fablet  <youenn@apple.com>
3085
3086         [Streams API] Make ReadableStream properties not enumerable
3087         https://bugs.webkit.org/show_bug.cgi?id=159868
3088
3089         Reviewed by Darin Adler.
3090
3091         Covered by rebased tests.
3092
3093         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
3094         Updating IDL constructor definitions to correctly compute constructor length.
3095         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
3096
3097         * Modules/streams/ReadableStream.idl:
3098         * Modules/streams/ReadableStream.js:
3099         * Modules/streams/ReadableStreamController.idl:
3100         * Modules/streams/ReadableStreamReader.idl:
3101
3102 2016-07-19  Chris Dumez  <cdumez@apple.com>
3103
3104         form.enctype / encoding / method should treat null as "null" string
3105         https://bugs.webkit.org/show_bug.cgi?id=159916
3106
3107         Reviewed by Ryosuke Niwa.
3108
3109         form.enctype / encoding / method should treat null as "null" string:
3110         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
3111
3112         Previously, WebKit would treat null as the null String, which would
3113         end up removing the existing attribute.
3114
3115         Firefox and Chrome match the specification.
3116
3117         Test: fast/dom/HTMLFormElement/null-handling.html
3118
3119         * html/HTMLFormElement.h:
3120         * html/HTMLFormElement.idl:
3121
3122 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
3123
3124         All-in-one buildfix after r202439
3125         https://bugs.webkit.org/show_bug.cgi?id=159877
3126
3127         Reviewed by Chris Dumez.
3128
3129         * Modules/webaudio/AudioDestinationNode.h:
3130         (WebCore::AudioDestinationNode::resume):
3131         (WebCore::AudioDestinationNode::suspend):
3132         (WebCore::AudioDestinationNode::close):
3133
3134 2016-07-18  Frederic Wang  <fwang@igalia.com>
3135
3136         Move parsing of subscriptshift and superscriptshift from rendering to element classes
3137         https://bugs.webkit.org/show_bug.cgi?id=159622
3138
3139         Reviewed by Darin Adler.
3140
3141         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
3142         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
3143         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
3144         attribute parsing to the DOM (bug 156536).
3145
3146         No new tests, rendering is unchanged.
3147
3148         * CMakeLists.txt: Add MathMLScriptsElement files.
3149         * WebCore.xcodeproj/project.pbxproj: Ditto.
3150         * mathml/MathMLAllInOne.cpp: Ditto.
3151         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
3152         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
3153         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
3154         parsing for the subscriptshift and superscriptshift MathML lengths.
3155         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
3156         (WebCore::MathMLScriptsElement::create):
3157         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
3158         parsing the attribute again if necessary.
3159         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
3160         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
3161         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
3162         * mathml/MathMLScriptsElement.h: Ditto.
3163         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
3164         * rendering/mathml/RenderMathMLScripts.cpp:
3165         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
3166         MathMLScriptsElement.
3167         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
3168         using the functions from the MathMLScriptsElement class.
3169         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
3170
3171 2016-07-18  Frederic Wang  <fwang@igalia.com>
3172
3173         Do not store gap and shift parameters on RenderMathMLFraction
3174         https://bugs.webkit.org/show_bug.cgi?id=159876
3175
3176         Reviewed by Darin Adler.
3177
3178         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
3179         do not need to store them on the class. We remove them and split updateLayoutParameters into
3180         three functions: one to update the linethickness and two others to retrieve the fraction and
3181         stack respectively.
3182
3183         No new tests, rendering is unchanged.
3184
3185         * rendering/mathml/RenderMathMLFraction.cpp:
3186         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
3187         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
3188         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
3189         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
3190         for fraction and stack parameters.
3191         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
3192         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
3193         for stack and fraction parameters.
3194
3195 2016-07-18  Chris Dumez  <cdumez@apple.com>
3196
3197         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
3198         https://bugs.webkit.org/show_bug.cgi?id=159908
3199
3200         Reviewed by Alex Christensen.
3201
3202         input.formEnctype / formMethod and button.formEnctype / formMethod / type
3203         should treat null as "null" String:
3204         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
3205         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
3206
3207         In WebKit, we would treat null as a null String which would end up
3208         removing the corresponding attribute. This does not match the
3209         specification. Firefox and Chrome match the specification here.
3210
3211         Tests:
3212         - fast/dom/HTMLButtonElement/null-handling.html
3213         - fast/dom/HTMLInputElement/null-handling.html
3214
3215         * html/HTMLButtonElement.idl:
3216         * html/HTMLInputElement.idl:
3217
3218 2016-07-18  Alex Christensen  <achristensen@webkit.org>
3219
3220         webbookmarksd needs to use the same AppCache directory as MobileSafari
3221         https://bugs.webkit.org/show_bug.cgi?id=159912
3222
3223         Reviewed by Alexey Proskuryakov.
3224
3225         No new tests.  This only changes behavior for webbookmarksd.
3226
3227         * platform/RuntimeApplicationChecks.h:
3228         * platform/RuntimeApplicationChecks.mm:
3229         (WebCore::IOSApplication::isWebBookmarksD): Added.
3230
3231 2016-07-18  Chris Dumez  <cdumez@apple.com>
3232
3233         EventTarget.dispatchEvent() parameter should not be nullable
3234         https://bugs.webkit.org/show_bug.cgi?id=159897
3235
3236         Reviewed by Benjamin Poulain.
3237
3238         EventTarget.dispatchEvent() parameter should not be nullable:
3239         - https://dom.spec.whatwg.org/#interface-eventtarget
3240
3241         Even though the parameter was marked as nullable in our IDL, our
3242         implementation does a null check and we already throw a TypeError
3243         when calling dispatchEvent(null).
3244
3245         Update our IDL so that it matches the specification and so that
3246         the null check is generated in the bindings instead.
3247
3248         No new tests, rebaseline existing tests.
3249
3250         * dom/EventTarget.cpp:
3251         (WebCore::EventTarget::dispatchEventForBindings):
3252         * dom/EventTarget.h:
3253         * dom/EventTarget.idl:
3254
3255 2016-07-18  Chris Dumez  <cdumez@apple.com>
3256
3257         DocType's publicId / systemId should not be nullable
3258         https://bugs.webkit.org/show_bug.cgi?id=159901
3259
3260         Reviewed by Benjamin Poulain.
3261
3262         DocType's publicId / systemId should not be nullable. While they were
3263         not marked as nullable in our IDL, they could be stored as null Strings
3264         in our implementation depending on how the Node was constructed. This
3265         led to subtle bugs where String() != emptyString().
3266
3267         In particular, Node.isEqualNode() would return false when DocumentType
3268         nodes would mismatch because of their publicId / systemId being null
3269         instead of the emptyString.
3270
3271         Serialization would DocumentType nodes would also be wrong when
3272         publicId / systemId were empty Strings instead of null strings. The
3273         new behavior now matches:
3274         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
3275
3276         To address these issues, we now always store publicId / systemId as
3277         non-null Strings inside the DocumentType class.
3278
3279         Test: fast/dom/DocumentType/isEqualNode.html
3280
3281         * dom/DocumentType.cpp:
3282         (WebCore::DocumentType::DocumentType):
3283         * editing/MarkupAccumulator.cpp:
3284         (WebCore::MarkupAccumulator::appendDocumentType):
3285
3286 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
3287
3288         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
3289         https://bugs.webkit.org/show_bug.cgi?id=157553
3290         rdar://problem/25740804
3291
3292         Reviewed by Eric Carlson.
3293
3294         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
3295
3296         When suspending under lock on iOS, there is first a resign active event, then a
3297         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
3298         suspend under lock to interrupt playback.
3299
3300         Currently if there are nested interruptions only the first one is acted upon.
3301
3302         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
3303         previous interruptions were ignored.
3304
3305         This test is for iPad only, so it must be run manually.
3306
3307         * html/HTMLMediaElement.cpp:
3308         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
3309         * platform/audio/PlatformMediaSession.cpp:
3310         (WebCore::PlatformMediaSession::beginInterruption):
3311         * testing/Internals.cpp:
3312         (WebCore::Internals::beginMediaSessionInterruption):
3313
3314 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
3315
3316         Don't associate form-associated elements with forms in other trees.
3317         https://bugs.webkit.org/show_bug.cgi?id=119451
3318         <rdar://problem/27382946>
3319
3320         Change is based on the Blink change (patch by <adamk@chromium.org>):
3321         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
3322
3323         Reviewed by Chris Dumez.
3324
3325         Prevent elements from being associated with forms that are not part of the same home subtree.
3326         This brings us in line with the WhatWG HTML specification as of September, 2013.
3327
3328         Tests: fast/forms/image-disconnected-during-parse.html
3329                fast/forms/input-disconnected-during-parse.html
3330
3331         * dom/Element.h:
3332         (WebCore::Node::rootElement): Added.
3333         * html/FormAssociatedElement.cpp:
3334         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
3335         is not part of the same tree, remove the association.
3336         * html/HTMLImageElement.cpp:
3337         (WebCore::HTMLImageElement::insertedInto): Ditto.
3338
3339 2016-07-18  Anders Carlsson  <andersca@apple.com>
3340
3341         WebKit nightly fails to build on macOS Sierra
3342         https://bugs.webkit.org/show_bug.cgi?id=159902
3343         rdar://problem/27365672
3344
3345         Reviewed by Tim Horton.
3346
3347         * Modules/applepay/cocoa/PaymentCocoa.mm:
3348         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
3349         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
3350         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
3351         Use new PassKitSPI header.
3352
3353         * WebCore.xcodeproj/project.pbxproj:
3354         Add new PassKitSPI header.
3355
3356         * icu/unicode/ucurr.h: Added.
3357         Add ucurr.h from ICU.
3358
3359         * platform/spi/cocoa/PassKitSPI.h: Added.
3360         Add new PassKitSPI header.
3361
3362 2016-07-18  Dean Jackson  <dino@apple.com>
3363
3364         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
3365         https://bugs.webkit.org/show_bug.cgi?id=159906
3366         <rdar://problem/27391725>
3367
3368         Reviewed by Simon Fraser.
3369
3370         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
3371         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
3372
3373         Revert them both until we have better testing.
3374
3375         * css/CSSParser.cpp:
3376         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
3377         (WebCore::CSSParser::parseValue):
3378         (WebCore::CSSParser::parseAnimationShorthand):
3379         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
3380         * css/CSSPropertyNames.in:
3381         * css/PropertySetCSSStyleDeclaration.cpp:
3382         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
3383         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
3384         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
3385         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
3386         * css/StyleProperties.cpp:
3387         (WebCore::MutableStyleProperties::removeShorthandProperty):
3388         (WebCore::MutableStyleProperties::removeProperty):
3389         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
3390         (WebCore::MutableStyleProperties::setProperty):
3391         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
3392         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
3393         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
3394         (WebCore::StyleProperties::asText): Deleted.
3395         * css/StyleProperties.h:
3396
3397 2016-07-18  Andreas Kling  <akling@apple.com>
3398
3399         There should be a way to simulate memory pressure in layout tests
3400         <https://webkit.org/b/159743>
3401
3402         Reviewed by Simon Fraser.
3403
3404     &n