09e0963589465008d3a5c6b4b256b149d8c1756e
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>
2
3         Unreviewed, rolling out r203266.
4
5         This change caused editing/deleting/delete-emoji.html to time
6         out on El Capitan, crash under GuardMalloc
7
8         Reverted changeset:
9
10         "Support new emoji group candidates"
11         https://bugs.webkit.org/show_bug.cgi?id=159755
12         http://trac.webkit.org/changeset/203266
13
14 2016-07-15  Frederic Wang  <fwang@igalia.com>
15
16         Move parsing of mfrac attributes into a MathMLFractionElement class
17         https://bugs.webkit.org/show_bug.cgi?id=159624
18
19         Reviewed by Brent Fulgham.
20
21         We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
22         minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
23         the members in updateLayoutParameters are actually only used in layoutBlock and could be
24         removed in a follow-up patch. We also improve the resolution of negative line thickness value
25         since the MathML recommendation says it should be rounded up to the nearest valid
26         value (which is zero) instead of ignoring the attribute and using the line thickness.
27
28         No new tests, already covered by existing tests.
29
30         * CMakeLists.txt: Add MathMLFractionElement.
31         * WebCore.xcodeproj/project.pbxproj: Ditto.
32         * mathml/MathMLAllInOne.cpp: Ditto.
33         * mathml/MathMLFractionElement.cpp: Added.
34         (WebCore::MathMLFractionElement::MathMLFractionElement):
35         (WebCore::MathMLFractionElement::create):
36         (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
37         parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
38         or fallback to the general parseMathMLLength for MathML lengths.
39         (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
40         parsing it again if it is dirty.
41         (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
42         (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
43         (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
44         (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
45         * mathml/MathMLFractionElement.h: Added.
46         * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
47         (WebCore::MathMLInlineContainerElement::createElementRenderer):
48         * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
49         * rendering/mathml/RenderMathMLFraction.cpp:
50         (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
51         layout parameters, replacing updateFromElement. We no longer parse and store the alignment
52         values here. We also change the resolution of negative values.
53         (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
54         (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
55         updateFromElement. The numerator and denominator alignments are resolved here.
56         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
57         attribute is now handled in MathMLFractionElement.
58         (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
59         handled in MathMLFractionElement.
60         (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
61         * rendering/mathml/RenderMathMLFraction.h: Update declarations.
62
63 2016-07-15  Frederic Wang  <fwang@igalia.com>
64
65         Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
66         https://bugs.webkit.org/show_bug.cgi?id=159783
67
68         Reviewed by Brent Fulgham.
69
70         GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
71         index is nonzero. This behavior is not expected by the MathML code and we have had crashes
72         in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
73         GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.
74
75         No new tests, this only makes null pointer checks stronger.
76
77         * rendering/mathml/MathOperator.cpp:
78         (WebCore::boundsForGlyph):
79         (WebCore::advanceWidthForGlyph):
80         (WebCore::MathOperator::getBaseGlyph):
81         (WebCore::MathOperator::setSizeVariant):
82         (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
83         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
84         (WebCore::MathOperator::paintVerticalGlyphAssembly):
85         (WebCore::MathOperator::paintHorizontalGlyphAssembly):
86         (WebCore::MathOperator::paint):
87         * rendering/mathml/RenderMathMLOperator.cpp:
88         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
89         * rendering/mathml/RenderMathMLToken.cpp:
90         (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
91         (WebCore::RenderMathMLToken::firstLineBaseline):
92         (WebCore::RenderMathMLToken::layoutBlock):
93         (WebCore::RenderMathMLToken::paint):
94         (WebCore::RenderMathMLToken::paintChildren):
95
96 2016-07-15  Frederic Wang  <fwang@igalia.com>
97
98         Add DejaVu Math TeX Gyre to the list of math fonts.
99         https://bugs.webkit.org/show_bug.cgi?id=159805
100
101         Reviewed by Brent Fulgham.
102
103         DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
104         likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
105         list of font-families in mathml.css in order to increase the chance to find a math font.
106
107         No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.
108
109         * css/mathml.css:
110         (math):
111
112 2016-07-15  Eric Carlson  <eric.carlson@apple.com>
113
114         [MSE] Increase the SourceBuffer "fudge factor"
115         https://bugs.webkit.org/show_bug.cgi?id=159813
116         <rdar://problem/27372033>
117
118         Reviewed by Jon Lee.
119         
120         Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
121         math, and the error accumulation results in small gaps in the media timeline. r202641
122         increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
123         out that at least one large provider has a significant amount of content encoded with
124         up to two 24fps frames.
125
126         No new tests, updated media/media-source/media-source-small-gap.html.
127
128         * Modules/mediasource/SourceBuffer.cpp:
129         (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.
130
131 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
132
133         Add final keyword to WebCore/svg classes
134         https://bugs.webkit.org/show_bug.cgi?id=159802
135
136         Reviewed by Youenn Fablet.
137
138         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
139
140         * svg/SVGException.h:
141         * svg/SVGLengthList.h:
142         * svg/SVGMatrix.h:
143         * svg/SVGNumberList.h:
144         * svg/SVGPaint.h:
145         * svg/SVGPathBuilder.h:
146         * svg/SVGPathByteStreamBuilder.h:
147         * svg/SVGPathByteStreamSource.h:
148         * svg/SVGPathSegArcAbs.h:
149         * svg/SVGPathSegArcRel.h:
150         * svg/SVGPathSegClosePath.h:
151         * svg/SVGPathSegCurvetoCubicAbs.h:
152         * svg/SVGPathSegCurvetoCubicRel.h:
153         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
154         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
155         * svg/SVGPathSegCurvetoQuadraticAbs.h:
156         * svg/SVGPathSegCurvetoQuadraticRel.h:
157         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
158         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
159         * svg/SVGPathSegLinetoAbs.h:
160         * svg/SVGPathSegLinetoHorizontalAbs.h:
161         * svg/SVGPathSegLinetoHorizontalRel.h:
162         * svg/SVGPathSegLinetoRel.h:
163         * svg/SVGPathSegLinetoVerticalAbs.h:
164         * svg/SVGPathSegLinetoVerticalRel.h:
165         * svg/SVGPathSegListBuilder.h:
166         * svg/SVGPathSegListSource.h:
167         * svg/SVGPathSegMovetoAbs.h:
168         * svg/SVGPathSegMovetoRel.h:
169         * svg/SVGPathStringSource.h:
170         * svg/SVGPathTraversalStateBuilder.h:
171         * svg/SVGPointList.h:
172         * svg/SVGRenderingIntent.h:
173         * svg/SVGStringList.h:
174         * svg/SVGTRefElement.cpp:
175         * svg/SVGToOTFFontConversion.cpp:
176         * svg/SVGTransformList.h:
177         * svg/SVGUnitTypes.h:
178         * svg/SVGViewSpec.h:
179         * svg/SVGZoomEvent.h:
180         * svg/animation/SMILTimeContainer.h:
181         * svg/animation/SVGSMILElement.cpp:
182         * svg/graphics/filters/SVGFEImage.h:
183         * svg/graphics/filters/SVGFilter.h:
184         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
185         * svg/properties/SVGAnimatedPropertyTearOff.h:
186         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
187         * svg/properties/SVGMatrixTearOff.h:
188         * svg/properties/SVGPathSegListPropertyTearOff.h:
189         * svg/properties/SVGStaticListPropertyTearOff.h:
190         * svg/properties/SVGStaticPropertyTearOff.h:
191         * svg/properties/SVGTransformListPropertyTearOff.h:
192
193 2016-07-15  Per Arne Vollan  <pvollan@apple.com>
194
195         Uninitialized variable in DIBPixelData can cause a dangerous memory write
196         https://bugs.webkit.org/show_bug.cgi?id=159414
197
198         Reviewed by Brent Fulgham.
199
200         Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
201         fails to do so, because the bitmap handle is invalid.
202
203         Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp
204
205         * platform/graphics/win/DIBPixelData.cpp:
206         (WebCore::DIBPixelData::initialize): Initialize local variable.
207         (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
208         * platform/graphics/win/DIBPixelData.h: Link fix.
209
210 2016-07-14  Yoav Weiss  <yoav@yoav.ws>
211
212         Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
213         https://bugs.webkit.org/show_bug.cgi?id=159666
214
215         Reviewed by Michael Catanzaro.
216
217         Tests:
218             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
219
220         * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
221         * css/CSSParser.cpp:
222         (WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.
223         * css/CSSParser.h:
224
225 2016-07-14  Antonio Gomes  <tonikitoo@igalia.com>
226
227         [RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
228         https://bugs.webkit.org/show_bug.cgi?id=158252
229
230         Reviewed by Myles C. Maxfield.
231
232         When the 'dir' attribute changes either on body or on the document
233         element level, the associated FrameView does not trigger an update on
234         the frame level vertical scrollbar.
235
236         Patch adds a 'hook' so that RenderBox::styleDidChange can call in
237         order to get the document level scrollbar placed properly in the next
238         layout.
239
240         Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html
241               fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
242               fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html
243
244         * page/FrameView.cpp:
245         (WebCore::FrameView::topContentDirectionDidChange):
246         * page/FrameView.h:
247         * rendering/RenderBox.cpp:
248         (WebCore::RenderBox::styleDidChange):
249
250 2016-07-14  Myles C. Maxfield  <mmaxfield@apple.com>
251
252         Support new emoji group candidates
253         https://bugs.webkit.org/show_bug.cgi?id=159755
254         <rdar://problem/27325521>
255
256         Reviewed by Dean Jackson.
257
258         There are a few code points which should be able to be joined (with ZWJ) to
259         either U+2640 or U+2642 to change the gender of the emoji. These patterns
260         should also work with an additional 0xFE0F variation selector. This patch
261         adds these new patterns to our existing emoji group candidate infrastructure.
262
263         Tests: fast/text/emoji-gender-2-3.html
264                fast/text/emoji-gender-2-4.html
265                fast/text/emoji-gender-2-5.html
266                fast/text/emoji-gender-2-6.html
267                fast/text/emoji-gender-2-7.html
268                fast/text/emoji-gender-2-8.html
269                fast/text/emoji-gender-2-9.html
270                fast/text/emoji-gender-2.html
271                fast/text/emoji-gender-3.html
272                fast/text/emoji-gender-4.html
273                fast/text/emoji-gender-5.html
274                fast/text/emoji-gender-6.html
275                fast/text/emoji-gender-7.html
276                fast/text/emoji-gender-8.html
277                fast/text/emoji-gender-9.html
278                fast/text/emoji-gender-fe0f-3.html
279                fast/text/emoji-gender-fe0f-4.html
280                fast/text/emoji-gender-fe0f-5.html
281                fast/text/emoji-gender-fe0f-6.html
282                fast/text/emoji-gender-fe0f-7.html
283                fast/text/emoji-gender-fe0f-8.html
284                fast/text/emoji-gender-fe0f-9.html
285                fast/text/emoji-gender.html
286                fast/text/emoji-num-glyphs.html
287                fast/text/emoji-single-parent-family-2.html
288                fast/text/emoji-single-parent-family.html
289
290         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
291         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
292         * platform/graphics/FontCascade.cpp:
293         (WebCore::FontCascade::characterRangeCodePath):
294         * platform/text/CharacterProperties.h:
295         (WebCore::isEmojiGroupCandidate):
296
297 2016-07-14  Dean Jackson  <dino@apple.com>
298
299         CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
300         https://bugs.webkit.org/show_bug.cgi?id=159799
301         <rdar://problem/27346959>
302
303         Reviewed by Myles Maxfield.
304
305         Speculative fix for this crash, which seems to happen when asking for the Node's
306         renderer(). From the incoming crash logs, it is triggered by mutations on
307         a <picture> or <img> element, which would require choosing a new source,
308         and causing some media queries to evaluate.
309
310         The only place in MediaQueryEvaluator that has anything to do with
311         renderers is when gathering up some style information to pass to the
312         actual evaluation function. I put a guard against a missing documentElement
313         in there.
314
315         * css/MediaQueryEvaluator.cpp:
316         (WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
317         null.
318
319 2016-07-14  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
320
321         Update HTML*Element class override methods in final classes
322         https://bugs.webkit.org/show_bug.cgi?id=159456
323
324         Reviewed by Youenn Fablet.
325
326         Update HTML*Element classes so that overriden methods in final classes are marked final.
327         Also marked HTMLDivElement overriden methods as final since they are not overridden by derived classes.
328
329         * html/HTMLAppletElement.h:
330         * html/HTMLAreaElement.h:
331         * html/HTMLAttachmentElement.h:
332         * html/HTMLAudioElement.h:
333         * html/HTMLBRElement.h:
334         * html/HTMLBaseElement.h:
335         * html/HTMLBodyElement.h:
336         * html/HTMLButtonElement.h:
337         * html/HTMLCanvasElement.h:
338         * html/HTMLDataElement.h:
339         * html/HTMLDetailsElement.h:
340         * html/HTMLDivElement.h:
341         * html/HTMLEmbedElement.h:
342         * html/HTMLFieldSetElement.h:
343         * html/HTMLFontElement.h:
344         * html/HTMLFormElement.h:
345         * html/HTMLFrameSetElement.h:
346         * html/HTMLHRElement.h:
347         * html/HTMLHtmlElement.h:
348         * html/HTMLKeygenElement.h:
349         * html/HTMLLIElement.h:
350         * html/HTMLLabelElement.h:
351         * html/HTMLLegendElement.h:
352         * html/HTMLLinkElement.h:
353         * html/HTMLMapElement.h:
354         * html/HTMLMarqueeElement.h:
355         * html/HTMLMetaElement.h:
356         * html/HTMLMeterElement.h:
357         * html/HTMLModElement.h:
358         * html/HTMLOListElement.h:
359         * html/HTMLObjectElement.h:
360         * html/HTMLOptGroupElement.h:
361         * html/HTMLOptionElement.h:
362         * html/HTMLOutputElement.h:
363         * html/HTMLParagraphElement.h:
364         * html/HTMLParamElement.h:
365         * html/HTMLPreElement.h:
366         * html/HTMLProgressElement.h:
367         * html/HTMLQuoteElement.h:
368         * html/HTMLScriptElement.h:
369         * html/HTMLSourceElement.h:
370         * html/HTMLStyleElement.h:
371         * html/HTMLSummaryElement.h:
372         * html/HTMLTableCaptionElement.h:
373         * html/HTMLTableColElement.h:
374         * html/HTMLTableElement.h:
375         * html/HTMLTableSectionElement.h:
376         * html/HTMLTemplateElement.h:
377         * html/HTMLTextAreaElement.h:
378         * html/HTMLTitleElement.h:
379         * html/HTMLUListElement.h:
380         * html/HTMLUnknownElement.h:
381         * html/HTMLVideoElement.h:
382         * html/HTMLWBRElement.h:
383
384 2016-07-14  Chris Dumez  <cdumez@apple.com>
385
386         Modernize GlyphMetricsMap
387         https://bugs.webkit.org/show_bug.cgi?id=159788
388
389         Reviewed by Darin Adler.
390
391         Modernize GlyphMetricsMap a bit.
392
393         * platform/graphics/GlyphMetricsMap.h:
394         - Drop WTF_MAKE_NONCOPYABLE as the class is already non-copyable due to having
395           to having a std::unique_ptr data member.
396         - Drop GlyphMetricsMap default constructor and let the compiler generate it
397           instead. This required using inline initialization for m_filledPrimaryPage.
398
399         (WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):
400         - Make m_metrics data member private as it does not need to be public.
401         - Make setMetricsForIndex(unsigned index, const T& metrics) setter private
402           as it does not need to be public.
403         - Make GlyphMetricsPage(const T& initialValue) constructor explicit as it
404           takes only 1 parameter.
405
406         (WebCore::GlyphMetricsMap<T>::locatePageSlowCase):
407         - Use HashMap::ensure() to make the code a bit nicer.
408
409 2016-07-14  Simon Fraser  <simon.fraser@apple.com>
410
411         [iOS WK2] When scrolling apple.com/music on iPad Pro in landscape, left-hand tiles appear first
412         https://bugs.webkit.org/show_bug.cgi?id=159798
413         rdar://problem/27362717
414
415         Reviewed by Tim Horton.
416
417         In out-of-visible tiled layers, we always allocated the top-left tile, wasting
418         memory and causing ugliness when scrolling that layer into view. This happened
419         because getTileIndexRangeForRect() had no way to express the fact that no tiles
420         should be created.
421
422         Fix getTileIndexRangeForRect() to return a bool, and fix callers to respect the
423         return value.
424
425         Test: compositing/tiling/offscreen-tiled-layer.html
426
427         * platform/graphics/ca/GraphicsLayerCA.cpp:
428         (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
429         * platform/graphics/ca/TileGrid.cpp:
430         (WebCore::TileGrid::setNeedsDisplayInRect):
431         (WebCore::TileGrid::tilesWouldChangeForCoverageRect):
432         (WebCore::TileGrid::getTileIndexRangeForRect):
433         (WebCore::TileGrid::revalidateTiles):
434         (WebCore::TileGrid::ensureTilesForRect):
435         (WebCore::TileGrid::extent):
436         * platform/graphics/ca/TileGrid.h:
437
438 2016-07-14  John Wilander  <wilander@apple.com>
439
440         Remove credentials in URL when accessed through location.href
441         https://bugs.webkit.org/show_bug.cgi?id=139562
442         <rdar://problem/27331164>
443
444         Reviewed by Brent Fulgham.
445
446         Test: http/tests/security/location-href-clears-username-password.html
447
448         The reason for this change is to not allow scripts on the page to
449         exfiltrate username and password from the URL.
450
451         * page/Location.cpp:
452         (WebCore::Location::href):
453             Now checks if there is a username or password in the URL. If so,
454             it copies the URL and removes the username and password.
455
456 2016-07-14  Javier Fernandez  <jfernandez@igalia.com>
457
458         [css-grid] Handle min-content/max-content with orthogonal flows
459         https://bugs.webkit.org/show_bug.cgi?id=159294
460
461         Reviewed by Darin Adler.
462
463         Currently there is no support for orthogonal flows in many aspects of the
464         Grid Layout logic.
465
466         The Grid sizing algorithm should be adapted to this scenario, hence this
467         patch focus on the min-content and max-content functions, used to resolve
468         content based track sizes.
469
470         There are still issues related to alignment and sizes using percentages,
471         but they will be addressed in different patches.
472
473         Tests: fast/css-grid-layout/grid-item-positioning-with-orthogonal-flows.html
474                fast/css-grid-layout/grid-item-sizing-with-orthogonal-flows.html
475                fast/css-grid-layout/grid-item-spanning-and-orthogonal-flows.html
476                fast/css-grid-layout/grid-track-sizing-with-orthogonal-flows.html
477                fast/css-grid-layout/grid-track-sizing-with-percentages-and-orthogonal-flows.html
478
479         * rendering/RenderBox.cpp:
480         (WebCore::RenderBox::computeLogicalWidthInRegion):
481         * rendering/RenderGrid.cpp:
482         (WebCore::RenderGrid::GridSizingData::advanceNextState):
483         (WebCore::RenderGrid::GridSizingData::isValidTransitionForDirection):
484         (WebCore::RenderGrid::computeTrackSizesForDirection):
485         (WebCore::RenderGrid::repeatTracksSizingIfNeeded): Added.
486         (WebCore::RenderGrid::layoutBlock):
487         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
488         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
489         (WebCore::hasOverrideContainingBlockContentSizeForChild):
490         (WebCore::overrideContainingBlockContentSizeForChild):
491         (WebCore::setOverrideContainingBlockContentSizeForChild):
492         (WebCore::shouldClearOverrideContainingBlockContentSizeForChild):
493         (WebCore::RenderGrid::gridTrackSize):
494         (WebCore::RenderGrid::isOrthogonalChild): Added.
495         (WebCore::RenderGrid::logicalHeightForChild):
496         (WebCore::RenderGrid::flowAwareDirectionForChild): Added.
497         (WebCore::RenderGrid::minSizeForChild):
498         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
499         (WebCore::RenderGrid::minContentForChild):
500         (WebCore::RenderGrid::maxContentForChild):
501         (WebCore::RenderGrid::placeItemsOnGrid):
502         (WebCore::RenderGrid::layoutPositionedObject):
503         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
504         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild): Added.
505         (WebCore::RenderGrid::gridAreaBreadthForChild):
506         (WebCore::RenderGrid::columnAxisPositionForChild):
507         (WebCore::RenderGrid::rowAxisPositionForChild):
508         (WebCore::RenderGrid::findChildLogicalPosition):
509         * rendering/RenderGrid.h:
510         (WebCore::RenderGrid::SizingOperation): This enum has been moved to the header file.
511         (WebCore::RenderGrid::m_hasAnyOrthogonalChild): New class attribute to know if there are any orthogonal grid items.
512         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
513         (WebCore::RenderGrid::logicalHeightForChild):
514         (WebCore::RenderGrid::gridAreaBreadthForChild):
515         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
516
517
518
519 2016-07-14  Chris Dumez  <cdumez@apple.com>
520
521         Use emptyString() instead of "" when possible
522         https://bugs.webkit.org/show_bug.cgi?id=159789
523
524         Reviewed by Alex Christensen.
525
526         Use emptyString() instead of "" when possible to reduce String allocations.
527
528         * Modules/webdatabase/Database.cpp:
529         (WebCore::Database::performOpenAndVerify):
530         * css/CSSSelector.h:
531         * css/StyleProperties.cpp:
532         (WebCore::MutableStyleProperties::removeProperty):
533         (WebCore::MutableStyleProperties::removeCustomProperty):
534         * editing/TextCheckingHelper.cpp:
535         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
536         (WebCore::TextCheckingHelper::findFirstBadGrammar):
537         * editing/TypingCommand.h:
538         (WebCore::TypingCommand::create):
539         * fileapi/FileReaderLoader.cpp:
540         (WebCore::FileReaderLoader::cleanup):
541         * inspector/InspectorStyleSheet.cpp:
542         (WebCore::fillMediaListChain):
543         * page/UserContentURLPattern.cpp:
544         (WebCore::UserContentURLPattern::parse):
545         * platform/graphics/MediaPlayer.cpp:
546         (WebCore::MediaPlayer::load):
547         * platform/gtk/DataObjectGtk.h:
548         (WebCore::DataObjectGtk::clearURIList):
549         * platform/network/curl/ResourceHandleCurl.cpp:
550         (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
551         * platform/network/curl/ResourceHandleManager.h:
552         * rendering/RenderLayerCompositor.cpp:
553         (WebCore::RenderLayerCompositor::layerTreeAsText):
554         * rendering/RenderListMarker.cpp:
555         (WebCore::RenderListMarker::updateContent):
556         * rendering/style/RenderStyle.cpp:
557         (WebCore::RenderStyle::noneDashboardRegions):
558         * rendering/svg/SVGTextMetrics.cpp:
559         (WebCore::SVGTextMetrics::SVGTextMetrics):
560         * xml/XPathParser.cpp:
561         (WebCore::XPath::Parser::lexString):
562
563 2016-07-14  Brent Fulgham  <bfulgham@apple.com>
564
565         editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc 
566         https://bugs.webkit.org/show_bug.cgi?id=142969
567         <rdar://problem/27331095>
568
569         Reviewed by Alex Christensen.
570
571         Fix based on a Blink change (patch by <rouslan@chromium.org>):
572         <https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>
573
574         Test: editing/spelling/copy-paste-crash.html
575               editing/spelling/spellcheck-async.html
576
577         * editing/SpellChecker.cpp:
578         (WebCore::SpellCheckRequest::didSucceed):
579         (WebCore::SpellCheckRequest::didCancel):
580
581 2016-07-14  Zalan Bujtas  <zalan@apple.com>
582
583         ImageBuffer's succes flag should be set to false at the very beginning of the c'tor.
584         https://bugs.webkit.org/show_bug.cgi?id=159784
585
586         Reviewed by Simon Fraser.
587
588         No change in functionality.
589
590         * platform/graphics/cg/ImageBufferCG.cpp:
591         (WebCore::ImageBuffer::ImageBuffer):
592
593 2016-07-14  Alex Christensen  <achristensen@webkit.org>
594
595         Use SocketProvider to create SocketStreamHandles
596         https://bugs.webkit.org/show_bug.cgi?id=159774
597
598         Reviewed by Brady Eidson.
599
600         No new tests.  No change in behaviour.
601         
602         In r202930 I introduced the SocketProvider, but I used it to make a WebSocketChannel
603         instead of a SocketStreamHandle, which is the class I want to make into an interface
604         and proxy the web traffic over to the NetworkProcess.
605
606         * CMakeLists.txt:
607         * Modules/websockets/ThreadableWebSocketChannel.cpp: Added.
608         (WebCore::ThreadableWebSocketChannel::create):
609         I removed this in 202930, so this is restoring it from that patch, hence the old copyright.
610         * Modules/websockets/ThreadableWebSocketChannel.h:
611         (WebCore::ThreadableWebSocketChannel::ThreadableWebSocketChannel):
612         * Modules/websockets/WebSocket.cpp:
613         (WebCore::WebSocket::connect):
614         * Modules/websockets/WebSocketChannel.cpp:
615         (WebCore::WebSocketChannel::WebSocketChannel):
616         (WebCore::WebSocketChannel::connect):
617         * Modules/websockets/WebSocketChannel.h:
618         (WebCore::WebSocketChannel::create):
619         * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
620         (WebCore::WorkerThreadableWebSocketChannel::WorkerThreadableWebSocketChannel):
621         (WebCore::WorkerThreadableWebSocketChannel::resume):
622         (WebCore::WorkerThreadableWebSocketChannel::Peer::Peer):
623         (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveMessageError):
624         (WebCore::WorkerThreadableWebSocketChannel::Bridge::Bridge):
625         (WebCore::WorkerThreadableWebSocketChannel::Bridge::~Bridge):
626         (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
627         (WebCore::WorkerThreadableWebSocketChannel::Bridge::initialize):
628         * Modules/websockets/WorkerThreadableWebSocketChannel.h:
629         (WebCore::WorkerThreadableWebSocketChannel::create):
630         (WebCore::WorkerThreadableWebSocketChannel::Bridge::create):
631         * WebCore.xcodeproj/project.pbxproj:
632         * inspector/InspectorOverlay.cpp:
633         (WebCore::InspectorOverlay::overlayPage):
634         * loader/EmptyClients.cpp:
635         (WebCore::EmptyEditorClient::registerRedoStep):
636         (WebCore::EmptySocketProvider::createWebSocketChannel): Deleted.
637         * loader/EmptyClients.h:
638         * page/SocketProvider.cpp: Added.
639         (WebCore::SocketProvider::createSocketStreamHandle):
640         * page/SocketProvider.h:
641         (WebCore::SocketProvider::~SocketProvider): Deleted.
642         * platform/network/cf/SocketStreamHandle.h:
643         * svg/graphics/SVGImage.cpp:
644         (WebCore::SVGImage::dataChanged):
645
646 2016-07-14  Brady Eidson  <beidson@apple.com>
647
648         "User delete" tests are flakey timeouts (and/or DatabaseProcess crashes).
649         https://bugs.webkit.org/show_bug.cgi?id=158741
650
651         Reviewed by Alex Christensen.
652
653         No new tests (Covered by existing tests in some configurations)
654
655         - Check if a database hard delete is complete in more places.
656         - Asynchronously clear out the hard close protector instead of synchronously.
657         
658         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
659         (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
660         (WebCore::IDBServer::UniqueIDBDatabase::didPerformUnconditionalDeleteBackingStore):
661         (WebCore::IDBServer::UniqueIDBDatabase::didFinishHandlingVersionChange):
662         (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
663         (WebCore::IDBServer::UniqueIDBDatabase::transactionCompleted):
664         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
665         (WebCore::IDBServer::UniqueIDBDatabase::maybeFinishHardClose):
666         (WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
667         (WebCore::IDBServer::UniqueIDBDatabase::doneWithHardClose): Deleted.
668
669         * Modules/indexeddb/server/UniqueIDBDatabase.h:
670         (WebCore::IDBServer::UniqueIDBDatabase::hardClosedForUserDelete):
671
672         * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
673         (WebCore::IDBServer::UniqueIDBDatabaseConnection::didAbortTransaction):
674
675 2016-07-13  Brent Fulgham  <bfulgham@apple.com>
676
677         CSSStyleSheet members should clear their owner node when destroyed
678         https://bugs.webkit.org/show_bug.cgi?id=117470
679
680         Reviewed by Chris Dumez.
681
682         Make sure that CSSStyleSheet members are detached from their owner node when
683         the owning object is destroyed.
684
685         I audited other CSSStyleSheet uses, and found one other place where the owner node was not
686         being cleared during destruction. The Inspector also uses CSSStyleSheet, but seems to
687         handle the node ownership properly.
688
689         Fix based on a Blink change (patch by <haraken@chromium.org>):
690         <https://chromium.googlesource.com/chromium/blink/+/c4949bfdeb2a613701afa1410bdae70531b8f6bf>
691
692         Also includes a follow-up fix (patch by <haraken@chromium.org>):
693         <https://chromium.googlesource.com/chromium/blink/+/9c3932dc80b33429db3a5873cb266b726c8a19bf>
694
695         No test case. Was found by the Chromium team through review of their crash traces under minor DOM GC.
696
697         * contentextensions/ContentExtensionStyleSheet.cpp:
698         (WebCore::ContentExtensions::ContentExtensionStyleSheet::~ContentExtensionStyleSheet):
699         * contentextensions/ContentExtensionStyleSheet.h:
700         * dom/InlineStyleSheetOwner.cpp:
701         (WebCore::InlineStyleSheetOwner::~InlineStyleSheetOwner):
702         (WebCore::authorStyleSheetsForElement):
703
704 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
705
706         Fix the !ENABLE(WEB_SOCKETS) build after r202930
707         https://bugs.webkit.org/show_bug.cgi?id=159768
708
709         Reviewed by Alex Christensen.
710
711         * loader/EmptyClients.cpp:
712         * loader/EmptyClients.h:
713         * page/SocketProvider.h:
714         * workers/WorkerGlobalScope.cpp:
715         (WebCore::WorkerGlobalScope::WorkerGlobalScope):
716         * workers/WorkerThread.cpp:
717         (WebCore::WorkerThread::WorkerThread):
718
719 2016-07-14  Youenn Fablet  <youenn@apple.com>
720
721         DOMIterators should be assigned a correct prototype
722         https://bugs.webkit.org/show_bug.cgi?id=159115
723
724         Reviewed by Chris Dumez.
725
726         Default iterator object internal prototype property is the Iterator prototype as defined in
727         http://heycam.github.io/webidl/#dfn-iterator-prototype-object.
728         Linking DOMIterator prototype to IteratorPrototype.
729         This allows adding @@iterator property to the result of entries, keys and values methods.
730         This in turns allow doing for-of loops on them.
731
732         Covered by updated test.
733
734         * ForwardingHeaders/runtime/IteratorPrototype.h: Added.
735         * bindings/js/JSDOMIterator.h: Setting correct prototype and marking next prototype property as enumerable.
736
737 2016-07-14  Youenn Fablet  <youenn@apple.com>
738
739         Remove support for value iterators from JSDOMIterator
740         https://bugs.webkit.org/show_bug.cgi?id=159293
741
742         Reviewed by Chris Dumez.
743
744         Value iterators are now handled without using DOMIterator.
745         Since FontFaceSet is using DOMIterator as an intermediate step towards supporting set-like,
746         entries and forEach implementation should be made compliant with set-like.
747         This means that item value should be passed instead of an index in entries iterator and forEach callback.
748
749         Covered by updated test.
750
751         * bindings/js/JSDOMIterator.h:
752         (WebCore::JSDOMIterator<JSWrapper>::asJS): Pass set item as entries value field.
753         (WebCore::appendForEachArguments): Pass set item as second parameter.
754         (WebCore::iteratorForEach): Remove index handling.
755
756 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
757
758         Fix the !ENABLE(MATHML) build after r201739
759         https://bugs.webkit.org/show_bug.cgi?id=159767
760
761         Reviewed by Alex Christensen.
762
763         * dom/Document.cpp:
764         (WebCore::Document::validateCustomElementName):
765
766 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
767
768         Fix the !ENABLE(CSS_IMAGE_SET) build
769         https://bugs.webkit.org/show_bug.cgi?id=159766
770
771         Reviewed by Alex Christensen.
772
773         * css/CSSParser.cpp:
774
775 2016-07-14  Frederic Wang  <fred.wang@free.fr>
776
777         Cleanup of MathML headers
778         https://bugs.webkit.org/show_bug.cgi?id=159336
779
780         Reviewed by Alex Christensen.
781
782         We do some cleanup in MathML headers:
783         - Use #pragma once
784         - Use final for class that are not extended.
785         - Use final instead of override for virtual members that are not overridden by derived classes.
786         - Try and reduce the visibility of function members to private or protected as appropriate.
787         - Remove useless #include
788         - Remove useless class or friendship declaration
789         - Remove unused functions
790
791         No new tests, behavior is unchanged.
792
793         * mathml/MathMLElement.h:
794         * mathml/MathMLInlineContainerElement.h:
795         * mathml/MathMLMathElement.h:
796         * mathml/MathMLMencloseElement.h:
797         * mathml/MathMLOperatorDictionary.h:
798         * mathml/MathMLPaddedElement.h:
799         * mathml/MathMLSelectElement.h:
800         * mathml/MathMLSpaceElement.h:
801         * mathml/MathMLTextElement.h:
802         * rendering/mathml/MathOperator.h:
803         * rendering/mathml/RenderMathMLBlock.h:
804         * rendering/mathml/RenderMathMLFenced.h:
805         * rendering/mathml/RenderMathMLFraction.h:
806         * rendering/mathml/RenderMathMLMath.h:
807         * rendering/mathml/RenderMathMLMenclose.h:
808         * rendering/mathml/RenderMathMLOperator.h:
809         * rendering/mathml/RenderMathMLRoot.h:
810         * rendering/mathml/RenderMathMLRow.cpp:
811         (WebCore::RenderMathMLRow::RenderMathMLRow): Deleted. We no longer create anonymous row.
812         * rendering/mathml/RenderMathMLRow.h:
813         * rendering/mathml/RenderMathMLScripts.h:
814         * rendering/mathml/RenderMathMLSpace.h:
815         * rendering/mathml/RenderMathMLToken.h:
816         * rendering/mathml/RenderMathMLUnderOver.h:
817
818 2016-07-14  Alex Christensen  <achristensen@webkit.org>
819
820         Pass SessionID to WebSocketHandle constructor
821         https://bugs.webkit.org/show_bug.cgi?id=159772
822
823         Reviewed by Brady Eidson.
824
825         No new tests.  No change in behavior.
826
827         * Modules/websockets/WebSocketChannel.cpp:
828         (WebCore::WebSocketChannel::connect):
829         * platform/network/cf/SocketStreamHandle.h:
830         (WebCore::SocketStreamHandle::create):
831         * platform/network/cf/SocketStreamHandleCFNet.cpp:
832         (WebCore::SocketStreamHandle::SocketStreamHandle):
833         * platform/network/curl/SocketStreamHandle.h:
834         (WebCore::SocketStreamHandle::create):
835         * platform/network/soup/SocketStreamHandle.h:
836
837 2016-07-14  Carlos Garcia Campos  <cgarcia@igalia.com>
838
839         [GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
840         https://bugs.webkit.org/show_bug.cgi?id=159346
841
842         Reviewed by Antonio Gomes.
843
844         This is a follow up of r203216 to fix wrong use of Optional values.
845
846         * platform/linux/MemoryPressureHandlerLinux.cpp:
847
848 2016-07-14  Youenn Fablet  <youenn@apple.com>
849
850         DOM value iterable interfaces should use Array prototype methods
851         https://bugs.webkit.org/show_bug.cgi?id=159296
852
853         Reviewed by Chris Dumez and Mark Lam.
854
855         Test: fast/dom/NodeList/nodelist-iterable.html
856         Also covered by updated layout test and binding tests.
857
858         For value iterators, copy the iterator methods from Array prototype: as per https://heycam.github.io/webidl/#es-iterable,
859         [re: entries] If the interface has a value iterator, then the Function object is the initial value of the "entries" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
860         [re: keys] If the interface has a value iterator, then the Function object is the initial value of the "keys" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
861         [re: forEach] If the interface defines an indexed property getter, then the Function object is the initial value of the "forEach" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
862         [re: Symbol.iterator] If the interface defines an indexed property getter, then the Function object is %ArrayProto_values% ([ECMA-262], section 6.1.7.4).
863         [re: values] If the interface has a value iterator, then the Function object is the value of the @@iterator property.
864
865         This change applies only to NodeList at the moment.
866         Copy of Array prototype iterator methods is disabled if the interface has no indexed getter.
867
868         * CMakeLists.txt:
869         * ForwardingHeaders/builtins/BuiltinNames.h: Added.
870         * ForwardingHeaders/builtins/JSCBuiltins.h: Added.
871         * ForwardingHeaders/runtime/CommonIdentifiers.h: Added.
872         * WebCore.xcodeproj/project.pbxproj:
873         * bindings/js/JSDOMIterator.cpp: Added.
874         (WebCore::addValueIterableMethods): Copy iterator methods from array prototype.
875         * bindings/js/JSDOMIterator.h:
876         * bindings/scripts/CodeGeneratorJS.pm:
877         (GeneratePropertiesHashTable):
878         (GenerateImplementation):
879         (IsValueIterableInterface): Introduced to only copy iterator methods if the interface has an indexed getter.
880         (IsKeyValueIterableInterface): Introduced to detect whether generating iterator methods.
881         (GenerateImplementationIterableFunctions):
882         * bindings/scripts/test/GObject/WebKitDOMTestIterable.cpp: Added.
883         * bindings/scripts/test/GObject/WebKitDOMTestIterable.h: Added.
884         * bindings/scripts/test/GObject/WebKitDOMTestIterablePrivate.h: Added.
885         * bindings/scripts/test/JS/JSTestIterable.cpp: Added.
886         * bindings/scripts/test/JS/JSTestIterable.h: Added.
887         * bindings/scripts/test/JS/JSTestObj.cpp: Updated as TestObj defines both iterable<> and indexed getter.
888         * bindings/scripts/test/ObjC/DOMTestIterable.h: Added.
889         * bindings/scripts/test/ObjC/DOMTestIterable.mm: Added.
890         * bindings/scripts/test/ObjC/DOMTestIterableInternal.h: Added.
891         * bindings/scripts/test/TestIterable.idl: Added to handle the case of value iterator without indexed getter defined.
892         Array prototype methods should not be copied.
893         * bindings/scripts/test/TestObj.idl: Changing to be a value iterator (with indexed getter already defined).
894         Array prototype methods should be copied.
895
896 2016-07-14  Youenn Fablet  <youenn@apple.com>
897
898         [Fetch API] Request and Response url getter should use URL serialization
899         https://bugs.webkit.org/show_bug.cgi?id=159705
900
901         Reviewed by Alex Christensen.
902
903         Tests: fetch/fetch-url-serialization.html
904                imported/w3c/web-platform-tests/fetch/api/basic/response-url-worker.html
905                imported/w3c/web-platform-tests/fetch/api/basic/response-url.html
906
907         Implementing https://url.spec.whatwg.org/#concept-url-serializer and applying it to Request and Response getter.
908         Adding a temporary routine to compute url cannot-be-a-base-url flag. The parsing routine should store that
909         information in the URL itself.
910
911         Added tests to cover serialization routine. Failing tests are mostly due to limitations of the URL parser.
912         Tests do not check for URLs with username and password as Request constructor throws with such URLs.
913
914         * Modules/fetch/FetchRequest.cpp:
915         (WebCore::FetchRequest::url): Adding request url serialization, fragment included.
916         * Modules/fetch/FetchRequest.h:
917         * Modules/fetch/FetchResponse.cpp:
918         (WebCore::FetchResponse::url): Adding response url serialization, fragment excluded.
919         * Modules/fetch/FetchResponse.h:
920         * platform/URL.cpp:
921         (WebCore::cannotBeABaseURL): Temporary helper function to have a coarse evaluation of url cannot-be-a-base-url flag.
922         (WebCore::URL::serialize): Implementation of https://url.spec.whatwg.org/#concept-url-serializer.
923         * platform/URL.h:
924         (WebCore::URL::hasUser): Helper getter.
925         (WebCore::URL::hasPassword): Ditto.
926         (WebCore::URL::hasQuery): Ditto.
927         (WebCore::URL::hasFragment): Ditto.
928
929 2016-07-14  Sergio Villar Senin  <svillar@igalia.com>
930
931         [css-grid] Const-ify track sizing algorithm
932         https://bugs.webkit.org/show_bug.cgi?id=159716
933
934         Reviewed by Carlos Garcia Campos.
935
936         All the methods used to run the track sizing algorithm should not
937         modify the state of LayoutGrid. We can safely const-ify all of them
938         and remove the ugly const_cast in computeIntrinsicLogicalWidths().
939
940         No new tests needed as there is no change in behavior.
941
942         * rendering/RenderGrid.cpp:
943         (WebCore::RenderGrid::logicalHeightForChild):
944         (WebCore::RenderGrid::minSizeForChild):
945         (WebCore::RenderGrid::updateOverrideContainingBlockContentLogicalWidthForChild):
946         (WebCore::RenderGrid::minContentForChild):
947         (WebCore::RenderGrid::maxContentForChild):
948         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
949         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
950         (WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):
951         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
952         (WebCore::RenderGrid::distributeSpaceToTracks):
953         * rendering/RenderGrid.h:
954
955 2016-07-14  Jer Noble  <jer.noble@apple.com>
956
957         REGRESSION (r202918): LayoutTest media/video-main-content-allow-then-deny.html is flaky, failing almost every time on El Capitan
958         https://bugs.webkit.org/show_bug.cgi?id=159533
959
960         Reviewed by Eric Carlson.
961
962         Move the contents of mainContentCheckTimerFired() into updateIsMainContent() so that the
963         results of changing the m_isMainContent ivar are acted upon no matter why m_isMainContent
964         changes.
965
966         * html/MediaElementSession.cpp:
967         (WebCore::MediaElementSession::mainContentCheckTimerFired):
968         (WebCore::MediaElementSession::updateIsMainContent):
969
970 2016-07-13  Alex Christensen  <achristensen@webkit.org>
971
972         Modernize WebSocket handle
973         https://bugs.webkit.org/show_bug.cgi?id=159750
974
975         Reviewed by Brady Eidson.
976
977         No new tests.  No change in behavior.
978         This patch just removes ThreadableWebSocketChannel::InvalidMessage which is never used
979         and makes our use of SocketStreamHandleClient a reference instead of a pointer.
980
981         * Modules/websockets/ThreadableWebSocketChannel.h:
982         * Modules/websockets/WebSocket.cpp:
983         (WebCore::WebSocket::send):
984         * Modules/websockets/WebSocketChannel.cpp:
985         (WebCore::WebSocketChannel::connect):
986         * platform/network/SocketStreamHandleBase.cpp:
987         (WebCore::SocketStreamHandleBase::SocketStreamHandleBase):
988         (WebCore::SocketStreamHandleBase::send):
989         (WebCore::SocketStreamHandleBase::disconnect):
990         (WebCore::SocketStreamHandleBase::sendPendingData):
991         (WebCore::SocketStreamHandleBase::setClient): Deleted.
992         * platform/network/SocketStreamHandleBase.h:
993         (WebCore::SocketStreamHandleBase::~SocketStreamHandleBase):
994         (WebCore::SocketStreamHandleBase::bufferedAmount):
995         (WebCore::SocketStreamHandleBase::client):
996         * platform/network/cf/SocketStreamHandle.h:
997         (WebCore::SocketStreamHandle::create):
998         * platform/network/cf/SocketStreamHandleCFNet.cpp:
999         (WebCore::SocketStreamHandle::SocketStreamHandle):
1000         (WebCore::SocketStreamHandle::addCONNECTCredentials):
1001         (WebCore::SocketStreamHandle::copyCFStreamDescription):
1002         (WebCore::SocketStreamHandle::readStreamCallback):
1003         (WebCore::SocketStreamHandle::writeStreamCallback):
1004         (WebCore::SocketStreamHandle::reportErrorToClient):
1005         (WebCore::SocketStreamHandle::~SocketStreamHandle):
1006         (WebCore::SocketStreamHandle::platformClose):
1007         (WebCore::SocketStreamHandle::port):
1008         * platform/network/curl/SocketStreamHandle.h:
1009         (WebCore::SocketStreamHandle::create):
1010         * platform/network/curl/SocketStreamHandleCurl.cpp:
1011         (WebCore::SocketStreamHandle::SocketStreamHandle):
1012         (WebCore::SocketStreamHandle::platformClose):
1013         (WebCore::SocketStreamHandle::readData):
1014         (WebCore::SocketStreamHandle::didReceiveData):
1015         (WebCore::SocketStreamHandle::didOpenSocket):
1016         (WebCore::SocketStreamHandle::createCopy):
1017         * platform/network/soup/SocketStreamHandle.h:
1018         * platform/network/soup/SocketStreamHandleSoup.cpp:
1019         (WebCore::SocketStreamHandle::SocketStreamHandle):
1020         (WebCore::SocketStreamHandle::~SocketStreamHandle):
1021         (WebCore::SocketStreamHandle::connected):
1022         (WebCore::SocketStreamHandle::connectedCallback):
1023         (WebCore::SocketStreamHandle::readBytes):
1024         (WebCore::SocketStreamHandle::didFail):
1025         (WebCore::SocketStreamHandle::writeReady):
1026         (WebCore::SocketStreamHandle::platformClose):
1027         (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):
1028
1029 2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>
1030
1031         [GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
1032         https://bugs.webkit.org/show_bug.cgi?id=159346
1033
1034         Reviewed by Antonio Gomes.
1035
1036         The eventFD file descriptor is pollable, so it would be much better to use a poll instead of a blocking read in
1037         a secondary thread and then communicate back to the main thread. This is very easy to do with GSource in GLib,
1038         so we could use that when GLib is available and keep the current implementation as a fallback.
1039
1040         * platform/MemoryPressureHandler.cpp:
1041         (WebCore::m_holdOffTimer): Use a RunLoop timer.
1042         * platform/MemoryPressureHandler.h:
1043         * platform/linux/MemoryPressureHandlerLinux.cpp:
1044         (WebCore::MemoryPressureHandler::EventFDPoller::EventFDPoller): Helper class do the eventFD polling.
1045         (WebCore::MemoryPressureHandler::logErrorAndCloseFDs): Check if file descriptors are -1 not 0.
1046         (WebCore::MemoryPressureHandler::install): Return early also if the hold off timer is active. Use EventFDPoller
1047         to do the polling.
1048         (WebCore::MemoryPressureHandler::uninstall): Stop the hold off timer and clear the EventFDPoller.
1049
1050 2016-07-13  Benjamin Poulain  <benjamin@webkit.org>
1051
1052         [CSS][ARMv7] :nth-child() do not reserve enough registers if it is in backtracking chain
1053         https://bugs.webkit.org/show_bug.cgi?id=159746
1054         rdar://problem/26156169
1055
1056         Reviewed by Andreas Kling.
1057
1058         The generator generateElementIsNthChild() requires 6 registers in style resolution
1059         to mark previous siblings with generateAddStyleRelationIfResolvingStyle() in the loop.
1060
1061         We were only reserving 5, which is a problem is the sixth is taken by the backtracking
1062         register. x86_64 was already requiring 6 for unrelated reasons and ARM64 has so many registers
1063         that you cannot possibly run out of them in CSS JIT.
1064
1065         I generalized the x86_64 path to all architectures.
1066         I did not limit this case to style resolution because the extra register is irrelevant
1067         in most cases. The only difference is one extra push/pop on ARMv7 if you use querySelector
1068         with :nth-child in a backtracking chain.
1069
1070         This problem is covered by the existing test fast/selectors/nth-child-with-backtracking.html
1071
1072         * cssjit/SelectorCompiler.cpp:
1073         (WebCore::SelectorCompiler::minimumRegisterRequirements): Deleted.
1074
1075 2016-07-13  Chris Dumez  <cdumez@apple.com>
1076
1077         Drop unnecessary check from ContainerNode::removeChild()
1078         https://bugs.webkit.org/show_bug.cgi?id=159747
1079
1080         Reviewed by Andreas Kling.
1081
1082         Drop unnecessary check from ContainerNode::removeChild() to make sure that
1083         the parent of the node being removed is |this|. We already do this check
1084         a few lines above. The only thing that happens in between is the ref'ing
1085         of the node, which does not cause any JS execution.
1086
1087         This check was introduced in r55783 because there used to be a call to
1088         document()->removeFocusedNodeOfSubtree(child.get());
1089         between the two checks. However, this call has been removed since then
1090         and the extra parentNode() check was left in.
1091
1092         * dom/ContainerNode.cpp:
1093         (WebCore::ContainerNode::removeChild): Deleted.
1094
1095 2016-07-12  Ryosuke Niwa  <rniwa@webkit.org>
1096
1097         REGRESSION(r202953): Clicking on input[type=file] doesn't open a file picker
1098         https://bugs.webkit.org/show_bug.cgi?id=159686
1099
1100         Reviewed by Chris Dumez.
1101
1102         The bug was caused by DOMActivate event not propagating out of the user-agent shadow tree
1103         of a file input, and FileInputType not receiving the event to open the file picker.
1104
1105         Made DOMActivate "composed" event which cross shadow boundaries to fix the bug. The feedback
1106         was given back to W3C on https://github.com/w3c/webcomponents/issues/513#issuecomment-231851617
1107
1108         Test: fast/forms/file/open-file-panel.html
1109
1110         * dom/Event.cpp:
1111         (WebCore::Event::composed):
1112
1113 2016-07-13  Antti Koivisto  <antti@apple.com>
1114
1115         v2: WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
1116         https://bugs.webkit.org/show_bug.cgi?id=159722
1117
1118         Reviewed by Andreas Kling.
1119
1120         We have crashes where a StyleResolver is deleted underneath pseudoStyleForElement (key parts of the stack):
1121
1122         0   WebCore::StyleResolver::~StyleResolver
1123         3   WebCore::AuthorStyleSheets::updateActiveStyleSheets
1124         4   WebCore::Document::styleResolverChanged
1125         5   WebKit::WebPage::viewportConfigurationChanged()
1126         6   WebKit::WebPage::mainFrameDidLayout()
1127         9   WebCore::FrameLoader::checkCompleted
1128         13  WebCore::ResourceLoader::cancel
1129         19  WebKit::WebLoaderStrategy::loadResource
1130         24  WebCore::Style::loadPendingImage
1131         27  WebCore::StyleResolver::pseudoStyleForElement
1132         29  WebCore::RenderTreeUpdater::updateBeforeOrAfterPseudoElement
1133         33  WebCore::Document::recalcStyle
1134
1135         This appears to be happening when a content blocker blocks a resource load for an image referenced from a stylesheet
1136         and triggers synchronous cancellation of the load. With engine in suitable state this can clear style resolver.
1137
1138         No test, don't know how to make one. This is very timing and engine state dependent.
1139
1140         * dom/AuthorStyleSheets.cpp:
1141         (WebCore::AuthorStyleSheets::updateActiveStyleSheets):
1142
1143         We have an existing check here that prevents destruction of the style resolver when we are in the middle of
1144         a style resolution. However the old inStyleRecalc() bit no longer covers the render tree update phase. Pseudo
1145         elements are resolved during render tree update.
1146
1147         Fix by adding a check for inRenderTreeUpdate() bit too.
1148
1149         This just fixes a regression. A proper fix would be to gather all resources during style resolution
1150         and trigger the loads afterwards.
1151
1152 2016-07-13  Frederic Wang  <fred.wang@free.fr>
1153
1154         Remove padding and margin around the <math> element
1155         https://bugs.webkit.org/show_bug.cgi?id=157989
1156
1157         Reviewed by Brent Fulgham.
1158
1159         No new tests, already covered by existing tests.
1160
1161         * css/mathml.css:
1162         (math): Remove padding.
1163         (math[display="block"]): Remove margin.
1164
1165 2016-07-13  Enrica Casucci  <enrica@apple.com>
1166
1167         Update supported platforms in xcconfig files to match the sdk names.
1168         https://bugs.webkit.org/show_bug.cgi?id=159728
1169
1170         Reviewed by Tim Horton.
1171
1172         * Configurations/Base.xcconfig:
1173
1174 2016-07-13  Anders Carlsson  <andersca@apple.com>
1175
1176         "requiredShippingAddressFields" has been deprecated error thrown when using "requiredBillingAddressFields"
1177         https://bugs.webkit.org/show_bug.cgi?id=159729
1178         rdar://problem/27314974
1179
1180         Reviewed by Tim Horton.
1181
1182         Fix a paste-o.
1183
1184         * Modules/applepay/ApplePaySession.cpp:
1185         (WebCore::createPaymentRequest):
1186
1187 2016-07-13  Brent Fulgham  <bfulgham@apple.com>
1188
1189         [WK1][iOS] Crash when WebSocket attempts to dispatch a mixed content blocker event
1190         https://bugs.webkit.org/show_bug.cgi?id=159680
1191         <rdar://problem/22102028>
1192
1193         Reviewed by Zalan Bujtas.
1194
1195         WK1 on iOS should not use RunLoop::main(). Instead, it should be dispatching events
1196         on the WebThread.
1197
1198         Test: http/tests/ssl/mixedContent/insecure-websocket.html
1199
1200         * Modules/websockets/WebSocket.cpp:
1201         (WebCore::WebSocket::connect): Do not use RunLoop::main() when we should be using
1202         the WebThread.
1203
1204 2016-07-13  Frederic Wang  <fwang@igalia.com>
1205
1206         The display property of many MathML elements can not be overriden by page authors
1207         https://bugs.webkit.org/show_bug.cgi?id=139403
1208
1209         The mathml.css user agent stylesheet currently forces most MathML elements to render with
1210         'display: block'. We remove the !important keyword so that users can override the display
1211         property, for example to hide elements with 'display: none'. This is consistent with the
1212         behavior for SVG or HTML elements.
1213
1214         Reviewed by Brent Fulgham.
1215
1216         Test: imported/mathml-in-html5/mathml/relations/css-styling/display-1.html
1217
1218         * css/mathml.css:
1219         (math):
1220         (math[display="block"]):
1221         (ms, mspace, mtext, mi, mn, mo, mrow, mfenced, mfrac, msub, msup, msubsup, mmultiscripts, mprescripts, none, munder, mover, munderover, msqrt, mroot, merror, mphantom, mstyle, menclose, semantics, mpadded, maction):
1222         (mtd > *):
1223
1224 2016-07-13  Youenn Fablet  <youenn@apple.com>
1225
1226         [Fetch API] Response should not become disturbed on the ReadableStream creation
1227         https://bugs.webkit.org/show_bug.cgi?id=159714
1228
1229         Reviewed by Alex Christensen.
1230
1231         Covered by rebased test and existing tests.
1232
1233         * Modules/fetch/FetchResponse.cpp:
1234         (WebCore::FetchResponse::stop): Making the response disturbed if cancelled.
1235         * Modules/fetch/FetchResponseSource.cpp:
1236         (WebCore::FetchResponseSource::firstReadCallback): Start enqueueing as soon as first read is made.
1237         (WebCore::FetchResponseSource::doStart): Keep the start promise unresolved so that pull is not called.
1238         FetchResponse is a push source.
1239         * Modules/fetch/FetchResponseSource.h:
1240         * Modules/streams/ReadableStreamInternals.js:
1241         (readFromReadableStreamReader): Calling @firstReadCallback.
1242         * Modules/streams/ReadableStreamSource.h:
1243         (WebCore::ReadableStreamSource::firstReadCallback): Default implementation (does nothing).
1244         * Modules/streams/ReadableStreamSource.idl: Adding firstReadCallback private method.
1245         * bindings/js/WebCoreBuiltinNames.h: Adding @firstReadCallback.
1246
1247 2016-07-13  Philippe Normand  <pnormand@igalia.com>
1248
1249         [GStreamer][GL] crash within triggerRepaint
1250         https://bugs.webkit.org/show_bug.cgi?id=159552
1251
1252         Reviewed by Xabier Rodriguez-Calvar.
1253
1254         Revert the un-needed changes introduced in r203056 and use the
1255         MainThreadNotifier without redundant checks.
1256
1257         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1258         (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer):
1259         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
1260         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
1261         (WebCore::MediaPlayerPrivateGStreamer::createWeakPtr):
1262         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1263         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
1264         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
1265         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
1266         (WebCore::MediaPlayerPrivateGStreamerBase::createWeakPtr): Deleted.
1267
1268 2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>
1269
1270         Unreviewed. Fix GObject DOM bindings API breaks after r203047-
1271
1272         webkit_dom_document_set_title() and webkit_dom_html_title_element_set_text() now can raise exceptions. 
1273
1274         * bindings/gobject/WebKitDOMDeprecated.cpp:
1275         (webkit_dom_document_set_title):
1276         (webkit_dom_html_title_element_set_text):
1277         * bindings/gobject/WebKitDOMDeprecated.h:
1278         * bindings/gobject/WebKitDOMDeprecated.symbols:
1279         * bindings/gobject/webkitdom.symbols:
1280         * bindings/scripts/CodeGeneratorGObject.pm:
1281         (GenerateProperty):
1282         (FunctionUsedToNotRaiseException):
1283
1284 2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>
1285
1286         [Coordinated Graphics] Remove toCoordinatedGraphicsLayer and use downcast instead
1287         https://bugs.webkit.org/show_bug.cgi?id=159469
1288
1289         Reviewed by Michael Catanzaro.
1290
1291         * page/scrolling/coordinatedgraphics/ScrollingCoordinatorCoordinatedGraphics.cpp:
1292         (WebCore::ScrollingCoordinatorCoordinatedGraphics::detachFromStateTree):
1293         (WebCore::ScrollingCoordinatorCoordinatedGraphics::updateViewportConstrainedNode):
1294         (WebCore::ScrollingCoordinatorCoordinatedGraphics::scrollableAreaScrollLayerDidChange):
1295         (WebCore::ScrollingCoordinatorCoordinatedGraphics::willDestroyScrollableArea):
1296         * platform/graphics/GraphicsLayer.h:
1297         (WebCore::GraphicsLayer::isCoordinatedGraphicsLayer):
1298         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
1299         (WebCore::toCoordinatedLayerID):
1300         (WebCore::CoordinatedGraphicsLayer::setShouldUpdateVisibleRect):
1301         (WebCore::CoordinatedGraphicsLayer::removeFromParent):
1302         (WebCore::CoordinatedGraphicsLayer::setMaskLayer):
1303         (WebCore::CoordinatedGraphicsLayer::flushCompositingState):
1304         (WebCore::CoordinatedGraphicsLayer::syncPendingStateChangesIncludingSubLayers):
1305         (WebCore::CoordinatedGraphicsLayer::findFirstDescendantWithContentsRecursively):
1306         (WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers):
1307         (WebCore::CoordinatedGraphicsLayer::computeTransformedVisibleRect):
1308         (WebCore::CoordinatedGraphicsLayer::selfOrAncestorHasActiveTransformAnimation):
1309         (WebCore::CoordinatedGraphicsLayer::selfOrAncestorHaveNonAffineTransforms):
1310         (WebCore::toCoordinatedGraphicsLayer): Deleted.
1311         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
1312
1313 2016-07-12  Youenn Fablet  <youenn@apple.com>
1314
1315         [Fetch API] isRedirected should be conveyed in workers
1316         https://bugs.webkit.org/show_bug.cgi?id=159676
1317
1318         Reviewed by Alex Christensen.
1319
1320         Passing isRedirected value between threads.
1321         Rebasing corresponding worker test, even though it is currently skipped (due to crashing flakiness).
1322
1323         * platform/network/ResourceResponseBase.cpp:
1324         (WebCore::ResourceResponseBase::crossThreadData):
1325         (WebCore::ResourceResponseBase::fromCrossThreadData):
1326         * platform/network/ResourceResponseBase.h:
1327
1328 2016-07-12  Eric Carlson  <eric.carlson@apple.com>
1329
1330         REGRESSION (r202509): media controls controls enabled AirPlay placeholder is shown
1331         https://bugs.webkit.org/show_bug.cgi?id=159685
1332         <rdar://problem/27198899>
1333
1334         Reviewed by Dean Jackson.
1335
1336         Test: media/controls/airplay-controls.html
1337
1338         * Modules/mediacontrols/mediaControlsApple.js:
1339         (Controller.prototype.shouldShowControls): Split some of the logic out of shouldHaveControls.
1340         (Controller.prototype.shouldHaveControls): Having controls != showing controls.
1341         (Controller.prototype.updateControls): Call shouldShowControls, not shouldHaveControls.
1342         (Controller.prototype.updateWirelessPlaybackStatus): Add 'appletv' to the class when active.
1343
1344         * html/HTMLMediaElement.cpp:
1345         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus): Call ensureMediaControlsShadowRoot
1346         in case the controls haven't been created yet.
1347
1348 2016-07-12  Frederic Wang  <fwang@igalia.com>
1349
1350         Move parsing of mpadded attributes to a MathMLPaddedElement class
1351         https://bugs.webkit.org/show_bug.cgi?id=159620
1352
1353         Reviewed by Brent Fulgham.
1354
1355         No new tests, behavior is unchanged.
1356
1357         * CMakeLists.txt: Add MathMLPaddedElement files.
1358         * WebCore.xcodeproj/project.pbxproj: Ditto.
1359         * mathml/MathMLAllInOne.cpp: Ditto.
1360         * mathml/MathMLInlineContainerElement.cpp: Remove handling of mpadded.
1361         * mathml/MathMLPaddedElement.cpp: Added.
1362         (WebCore::MathMLPaddedElement::MathMLPaddedElement):
1363         (WebCore::MathMLPaddedElement::create):
1364         (WebCore::MathMLPaddedElement::width): Expose width attribute as a MathMLLength until mpadded
1365         pseudo-units are supported.
1366         (WebCore::MathMLPaddedElement::height): Ditto.
1367         (WebCore::MathMLPaddedElement::depth): Ditto
1368         (WebCore::MathMLPaddedElement::lspace): Ditto.
1369         (WebCore::MathMLPaddedElement::voffset): Ditto.
1370         (WebCore::MathMLPaddedElement::parseAttribute): Make length attribute dirty.
1371         (WebCore::MathMLPaddedElement::createElementRenderer): Moved code from MathMLInlineContainerElement.
1372         * mathml/MathMLPaddedElement.h: Added.
1373         * mathml/mathtags.in: Map mapdded to MathMLPaddedElement.
1374         * rendering/mathml/RenderMathMLPadded.cpp:
1375         (WebCore::RenderMathMLPadded::resolveWidth): Helper function to resolve width.
1376         (WebCore::RenderMathMLPadded::resolveAttributes): Helper function to resolve all attributes.
1377         (WebCore::RenderMathMLPadded::computePreferredLogicalWidths): Use resolveWidth.
1378         (WebCore::RenderMathMLPadded::layoutBlock): Use resolveAttributes.
1379         * rendering/mathml/RenderMathMLPadded.h: Add new helper functions to access attributes from
1380         the MathMLPaddedElement class.
1381
1382 2016-07-12  Andreas Kling  <akling@apple.com>
1383
1384         [Cocoa] Simulated memory warning doesn't trigger libcache purge.
1385         <https://webkit.org/b/159688>
1386
1387         Reviewed by Chris Dumez.
1388
1389         Since simulated memory warnings will have the "is under memory pressure" flag set,
1390         we were skipping the libcache purge call.
1391
1392         Add a separate flag that tracks whether we're under simulated pressure, and always
1393         prod libcache in that case.
1394
1395         * platform/MemoryPressureHandler.h:
1396         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1397         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1398         (WebCore::MemoryPressureHandler::install):
1399
1400 2016-07-12  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1401
1402         Purge PassRefPtr in Modules/webdatabase
1403         https://bugs.webkit.org/show_bug.cgi?id=159255
1404
1405         Reviewed by Benjamin Poulain.
1406
1407         As a step to remove PassRefPtr use, this patch cleans it up in Modules/webdatabase.
1408
1409         Additionally unnecessary spaces and tabs are removed too.
1410
1411         * Modules/webdatabase/ChangeVersionWrapper.cpp:
1412         * Modules/webdatabase/DOMWindowWebDatabase.h:
1413         * Modules/webdatabase/Database.cpp:
1414         (WebCore::Database::Database):
1415         (WebCore::Database::~Database):
1416         (WebCore::Database::scheduleTransaction):
1417         (WebCore::Database::runTransaction):
1418         * Modules/webdatabase/Database.h:
1419         * Modules/webdatabase/DatabaseAuthorizer.cpp:
1420         (WebCore::DatabaseAuthorizer::allowRead):
1421         * Modules/webdatabase/DatabaseManager.cpp:
1422         (WebCore::DatabaseManager::openDatabase):
1423         (WebCore::DatabaseManager::fullPathForDatabase):
1424         (WebCore::DatabaseManager::detailsForNameAndOrigin):
1425         * Modules/webdatabase/DatabaseManager.h:
1426         * Modules/webdatabase/DatabaseTask.cpp:
1427         (WebCore::DatabaseTransactionTask::DatabaseTransactionTask):
1428         * Modules/webdatabase/DatabaseTask.h:
1429         * Modules/webdatabase/SQLCallbackWrapper.h:
1430         (WebCore::SQLCallbackWrapper::SQLCallbackWrapper):
1431         * Modules/webdatabase/SQLResultSetRowList.h:
1432         * Modules/webdatabase/SQLStatement.cpp:
1433         (WebCore::SQLStatement::SQLStatement):
1434         (WebCore::SQLStatement::sqlError):
1435         (WebCore::SQLStatement::sqlResultSet):
1436         * Modules/webdatabase/SQLStatement.h:
1437         * Modules/webdatabase/SQLTransaction.h:
1438         * Modules/webdatabase/SQLTransactionBackend.cpp:
1439         (WebCore::SQLTransactionBackend::create):
1440         (WebCore::SQLTransactionBackend::SQLTransactionBackend):
1441         (WebCore::SQLTransactionBackend::transactionError):
1442         * Modules/webdatabase/SQLTransactionBackend.h:
1443
1444 2016-07-11  Dean Jackson  <dino@apple.com>
1445
1446         REGRESSION (202694): Audio and Video playback controls: Cannot find a position slider to adjust playback position using VO.
1447         https://bugs.webkit.org/show_bug.cgi?id=159661
1448         <rdar://problem/27285135>
1449
1450         Reviewed by Eric Carlson.
1451
1452         The change in r202694 caused MediaDocuments to not always
1453         show their scrubber. The fix is to reduce the minimum amount
1454         of size needed to show the scrubber.
1455
1456         Test: media/controls/default-size-should-show-scrubber.html
1457
1458         * Modules/mediacontrols/mediaControlsApple.js: 80 pixels is enough
1459         to show the scrubber.
1460
1461 2016-07-12  Frederic Wang  <fwang@igalia.com>
1462
1463         Move MathMLOperatorDictionary from rendering to DOM
1464         https://bugs.webkit.org/show_bug.cgi?id=159619
1465
1466         Reviewed by Brent Fulgham.
1467
1468         No new tests, behavior is unchanged.
1469
1470         * CMakeLists.txt: Use the new location of MathMLOperatorDictionary files.
1471         * WebCore.xcodeproj/project.pbxproj: Ditto.
1472         * mathml/MathMLAllInOne.cpp: Add MathMLOperatorDictionary.cpp
1473         * mathml/MathMLOperatorDictionary.cpp: Renamed from Source/WebCore/rendering/mathml/MathMLOperatorDictionary.cpp.
1474         * mathml/MathMLOperatorDictionary.h: Renamed from Source/WebCore/rendering/mathml/MathMLOperatorDictionary.h.
1475
1476 2016-07-12  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1477
1478         Remove ENABLE_CSS3_TEXT_LINE_BREAK flag
1479         https://bugs.webkit.org/show_bug.cgi?id=159671
1480
1481         Reviewed by Csaba Osztrogonác.
1482
1483         ENABLE_CSS3_TEXT_LINE_BREAK feature was implemented without guards.
1484         https://bugs.webkit.org/show_bug.cgi?id=89235
1485
1486         So this guard can be removed in build scripts.
1487
1488         * Configurations/FeatureDefines.xcconfig:
1489
1490 2016-07-12  Commit Queue  <commit-queue@webkit.org>
1491
1492         Unreviewed, rolling out r203059.
1493         https://bugs.webkit.org/show_bug.cgi?id=159673
1494
1495         B and R channels now swapped on desktop GL builds (Requested
1496         by philn on #webkit).
1497
1498         Reverted changeset:
1499
1500         "Red and blue colors are swapped in video rendered through
1501         WebGL when GSTREAMER_GL is enabled"
1502         https://bugs.webkit.org/show_bug.cgi?id=159621
1503         http://trac.webkit.org/changeset/203059
1504
1505 2016-07-12  Yoav Weiss  <yoav@yoav.ws>
1506
1507         js/dom/global-constructors-attributes.html is flaky: ResourceTiming runtime feature leaks between tests
1508         https://bugs.webkit.org/show_bug.cgi?id=158902
1509
1510         Reviewed by Benjamin Poulain.
1511
1512         Adds a new reset() mechanism to RuntimeEnabledFeatures so that they could be brought back to the initial state.
1513         This reset() is then called from DumpRenderTree and WebKitTestRunner.
1514
1515         No new tests but hopefully current tests will be less flaky.
1516
1517         * bindings/generic/RuntimeEnabledFeatures.cpp:
1518         (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures):
1519         (WebCore::RuntimeEnabledFeatures::reset):
1520         * bindings/generic/RuntimeEnabledFeatures.h:
1521         * testing/Internals.cpp:
1522         (WebCore::Internals::resetToConsistentState): reset RuntimeEnabledFeatures.
1523
1524 2016-07-11  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1525
1526         Purge PassRefPtr in platform/efl and platform/mac 
1527         https://bugs.webkit.org/show_bug.cgi?id=159548
1528
1529         Reviewed by Alex Christensen.
1530
1531         Remove all use of PassRefPtr and clean up unnecessary tabs and spaces.
1532         WebKit2 codes are also changed because of setBufferForType()'s modification.
1533
1534         No new tests, no behavior changes.
1535
1536         * platform/PasteboardStrategy.h:
1537         * platform/PlatformPasteboard.h:
1538         * platform/PlatformSpeechSynthesizer.h:
1539         * platform/SerializedPlatformRepresentation.h:
1540         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
1541         (WebCore::PlatformSpeechSynthesisProviderEfl::speak):
1542         * platform/efl/PlatformSpeechSynthesisProviderEfl.h:
1543         * platform/efl/PlatformSpeechSynthesizerEfl.cpp:
1544         (WebCore::PlatformSpeechSynthesizer::speak):
1545         * platform/ios/PlatformPasteboardIOS.mm:
1546         (WebCore::PlatformPasteboard::setBufferForType):
1547         * platform/ios/PlatformSpeechSynthesizerIOS.mm:
1548         (SOFT_LINK_CONSTANT):
1549         (-[WebSpeechSynthesisWrapper initWithSpeechSynthesizer:]):
1550         (-[WebSpeechSynthesisWrapper mapSpeechRateToPlatformRate:]):
1551         (-[WebSpeechSynthesisWrapper speakUtterance:]):
1552         (-[WebSpeechSynthesisWrapper pause]):
1553         (-[WebSpeechSynthesisWrapper resume]):
1554         (-[WebSpeechSynthesisWrapper cancel]):
1555         (-[WebSpeechSynthesisWrapper speechSynthesizer:didStartSpeechUtterance:]):
1556         (-[WebSpeechSynthesisWrapper speechSynthesizer:didFinishSpeechUtterance:]):
1557         (-[WebSpeechSynthesisWrapper speechSynthesizer:didPauseSpeechUtterance:]):
1558         (-[WebSpeechSynthesisWrapper speechSynthesizer:didContinueSpeechUtterance:]):
1559         (-[WebSpeechSynthesisWrapper speechSynthesizer:didCancelSpeechUtterance:]):
1560         (-[WebSpeechSynthesisWrapper speechSynthesizer:willSpeakRangeOfSpeechString:utterance:]):
1561         (WebCore::PlatformSpeechSynthesizer::speak):
1562         * platform/mac/PasteboardMac.mm:
1563         (WebCore::Pasteboard::write):
1564         * platform/mac/PlatformPasteboardMac.mm:
1565         (WebCore::PlatformPasteboard::getTypes):
1566         (WebCore::PlatformPasteboard::getPathnamesForType):
1567         (WebCore::PlatformPasteboard::color):
1568         (WebCore::PlatformPasteboard::copy):
1569         (WebCore::PlatformPasteboard::setBufferForType):
1570         (WebCore::PlatformPasteboard::setPathnamesForType):
1571         * platform/mac/PlatformSpeechSynthesizerMac.mm:
1572         (-[WebSpeechSynthesisWrapper initWithSpeechSynthesizer:]):
1573         (-[WebSpeechSynthesisWrapper speakUtterance:]):
1574         (-[WebSpeechSynthesisWrapper pause]):
1575         (-[WebSpeechSynthesisWrapper resume]):
1576         (-[WebSpeechSynthesisWrapper cancel]):
1577         (-[WebSpeechSynthesisWrapper speechSynthesizer:didFinishSpeaking:]):
1578         (WebCore::PlatformSpeechSynthesizer::initializeVoiceList):
1579         (WebCore::PlatformSpeechSynthesizer::speak):
1580         * platform/mac/SerializedPlatformRepresentationMac.h:
1581         * platform/mac/SerializedPlatformRepresentationMac.mm:
1582         (WebCore::SerializedPlatformRepresentationMac::data):
1583         (WebCore::jsValueWithValueInContext):
1584         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
1585         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
1586         (WebCore::PlatformSpeechSynthesizerMock::speak):
1587         (WebCore::PlatformSpeechSynthesizerMock::cancel):
1588         * platform/mock/PlatformSpeechSynthesizerMock.h:
1589
1590 2016-07-11  Frederic Wang  <fwang@igalia.org>
1591
1592         Move parsing of mspace attributes to a MathMLSpaceElement class
1593         https://bugs.webkit.org/show_bug.cgi?id=156795
1594
1595         Reviewed by Brent Fulgham.
1596
1597         No new tests, already covered by existing tests.
1598
1599         * CMakeLists.txt: Add MathMLSpaceElement to the build system.
1600         * WebCore.xcodeproj/project.pbxproj: Ditto.
1601         * mathml/MathMLElement.cpp:
1602         (WebCore::MathMLElement::cachedMathMLLength): Helper function to returned the cached parsed
1603         value of a MathML length and parsing the corresponding attribute value if the cache is dirty.
1604         * mathml/MathMLElement.h: Add a dirty boolean to MathML Length structure. Declare cachedMathMLLength.
1605         * mathml/MathMLSpaceElement.cpp: New class for the <mspace> element.
1606         (WebCore::MathMLSpaceElement::MathMLSpaceElement):
1607         (WebCore::MathMLSpaceElement::create):
1608         (WebCore::MathMLSpaceElement::parseAttribute): Make width, height, depth attributes dirty.
1609         (WebCore::MathMLSpaceElement::createElementRenderer):
1610         * mathml/MathMLSpaceElement.h: New class for the <mspace> element.
1611         We define MathML lengths for width, height and depth attributes are on the class and expose
1612         with the corresponding helper functions via memoization.
1613         * mathml/MathMLTextElement.cpp: Remove handling of mspace from this class.
1614         (WebCore::MathMLTextElement::createElementRenderer):
1615         * mathml/mathtags.in: Change the interface for mspace to use the new class.
1616         * rendering/mathml/RenderMathMLSpace.cpp: Do not store width/height/depth values on the
1617         renderer and instead just use the corresponding MathML lengths on the element class.
1618         (WebCore::RenderMathMLSpace::RenderMathMLSpace): Use MathMLSpaceElement and remove member
1619         initialization.
1620         (WebCore::RenderMathMLSpace::computePreferredLogicalWidths): Use spaceWidth().
1621         (WebCore::RenderMathMLSpace::spaceWidth): Helper function to resolve the width attribute value.
1622         (WebCore::RenderMathMLSpace::getSpaceHeightAndDepth): Ditto for height and depth.
1623         (WebCore::RenderMathMLSpace::layoutBlock): Use the helper functions to get the mspace metrics.
1624         (WebCore::RenderMathMLSpace::firstLineBaseline): Ditto.
1625         (WebCore::RenderMathMLSpace::updateFromElement): Deleted.
1626         (WebCore::RenderMathMLSpace::styleDidChange): Deleted.
1627         * rendering/mathml/RenderMathMLSpace.h: Use MathMLSpaceElement, replace members with helper
1628         functions and and make element() usable from a const instance.
1629
1630 2016-07-11  Frederic Wang  <fwang@igalia.org>
1631
1632         Create a MathMLLength struct to handle the parsing of MathML length.
1633         https://bugs.webkit.org/show_bug.cgi?id=156792
1634
1635         Reviewed by Brent Fulgham.
1636
1637         We introduce a structure for MathML lengths that will be used in the future to store the
1638         parsed values in the MathElement class. We also rewrite the parsing function for MathML
1639         lengths in order to improve efficiency and code reuse. This function is moved into the
1640         MathElement class and only the conversion to LayoutUnit remains in the renderer classes.
1641
1642         No new tests, already covered by existing tests.
1643
1644         * mathml/MathMLElement.cpp:
1645         (WebCore::parseNamedSpace): Helper function to parse a named space.
1646         (WebCore::MathMLElement::parseMathMLLength): Parsing function for MathML lengths.
1647         * mathml/MathMLElement.h: Declare new function and structure to handle MathML lengths.
1648         * rendering/mathml/RenderMathMLBlock.cpp:
1649         (WebCore::toUserUnits): Helper function to resolve a MathML length.
1650         (WebCore::parseMathMLLength): Remove the old parsing code and just use MathMLElement::parseMathMLLength and toUserUnits instead.
1651         (WebCore::parseMathMLNamedSpace): Deleted.
1652         * rendering/mathml/RenderMathMLBlock.h: Remove unused function.
1653
1654 2016-07-11  Frederic Wang  <fwang@igalia.com>
1655
1656         Add support for @href attribute in MathML
1657         https://bugs.webkit.org/show_bug.cgi?id=85733
1658
1659         Reviewed by Brent Fulgham.
1660
1661         We add support for the href attribute from MathML 3 but ignore the deprecated XLink version.
1662         We also use the code from HTMLAnchorElement SVGAElement to make MathMLElement with a href
1663         attribute behave as a link.
1664         Finally, we adjust mathml.css based on rules from the html and svg user agent stylesheets.
1665
1666         Tests: mathml/mathml-in-html5/href-click-1.html
1667                mathml/mathml-in-html5/href-click-2.html
1668                mathml/presentation/href-enter.html
1669                mathml/presentation/href-style.html
1670                mathml/presentation/maction-toggle-href.html
1671                mathml/presentation/semantics-href.html
1672
1673         * css/mathml.css:
1674         (:any-link): Set color and mouse cursor of links.
1675         (:any-link:active): Set color of active links.
1676         (:focus): Set outline of focused links.
1677         * mathml/MathMLElement.cpp:
1678         (WebCore::MathMLElement::parseAttribute): Parse the href attribute.
1679         (WebCore::MathMLElement::willRespondToMouseClickEvents): Based on HTMLAnchorElement/SVGAElement.
1680         (WebCore::MathMLElement::defaultEventHandler): Based on HTMLAnchorElement/SVGAElement.
1681         (WebCore::MathMLElement::canStartSelection): Based on HTMLAnchorElement/SVGAElement.
1682         (WebCore::MathMLElement::isFocusable): Based on HTMLAnchorElement/SVGAElement.
1683         (WebCore::MathMLElement::isKeyboardFocusable): Based on HTMLAnchorElement/SVGAElement.
1684         (WebCore::MathMLElement::isMouseFocusable): Based on HTMLAnchorElement/SVGAElement.
1685         (WebCore::MathMLElement::isURLAttribute): Based on HTMLAnchorElement/SVGAElement.
1686         (WebCore::MathMLElement::supportsFocus): Based on HTMLAnchorElement/SVGAElement.
1687         (WebCore::MathMLElement::tabIndex): Based on HTMLAnchorElement/SVGAElement.
1688         * mathml/MathMLElement.h: Define new members.
1689         * mathml/MathMLSelectElement.cpp:
1690         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents): We also verify whether
1691         the parent class will respond.
1692         * mathml/mathattrs.in: Add href attribute.
1693
1694 2016-07-11  Sam Weinig  <sam@webkit.org>
1695
1696         Speech Synthesis: getting list of voices no longer works
1697         <rdar://problem/22954120>
1698         https://bugs.webkit.org/show_bug.cgi?id=159656
1699
1700         Reviewed by Tim Horton.
1701
1702         * platform/PlatformSpeechSynthesizer.h:
1703         * platform/mac/PlatformSpeechSynthesizerMac.mm:
1704         Default initialize m_voiceListIsInitialized to false so it is
1705         initialized on both Mac and iOS. Remove the explicit initialization
1706         from the Mac.
1707
1708 2016-07-11  Simon Fraser  <simon.fraser@apple.com>
1709
1710         <rdar://problem/27285599> REGRESSION: Assertion under CertificateInfo::trust() every time I focus a text field
1711
1712         Reviewed by Sam Weinig.
1713
1714         The assertion added to CertificateInfo::trust() in r203040 is wrong, and is triggered when
1715         focusing a form field via calls to -[WKWebProcessPlugInFrame _serverTrust], so remove it.
1716
1717         * platform/network/cf/CertificateInfo.h:
1718         (WebCore::CertificateInfo::trust):
1719
1720 2016-07-11  Simon Fraser  <simon.fraser@apple.com>
1721
1722         Deleting in a text input inside an iframe causes the page to scroll incorrectly
1723         https://bugs.webkit.org/show_bug.cgi?id=159654
1724         rdar://problem/26805722
1725
1726         Reviewed by Zalan Bujtas.
1727
1728         Editor::revealSelectionAfterEditingOperation() needs the same iOS-specific reveal
1729         behavior as was added for typing in r202295.
1730
1731         Test: fast/forms/ios/delete-in-input-in-iframe.html
1732
1733         * editing/Editor.cpp:
1734         (WebCore::Editor::revealSelectionAfterEditingOperation):
1735
1736 2016-07-11  Andy Estes  <aestes@apple.com>
1737
1738         Fix indentation in FrameLoaderTypes.h
1739         https://bugs.webkit.org/show_bug.cgi?id=159650
1740
1741         Reviewed by Brady Eidson.
1742
1743         * loader/FrameLoaderTypes.h:
1744
1745 2016-07-11  Myles C. Maxfield  <mmaxfield@apple.com>
1746
1747         Honor the second argument to FontFaceSet.load and FontFaceSet.check
1748         https://bugs.webkit.org/show_bug.cgi?id=159607
1749         <rdar://problem/27284902>
1750
1751         Reviewed by Zalan Bujtas.
1752
1753         This second argument is used in conjunction with the unicode-range CSS property, so that
1754         loading from a FontFaceSet only loads the fonts which actually match the characters given.
1755         Previously, we hadn't implemented proper support for this unicode-range property, but now
1756         that we have implemented it, we should honor this second argument.
1757
1758         Test: fast/text/unicode-range-javascript.html
1759
1760         * css/CSSFontFace.cpp:
1761         (WebCore::CSSFontFace::rangesMatchCodePoint):
1762         * css/CSSFontFace.h:
1763         * css/CSSFontFaceSet.cpp:
1764         (WebCore::codePointsFromString):
1765         (WebCore::CSSFontFaceSet::matchingFaces):
1766
1767 2016-07-11  Zalan Bujtas  <zalan@apple.com>
1768
1769         Unable to edit fields or drag to select text in Dashboard widgets.
1770         https://bugs.webkit.org/show_bug.cgi?id=159647
1771         <rdar://problem/26941698>
1772
1773         Reviewed by Brent Fulgham.
1774
1775         RenderObject::computeAbsoluteRepaintRect's first paramenter is no longer in/out. Use the return
1776         value to set the clip on the dashboard region.
1777
1778         Not testable.
1779
1780         * rendering/RenderInline.cpp:
1781         (WebCore::RenderInline::addAnnotatedRegions):
1782         * rendering/RenderObject.cpp:
1783         (WebCore::RenderObject::addAnnotatedRegions):
1784
1785 2016-07-11  Chris Dumez  <cdumez@apple.com>
1786
1787         Potential null dereference under DocumentLoader::mainReceivedError()
1788         https://bugs.webkit.org/show_bug.cgi?id=159640
1789         <rdar://problem/27283372>
1790
1791         Reviewed by Brady Eidson.
1792
1793         Move frameLoader() null check a bit earlier in DocumentLoader::mainReceivedError()
1794         as it was dereferenced before the check.
1795
1796         * loader/DocumentLoader.cpp:
1797         (WebCore::DocumentLoader::mainReceivedError):
1798
1799 2016-07-11  Enrica Casucci  <enrica@apple.com>
1800
1801         Add synthetic click origin to WKNavigationAction.
1802         https://bugs.webkit.org/show_bug.cgi?id=159584
1803         rdar://problem/25610422
1804
1805         Reviewed by Tim Horton.
1806
1807         Adding plumbing code to pass synthetic click type
1808         through WebCore.
1809
1810         * dom/Element.cpp:
1811         (WebCore::Element::dispatchMouseEvent):
1812         (WebCore::Element::dispatchMouseForceWillBegin):
1813         * dom/MouseEvent.cpp:
1814         (WebCore::MouseEvent::create):
1815         (WebCore::MouseEvent::MouseEvent):
1816         (WebCore::MouseEvent::initMouseEvent):
1817         (WebCore::MouseEvent::cloneFor):
1818         * dom/MouseEvent.h:
1819         (WebCore::MouseEvent::createForBindings):
1820         (WebCore::MouseEvent::button):
1821         (WebCore::MouseEvent::syntheticClickType):
1822         (WebCore::MouseEvent::buttonDown):
1823         (WebCore::MouseEvent::setRelatedTarget):
1824         * dom/SimulatedClick.cpp:
1825         * dom/WheelEvent.cpp:
1826         (WebCore::WheelEvent::WheelEvent):
1827         * page/ContextMenuController.cpp:
1828         (WebCore::ContextMenuController::showContextMenuAt):
1829         * page/DragController.cpp:
1830         (WebCore::createMouseEvent):
1831         (WebCore::DragController::DragController):
1832         * page/EventHandler.cpp:
1833         (WebCore::EventHandler::dispatchDragEvent):
1834         (WebCore::EventHandler::sendContextMenuEventForKey):
1835         (WebCore::EventHandler::fakeMouseMoveEventTimerFired):
1836         * platform/PlatformMouseEvent.h:
1837         (WebCore::PlatformMouseEvent::PlatformMouseEvent):
1838         (WebCore::PlatformMouseEvent::clickCount):
1839         (WebCore::PlatformMouseEvent::modifierFlags):
1840         (WebCore::PlatformMouseEvent::force):
1841         (WebCore::PlatformMouseEvent::syntheticClickType):
1842         * replay/SerializationMethods.cpp:
1843         (JSC::EncodingTraits<PlatformMouseEvent>::decodeValue):
1844
1845 2016-07-11  Anders Carlsson  <andersca@apple.com>
1846
1847         Able to open multiple payment sheets in Safari at the same time
1848         https://bugs.webkit.org/show_bug.cgi?id=159637
1849         rdar://problem/26411339
1850
1851         Reviewed by Beth Dakin.
1852
1853         Fold PaymentCoordinator::showPaymentUI into PaymentCoordinator::beginPaymentSession and
1854         change the return value of the latter member function to a bool to indicate whether the
1855         payment UI could be shown (or whether it's already showing).
1856
1857         * Modules/applepay/ApplePaySession.cpp:
1858         (WebCore::ApplePaySession::begin):
1859         Check the return value of beginPaymentSession.
1860
1861         * Modules/applepay/PaymentCoordinator.cpp:
1862         (WebCore::PaymentCoordinator::beginPaymentSession):
1863         This now takes a payment session and returns a boolean.
1864         (WebCore::PaymentCoordinator::showPaymentUI): Deleted.
1865
1866         * Modules/applepay/PaymentCoordinator.h:
1867         * Modules/applepay/PaymentCoordinatorClient.h:
1868         * loader/EmptyClients.cpp:
1869         The showPaymentUI client function now returns a bool.
1870
1871 2016-07-11  Nan Wang  <n_wang@apple.com>
1872
1873         AX: Crash when backspacing in number field with spin button
1874         https://bugs.webkit.org/show_bug.cgi?id=157830
1875
1876         Reviewed by Chris Fleizach.
1877
1878         It's possible to access spin button parts after they've been detached from their parent, which can lead to crashes.
1879         This adds in a number of redundant safeguards to prevent this and other cases in the future.
1880
1881         Test: accessibility/spinbutton-crash.html
1882
1883         * accessibility/AccessibilitySpinButton.cpp:
1884         (WebCore::AccessibilitySpinButton::incrementButton):
1885         (WebCore::AccessibilitySpinButton::decrementButton):
1886         (WebCore::AccessibilitySpinButton::addChildren):
1887
1888 2016-07-11  Chris Dumez  <cdumez@apple.com>
1889
1890         Possible null dereference under EventHandler::dispatchMouseEvent()
1891         https://bugs.webkit.org/show_bug.cgi?id=159632
1892         <rdar://problem/27247619>
1893
1894         Reviewed by Andreas Kling.
1895
1896         FrameSelection::toNormalizedRange() can return null even when FrameSelection::isRange()
1897         returns true so add a null check.
1898
1899         * page/EventHandler.cpp:
1900         (WebCore::EventHandler::dispatchMouseEvent):
1901
1902 2016-07-11  Commit Queue  <commit-queue@webkit.org>
1903
1904         Unreviewed, rolling out r203064.
1905         https://bugs.webkit.org/show_bug.cgi?id=159642
1906
1907         This change causes LayoutTest crashes on WK1 ASan (Requested
1908         by ryanhaddad on #webkit).
1909
1910         Reverted changeset:
1911
1912         "Use refs for ResourceLoaders"
1913         https://bugs.webkit.org/show_bug.cgi?id=159592
1914         http://trac.webkit.org/changeset/203064
1915
1916 2016-07-11  Brent Fulgham  <bfulgham@apple.com>
1917
1918         [WebGL] Check for existing buffer exists for enabled vertex array attributes before permitting glDrawArrays to execute
1919         https://bugs.webkit.org/show_bug.cgi?id=159590
1920         <rdar://problem/26865535>
1921
1922         Reviewed by Dean Jackson.
1923
1924         Test: fast/canvas/webgl/webgl-drawarrays-crash-2.html
1925
1926         * html/canvas/WebGLRenderingContextBase.cpp:
1927         (WebCore::WebGLRenderingContextBase::validateVertexAttributes): If enabled array buffer attributes exist,
1928         ensure that an array buffer has been bound.
1929
1930 2016-07-11  Nan Wang  <n_wang@apple.com>
1931
1932         AX: WKWebView should have API to prevent pinch-to-zoom always being allowed
1933         https://bugs.webkit.org/show_bug.cgi?id=158364
1934
1935         Reviewed by Anders Carlsson.
1936
1937         Removed the internals settings for viewport force always user scalable.
1938
1939         Changes are covered in modified tests.
1940
1941         * testing/Internals.cpp:
1942         (WebCore::Internals::resetToConsistentState):
1943         (WebCore::Internals::Internals):
1944         (WebCore::Internals::composedTreeAsText):
1945         (WebCore::Internals::setLinkPreloadSupport):
1946         (WebCore::Internals::setViewportForceAlwaysUserScalable): Deleted.
1947         * testing/Internals.h:
1948         * testing/Internals.idl:
1949
1950 2016-07-11  Frederic Wang  <fwang@igalia.com>
1951
1952         Use parameters from the OpenType MATH table for <munderover>
1953         https://bugs.webkit.org/show_bug.cgi?id=155756
1954
1955         Reviewed by Brent Fulgham.
1956
1957         We follow the description from the MathML in HTML5 implementation
1958         to improve the layout of <munderover> using some constants from the MATH table.
1959
1960         Tests: imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-1.html
1961                imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-2.html
1962                imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-3.html
1963                imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-4.html
1964                mathml/presentation/attributes-accent-accentunder-dynamic.html
1965
1966         * mathml/mathattrs.in: Add accentunder attribute.
1967         * rendering/mathml/MathMLOperatorDictionary.h: Remove FIXME comment.
1968         * rendering/mathml/RenderMathMLUnderOver.cpp:
1969         (WebCore::RenderMathMLUnderOver::hasAccent): Helper function to determine whether
1970         the over/under script should be treated as an accent.
1971         (WebCore::RenderMathMLUnderOver::getVerticalParameters): Helper function to read
1972         some vertical parameters from the MATH table.
1973         (WebCore::RenderMathMLUnderOver::layoutBlock): Take into account the new vertical
1974         parameters for the layout of <munderover>.
1975         * rendering/mathml/RenderMathMLUnderOver.h: Define new helper functions.
1976
1977 2016-07-11  Frederic Wang  <fwang@igalia.com>
1978
1979         Use Stack* parameters from the OpenType MATH table
1980         https://bugs.webkit.org/show_bug.cgi?id=155714
1981
1982         Reviewed by Brent Fulgham.
1983
1984         Test: mathml/mathml-in-html5/frac-parameters-2.html
1985
1986         * rendering/mathml/RenderMathMLFraction.cpp:
1987         (WebCore::RenderMathMLFraction::updateFromElement): Set the stack parameters when
1988         the line thickness is zero.
1989         (WebCore::RenderMathMLFraction::layoutBlock): Correctly set the <mfrac> ascent and
1990         the denominator vertical offset when the line thickness is zero.
1991         (WebCore::RenderMathMLFraction::paint): Early return when we actually do not need to
1992         paint any fraction bar.
1993         * rendering/mathml/RenderMathMLFraction.h: Define an isStack helper function and define
1994         members corresponding to stack parameters.
1995
1996 2016-07-11  Frederic Wang  <fwang@igalia.com>
1997
1998         Add support for mathvariants that cannot be emulated via CSS.
1999         https://bugs.webkit.org/show_bug.cgi?id=108778
2000
2001         Reviewed by Brent Fulgham.
2002
2003         Tests: mathml/mathml-in-html5/mathvariant-transforms-1.html
2004                mathml/mathml-in-html5/mathvariant-transforms-2.html
2005                mathml/presentation/mathvariant-inheritance.html
2006                mathml/presentation/mathvariant-tokens.html
2007
2008         We remove the old code to emulate partial mathvariant support via CSS and add support
2009         for all mathvariant values using the technique used for implicit italic on <mi> element.
2010         We also rely on the MathMLStyle class introduced earlier to support custome MathML style
2011         and manage inheritance of mathvariant values.
2012         The function that tries and converts one base character into a transformed mathvariant
2013         character is based on similar code from Gecko:
2014         http://hg.mozilla.org/mozilla-central/file/tip/layout/generic/MathMLTextRunFactory.cpp
2015         Note that we only support transform on token elements with a single character, which
2016         should cover the most important use cases.
2017
2018         * css/mathml.css: Remove the CSS rules to emulate some mathvariant values.
2019         (math[mathvariant="normal"], mstyle[mathvariant="normal"], mo[mathvariant="normal"], mn[mathvariant="normal"], mi[mathvariant="normal"], mtext[mathvariant="normal"], mspace[mathvariant="normal"], ms[mathvariant="normal"]): Deleted.
2020         (math[mathvariant="bold"], mstyle[mathvariant="bold"], mo[mathvariant="bold"], mn[mathvariant="bold"], mi[mathvariant="bold"], mtext[mathvariant="bold"], mspace[mathvariant="bold"], ms[mathvariant="bold"]): Deleted.
2021         (math[mathvariant="italic"], mstyle[mathvariant="italic"], mo[mathvariant="italic"], mn[mathvariant="italic"], mi[mathvariant="italic"], mtext[mathvariant="italic"], mspace[mathvariant="italic"], ms[mathvariant="italic"]): Deleted.
2022         (math[mathvariant="bold-italic"], mstyle[mathvariant="bold-italic"], mo[mathvariant="bold-italic"], mn[mathvariant="bold-italic"], mi[mathvariant="bold-italic"], mtext[mathvariant="bold-italic"], mspace[mathvariant="bold-italic"], ms[mathvariant="bold-italic"]): Deleted.
2023         * mathml/MathMLInlineContainerElement.cpp: We resolve mathml style when mathvariant changes.
2024         (WebCore::MathMLInlineContainerElement::parseAttribute):
2025         * mathml/MathMLMathElement.cpp: ditto.
2026         (WebCore::MathMLMathElement::parseAttribute):
2027         * mathml/MathMLTextElement.cpp: ditto.
2028         (WebCore::MathMLTextElement::parseAttribute):
2029         * rendering/mathml/MathMLStyle.cpp: Add mathvariant property to the MathML style.
2030         (WebCore::MathMLStyle::MathMLStyle): Init mathvariant to none.
2031         (WebCore::MathMLStyle::getMathMLStyle): Helper function to retrieve the MathML style on a renderer.
2032         (WebCore::MathMLStyle::updateStyleIfNeeded): Take into account change of mathvariant.
2033         (WebCore::MathMLStyle::parseMathVariant): Helper function to parse a mathvariant attribute.
2034         (WebCore::MathMLStyle::resolveMathMLStyle): Take into account mathvariant value: it is None
2035         by default, inherited and can be modified via an attribute on <math>, <mstyle> or token
2036         elements. We also refactor a bit to share logic between displaystyle and mathvariant.
2037         (WebCore::MathMLStyle::setDisplayStyle): Deleted.
2038         * rendering/mathml/MathMLStyle.h: Add mathvariant members and update declarations.
2039         * rendering/mathml/RenderMathMLOperator.cpp:
2040         (WebCore::RenderMathMLOperator::updateTokenContent): Call the function from the parent class
2041         to consider mathvariant on <mo>.
2042         * rendering/mathml/RenderMathMLToken.cpp:
2043         We implement a mathVariant function to transform a base character into its transformed mathvariant:
2044         - There are some regularity that allows to perform this via simple linear transforms.
2045         - However, there are also many exceptions and we rely on some sorted MathVariantMapping
2046         tables to handle these cases.
2047         (WebCore::ExtractKey): Helper function to perform binary searches on MathVariant tables.
2048         (WebCore::MathVariantMappingSearch): ditto.
2049         (WebCore::mathVariant): New function to perform mathvariant transforms.
2050         (WebCore::RenderMathMLToken::updateMathVariantGlyph): Use the mathVariant function to
2051         perform all transformations, not just the italic one.
2052         (WebCore::transformToItalic): Deleted. Replaced with the more general mathVariant function.
2053
2054 2016-07-11  Jeremy Jones  <jeremyj@apple.com>
2055
2056         Pause small video elements when returning to inline.
2057         https://bugs.webkit.org/show_bug.cgi?id=159535
2058
2059         Reviewed by Jer Noble.
2060
2061         Will add a test in a later commit.
2062
2063         When exiting fullscreen, don't allow playback to continue inline if video is too small.
2064
2065         * html/HTMLMediaElement.cpp:
2066         (WebCore::HTMLMediaElement::isVideoTooSmallForInlinePlayback): Added.
2067         (WebCore::HTMLMediaElement::exitFullscreen): Pause if video is too small.
2068         * html/HTMLMediaElement.h:
2069
2070 2016-07-11  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2071
2072         toNative functions in JSDOMBinding.h should take an ExecState reference instead of pointer
2073         https://bugs.webkit.org/show_bug.cgi?id=159298
2074
2075         Reviewed by Youenn Fablet.
2076
2077         Pass ExecState by reference instead of pointer.
2078
2079         * bindings/js/IDBBindingUtilities.cpp:
2080         (WebCore::idbKeyPathFromValue):
2081         * bindings/js/JSBlobCustom.cpp:
2082         (WebCore::constructJSBlob):
2083         * bindings/js/JSDOMBinding.h: Pass ExecState by reference instead of pointer.
2084         (WebCore::toJSSequence):
2085         (WebCore::NativeValueTraits<String>::nativeValue):
2086         (WebCore::NativeValueTraits<unsigned>::nativeValue):
2087         (WebCore::NativeValueTraits<float>::nativeValue):
2088         (WebCore::NativeValueTraits<double>::nativeValue):
2089         (WebCore::toNativeArray):
2090         (WebCore::toNativeArguments):
2091         * bindings/js/JSDOMConvert.h:
2092         (WebCore::Converter<Vector<T>>::convert):
2093         * bindings/js/JSDictionary.cpp:
2094         (WebCore::JSDictionary::convertValue):
2095         * bindings/js/JSFileCustom.cpp:
2096         (WebCore::constructJSFile):
2097         * bindings/js/JSMessagePortCustom.cpp:
2098         (WebCore::fillMessagePortArray):
2099         * bindings/scripts/CodeGeneratorJS.pm:
2100         (GenerateParametersCheck):
2101         (JSValueToNative):
2102         * bindings/scripts/test/JS/JSTestObj.cpp:
2103         (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalSequence):
2104         (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArray):
2105         (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArrayIsEmpty):
2106         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
2107         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
2108         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
2109         (WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongSequence):
2110         (WebCore::jsTestObjPrototypeFunctionStringArrayFunction):
2111         (WebCore::jsTestObjPrototypeFunctionMethodWithAndWithoutNullableSequence):
2112         (WebCore::jsTestObjPrototypeFunctionMethodWithAndWithoutNullableSequence2):
2113         (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithSequence):
2114         (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithArray):
2115         (WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
2116         (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
2117         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
2118         (WebCore::constructJSTestOverloadedConstructors5):
2119         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
2120         (WebCore::jsTestTypedefsPrototypeFunctionFunc):
2121         (WebCore::jsTestTypedefsPrototypeFunctionNullableArrayArg):
2122         (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction):
2123         (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction2):
2124
2125 2016-07-08  Alex Christensen  <achristensen@webkit.org>
2126
2127         Use refs for ResourceLoaders
2128         https://bugs.webkit.org/show_bug.cgi?id=159592
2129
2130         Reviewed by Chris Dumez.
2131
2132         No new tests.  No change in behavior except a fixed memory leak in WebKit1.
2133
2134         * loader/LoaderStrategy.h:
2135         * loader/ResourceLoader.cpp:
2136         (WebCore::ResourceLoader::finishNetworkLoad):
2137         (WebCore::ResourceLoader::setDefersLoading):
2138         (WebCore::ResourceLoader::frameLoader):
2139         (WebCore::ResourceLoader::willSwitchToSubstituteResource):
2140         (WebCore::ResourceLoader::willSendRequestInternal):
2141
2142 2016-07-11  Fujii Hironori  <Hironori.Fujii@sony.com>
2143
2144         Using dpi unit in sizes attribute raises SIGSEGV
2145         https://bugs.webkit.org/show_bug.cgi?id=159412
2146
2147         Reviewed by Darin Adler.
2148
2149         CSSParser::sourceSize returns a invalid CSSParser::SourceSize
2150         whose length is a null value for a dpi unit value.  Because
2151         CSSParserValue::createCSSValue returns null for a dpi value.
2152
2153         Tests:
2154             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
2155             imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html
2156
2157         * css/CSSParser.cpp:
2158         (WebCore::CSSParser::sourceSize): Create a CSSPrimitiveValue of
2159         CSS_UNKNOWN if CSSParserValue::createCSSValue returns null.
2160
2161 2016-07-11  Olivier Blin  <olivier.blin@softathome.com>
2162
2163         Red and blue colors are swapped in video rendered through WebGL when GSTREAMER_GL is enabled
2164         https://bugs.webkit.org/show_bug.cgi?id=159621
2165
2166         Reviewed by Philippe Normand.
2167
2168         When a video is rendered through WebGL, and GSTREAMER_GL is enabled, red and blue colors are swapped.
2169         This occurs for example with the following videos:
2170         http://www.scirra.com/labs/bugs/webglvideo/
2171         http://www.dailymotion.com/embed/video/x4jiicp?autoplay=1
2172
2173         This is because ImageGStreamerCairo expects video frames in either
2174         BGRA or ARGB, while when GSTREAMER_GL is enabled,
2175         createVideoSinkGL() forces a RGBA format.
2176
2177         Without GSTREAMER_GL, the rendering is fine since
2178         VideoSinkGStreamer uses either BGRA or ARGB.
2179
2180         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2181         (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):
2182
2183 2016-07-11  Philippe Normand  <pnormand@igalia.com>
2184
2185         [GStreamer] remove WEBKIT_DEBUG support
2186         https://bugs.webkit.org/show_bug.cgi?id=159553
2187
2188         Reviewed by Xabier Rodriguez-Calvar.
2189
2190         Remove the *_MEDIA_MESSAGE macros specific to the GStreamer
2191         platform code and replace them with standard GST_DEBUG macros. In
2192         Debug builds the WEBKIT_DEBUG=Media logs now only contain logs
2193         related with the cross-platform Media element code. If GStreamer
2194         logs are needed, the GST_DEBUG=webkit*:5 environment variable can
2195         be used.
2196
2197         * platform/graphics/gstreamer/GStreamerUtilities.h:
2198         * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.cpp:
2199         (WebCore::InbandTextTrackPrivateGStreamer::notifyTrackOfSample):
2200         (WebCore::InbandTextTrackPrivateGStreamer::notifyTrackOfStreamChanged):
2201         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2202         (WebCore::MediaPlayerPrivateGStreamer::setAudioStreamProperties):
2203         (WebCore::MediaPlayerPrivateGStreamer::load):
2204         (WebCore::MediaPlayerPrivateGStreamer::commitLoad):
2205         (WebCore::MediaPlayerPrivateGStreamer::playbackPosition):
2206         (WebCore::MediaPlayerPrivateGStreamer::changePipelineState):
2207         (WebCore::MediaPlayerPrivateGStreamer::play):
2208         (WebCore::MediaPlayerPrivateGStreamer::pause):
2209         (WebCore::MediaPlayerPrivateGStreamer::duration):
2210         (WebCore::MediaPlayerPrivateGStreamer::seek):
2211         (WebCore::MediaPlayerPrivateGStreamer::updatePlaybackRate):
2212         (WebCore::MediaPlayerPrivateGStreamer::paused):
2213         (WebCore::MediaPlayerPrivateGStreamer::newTextSample):
2214         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
2215         (WebCore::MediaPlayerPrivateGStreamer::processBufferingStats):
2216         (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired):
2217         (WebCore::MediaPlayerPrivateGStreamer::maxTimeSeekable):
2218         (WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded):
2219         (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress):
2220         (WebCore::MediaPlayerPrivateGStreamer::totalBytes):
2221         (WebCore::MediaPlayerPrivateGStreamer::asyncStateChangeDone):
2222         (WebCore::MediaPlayerPrivateGStreamer::updateStates):
2223         (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation):
2224         (WebCore::MediaPlayerPrivateGStreamer::setDownloadBuffering):
2225         (WebCore::MediaPlayerPrivateGStreamer::createAudioSink):
2226         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
2227         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2228         (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
2229         (WebCore::MediaPlayerPrivateGStreamerBase::setVolume):
2230         (WebCore::MediaPlayerPrivateGStreamerBase::volumeChangedCallback):
2231         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
2232         (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):
2233         (WebCore::MediaPlayerPrivateGStreamerBase::setStreamVolumeElement):
2234         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
2235         (WebCore::MediaPlayerPrivateGStreamerOwr::~MediaPlayerPrivateGStreamerOwr):
2236         (WebCore::MediaPlayerPrivateGStreamerOwr::play):
2237         (WebCore::MediaPlayerPrivateGStreamerOwr::pause):
2238         (WebCore::MediaPlayerPrivateGStreamerOwr::currentTime):
2239         (WebCore::MediaPlayerPrivateGStreamerOwr::load):
2240         (WebCore::MediaPlayerPrivateGStreamerOwr::internalLoad):
2241         (WebCore::MediaPlayerPrivateGStreamerOwr::stop):
2242         (WebCore::MediaPlayerPrivateGStreamerOwr::createGSTAudioSinkBin):
2243         (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnded):
2244         (WebCore::MediaPlayerPrivateGStreamerOwr::trackMutedChanged):
2245         (WebCore::MediaPlayerPrivateGStreamerOwr::trackSettingsChanged):
2246         (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnabledChanged):
2247         * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
2248         (WebCore::TrackPrivateBaseGStreamer::getLanguageCode):
2249         (WebCore::TrackPrivateBaseGStreamer::getTag):
2250
2251 2016-07-11  Eric Carlson  <eric.carlson@apple.com>
2252
2253         Add a test for media control dropoff
2254         https://bugs.webkit.org/show_bug.cgi?id=151287
2255         <rdar://problem/23544666>
2256
2257         Reviewed by Antoine Quint.
2258
2259         Test: media/controls/inline-elements-dropoff-order.html
2260
2261         * Modules/mediacontrols/mediaControlsApple.js: Expose more state to testing.
2262         * testing/InternalSettings.cpp:
2263         (WebCore::InternalSettings::setAllowsAirPlayForMediaPlayback): Renamed from setWirelessPlaybackDisabled.
2264         (WebCore::InternalSettings::setWirelessPlaybackDisabled): Deleted.
2265         * testing/InternalSettings.h:
2266         * testing/InternalSettings.idl:
2267
2268
2269 2016-07-11  Philippe Normand  <pnormand@igalia.com>
2270
2271         [GStreamer][GL] crash within triggerRepaint
2272         https://bugs.webkit.org/show_bug.cgi?id=159552
2273
2274         Reviewed by Xabier Rodriguez-Calvar.
2275
2276         Ensure the sizeChanged notification is emitted from the main
2277         thread. When GStreamer-GL rendering is enabled the appsink draw
2278         callbacks are fired in a non-main thread.
2279
2280         The WeakPtr support was moved to the player base class so that it
2281         can be used there as well as in the MediaPlayerPrivateGStreamer
2282         sub-class.
2283
2284         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2285         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
2286         (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer): Deleted.
2287         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
2288         (WebCore::MediaPlayerPrivateGStreamer::createWeakPtr): Deleted.
2289         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2290         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
2291         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
2292         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
2293         (WebCore::MediaPlayerPrivateGStreamerBase::createWeakPtr):
2294
2295 2016-07-10  Chris Dumez  <cdumez@apple.com>
2296
2297         Setting document.title reuses <title>'s textnode child
2298         https://bugs.webkit.org/show_bug.cgi?id=28864
2299         <rdar://problem/7186473>
2300
2301         Reviewed by Benjamin Poulain.
2302
2303         Setting document.title should be equivalent to setting the 'textContent'
2304         IDL attribute of the <title> element:
2305         - https://html.spec.whatwg.org/multipage/dom.html#document.title
2306
2307         In particular, this means we should always create a new Text node and
2308         replace all the <title>'s children with this new Node, as per:
2309         - https://dom.spec.whatwg.org/#dom-node-textcontent
2310
2311         Previously, WebKit would in some cases reuse the existing <title>'s
2312         Text node and merely update its data.
2313
2314         Firefox and Chrome behave as per the specification so this aligns our
2315         behavior with other major browsers as well.
2316
2317         Test: fast/dom/title-setter-new-text-node.html
2318
2319         * dom/Document.cpp:
2320         (WebCore::Document::setTitle):
2321         - Call Node::setTextContent() instead of HTMLTitleElement::setText(),
2322           as per the specification.
2323         - Take an ExceptionCode parameter and pass it to Node::setTextContent()
2324           as it may throw.
2325
2326         * dom/Document.h:
2327         * dom/Document.idl:
2328
2329         * html/HTMLTitleElement.cpp:
2330         (WebCore::HTMLTitleElement::setText):
2331         Update implementation of HTMLTitleElement::setText() to call
2332         setTextContent() as per the specification:
2333         - https://html.spec.whatwg.org/multipage/semantics.html#dom-title-text
2334
2335         * html/HTMLTitleElement.h:
2336         * html/HTMLTitleElement.idl:
2337
2338         * html/ImageDocument.cpp:
2339         (WebCore::ImageDocument::finishedParsing):
2340
2341         * svg/SVGTitleElement.cpp:
2342         * svg/SVGTitleElement.h:
2343         Drop setText() setter which was duplicated from HTMLTitleElement::setText()
2344         now that Document::setTitle() calls SVGTitleElement::setTextContent()
2345         instead.
2346
2347 2016-07-10  Zalan Bujtas  <zalan@apple.com>
2348
2349         Fix LogicalSelectionOffsetCaches to work with detached render tree.
2350         https://bugs.webkit.org/show_bug.cgi?id=159605
2351         <rdar://problem/27248845>
2352
2353         Reviewed by Brent Fulgham.
2354
2355         When the renderer that is being destroyed is on a selection boundary,
2356         we need to ensure that all its cached pointers across the selection code (e.g. SelectionSubtreeData)
2357         are getting reset. In order to do that, we call clearSelection() on the RenderView.
2358         One of the last steps of clearing selection is to collect the selection gaps. Selection gaps uses this
2359         LogicalSelectionOffsetCaches helper class to collect selection information across blocks.
2360         LogicalSelectionOffsetCaches normally operates on rooted renderers. However we need to ensure sure that
2361         it can also handle renderers that are no longer part of the render tree.
2362
2363         Test: fast/text/selection-on-a-detached-tree.html
2364
2365         * rendering/LogicalSelectionOffsetCaches.h:
2366         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::setBlock):
2367         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalLeftSelectionOffset):
2368         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalRightSelectionOffset):
2369         * rendering/RenderBlock.cpp:
2370         (WebCore::RenderBlock::logicalLeftSelectionOffset):
2371         (WebCore::RenderBlock::logicalRightSelectionOffset):
2372
2373 2016-07-10  Chris Dumez  <cdumez@apple.com>
2374
2375         adoptNode() changes css class to lowercase for document loaded with XHR responseType = "document"
2376         https://bugs.webkit.org/show_bug.cgi?id=159555
2377         <rdar://problem/27252541>
2378
2379         Reviewed by Benjamin Poulain.
2380
2381         Follow-up on r203018 which was incomplete. We need to update ElementData's
2382         m_classNames / m_idForStyleResolution when the source document is in strict
2383         mode and the destination document is in quirks mode as well.
2384
2385         Test: fast/dom/Document/adoptNode-quirks-mismatch2.html
2386
2387         * dom/Element.cpp:
2388         (WebCore::Element::didMoveToNewDocument):
2389
2390 2016-07-10  Sam Weinig  <sam@webkit.org>
2391
2392         Rename isEmojiModifier to isEmojiFitzpatrickModifier to better capture its function
2393         https://bugs.webkit.org/show_bug.cgi?id=159610
2394
2395         Reviewed by Dan Bernstein.
2396
2397         * platform/graphics/FontCascade.cpp:
2398         (WebCore::FontCascade::characterRangeCodePath):
2399         * platform/graphics/mac/ComplexTextController.cpp:
2400         (WebCore::advanceByCombiningCharacterSequence):
2401         Update for rename.
2402
2403         * platform/text/CharacterProperties.h:
2404         (WebCore::isEmojiGroupCandidate):
2405         (WebCore::isEmojiFitzpatrickModifier):
2406         (WebCore::isVariationSelector):
2407         Rename isEmojiModifier -> isEmojiFitzpatrickModifier. Also add some comments
2408         explaining what the characters these predicate act on to demystify them a bit.
2409
2410         * rendering/RenderText.cpp:
2411         (WebCore::RenderText::previousOffsetForBackwardDeletion):
2412         Update for rename and rename a related variable.
2413
2414 2016-07-10  Alex Christensen  <achristensen@webkit.org>
2415
2416         Fix client certificate authentication after r200463
2417         https://bugs.webkit.org/show_bug.cgi?id=159574
2418         <rdar://problem/26931006>
2419
2420         Reviewed by Sam Weinig.
2421
2422         No new tests.  We really need a test for this
2423
2424         * platform/network/cf/CertificateInfo.h:
2425         (WebCore::CertificateInfo::CertificateInfo):
2426         (WebCore::CertificateInfo::trust):
2427         Make sure we only get the trust for Trust type CertificateInfos.  
2428         If we mix up our types, we get unexpected nullptrs, which will cause authentication to fail.
2429
2430 2016-07-10  Myles C. Maxfield  <mmaxfield@apple.com>
2431
2432         Fix Windows build after r203038
2433
2434         Unreviewed.
2435
2436         * platform/text/TextAllInOne.cpp:
2437
2438 2016-07-10  Myles C. Maxfield  <mmaxfield@apple.com>
2439
2440         Move breaking iterator code to WTF
2441         https://bugs.webkit.org/show_bug.cgi?id=159594
2442
2443         Reviewed by Alex Christensen.
2444
2445         This is in preparation for giving StringView a GraphemeClusters iterator.
2446         Such an interator needs to be implemented on top of our breaking iterator
2447         code.
2448
2449         No new tests because there is no behavior change.
2450
2451         * CMakeLists.txt:
2452         * PlatformEfl.cmake:
2453         * PlatformGTK.cmake:
2454         * PlatformMac.cmake:
2455         * PlatformWin.cmake:
2456         * WebCore.xcodeproj/project.pbxproj:
2457         * dom/CharacterData.cpp:
2458         * editing/TextCheckingHelper.cpp:
2459         * editing/TextIterator.cpp:
2460         * editing/VisibleUnits.cpp:
2461         * html/HTMLInputElement.cpp:
2462         * html/HTMLTextAreaElement.cpp:
2463         * html/InputType.cpp:
2464         * html/TextFieldInputType.cpp:
2465         * html/TextInputType.cpp:
2466         * platform/LocalizedStrings.cpp:
2467         * platform/graphics/StringTruncator.cpp:
2468         * platform/graphics/cg/ColorCG.cpp:
2469         (WTF::RetainPtr<CGColorRef>>::createValueForKey):
2470         (WebCore::RetainPtr<CGColorRef>>::createValueForKey): Deleted.
2471         * platform/graphics/mac/ComplexTextController.cpp:
2472         * platform/text/LineBreakIteratorPoolICU.h:
2473         (WebCore::LineBreakIteratorPool::LineBreakIteratorPool): Deleted.
2474         (WebCore::LineBreakIteratorPool::sharedPool): Deleted.
2475         (WebCore::LineBreakIteratorPool::makeLocaleWithBreakKeyword): Deleted.
2476         (WebCore::LineBreakIteratorPool::take): Deleted.
2477         (WebCore::LineBreakIteratorPool::put): Deleted.
2478         * platform/text/TextBoundaries.cpp:
2479         * platform/text/TextBreakIterator.cpp:
2480         (WebCore::initializeIterator): Deleted.
2481         (WebCore::initializeIteratorWithRules): Deleted.
2482         (WebCore::setTextForIterator): Deleted.
2483         (WebCore::setContextAwareTextForIterator): Deleted.
2484         (WebCore::wordBreakIterator): Deleted.
2485         (WebCore::sentenceBreakIterator): Deleted.
2486         (WebCore::cursorMovementIterator): Deleted.
2487         (WebCore::acquireLineBreakIterator): Deleted.
2488         (WebCore::releaseLineBreakIterator): Deleted.
2489         (WebCore::mapLineIteratorModeToRules): Deleted.
2490         (WebCore::isCJKLocale): Deleted.
2491         (WebCore::openLineBreakIterator): Deleted.
2492         (WebCore::closeLineBreakIterator): Deleted.
2493         (WebCore::compareAndSwapNonSharedCharacterBreakIterator): Deleted.
2494         (WebCore::NonSharedCharacterBreakIterator::NonSharedCharacterBreakIterator): Deleted.
2495         (WebCore::NonSharedCharacterBreakIterator::~NonSharedCharacterBreakIterator): Deleted.
2496         (WebCore::textBreakFirst): Deleted.
2497         (WebCore::textBreakLast): Deleted.
2498         (WebCore::textBreakNext): Deleted.
2499         (WebCore::textBreakPrevious): Deleted.
2500         (WebCore::textBreakPreceding): Deleted.
2501         (WebCore::textBreakFollowing): Deleted.
2502         (WebCore::textBreakCurrent): Deleted.
2503         (WebCore::isTextBreak): Deleted.
2504         (WebCore::isWordTextBreak): Deleted.
2505         (WebCore::numGraphemeClusters): Deleted.
2506         (WebCore::numCharactersInGraphemeClusters): Deleted.
2507         * platform/text/TextBreakIterator.h:
2508         (WebCore::LazyLineBreakIterator::LazyLineBreakIterator): Deleted.
2509         (WebCore::LazyLineBreakIterator::~LazyLineBreakIterator): Deleted.
2510         (WebCore::LazyLineBreakIterator::string): Deleted.
2511         (WebCore::LazyLineBreakIterator::isLooseCJKMode): Deleted.
2512         (WebCore::LazyLineBreakIterator::lastCharacter): Deleted.
2513         (WebCore::LazyLineBreakIterator::secondToLastCharacter): Deleted.
2514         (WebCore::LazyLineBreakIterator::setPriorContext): Deleted.
2515         (WebCore::LazyLineBreakIterator::updatePriorContext): Deleted.
2516         (WebCore::LazyLineBreakIterator::resetPriorContext): Deleted.
2517         (WebCore::LazyLineBreakIterator::priorContextLength): Deleted.
2518         (WebCore::LazyLineBreakIterator::get): Deleted.
2519         (WebCore::LazyLineBreakIterator::resetStringAndReleaseIterator): Deleted.
2520         (WebCore::NonSharedCharacterBreakIterator::operator TextBreakIterator*): Deleted.
2521         * platform/text/cf/HyphenationCF.cpp:
2522         * platform/text/efl/TextBreakIteratorInternalICUEfl.cpp:
2523         (WebCore::currentSearchLocaleID): Deleted.
2524         (WebCore::currentTextBreakLocaleID): Deleted.
2525         * platform/text/enchant/TextCheckerEnchant.cpp:
2526         * platform/text/gtk/TextBreakIteratorInternalICUGtk.cpp:
2527         (WebCore::currentSearchLocaleID): Deleted.
2528         (WebCore::currentTextBreakLocaleID): Deleted.
2529         * platform/text/icu/UTextProvider.cpp:
2530         (WebCore::fixPointer): Deleted.
2531         (WebCore::uTextCloneImpl): Deleted.
2532         * platform/text/icu/UTextProvider.h:
2533         (WebCore::uTextProviderContext): Deleted.
2534         (WebCore::initializeContextAwareUTextProvider): Deleted.
2535         (WebCore::uTextAccessPinIndex): Deleted.
2536         (WebCore::uTextAccessInChunkOrOutOfRange): Deleted.
2537         * platform/text/icu/UTextProviderLatin1.cpp:
2538         (WebCore::uTextLatin1Clone): Deleted.
2539         (WebCore::uTextLatin1NativeLength): Deleted.
2540         (WebCore::uTextLatin1Access): Deleted.
2541         (WebCore::uTextLatin1Extract): Deleted.
2542         (WebCore::uTextLatin1MapOffsetToNative): Deleted.
2543         (WebCore::uTextLatin1MapNativeIndexToUTF16): Deleted.
2544         (WebCore::uTextLatin1Close): Deleted.
2545         (WebCore::openLatin1UTextProvider): Deleted.
2546         (WebCore::textLatin1ContextAwareGetCurrentContext): Deleted.
2547         (WebCore::textLatin1ContextAwareMoveInPrimaryContext): Deleted.
2548         (WebCore::textLatin1ContextAwareSwitchToPrimaryContext): Deleted.
2549         (WebCore::textLatin1ContextAwareMoveInPriorContext): Deleted.
2550         (WebCore::textLatin1ContextAwareSwitchToPriorContext): Deleted.
2551         (WebCore::uTextLatin1ContextAwareClone): Deleted.
2552         (WebCore::uTextLatin1ContextAwareNativeLength): Deleted.
2553         (WebCore::uTextLatin1ContextAwareAccess): Deleted.
2554         (WebCore::uTextLatin1ContextAwareExtract): Deleted.
2555         (WebCore::uTextLatin1ContextAwareClose): Deleted.
2556         (WebCore::openLatin1ContextAwareUTextProvider): Deleted.
2557         * platform/text/icu/UTextProviderUTF16.cpp:
2558         (WebCore::textUTF16ContextAwareGetCurrentContext): Deleted.
2559         (WebCore::textUTF16ContextAwareMoveInPrimaryContext): Deleted.
2560         (WebCore::textUTF16ContextAwareSwitchToPrimaryContext): Deleted.
2561         (WebCore::textUTF16ContextAwareMoveInPriorContext): Deleted.
2562         (WebCore::textUTF16ContextAwareSwitchToPriorContext): Deleted.
2563         (WebCore::uTextUTF16ContextAwareClone): Deleted.
2564         (WebCore::uTextUTF16ContextAwareNativeLength): Deleted.
2565         (WebCore::uTextUTF16ContextAwareAccess): Deleted.
2566         (WebCore::uTextUTF16ContextAwareExtract): Deleted.
2567         (WebCore::uTextUTF16ContextAwareClose): Deleted.
2568         (WebCore::openUTF16ContextAwareUTextProvider): Deleted.
2569         * platform/text/mac/TextBoundaries.mm:
2570         * platform/text/mac/TextBreakIteratorInternalICUMac.mm:
2571         (WebCore::textBreakLocalePreference): Deleted.
2572         (WebCore::topLanguagePreference): Deleted.
2573         (WebCore::getLocale): Deleted.
2574         (WebCore::getSearchLocale): Deleted.
2575         (WebCore::currentSearchLocaleID): Deleted.
2576         (WebCore::getTextBreakLocale): Deleted.
2577         (WebCore::currentTextBreakLocaleID): Deleted.
2578         * platform/text/win/TextBreakIteratorInternalICUWin.cpp:
2579         (WebCore::currentSearchLocaleID): Deleted.
2580         (WebCore::currentTextBreakLocaleID): Deleted.
2581         * rendering/RenderBlock.cpp:
2582         * rendering/RenderText.cpp:
2583         * rendering/RenderText.h:
2584         * rendering/SimpleLineLayoutTextFragmentIterator.h:
2585         * rendering/break_lines.cpp:
2586         * rendering/break_lines.h:
2587         * rendering/line/LineBreaker.h:
2588
2589 2016-07-10  Yusuke Suzuki  <utatane.tea@gmail.com>
2590
2591         [GTK] Crash on https://diafygi.github.io/webcrypto-examples with ENABLE_SUBTLE_CRYPTO
2592         https://bugs.webkit.org/show_bug.cgi?id=159189
2593
2594         Reviewed by Michael Catanzaro.
2595
2596         Currently, we explicitly release the pointers of std::unique_ptr<CryptoAlgorithm> and std::unique_ptr<CryptoAlgorithmParameters>,
2597         and delete them in the asynchronously called lambdas. In GnuTLS version, callback function is accidentally called twice,
2598         and it incurs the double free problem.
2599         In SubtleCrypto code, we have the rule that we must not call failureCallback when the error code is filled in synchronous execution.
2600         So we drop the failureCallback calling code in GnuTLS subtle crypto code.
2601
2602         But, rather than carefully handling un-smart-pointer-managed raw pointer's life time, we should use ref counted pointer for that.
2603         Using the raw delete is error-prone.
2604
2605         This patch also changes CryptoAlgorithm and CryptoAlgorithmParameters to RefCounted. And use Ref and RefPtr instead.
2606         The change eliminates the ad-hoc delete code. And now, the lambdas can be called multiple times since once the result of the promise
2607         is resolved or rejected, subsequent resolve / reject calls are ignored.
2608
2609         And this patch also fixes the incorrect call to the lambda that is already WTFMoved.
2610
2611         While we can see several `return WTFMove(...)`, they are necessary since it uses implicit type conversions, like,
2612         `Ref<A>` => `RefPtr<A>`, and `Ref<Derived>` => `Ref<Base>`.
2613
2614         * bindings/js/JSCryptoAlgorithmDictionary.cpp:
2615         (WebCore::createAesCbcParams):
2616         (WebCore::createAesKeyGenParams):
2617         (WebCore::createHmacParams):
2618         (WebCore::createHmacKeyParams):
2619         (WebCore::createRsaKeyGenParams):
2620         (WebCore::createRsaKeyParamsWithHash):
2621         (WebCore::createRsaOaepParams):
2622         (WebCore::createRsaSsaParams):
2623         (WebCore::JSCryptoAlgorithmDictionary::createParametersForEncrypt):
2624         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDecrypt):
2625         (WebCore::JSCryptoAlgorithmDictionary::createParametersForSign):
2626         (WebCore::JSCryptoAlgorithmDictionary::createParametersForVerify):
2627         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDigest):
2628         (WebCore::JSCryptoAlgorithmDictionary::createParametersForGenerateKey):
2629         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveKey):
2630         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveBits):
2631         (WebCore::JSCryptoAlgorithmDictionary::createParametersForImportKey):
2632         (WebCore::JSCryptoAlgorithmDictionary::createParametersForExportKey):
2633         * bindings/js/JSCryptoAlgorithmDictionary.h:
2634         * bindings/js/JSCryptoKeySerializationJWK.cpp:
2635         (WebCore::createHMACParameters):
2636         (WebCore::createRSAKeyParametersWithHash):
2637         (WebCore::JSCryptoKeySerializationJWK::reconcileAlgorithm):
2638         * bindings/js/JSCryptoKeySerializationJWK.h:
2639         * bindings/js/JSSubtleCryptoCustom.cpp:
2640         (WebCore::createAlgorithmFromJSValue):
2641         (WebCore::importKey):
2642         (WebCore::JSSubtleCrypto::importKey):
2643         (WebCore::JSSubtleCrypto::wrapKey):
2644         (WebCore::JSSubtleCrypto::unwrapKey):
2645         * crypto/CryptoAlgorithm.h:
2646         * crypto/CryptoAlgorithmParameters.h:
2647         * crypto/CryptoAlgorithmRegistry.cpp:
2648         (WebCore::CryptoAlgorithmRegistry::create):
2649         * crypto/CryptoAlgorithmRegistry.h:
2650         * crypto/CryptoKeySerialization.h:
2651         * crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:
2652         (WebCore::CryptoAlgorithmAES_CBC::create):
2653         * crypto/algorithms/CryptoAlgorithmAES_CBC.h:
2654         * crypto/algorithms/CryptoAlgorithmAES_KW.cpp:
2655         (WebCore::CryptoAlgorithmAES_KW::create):
2656         * crypto/algorithms/CryptoAlgorithmAES_KW.h:
2657         * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
2658         (WebCore::CryptoAlgorithmHMAC::create):
2659         * crypto/algorithms/CryptoAlgorithmHMAC.h:
2660         * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:
2661         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::create):
2662         * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.h:
2663         * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
2664         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::create):
2665         * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
2666         * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:
2667         (WebCore::CryptoAlgorithmRSA_OAEP::create):
2668         * crypto/algorithms/CryptoAlgorithmRSA_OAEP.h:
2669         * crypto/algorithms/CryptoAlgorithmSHA1.cpp:
2670         (WebCore::CryptoAlgorithmSHA1::create):
2671         * crypto/algorithms/CryptoAlgorithmSHA1.h:
2672         * crypto/algorithms/CryptoAlgorithmSHA224.cpp:
2673         (WebCore::CryptoAlgorithmSHA224::create):
2674         * crypto/algorithms/CryptoAlgorithmSHA224.h:
2675         * crypto/algorithms/CryptoAlgorithmSHA256.cpp:
2676         (WebCore::CryptoAlgorithmSHA256::create):
2677         * crypto/algorithms/CryptoAlgorithmSHA256.h:
2678         * crypto/algorithms/CryptoAlgorithmSHA384.cpp:
2679         (WebCore::CryptoAlgorithmSHA384::create):
2680         * crypto/algorithms/CryptoAlgorithmSHA384.h:
2681         * crypto/algorithms/CryptoAlgorithmSHA512.cpp:
2682         (WebCore::CryptoAlgorithmSHA512::create):
2683         * crypto/algorithms/CryptoAlgorithmSHA512.h:
2684         * crypto/gnutls/CryptoAlgorithmAES_CBCGnuTLS.cpp:
2685         (WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
2686         (WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):
2687         * crypto/gnutls/CryptoAlgorithmAES_KWGnuTLS.cpp:
2688         (WebCore::CryptoAlgorithmAES_KW::platformEncrypt):
2689         (WebCore::CryptoAlgorithmAES_KW::platformDecrypt):
2690         * crypto/gnutls/CryptoAlgorithmHMACGnuTLS.cpp:
2691         (WebCore::CryptoAlgorithmHMAC::platformSign):
2692         (WebCore::CryptoAlgorithmHMAC::platformVerify):
2693         * crypto/gnutls/CryptoAlgorithmRSAES_PKCS1_v1_5GnuTLS.cpp:
2694         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformEncrypt):
2695         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformDecrypt):
2696         * crypto/gnutls/CryptoAlgorithmRSASSA_PKCS1_v1_5GnuTLS.cpp:
2697         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign):
2698         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify):
2699         * crypto/gnutls/CryptoAlgorithmRSA_OAEPGnuTLS.cpp:
2700         (WebCore::CryptoAlgorithmRSA_OAEP::platformEncrypt):
2701         (WebCore::CryptoAlgorithmRSA_OAEP::platformDecrypt):
2702         * crypto/keys/CryptoKeySerializationRaw.cpp:
2703         (WebCore::CryptoKeySerializationRaw::reconcileAlgorithm):
2704         * crypto/keys/CryptoKeySerializationRaw.h:
2705
2706 2016-07-09  Antti Koivisto  <antti@apple.com>
2707
2708         REGRESSION (r202931): breaks release builds with ASSERT_WITH_SECURITY_IMPLICATION for fuzzing
2709         https://bugs.webkit.org/show_bug.cgi?id=159599
2710         rdar://problem/27248835
2711
2712         Reviewed by Chris Dumez.
2713
2714         Make RenderStyle::deletionHasBegun() available with ENABLE(SECURITY_ASSERTIONS)
2715
2716         * rendering/style/RenderStyle.cpp:
2717         (WebCore::RenderStyle::~RenderStyle):
2718         * rendering/style/RenderStyle.h:
2719         (WebCore::RenderStyle::deletionHasBegun):
2720
2721 2016-07-09  Youenn Fablet  <youenn@apple.com>
2722
2723         Make use of PrivateIdentifier to simplify Fetch Headers built-in checks
2724         https://bugs.webkit.org/show_bug.cgi?id=159554
2725
2726         Reviewed by Alex Christensen.
2727
2728         Test: fetch/header-constructor-overriden.html
2729         Patch does not change visible behavior.
2730
2731         * Modules/fetch/FetchHeaders.idl: Adding PrivateIdentifier to the Headers constructor.
2732         * Modules/fetch/FetchHeaders.js:
2733         (initializeFetchHeaders): Checking directly with @Headers for improved clarity.
2734         * Modules/fetch/FetchResponse.js: Using @Headers to check whether creating a Headers object or not before
2735         passsing it to C++ FetchResponse initialize method.
2736         (initializeFetchResponse):
2737         * bindings/js/WebCoreBuiltinNames.h: Adding Headers private name.
2738
2739 2016-07-08  Chris Dumez  <cdumez@apple.com>
2740
2741         adoptNode() changes css class to lowercase for document loaded with XHR responseType = "document"
2742         https://bugs.webkit.org/show_bug.cgi?id=159555
2743         <rdar://problem/27252541>
2744
2745         Reviewed by Ryosuke Niwa.
2746
2747         When adopting an Element from another document which has a different quirks mode,
2748         case-sensitivity for id and class attributes differs and we need to correctly
2749         update members such as ElementData::m_classNames or ElementData::m_idForStyleResolution.
2750
2751         To address the issue, have Element override didMoveToNewDocument() and call
2752         attributeChanged() for id and class attributes.
2753
2754         Test: fast/dom/Document/adoptNode-quirks-mismatch.html
2755
2756         * dom/Element.cpp:
2757         (WebCore::Element::didMoveToNewDocument):
2758         * dom/Element.h:
2759
2760 2016-07-08  Daniel Bates  <dabates@apple.com>
2761
2762         Cleanup: Remove use of PassRefPtr from class HTMLTableElement
2763         https://bugs.webkit.org/show_bug.cgi?id=159587
2764
2765         Reviewed by Chris Dumez.
2766
2767         * html/HTMLTableElement.cpp:
2768         (WebCore::HTMLTableElement::setCaption): Take a rvalue reference to a RefPtr instead of a PassRefPtr.
2769         (WebCore::HTMLTableElement::setTHead): Take a rvalue reference to a RefPtr instead of a PassRefPtr. Also
2770         fix a style nit; add curly braces around the for-loop body since its body is more than a single line.
2771         (WebCore::HTMLTableElement::createTHead): Use Ref::copyRef() instead of Ref::ptr() to pass the instantiated
2772         table section to better convey that we are passing a copy of the table section.
2773         (WebCore::HTMLTableElement::createCaption): Ditto.
2774         * html/HTMLTableElement.h:
2775
2776 2016-07-08  Daniel Bates  <dabates@apple.com>
2777
2778         Move shouldInheritSecurityOriginFromOwner() from URL to Document
2779         https://bugs.webkit.org/show_bug.cgi?id=158987
2780
2781         Reviewed by Alex Christensen.
2782
2783         The URL class should not have knowledge of the concept of an origin or the semantics of origin
2784         inheritance as these are higher level concepts. We should make URL::shouldInheritSecurityOriginFromOwner()
2785         a static non-member, non-friend function of Document because its implements the origin semantics
2786         for a Document object as described in section Origin of the HTML5 spec., <https://html.spec.whatwg.org/multipage/browsers.html#origin> (8 July 2016).
2787         These semantics only apply to Documents.
2788
2789         No functionality changed. So, no new tests.
2790
2791         * dom/Document.cpp:
2792         (WebCore::shouldInheritSecurityOriginFromOwner): Added.
2793         (WebCore::Document::initSecurityContext): Modified to call WebCore::shouldInheritSecurityOriginFromOwner().
2794         (WebCore::Document::initContentSecurityPolicy): Ditto.
2795         * platform/URL.cpp:
2796         (WebCore::URL::shouldInheritSecurityOriginFromOwner): Deleted.
2797         * platform/URL.h:
2798
2799 2016-07-08  Daniel Bates  <dabates@apple.com>
2800
2801         Setting table.tFoot or calling table.createTFoot() should append HTML tfont element to the end of the table
2802         https://bugs.webkit.org/show_bug.cgi?id=159583
2803         <rdar://problem/27255292>
2804
2805         In HTMLTableElement::createTFoot() I inadvertently made use of WTFMove() to move the instantiated
2806         HTMLTableSectionElement into the argument passed to setTFoot(). We should use Ref::copyRef() instead
2807         because we want this function to return the instantiated table section.
2808
2809         * html/HTMLTableElement.cpp:
2810         (WebCore::HTMLTableElement::createTFoot):
2811
2812 2016-07-08  Daniel Bates  <dabates@apple.com>
2813
2814         Setting table.tFoot or calling table.createTFoot() should append HTML tfont element to the end of the table
2815         https://bugs.webkit.org/show_bug.cgi?id=159583
2816         <rdar://problem/27255292>
2817
2818         Reviewed by Chris Dumez.
2819
2820         he HTML standard has long since been revised to describe that assignment to property table.tFoot
2821         or invoking table.createTFoot() will append the HTML tfoot element to the end of the table. This
2822         behavior is defined in <https://html.spec.whatwg.org/multipage/tables.html#dom-table-tfoot> (8 July 2016)
2823         and <https://html.spec.whatwg.org/multipage/tables.html#dom-table-createtfoot> for the property
2824         table.tFoot and table.createTFoot(), respectively. This change makes our behavior match the
2825         behavior in Mozilla Firefox, Microsoft Edge, Microsoft Internet Explorer 8 and later.
2826
2827         * html/HTMLTableElement.cpp:
2828         (WebCore::HTMLTableElement::setTFoot): Append <tfoot> to the end of the table. Use RefPtr<>&& instead of PassRefPtr.
2829         (WebCore::HTMLTableElement::createTFoot): Use RefPtr<>&& instead of PassRefPtr.
2830         * html/HTMLTableElement.h:
2831
2832 2016-07-08  Jer Noble  <jer.noble@apple.com>
2833
2834         Crash in layout test /media/video-buffered-range-contains-currentTime.html
2835         https://bugs.webkit.org/show_bug.cgi?id=159109
2836         <rdar://problem/26535750>
2837
2838         Reviewed by Alex Christensen.
2839
2840         Protect against _dataTasks being mutated and accessed on multiple simultaneous threads with a Lock.
2841
2842         * platform/network/cocoa/WebCoreNSURLSession.h:
2843         * platform/network/cocoa/WebCoreNSURLSession.mm:
2844         (-[WebCoreNSURLSession dealloc]):
2845         (-[WebCoreNSURLSession taskCompleted:]):
2846         (-[WebCoreNSURLSession finishTasksAndInvalidate]):
2847         (-[WebCoreNSURLSession invalidateAndCancel]):
2848         (-[WebCoreNSURLSession getTasksWithCompletionHandler:]):
2849         (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]):
2850         (-[WebCoreNSURLSession dataTaskWithRequest:]):
2851         (-[WebCoreNSURLSession dataTaskWithURL:]):
2852
2853 2016-07-08  Jeremy Jones  <jeremyj@apple.com>
2854
2855         Prevent fullscreen video dimension state from being reset after configuring.
2856         https://bugs.webkit.org/show_bug.cgi?id=159578
2857
2858         Reviewed by Jer Noble.
2859
2860         This change moves setVideoElement() to after setMediaElement(), since setMediaElement() resets the
2861         mediaState, undoing the configuration done by setVideoElement().
2862
2863         This change is fragile, but minimal. The proper, more comprehinsive fix will come later from
2864         https://bugs.webkit.org/show_bug.cgi?id=159580.
2865
2866         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
2867         (WebVideoFullscreenControllerContext::setUpFullscreen):
2868
2869 2016-07-08  Andy Estes  <aestes@apple.com>
2870
2871         [Content Filtering] Load blocked pages more like other error pages are loaded
2872         https://bugs.webkit.org/show_bug.cgi?id=159485
2873         <rdar://problem/26014076>
2874
2875         Reviewed by Brady Eidson.
2876
2877         Content filter blocked pages were being loaded by cancelling the provisional load of the
2878         page that was blocked and then scheduling a navigation to the content filter error page.
2879         Some clients would not expect a new, Web process-initiated provisional navigation to start
2880         after a cancellation, though, and this would put them in a bad state.
2881         
2882         This patch changes blocked page loading to behave more like loading other error pages.
2883         Specifically:
2884         1. didFailProvisionalLoad is dispatched with a new, non-cancellation error code.
2885         2. The blocked page is loaded immediately after dispatching didFailProvisionalLoad, which
2886            prevents FrameLoader from creating a new back-forward list item for the substitute data load.
2887         3. A substitute data load initiated by the client for the blocked URL is ignored if
2888            ContentFilter will display its own error page.
2889         4. A file: URL is used instead of a custom scheme for the base URL of the blocked page,
2890            since some clients expect this.
2891
2892         Updated existing tests to capture frame load delegate callbacks and the back forward list.
2893         Added new API tests: ContentFiltering.LoadAlternate*.
2894
2895         * English.lproj/Localizable.strings: Added a WebKitErrorFrameLoadBlockedByContentFilter description.
2896         * Resources/ContentFilterBlockedPage.html: Added.
2897         * WebCore.xcodeproj/project.pbxproj: Added ContentFilterBlockedPage.html as a frameowrk resource.
2898         * loader/ContentFilter.cpp:
2899         (WebCore::ContentFilter::continueAfterWillSendRequest): Protected m_documentLoader,
2900         since it might otherwise be deallocated inside ContentFilter::didDecide() if the load is blocked.
2901         (WebCore::ContentFilter::stopFilteringMainResource): Only set m_state to Stopped if not
2902         already Blocked, so that we don't forget this ContentFilter was blocked when calling
2903         cancelMailResourceLoad() in didDecide().
2904         (WebCore::ContentFilter::continueAfterResponseReceived): Protected m_documentLoader,
2905         since it might otherwise be deallocated inside ContentFilter::didDecide() if the load is blocked.
2906         (WebCore::ContentFilter::continueAfterDataReceived): Ditto.
2907         (WebCore::ContentFilter::continueAfterNotifyFinished): Ditto.
2908         (WebCore::ContentFilter::didDecide): Moved code from DocumentLoader::contentFilterDidBlock() to here.
2909         Created a blockedByContentFilterError() and called cancelMainResourceLoad().
2910         (WebCore::blockedPageURL): Returned a file: URL to ContentFilterBlockedPage.html in WebCore.framework.
2911         (WebCore::ContentFilter::continueAfterSubstituteDataRequest): If the substitute data load
2912         is for the same failingURL as the currently-displayed blocked page, ignore it.
2913         (WebCore::ContentFilter::handleProvisionalLoadFailure): Load the blocked page if m_state is Blocked
2914         and the ResourceError matches the error we used when previously calling cancelMainResourceLoad().
2915         (WebCore::ContentFilter::unblockHandler): Deleted.
2916         (WebCore::ContentFilter::replacementData): Deleted.
2917         (WebCore::ContentFilter::unblockRequestDeniedScript): Deleted.
2918         * loader/ContentFilter.h:
2919         * loader/DocumentLoader.cpp:
2920         (WebCore::DocumentLoader::contentFilter): Returned m_contentFilter.
2921         (WebCore::DocumentLoader::installContentFilterUnblockHandler): Deleted.
2922         (WebCore::DocumentLoader::contentFilterDidBlock): Deleted.
2923         * loader/DocumentLoader.h:
2924         * loader/EmptyClients.h: Added a default implementation of blockedByContentFilterError().
2925         * loader/FrameLoader.cpp:
2926         (WebCore::FrameLoader::load): If m_loadType was already RedirectWithLockedBackForwardList
2927         and we are loading subsitute data for a failing URL, continue to use RedirectWithLockedBackForwardList.
2928         This prevents a new back-forward list item from being created when loading a blocked page in a subframe.
2929         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
2930         Called ContentFilter::handleProvisionalLoadFailure() after dispatchDidFailProvisionalLoad().
2931         (WebCore::FrameLoader::blockedByContentFilterError): Called FrameLoaderClient::blockedByContentFilterError().
2932         * loader/FrameLoader.h:
2933         * loader/FrameLoaderClient.h:
2934         * loader/NavigationScheduler.cpp:
2935         (WebCore::ScheduledSubstituteDataLoad::ScheduledSubstituteDataLoad): Deleted.
2936         (WebCore::NavigationScheduler::scheduleSubstituteDataLoad): Deleted.
2937         * loader/NavigationScheduler.h:
2938         * loader/PolicyChecker.cpp:
2939         (WebCore::PolicyChecker::checkNavigationPolicy): Ignored a substitute data load for a
2940         failing URL if ContentFilter::continueAfterSubstituteDataRequest() returns false.
2941
2942 2016-07-08  Myles C. Maxfield  <mmaxfield@apple.com>
2943
2944         [Font Loading] The callback passed to document.fonts.ready should always be called
2945         https://bugs.webkit.org/show_bug.cgi?id=158884
2946
2947         Reviewed by Dean Jackson.
2948
2949         The boolean was simply not being reset when loads start.
2950
2951         Test: fast/text/font-face-set-ready-fire.html
2952
2953         * css/FontFaceSet.cpp:
2954         (WebCore::FontFaceSet::startedLoading):
2955         * css/FontFaceSet.h:
2956
2957 2016-07-08  Commit Queue  <commit-queue@webkit.org>
2958
2959         Unreviewed, rolling out r202944.
2960         https://bugs.webkit.org/show_bug.cgi?id=159570
2961
2962         caused some tests to crash under GuardMalloc (Requested by
2963         estes on #webkit).
2964
2965         Reverted changeset:
2966
2967         "[Content Filtering] Load blocked pages more like other error
2968         pages are loaded"
2969         https://bugs.webkit.org/show_bug.cgi?id=159485
2970         http://trac.webkit.org/changeset/202944
2971
2972 2016-07-08  Antti Koivisto  <antti@apple.com>
2973
2974         Regression(r201805): Crash with <use> resource that has Vary header
2975         https://bugs.webkit.org/show_bug.cgi?id=159560
2976         <rdar://problem/27034208>
2977
2978         Reviewed by Chris Dumez.
2979
2980         In some situations (SVG <use> element for example) we may try to load resources from frameless documents.
2981         Such loads always fail. The new vary header verification code path tried to access the frame earlier without
2982         null check.
2983
2984         Test: http/tests/cache/vary-frameless-document.html
2985
2986         * loader/cache/CachedResource.cpp:
2987         (WebCore::CachedResource::failBeforeStarting):
2988         (WebCore::addAdditionalRequestHeadersToRequest):
2989
2990             Null check frame.
2991             Also move the resource type check here so all callers get the same behavior.
2992
2993         (WebCore::CachedResource::addAdditionalRequestHeaders):
2994         (WebCore::CachedResource::load):
2995         (WebCore::CachedResource::varyHeaderValuesMatch):
2996
2997 2016-07-08  Brady Eidson  <beidson@apple.com>
2998
2999         Clearing LocalStorage doesn't also delete -wal and -shm files.
3000         <rdar://problem/27206772> and https://bugs.webkit.org/show_bug.cgi?id=159566
3001
3002         Reviewed by Brent Fulgham.
3003         Also helpfully picked over by Andy "Never Forgets" Estes.
3004
3005         Covered by new API test.
3006
3007         * WebCore.xcodeproj/project.pbxproj:
3008
3009         * platform/sql/SQLiteFileSystem.h:
3010
3011 2016-07-08  Commit Queue  <commit-queue@webkit.org>
3012
3013         Unreviewed, rolling out r202945.
3014         https://bugs.webkit.org/show_bug.cgi?id=159565
3015
3016         The test for this change is failing on all platforms.
3017         (Requested by ryanhaddad on #webkit).
3018
3019         Reverted changeset:
3020
3021         "[Font Loading] The callback passed to document.fonts.ready
3022         should always be called"
3023         https://bugs.webkit.org/show_bug.cgi?id=158884
3024         http://trac.webkit.org/changeset/202945
3025
3026 2016-07-08  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
3027
3028         ExecState should be passed by reference in JS bindings generator for custom constructors
3029         https://bugs.webkit.org/show_bug.cgi?id=159357
3030
3031         Reviewed by Youenn Fablet.
3032
3033         Pass ExecState as a reference instead of pointer in JS bindings
3034         code for custom constructors.
3035
3036         * bindings/js/JSAudioContextCustom.cpp:
3037         (WebCore::constructJSAudioContext):
3038         * bindings/js/JSBlobCustom.cpp:
3039         (WebCore::constructJSBlob):
3040         * bindings/js/JSDOMFormDataCustom.cpp:
3041         (WebCore::constructJSDOMFormData):
3042         (WebCore::JSDOMFormData::append):
3043         * bindings/js/JSDataCueCustom.cpp:
3044         (WebCore::constructJSDataCue):
3045         * bindings/js/JSFileCustom.cpp:
3046         (WebCore::constructJSFile):
3047         * bindings/js/JSHTMLElementCustom.cpp:
3048         (WebCore::constructJSHTMLElement):
3049         * bindings/js/JSMediaSessionCustom.cpp:
3050         (WebCore::constructJSMediaSession):
3051         * bindings/js/JSMutationObserverCustom.cpp:
3052         (WebCore::constructJSMutationObserver):
3053         * bindings/js/JSReadableStreamPrivateConstructors.cpp:
3054         (WebCore::constructJSReadableStreamController):
3055         (WebCore::constructJSReadableStreamReader):
3056         * bindings/js/JSWebKitPointCustom.cpp:
3057         (WebCore::constructJSWebKitPoint):
3058         * bindings/js/JSWorkerCustom.cpp:
3059         (WebCore::constructJSWorker):
3060         * bindings/scripts/CodeGeneratorJS.pm:
3061         (GenerateHeader):
3062         (GenerateConstructorDefinition):
3063         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
3064         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectConstructor::construct):
3065         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
3066
3067 2016-07-08  Olivier Blin  <olivier.blin@softathome.com>
3068
3069         Expose crossOrigin attribute as a static property in HTMLMediaElement
3070         https://bugs.webkit.org/show_bug.cgi?id=159459
3071
3072         Reviewed by Chris Dumez.
3073
3074         The crossOrigin attribute is already used for MediaResourceLoader
3075         (r119742 and r175050), but it was not exposed as a static property.
3076
3077         This fixes VR360 support in Dailymotion, since it uses the "in"
3078         operator to detect if crossOrigin is supported by the
3079         HTMLVideoElement, in order to enable VR360.
3080
3081         No new tests, rebaselined existing tests, 150 WPT tests are fixed.
3082
3083         * html/HTMLMediaElement.cpp:
3084         (WebCore::HTMLMediaElement::setCrossOrigin):
3085         (WebCore::HTMLMediaElement::crossOrigin):
3086         * html/HTMLMediaElement.h:
3087         * html/HTMLMediaElement.idl:
3088
3089 2016-03-20  Frederic Wang  <fwang@igalia.com>
3090
3091         Use Fraction* parameters from the OpenType MATH table
3092         https://bugs.webkit.org/show_bug.cgi?id=155639
3093
3094         Reviewed by Brent Fulgham.
3095
3096         We improve the RenderMathMLFraction so minimal vertical shifts and gaps
3097         from the MATH table (or arbitrary fallback) are used for fractions.
3098         We also change the interpretation of "thick" and "thin" linethickness values
3099         to match Gecko's behavior and the one suggested in the MathML in HTML5 implementation note.
3100
3101         Test: imported/mathml-in-html5/mathml/presentation-markup/fractions/frac-parameters-1.html
3102
3103         * rendering/mathml/MathMLStyle.cpp:
3104         (WebCore::MathMLStyle::updateStyleIfNeeded): set NeedsLayout after displaystyle change
3105         so that dynamic MathML tests still work.
3106         * rendering/mathml/RenderMathMLFraction.cpp:
3107         (WebCore::RenderMathMLFraction::RenderMathMLFraction): Init LayoutUnit members to zero.
3108         (WebCore::RenderMathMLFraction::updateFromElement):
3109         Set new members for fraction gaps and shifts using Fraction* constants or some fallback
3110         values. Change the interpretation of "thick" and "thin".
3111         (WebCore::RenderMathMLFraction::layoutBlock): Use new constants affecting vertical
3112         positions of numerator and denominator.
3113         (WebCore::RenderMathMLFraction::paint): Use m_ascent to set the vertical position
3114         of the fraction bar.
3115         (WebCore::RenderMathMLFraction::firstLineBaseline): We just return m_ascent.
3116         * rendering/mathml/RenderMathMLFraction.h: Make updateFromElement public so that
3117         it can be used in MathMLStyle. Add LayoutUnit members for the ascent of the fraction
3118         and for minimal shifts/gaps values.
3119
3120 2016-07-08  Frederic Wang  <fwang@igalia.com>
3121
3122         Use Radical* constants from the OpenType MATH table.
3123         https://bugs.webkit.org/show_bug.cgi?id=155638
3124
3125         Reviewed by Brent Fulgham.
3126
3127         Test: mathml/mathml-in-html5/root-parameters-1.html
3128
3129         We make the radical vertical gap depends on displaystyle.
3130         This is the only remaining step to use all the Radical* constants from the MATH table.
3131         We also introduce a ruleThicknessFallback function for future use.
3132
3133         * rendering/mathml/RenderMathMLBlock.h:
3134         (WebCore::RenderMathMLBlock::ruleThicknessFallback): Add this helper function since that
3135         calculation is used in several places.
3136         * rendering/mathml/RenderMathMLRoot.cpp:
3137         (WebCore::RenderMathMLRoot::updateStyle): Reorganize the way we set constant parameters,
3138         add more comments and take into account the displaystyle for the vertical gap.
3139
3140 2016-07-08  Commit Queue  <commit-queue@webkit.org>
3141
3142         Unreviewed, rolling out r202967.
3143         https://bugs.webkit.org/show_bug.cgi?id=159556
3144
3145         This patch caused crashes in https tests on Windows (Requested
3146         by perarne on #webkit).
3147
3148         Reverted changeset:
3149
3150         "[Win] The test http/tests/security/contentSecurityPolicy
3151         /upgrade-insecure-requests/basic-upgrade.https.html is
3152         failing."
3153         https://bugs.webkit.org/show_bug.cgi?id=159510
3154         http://trac.webkit.org/changeset/202967
3155
3156 2016-07-08  Youenn Fablet  <youenn@apple.com>
3157
3158         Generate WebCore builtin wrapper files
3159         https://bugs.webkit.org/show_bug.cgi?id=159461
3160
3161         Reviewed by Brian Burg.
3162
3163         No change of behavior.
3164
3165         Updating build system to handle new built-in generators without modifying WebCoreJSBuiltins* files.
3166         The generator is now passed all built-ins at once so that wrapper files can be generated.
3167         Removing WebCoreJSBuiltins* checked-in wrapper files.
3168
3169         * CMakeLists.txt:
3170         * DerivedSources.make:
3171         * WebCore.xcodeproj/project.pbxproj:
3172         * bindings/js/JSDOMGlobalObject.cpp:
3173         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
3174         * bindings/js/JSDOMGlobalObject.h:
3175         * bindings/js/WebCoreJSBuiltinInternals.cpp: Removed.
3176         * bindings/js/WebCoreJSBuiltinInternals.h: Removed.
3177         * bindings/js/WebCoreJSBuiltins.cpp: Removed.
3178         * bindings/js/WebCoreJSBuiltins.h: Removed.
3179
3180 2016-07-08  Manuel Rego Casasnovas  <rego@igalia.com>
3181
3182         [css-grid] Inline size is never indefinite during layout
3183         https://bugs.webkit.org/show_bug.cgi?id=159253
3184
3185         Reviewed by Sergio Villar Senin.
3186
3187         The issue is that the inline size of the grid container
3188         is only indefinite while we're computing the intrinsic sizes.
3189         During layout we should be able to resolve the percentage tracks
3190         against that size. This makes Grid Layout compatible with regular blocks
3191         regarding how inline percentages are resolved.
3192
3193         The patch passes the SizingOperation enum to RenderGrid::gridTrackSize().
3194         That way we can know if we're computing the intrinsic sizes or not.
3195
3196         Test: fast/css-grid-layout/grid-container-percentage-columns.html
3197
3198         * rendering/RenderGrid.cpp:
3199         (WebCore::RenderGrid::computeTrackSizesForDirection):
3200         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
3201         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
3202         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
3203         (WebCore::RenderGrid::gridTrackSize):
3204         (WebCore::RenderGrid::minSizeForChild):
3205         (WebCore::RenderGrid::spanningItemCrossesFlexibleSizedTracks):
3206         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
3207         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
3208         (WebCore::RenderGrid::tracksAreWiderThanMinTrackBreadth):
3209         (WebCore::RenderGrid::rawGridTrackSize): Deleted.
3210         * rendering/RenderGrid.h:
3211
3212 2016-07-08  Frederic Wang  <fwang@igalia.com>
3213
3214         Use OpenType MATH constant AxisHeight.
3215         https://bugs.webkit.org/show_bug.cgi?id=133567
3216
3217         Reviewed by Brent Fulgham.
3218
3219         We make RenderMathMLOperator and RenderMathMLTable use the OpenType MATH constant AxisHeight.
3220         These are the only remaining cases to handle since RenderMathMLFraction already uses that constant.
3221
3222         Tests: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
3223               imported/mathml-in-html5/mathml/presentation-markup/tables/table-axis-height.html
3224
3225         * rendering/mathml/RenderMathMLBlock.cpp: Make RenderMathMLTable use the math axis
3226         for its vertical alignment and update a bit the comments.
3227         (WebCore::axisHeight): Move the code in a static function that can be called by
3228         RenderMathMLBlock and RenderMathMLTable.
3229         (WebCore::RenderMathMLBlock::mathAxisHeight): Use axisHeight.
3230         (WebCore::RenderMathMLTable::firstLineBaseline): Ditto.
3231         * rendering/mathml/RenderMathMLOperator.cpp:
3232         (WebCore::RenderMathMLOperator::stretchTo):
3233
3234 2016-07-08  Manuel Rego Casasnovas  <rego@igalia.com>
3235
3236         [css-grid] Disallow repeat() in grid-template shorthand
3237         https://bugs.webkit.org/show_bug.cgi?id=159200
3238
3239         Reviewed by Sergio Villar Senin.
3240
3241         As discussed on www-style, "repeat()" notation shouldn't be allowed
3242         in the ASCII branch of the grid-template shorthand.
3243         https://lists.w3.org/Archives/Public/www-style/2016May/0193.html
3244
3245         The patch uses an enum to invalidate "repeat()" when parsing
3246         the grid-template shorthand.
3247
3248         Test: fast/css-grid-layout/grid-template-shorthand-get-set.html
3249
3250         * css/CSSParser.cpp:
3251         (WebCore::CSSParser::parseGridTemplateColumns): Add enum.
3252         (WebCore::CSSParser::parseGridTemplateRowsAndAreasAndColumns): Pass "DisallowRepeat"
3253         when calling parseGridTemplateColumns().
3254         (WebCore::CSSParser::parseGridTrackList): Use enum to allow/disallow repeat.
3255         * css/CSSParser.h: Define the new enum and modify method signatures to use it,
3256         setting it to "AllowRepeat" by default.
3257
3258 2016-07-08  Frederic Wang  <fwang@igalia.com>
3259
3260         Add support for movablelimits.
3261         https://bugs.webkit.org/show_bug.cgi?id=155542
3262
3263         Reviewed by Brent Fulgham.
3264
3265         Tests: mathml/presentation/displaystyle-1.html
3266                mathml/presentation/displaystyle-2.html
3267                mathml/presentation/displaystyle-3.html
3268                mathml/presentation/mo-movablelimits-default.html
3269                mathml/presentation/mo-movablelimits-dynamic.html
3270                mathml/presentation/mo-movablelimits.html
3271
3272         * mathml/MathMLTextElement.cpp:
3273         (WebCore::MathMLTextElement::parseAttribute): Take into account change of movablelimits.
3274         * rendering/mathml/MathMLOperatorDictionary.h: Remove FIXME comment.
3275         * rendering/mathml/MathMLStyle.cpp:
3276         (WebCore::MathMLStyle::updateStyleIfNeeded): Force relayout and width computation when a
3277         displaystyle value change.
3278         * rendering/mathml/RenderMathMLOperator.h:
3279         (WebCore::RenderMathMLOperator::shouldMoveLimits): Helper function to test if the operator
3280         should have his limits moved when used as a base of munder/mover/munderover.
3281         * rendering/mathml/RenderMathMLScripts.cpp: Allow munderover/munder/mover elements to use
3282         this class and take the same behavior as the corresponding msubsup/msub/sup except for
3283         the *scriptshift attributes.
3284         (WebCore::RenderMathMLScripts::RenderMathMLScripts):
3285         (WebCore::RenderMathMLScripts::getBaseAndScripts):
3286         (WebCore::RenderMathMLScripts::computePreferredLogicalWidths):
3287         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
3288         (WebCore::RenderMathMLScripts::layoutBlock):
3289         * rendering/mathml/RenderMathMLScripts.h: Allow some members to be accessible/overridden
3290         by RenderMathMLUnderOver and add munderover/munder/mover in the kind.
3291         * rendering/mathml/RenderMathMLUnderOver.cpp:
3292         (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver): We use the code from
3293         RenderMathMLScripts to initialize m_kind.
3294         (WebCore::RenderMathMLUnderOver::shouldMoveLimits): New function to determine if the base
3295         should move its limits.
3296         (WebCore::RenderMathMLUnderOver::computePreferredLogicalWidths): We use the code from
3297         RenderMathMLScripts when the base should move its limits.
3298         (WebCore::RenderMathMLUnderOver::layoutBlock): We use the code from RenderMathMLScripts when
3299         the base should move its limits. Also improve the early return for invalid markup.
3300         (WebCore::RenderMathMLUnderOver::unembellishedOperator): Deleted. We use the code from RenderMathMLScripts.
3301         (WebCore::RenderMathMLUnderOver::firstLineBaseline): Deleted. We use the code from RenderMathMLScripts.
3302         * rendering/mathml/RenderMathMLUnderOver.h: We now inherit from RenderMathMLScripts and can
3303         just remove members that exist in the parent. We define shouldMoveLimits() to determine
3304         when the layout should be done the same as RenderMathMLScripts. For now, we try and be
3305         safe with the rest of the code by continuing to claim that we are not a RenderMathMLScripts.
3306
3307 2016-07-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
3308
3309         Clean up PassRefPtr in Modules/webaudio
3310         https://bugs.webkit.org/show_bug.cgi?id=159540
3311
3312         Reviewed by Alex Christensen.
3313
3314         Purge PassRefPtr in webaudio directory.
3315
3316         No new tests, no behavior changes.
3317
3318         * Modules/webaudio/AsyncAudioDecoder.h:
3319         * Modules/webaudio/AudioBasicProcessorNode.h:
3320         * Modules/webaudio/AudioBuffer.h:
3321         * Modules/webaudio/AudioBufferSourceNode.h:
3322         * Modules/webaudio/AudioListener.h:
3323         * Modules/webaudio/AudioParam.h:
3324         * Modules/webaudio/AudioParamTimeline.h:
3325         (WebCore::AudioParamTimeline::ParamEvent::ParamEvent):
3326         * Modules/webaudio/AudioProcessingEvent.cpp:
3327         (WebCore::AudioProcessingEvent::AudioProcessingEvent):
3328         * Modules/webaudio/AudioProcessingEvent.h:
3329         (WebCore::AudioProcessingEvent::create):
3330         * Modules/webaudio/ChannelMergerNode.h:
3331         * Modules/webaudio/ChannelSplitterNode.h:
3332         * Modules/webaudio/GainNode.h:
3333         * Modules/webaudio/MediaElementAudioSourceNode.h:
3334         * Modules/webaudio/MediaStreamAudioDestinationNode.h:
3335         * Modules/webaudio/MediaStreamAudioSource.cpp:
3336         (WebCore::MediaStreamAudioSource::addAudioConsumer):
3337         * Modules/webaudio/MediaStreamAudioSource.h:
3338         * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
3339         (WebCore::OfflineAudioCompletionEvent::create):
3340         (WebCore::OfflineAudioCompletionEvent::OfflineAudioCompletionEvent):
3341         * Modules/webaudio/OfflineAudioCompletionEvent.h:
3342         * Modules/webaudio/OfflineAudioDestinationNode.h:
3343         * Modules/webaudio/OscillatorNode.h:
3344         * Modules/webaudio/PeriodicWave.h:
3345         * Modules/webaudio/ScriptProcessorNode.h:
3346
3347 2016-07-07  Per Arne Vollan  <pvollan@apple.com>
3348
3349         [Win] The test http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade.https.html is failing.
3350         https://bugs.webkit.org/show_bug.cgi?id=159510
3351
3352         Reviewed by Brent Fulgham.
3353
3354         On Windows, validate certificate chain even when any https certificate is allowed.
3355
3356         * platform/network/cf/ResourceHandleCFNet.cpp:
3357         (WebCore::ResourceHandle::createCFURLConnection):
3358
3359 2016-07-07  Frederic Wang  <fwang@igalia.com>
3360
3361         Bug 155792 - Basic implementation of mpadded
3362         https://bugs.webkit.org/show_bug.cgi?id=155792
3363
3364         Reviewed by Brent Fulgham.
3365
3366         We implement a basic support for the mpadded element.
3367         We support most of the attribute values except pseudo-units or negative values.
3368
3369         Tests: mathml/presentation/mpadded-1-2.html
3370                mathml/presentation/mpadded-1.html
3371                mathml/presentation/mpadded-2.html
3372                mathml/presentation/mpadded-3.html
3373                mathml/presentation/mpadded-unsupported-values.html
3374                mathml/presentation/mpadded-dynamic.html
3375
3376         * CMakeLists.txt: Add RenderMathMLPadded to the build system.
3377         * WebCore.xcodeproj/project.pbxproj: Ditto.
3378         * mathml/MathMLInlineContainerElement.cpp:
3379         (WebCore::MathMLInlineContainerElement::createElementRenderer): Create the renderer
3380         for mpadded.
3381         * mathml/mathattrs.in: Add voffset attribute.
3382         * mathml/mathtags.in: Make mpadded use MathMLInlineContainerElement.
3383         * rendering/RenderObject.h:
3384         (WebCore::RenderObject::isRenderMathMLPadded): Define isRenderMathMLPadded.
3385         * rendering/mathml/RenderMathMLPadded.cpp: Added.
3386         We do a simple implementation by overriding the behavior of RenderMathMLRow and forcing
3387         relayout after attribute or style change.
3388         (WebCore::RenderMathMLPadded::RenderMathMLPadded):
3389         (WebCore::RenderMathMLPadded::computePreferredLogicalWidths):
3390         (WebCore::RenderMathMLPadded::layoutBlock):
3391         (WebCore::RenderMathMLPadded::updateFromElement):
3392         (WebCore::RenderMathMLPadded::styleDidChange):
3393         (WebCore::RenderMathMLPadded::firstLineBaseline):
3394         * rendering/mathml/RenderMathMLPadded.h: Added.
3395
3396 2016-07-07  Frederic Wang  <fwang@igalia.com>
3397
3398         Move MathML-specific code into a separate accessibility class
3399         https://bugs.webkit.org/show_bug.cgi?id=159213
3400
3401         Reviewed by Chris Fleizach.
3402
3403         Currently, MathML accessibility is completely handled in the generic AccessibilityRenderObject
3404         and it's sometimes messy and unconvenient. Hence we move most of the MathML-specific code
3405         into a separate AccessibilityMathMLElement class to facilitate future work and maintenance.
3406
3407         No new tests, already covered by existing tests.
3408
3409         * CMakeLists.txt: Add new AccessibilityMathMLElement module.
3410         * WebCore.xcodeproj/project.pbxproj: Ditto.
3411         * accessibility/AccessibilityAllInOne.cpp: Ditto.
3412         * accessibility/AXObjectCache.cpp: Add MathML headers and create AccessibilityMathMLElement.
3413         (WebCore::createFromRenderer): Create AccessibilityMathMLElement for MathML elements and
3414         anonymous operators created by the mfenced element.
3415         * accessibility/AccessibilityMathMLElement.cpp: Added. This class handles all the MathML
3416         elements as well as the anonymous operators created by the mfenced element. A boolean is
3417         passed to the constructor to indicate whether we are in the latter case.
3418         (WebCore::AccessibilityMathMLElement::AccessibilityMathMLElement):
3419         (WebCore::AccessibilityMathMLElement::~AccessibilityMathMLElement):
3420         (WebCore::AccessibilityMathMLElement::create):
3421         (WebCore::AccessibilityMathMLElement::determineAccessibilityRole): Move handling of specific
3422         MathElementRole and DocumentMathRole here.
3423         (WebCore::AccessibilityMathMLElement::textUnderElement): Move retrieval of text from the
3424         anonymous operators here.
3425         (WebCore::AccessibilityMathMLElement::stringValue): Ditto.
3426         (WebCore::AccessibilityMathMLElement::isIgnoredElementWithinMathTree): Move the determination
3427         of ignored math elements here.
3428         (WebCore::AccessibilityMathMLElement::isMathFraction): Moved from AccessibilityRenderObject.
3429         (WebCore::AccessibilityMathMLElement::isMathFenced): Ditto.
3430         (WebCore::AccessibilityMathMLElement::isMathSubscriptSuperscript): Ditto.
3431         (WebCore::AccessibilityMathMLElement::isMathRow): Ditto.
3432         (WebCore::AccessibilityMathMLElement::isMathUnderOver): Ditto.
3433         (WebCore::AccessibilityMathMLElement::isMathSquareRoot): Ditto.
3434         (WebCore::AccessibilityMathMLElement::isMathToken): Ditto.
3435         (WebCore::AccessibilityMathMLElement::isMathRoot): Ditto.
3436         (WebCore::AccessibilityMathMLElement::isMathOperator): Ditto.
3437         (WebCore::AccessibilityMathMLElement::isAnonymousMathOperator): Move the determination of
3438         anonymous operators here. We now just return the boolean passed at creation time.
3439         (WebCore::AccessibilityMathMLElement::isMathFenceOperator): Moved from
3440         AccessibilityRenderObject.
3441         (WebCore::AccessibilityMathMLElement::isMathSeparatorOperator): Ditto.
3442         (WebCore::AccessibilityMathMLElement::isMathText): Ditto.
3443         (WebCore::AccessibilityMathMLElement::isMathNumber): Ditto.
3444         (WebCore::AccessibilityMathMLElement::isMathIdentifier): Ditto.
3445         (WebCore::AccessibilityMathMLElement::isMathMultiscript): Ditto.
3446         (WebCore::AccessibilityMathMLElement::isMathTable): Ditto.
3447         (WebCore::AccessibilityMathMLElement::isMathTableRow): Ditto.
3448         (WebCore::AccessibilityMathMLElement::isMathTableCell): Ditto.
3449         (WebCore::AccessibilityMathMLElement::isMathScriptObject): Ditto.
3450         (WebCore::AccessibilityMathMLElement::isMathMultiscriptObject): Ditto.
3451         (WebCore::AccessibilityMathMLElement::mathRadicandObject): Ditto.
3452         (WebCore::AccessibilityMathMLElement::mathRootIndexObject): Ditto.
3453         (WebCore::AccessibilityMathMLElement::mathNumeratorObject): Ditto.
3454         (WebCore::AccessibilityMathMLElement::mathDenominatorObject): Ditto.
3455         (WebCore::AccessibilityMathMLElement::mathUnderObject): Ditto.
3456         (WebCore::AccessibilityMathMLElement::mathOverObject): Ditto.
3457         (WebCore::AccessibilityMathMLElement::mathBaseObject): Ditto.
3458         (WebCore::AccessibilityMathMLElement::mathSubscriptObject): Ditto.
3459         (WebCore::AccessibilityMathMLElement::mathSuperscriptObject): Ditto.
3460         (WebCore::AccessibilityMathMLElement::mathFencedOpenString): Ditto.
3461         (WebCore::AccessibilityMathMLElement::mathFencedCloseString): Ditto.
3462         (WebCore::AccessibilityMathMLElement::mathPrescripts): Ditto.
3463         (WebCore::AccessibilityMathMLElement::mathPostscripts): Ditto.
3464         (WebCore::AccessibilityMathMLElement::mathLineThickness): Ditto.
3465         * accessibility/AccessibilityMathMLElement.h: Added.
3466         * accessibility/AccessibilityRenderObject.cpp:
3467         (WebCore::AccessibilityRenderObject::isIgnoredElementWithinMathTree): The cases of
3468         AccessibilityMathMLElement objects are now handled in the derived class. We remove the case
3469         of text node since the MathML code no longer creates anonymous text nodes after r202420.
3470         Anonymous block inserted into RenderMathMLBlocks to honor CSS rules are not AccessibilityMathMLElements
3471         and it does not seem safe to modify AXObjectCache::createFromRenderer to force that. Hence
3472         we still need to be handle them here.
3473         (WebCore::AccessibilityRenderObject::textUnderElement): This code is moved into AccessibilityMathMLElement.
3474         (WebCore::AccessibilityRenderObject::stringValue): Ditto.
3475         (WebCore::AccessibilityRenderObject::determineAccessibilityRole): Ditto.
3476         (WebCore::AccessibilityRenderObject::isMathElement): Deleted.
3477         (WebCore::AccessibilityRenderObject::isMathFraction): Deleted.
3478         (WebCore::AccessibilityRenderObject::isMathFenced): Deleted.
3479         (WebCore::AccessibilityRenderObject::isMathSubscriptSuperscript): Deleted.
3480         (WebCore::AccessibilityRenderObject::isMathRow): Deleted.
3481         (WebCore::AccessibilityRenderObject::isMathUnderOver): Deleted.
3482         (WebCore::AccessibilityRenderObject::isMathSquareRoot): Deleted.
3483         (WebCore::AccessibilityRenderObject::isMathToken): Deleted.
3484         (WebCore::AccessibilityRenderObject::isMathRoot): Deleted.
3485         (WebCore::AccessibilityRenderObject::isMathOperator): Deleted.
3486         (WebCore::AccessibilityRenderObject::isAnonymousMathOperator): Deleted.
3487         (WebCore::AccessibilityRenderObject::isMathFenceOperator): Deleted.
3488         (WebCore::AccessibilityRenderObject::isMathSeparatorOperator): Deleted.
3489         (WebCore::AccessibilityRenderObject::isMathText): Deleted.
3490         (WebCore::AccessibilityRenderObject::isMathNumber): Deleted.
3491         (WebCore::AccessibilityRenderObject::isMathIdentifier): Deleted.
3492         (WebCore::AccessibilityRenderObject::isMathMultiscript): Deleted.
3493         (WebCore::AccessibilityRenderObject::isMathTable): Deleted.
3494         (WebCore::AccessibilityRenderObject::isMathTableRow): Deleted.
3495         (WebCore::AccessibilityRenderObject::isMathTableCell): Deleted.
3496         (WebCore::AccessibilityRenderObject::isMathScriptObject): Deleted.
3497         (WebCore::AccessibilityRenderObject::isMathMultiscriptObject): Deleted.
3498         (WebCore::AccessibilityRenderObject::mathRadicandObject): Deleted.
3499         (WebCore::AccessibilityRenderObject::mathRootIndexObject): Deleted.
3500         (WebCore::AccessibilityRenderObject::mathNumeratorObject): Deleted.
3501         (WebCore::AccessibilityRenderObject::mathDenominatorObject): Deleted.
3502         (WebCore::AccessibilityRenderObject::mathUnderObject): Deleted.
3503         (WebCore::AccessibilityRenderObject::mathOverObject): Deleted.
3504         (WebCore::AccessibilityRenderObject::mathBaseObject): Deleted.
3505         (WebCore::AccessibilityRenderObject::mathSubscriptObject): Deleted.
3506         (WebCore::AccessibilityRenderObject::mathSuperscriptObject): Deleted.
3507         (WebCore::AccessibilityRenderObject::mathFencedOpenString): Deleted.
3508         (WebCore::AccessibilityRenderObject::mathFencedCloseString): Deleted.
3509         (WebCore::AccessibilityRenderObject::mathPrescripts): Deleted.
3510         (WebCore::AccessibilityRenderObject::mathPostscripts): Deleted.
3511         (WebCore::AccessibilityRenderObject::mathLineThickness): Deleted.
3512         * accessibility/AccessibilityRenderObject.h: Remove declarations of functions that are now
3513         overridden in AccessibilityMathMLElement. Make isIgnoredElementWithinMathTree virtual so that
3514         it can be reimplemented in AccessibilityMathMLElement.
3515
3516 2016-07-07  Frederic Wang  <fwang@igalia.com>
3517
3518         Implement an internal style property for displaystyle.
3519         https://bugs.webkit.org/show_bug.cgi?id=133845
3520
3521         Reviewed by Brent Fulgham.
3522
3523         Tests: mathml/opentype/large-operators-displaystyle-dynamic.html
3524                mathml/opentype/large-operators-displaystyle.html
3525
3526         This is based on a patch by Alejandro G. Castro <alex@igalia.com>
3527
3528         * CMakeLists.txt: Add MathMLStyle to the build system.
3529         * WebCore.xcodeproj/project.pbxproj: ditto.
3530         * mathml/MathMLInlineContainerElement.cpp:
3531         (WebCore::MathMLInlineContainerElement::parseAttribute): Resolve the mathml style when the
3532         displaystyle attribute changes on the mtable or mstyle elements.
3533         * mathml/MathMLInlineContainerElement.h: Define parseAttribute.
3534         * mathml/MathMLMathElement.cpp:
3535         (WebCore::MathMLMathElement::MathMLMathElement): Indicate that we have custom style.
3536         (WebCore::MathMLMathElement::parseAttribute): Resolve the mathml style when the display or
3537         displaystyle attributes change on the math element.
3538         (WebCore::MathMLMathElement::didAttachRenderers): Resolve the mathml style when one
3539         renderer is attached.
3540         * mathml/MathMLMathElement.h: Declare parseAttribute and didAttachRenderers.
3541         * mathml/mathattrs.in: Declare the display and displaystyle attributes.
3542         * rendering/mathml/MathMLStyle.cpp: Added.
3543         (WebCore::MathMLStyle::MathMLStyle): New class to handle custom MathML style.
3544         (WebCore::MathMLStyle::create):
3545         (WebCore::MathMLStyle::setDisplayStyle): Helper function to take the displaystyle from
3546         the specified rendered.
3547         (WebCore::MathMLStyle::resolveMathMLStyleTree): Helper function to resolve the custom
3548         MathML style in renderer subtree.
3549         (WebCore::MathMLStyle::getMathMLParentNode): Helper function to get a MathML ancestor of
3550         the specified renderer.
3551         (WebCore::MathMLStyle::updateStyleIfNeeded): Helper function to update the style of the
3552         specified renderer if needed.
3553         (WebCore::MathMLStyle::resolveMathMLStyle): Resolve the MathML style of a given renderer.
3554         For displaystyle, we inherit the value of the parent except for the cases mentioned in the
3555         MathML recommendation.
3556         * rendering/mathml/MathMLStyle.h: New class header for custom MathML style.
3557         Only displaystyle is supported for now.
3558         * rendering/mathml/RenderMathMLBlock.cpp: Add a member and getter for custom MathML style.
3559         (WebCore::RenderMathMLBlock::RenderMathMLBlock):
3560         * rendering/mathml/RenderMathMLBlock.h: ditto.
3561         (WebCore::RenderMathMLBlock::mathMLStyle):
3562         * rendering/mathml/RenderMathMLMath.h: Add definition to use the syntax is<RenderMathMLMath>.
3563         * rendering/mathml/RenderMathMLOperator.h:
3564         (WebCore::RenderMathMLOperator::isLargeOperatorInDisplayStyle): Do not rerturn true when
3565         the operator is not in displaystyle.
3566         * rendering/mathml/RenderMathMLRoot.h: Make updateStyle public, so that it can be called
3567         by MathMLStyle::updateStyleIfNeeded.
3568         * rendering/mathml/RenderMathMLUnderOver.h: Add definition to use the syntax
3569         is<RenderMathMLUnderOver>.
3570
3571 2016-07-07  Ryosuke Niwa  <rniwa@webkit.org>
3572
3573         Replace scoped flag in Event by composed flag
3574         https://bugs.webkit.org/show_bug.cgi?id=158415
3575
3576         Reviewed by Chris Dumez.
3577
3578         Replace `scoped` flag with `composed` flag and negate its meaning per the latest spec:
3579         https://dom.spec.whatwg.org/#dom-event-composed
3580         https://github.com/w3c/webcomponents/issues/513
3581
3582         In the old spec, every event was assumed to be "composed" (crosses shadow boundaries)
3583         by default and there was `scoped` flag which prevented the event from crossing bondaries,
3584         and there was a handful of events for which `scoped` was set true when dispatched by UA.
3585
3586         In the new spec, every event is assumed to be "scoped" and a handful of user-initiated
3587         events set `composed` flag to true, which is also exposed in EventInit dictionary.
3588         `relatedTargetScoped` flag has been removed. New behavior is identical to when this flag
3589         was set to true.
3590
3591         No new tests since existing tests are updated to test the new flag and behavior.
3592
3593         * dom/CompositionEvent.cpp:
3594         (WebCore::CompositionEvent::isCompositionEvent): Added.
3595         * dom/CompositionEvent.h:
3596         * dom/Event.cpp:
3597         (WebCore::Event::Event): Initialize m_composed. Also re-ordered m_type and m_isInitialized
3598         for better packing.
3599         (WebCore::Event::composed): Renamed from Event::composed. We return true whenever composed
3600         is set to true in EventInit, or the engine is dispatching an user-initiated event listed in:
3601         https://github.com/w3c/webcomponents/issues/513#issuecomment-224183937
3602         as well as keypress, cut, paste, and, copy as discussed in:
3603         https://github.com/w3c/webcomponents/issues/513#issuecomment-230988170
3604         (WebCore::Event::isCompositionEvent): Added.
3605         * dom/Event.h:
3606         (WebCore::Event::composed): Added.
3607         (WebCore::Event::scoped): Deleted.
3608         (WebCore::Event::relatedTargetScoped): Deleted.
3609         (WebCore::Event): Reordered m_type and m_isInitialized for better packing. Added m_composed
3610         and removed m_scoped and m_relatedTargetScoped.
3611         * dom/Event.idl:
3612         * dom/EventPath.cpp:
3613         (WebCore::shouldEventCrossShadowBoundary): Returns true if the event did not originate from
3614         a shadow tree (this event entered the current shadow tree via a slot so we need to proceed with
3615         the normal bubble path outside the shadow tree) or composed flag is set true.
3616         (WebCore::EventPath::EventPath): m_event no longer exists, which was only used to get the value
3617         of relatedTargetScoped which has been removed.
3618         (WebCore::EventPath::setRelatedTarget): Behave as if relatedTargetScoped is always set true
3619         since the flag has been removed.
3620         * dom/EventPath.h:
3621         * dom/FocusEvent.cpp:
3622         (WebCore::FocusEvent::relatedTargetScoped): Deleted.
3623         * dom/FocusEvent.h:
3624         * dom/MouseEvent.cpp:
3625         (WebCore::MouseEvent::relatedTargetScoped): Deleted.
3626         * dom/MouseEvent.h:
3627
3628 2016-07-07  Chris Dumez  <cdumez@apple.com>
3629
3630         tdody.deleteRow(-1) and tr.deleteCell(-1) should not throw when there are no rows / cells
3631         https://bugs.webkit.org/show_bug.cgi?id=159527
3632         <rdar://problem/27232261>
3633
3634         Reviewed by Alex Christensen.
3635
3636         tdody.deleteRow(-1) and tr.deleteCell(-1) should not throw when there
3637         are no rows / cells:
3638         - https://html.spec.whatwg.org/multipage/tables.html#dom-tbody-deleterow
3639         - https://html.spec.whatwg.org/multipage/tables.html#dom-tr-deletecell
3640
3641         Firefox and Chrome do not throw but WebKit was throwing.
3642
3643         No new tests, rebaselined existing tests.
3644
3645         * html/HTMLTableRowElement.cpp:
3646         (WebCore::HTMLTableRowElement::deleteCell):
3647         * html/HTMLTableSectionElement.cpp:
3648         (WebCore::HTMLTableSectionElement::deleteRow):
3649
3650 2016-07-07  Chris Dumez  <cdumez@apple.com>
3651
3652         HTMLTitleElement.text should only account for direct children Text nodes
3653         https://bugs.webkit.org/show_bug.cgi?id=159536
3654
3655         Reviewed by Ryosuke Niwa.
3656
3657         HTMLTitleElement.text should only account for direct children Text nodes:
3658         - https://html.spec.whatwg.org/multipage/semantics.html#dom-title-text
3659         - https://html.spec.whatwg.org/multipage/infrastructure.html#child-text-content
3660
3661         Firefox and Chrome match the specification. However, WebKit accounted for all
3662         Text nodes that are descendants, not just children. This patch aligns our
3663         behavior with the specification and other browsers.
3664
3665         No new tests, rebaselined existing tests.
3666
3667         * html/HTMLTitleElement.cpp:
3668         (WebCore::HTMLTitleElement::text):
3669
3670 2016-07-07  Dean Jackson  <dino@apple.com>
3671
3672         REGRESSION(r200769): animations are no longer overridden
3673         https://bugs.webkit.org/show_bug.cgi?id=159450
3674         <rdar://problem/27120570>
3675
3676         Reviewed by Zalan Bujtas.
3677
3678         The change in r200769 removed a lot of the prefixing variant
3679         handling, but unfortunately we can't be completely rid
3680         of it until we alias the prefixed transitions and animations
3681         to the non-prefixed form. For example, setting the prefixed
3682         shorthand has to reset the non-prefixed longhands.
3683
3684         The fix was to explicitly call the variant forms when
3685         parsing such longhands, and make sure that MutableStyleProperties
3686         removes all prefixed variants when removing shorthands.
3687
3688         The existing test was amended to cover this case:
3689         fast/css/shorthand-omitted-initial-value-overrides-shorthand.html
3690
3691         * css/CSSParser.cpp:
3692         (WebCore::CSSParser::parseAnimationShorthand):
3693         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
3694         (WebCore::CSSParser::parseTransitionShorthand):
3695         * css/CSSParser.h:
3696         * css/StyleProperties.cpp:
3697         (WebCore::MutableStyleProperties::removeShorthandProperty):
3698
3699 2016-07-07  Alex Christensen  <achristensen@webkit.org>
3700
3701         Fix CMake build.
3702
3703         * PlatformMac.cmake:
3704
3705 2016-07-07  Alex Christensen  <achristensen@webkit.org>
3706
3707         Fix CMake build.
3708
3709         * PlatformMac.cmake:
3710
3711 2016-07-07  Myles C. Maxfield  <mmaxfield@apple.com> and Frédéric Wang  <fred.wang@free.fr>
3712
3713         [Font Loading] The callback passed to document.fonts.ready should always be called
3714         https://bugs.webkit.org/show_bug.cgi?id=158884
3715
3716         Reviewed by Dean Jackson.
3717
3718         The boolean was simply not being reset when loads start.
3719
3720         Test: fast/text/font-face-set-ready-fire.html
3721
3722         * css/FontFaceSet.cpp:
3723         (WebCore::FontFaceSet::startedLoading):
3724         * css/FontFaceSet.h:
3725
3726 2016-07-07  Andy Estes  <aestes@apple.com>
3727
3728         [Content Filtering] Load blocked pages more like other error pages are loaded
3729         https://bugs.webkit.org/show_bug.cgi?id=159485
3730         <rdar://problem/26014076>
3731
3732         Reviewed by Brady Eidson.
3733
3734         Content filter blocked pages were being loaded by cancelling the provisional load of the
3735         page that was blocked and then scheduling a navigation to the content filter error page.
3736         Some clients would not expect a new, Web process-initiated provisional navigation to start
3737         after a cancellation, though, and this would put them in a bad state.
3738         
3739         This patch changes blocked page loading to behave more like loading other error pages.
3740         Specifically:
3741         1. didFailProvisionalLoad is dispatched with a new, non-cancellation error code.
3742         2. The blocked page is loaded immediately after dispatching didFailProvisionalLoad, which
3743            prevents FrameLoader from creating a new back-forward list item for the substitute data load.
3744         3. A substitute data load initiated by the client for the blocked URL is ignored if
3745            ContentFilter will display its own error page.
3746         4. A file: URL is used instead of a custom scheme for the base URL of the blocked page,
3747            since some clients expect this.
3748
3749         Updated existing tests to capture frame load delegate callbacks and the back forward list.
3750         Added new API tests: ContentFiltering.LoadAlternate*.
3751
3752         * English.lproj/Localizable.strings: Added a WebKitErrorFrameLoadBlockedByContentFilter description.
3753         * Resources/ContentFilterBlockedPage.html: Added.
3754         * WebCore.xcodeproj/project.pbxproj: Added ContentFilterBlockedPage.html as a frameowrk resource.
3755         * loader/ContentFilter.cpp:
3756         (WebCore::ContentFilter::stopFilteringMainResource): Only set m_state to Stopped if not
3757         already Blocked, so that we don't forget this ContentFilter was blocked when calling
3758         cancelMailResourceLoad() in didDecide().
3759         (WebCore::ContentFilter::didDecide): Moved code from DocumentLoader::contentFilterDidBlock() to here.
3760         Created a blockedByContentFilterError() and called cancelMainResourceLoad().
3761         (WebCore::blockedPageURL): Returned a file: URL to ContentFilterBlockedPage.html in WebCore.framework.
3762         (WebCore::ContentFilter::continueAfterSubstituteDataRequest): If the substitute data load
3763         is for the same failingURL as the currently-displayed blocked page, ignore it.
3764         (WebCore::ContentFilter::handleProvisionalLoadFailure): Load the blocked page if m_state is Blocked
3765         and the ResourceError matches the error we used when previously calling cancelMainResourceLoad().
3766         (WebCore::ContentFilter::unblockHandler): Deleted.
3767         (WebCore::ContentFilter::replacementData): Deleted.
3768         (WebCore::ContentFilter::unblockRequestDeniedScript): Deleted.
3769         * loader/ContentFilter.h:
3770         * loader/DocumentLoader.cpp:
3771         (WebCore::DocumentLoader::contentFilter): Returned m_contentFilter.
3772         (WebCore::DocumentLoader::installContentFilterUnblockHandler): Deleted.
3773         (WebCore::DocumentLoader::contentFilterDidBlock): Deleted.
3774         * loader/DocumentLoader.h:
3775         * loader/EmptyClients.h: Added a default implementation of blockedByContentFilterError().
3776         * loader/FrameLoader.cpp:
3777         (WebCore::FrameLoader::load): If m_loadType was already RedirectWithLockedBackForwardList
3778         and we are loading subsitute data for a failing URL, continue to use RedirectWithLockedBackForwardList.
3779         This prevents a new back-forward list item from being created when loading a blocked page in a subframe.
3780         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
3781         Called ContentFilter::handleProvisionalLoadFailure() after dispatchDidFailProvisionalLoad().
3782         (WebCore::FrameLoader::blockedByContentFilterError): Called FrameLoaderClient::blockedByContentFilterError().
3783         * loader/FrameLoader.h:
3784         * loader/FrameLoaderClient.h:
3785         * loader/NavigationScheduler.cpp:
3786         (WebCore::ScheduledSubstituteDataLoad::ScheduledSubstituteDataLoad): Deleted.
3787         (WebCore::NavigationScheduler::scheduleSubstituteDataLoad): Deleted.
3788         * loader/NavigationScheduler.h:
3789         * loader/PolicyChecker.cpp:
3790         (WebCore::PolicyChecker::checkNavigationPolicy): Ignored a substitute data load for a
3791         failing URL if ContentFilter::continueAfterSubstituteDataRequest() returns false.
3792
3793 2016-07-07  Chris Dumez  <cdumez@apple.com>
3794
3795         td / th should be exposed as HTMLTableCellElement objects
3796         https://bugs.webkit.org/show_bug.cgi?id=159518
3797         <rdar://problem/27225436>
3798
3799         Reviewed by Ryosuke Niwa.
3800
3801         td / th should be exposed as HTMLTableCellElement objects:
3802         - https://html.spec.whatwg.org/multipage/tables.html#the-td-element
3803         - https://html.spec.whatwg.org/multipage/tables.html#the-th-element
3804
3805         We were using HTMLTableDataCellElement / HTMLTableHeaderCellElement
3806         sub-types.
3807
3808         Firefox and Chrome match the current specification.
3809
3810         We actually introduced these types recently via Bug 148859 to align
3811         with an older version of the HTML specification. However, it seems the
3812         specification has been updated to match Firefox / Chrome in the mean
3813         time.
3814
3815         Since we have not shipped those subtypes yet, the compatibility risk is
3816         low.
3817
3818         No new tests, rebaselined existing tests.
3819
3820         * CMakeLists.txt:
3821         * DerivedSources.cpp:
3822         * DerivedSources.make:
3823         * WebCore.xcodeproj/project.pbxproj:
3824         * html/HTMLElementsAllInOne.cpp:
3825         * html/HTMLTableCellElement.cpp:
3826         (WebCore::HTMLTableCellElement::create):
3827         (WebCore::HTMLTableCellElement::scope):
3828         (WebCore::HTMLTableCellElement::setScope):
3829         (WebCore::HTMLTableCellElement::setRowSpanForBindings): Deleted.
3830         * html/HTMLTableCellElement.h:
3831         * html/HTMLTableCellElement.idl:
3832         * html/HTMLTableDataCellElement.h: Removed.
3833         * html/HTMLTableDataCellElement.idl: Removed.
3834         * html/HTMLTableHeaderCellElement.cpp: Removed.
3835         * html/HTMLTableHeaderCellElement.h: Removed.
3836         * html/HTMLTableHeaderCellElement.idl: Removed.
3837         * html/HTMLTableRowElement.cpp:
3838         (WebCore::HTMLTableRowElement::insertCell):
3839         * html/HTMLTagNames.in:
3840
3841 2016-07-07  Brady Eidson  <beidson@apple.com>
3842
3843         Modern IDB: When IDBDatabase objects are garbage collected, they don't close their server connection.
3844         <rdar://problem/25910345> and https://bugs.webkit.org/show_bug.cgi?id=159523
3845
3846         Reviewed by Alex Christensen.
3847
3848         Tests: storage/indexeddb/modern/gc-closes-database-private.html
3849                storage/indexeddb/modern/gc-closes-database.html
3850
3851         * Modules/indexeddb/IDBDatabase.cpp:
3852         (WebCore::IDBDatabase::IDBDatabase): New logging.
3853         (WebCore::IDBDatabase::~IDBDatabase): Close server connection.
3854         (WebCore::IDBDatabase::fireVersionChangeEvent): New logging.
3855         (WebCore::IDBDatabase::dispatchEvent): New logging.
3856
3857         * Modules/indexeddb/client/IDBConnectionToServer.cpp:
3858         (WebCore::IDBClient::IDBConnectionToServer::openDatabase): New logging.
3859
3860 2016-07-07  Frederic Wang  <fwang@igalia.com>
3861
3862         Refactor layout functions to avoid using flexbox in MathML
3863         https://bugs.webkit.org/show_bug.cgi?id=153991
3864
3865         Reviewed by Brent Fulgham.
3866
3867         No new tests, already covered by existing tests.
3868
3869         * css/mathml.css:
3870         (math): Change inline mathematical formulas from inline-flex to inline.
3871         (math[display="block"]): Change display mathematical formulas from flex to block and
3872         remove flexbox property justify-content.
3873         (ms, mspace, mtext, mi, mn, mo, mrow, mfenced, mfrac, msub, msup, msubsup, mmultiscripts,
3874          mprescripts, none, munder, mover, munderover, msqrt, mroot, merror, mphantom, mstyle)
3875          menclose, semantics, mpadded, maction): In order to render properly, all children of the
3876          classes derived from RenderMathMLBlock must now be block-level. So we add more elements in
3877          this list and update the display property.
3878         (mtd > *): However, we use inline-block for children of the cell so that the text-align
3879          property is taken into account.
3880         * rendering/RenderBox.cpp:
3881         (WebCore::RenderBox::computeLogicalWidthInRegion): Add a special case for RenderMathMLBlock
3882         to preserve the old behavior.
3883         (WebCore::RenderBox::sizesLogicalWidthToFitContent): Ditto.
3884         * rendering/RenderFlexibleBox.h: No need to override layoutBlock anymore.
3885         * rendering/mathml/RenderMathMLBlock.cpp: Include LayoutRepainter header for use in layoutBlock.
3886         (WebCore::RenderMathMLBlock::RenderMathMLBlock): Inherit from RenderBlock and ensure that
3887         our children are block-level.
3888         (WebCore::RenderMathMLBlock::~RenderMathMLBlock): Added.
3889         (WebCore::RenderMathMLBlock::baselinePosition): If the baselinefirstLineBaseline() is
3890         undefined, just returns 0.
3891         (WebCore::RenderMathMLBlock::paint): Call RenderBlock::paint.
3892         (WebCore::RenderMathMLBlock::layoutItems): Implement a simplified version of
3893         RenderFlexibleBox::layoutItems where we assume horizontal layout for all children.
3894         (WebCore::RenderMathMLBlock::layoutBlock): Add a basic implementation based on
3895         RenderFlexibleBox::layoutBlock.
3896         (WebCore::RenderMathMLBlock::renderName): Deleted. There is now a simple implementation in the header.
3897         * rendering/mathml/RenderMathMLBlock.h: Use RenderBlock instead of RenderFlexibleBox and
3898         define layout functions. Define avoidsFloats and canDropAnonymousBlockChild to preserve
3899         the old behavior and remove isFlexibleBoxImpl.
3900         * rendering/mathml/RenderMathMLFenced.cpp:
3901         (WebCore::RenderMathMLFenced::createMathMLOperator): Use block for anonymous RenderMathMLOperator.
3902         * rendering/mathml/RenderMathMLRow.cpp:
3903         (WebCore::RenderMathMLRow::layoutRowItems): No need to handle the flexbox case anymore.
3904         (WebCore::RenderMathMLRow::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
3905         * rendering/mathml/RenderMathMLRow.h:
3906         * rendering/mathml/RenderMathMLFraction.cpp:
3907         (WebCore::RenderMathMLFraction::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
3908         * rendering/mathml/RenderMathMLFraction.h:
3909         * rendering/mathml/RenderMathMLRoot.cpp:
3910         (WebCore::RenderMathMLRoot::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
3911         * rendering/mathml/RenderMathMLRoot.h:
3912         * rendering/mathml/RenderMathMLScripts.cpp:
3913         (WebCore::RenderMathMLScripts::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
3914         * rendering/mathml/RenderMathMLScripts.h:
3915         * rendering/mathml/RenderMathMLUnderOver.cpp:
3916         (WebCore::RenderMathMLUnderOver::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
3917         * rendering/mathml/RenderMathMLUnderOver.h:
3918
3919 2016-07-07  Antti Koivisto  <antti@apple.com>
3920
3921         REGRESSION (r199054): CrashTracer: [USER] parseWebKit at WebCore: WebCore::RenderBlockFlow::checkFloatsInCleanLine + 107
3922         https://bugs.webkit.org/show_bug.cgi?id=159519
3923
3924         Reviewed by Zalan Bujtas.
3925
3926         Test: fast/inline/trailing-floats-inline-crash.html
3927
3928         * rendering/RenderBlockLineLayout.cpp:
3929         (WebCore::RenderBlockFlow::checkFloatsInCleanLine):
3930
3931             Use the existing deletionHasBegun bit in RenderStyle to assert against this reliably.
3932
3933         * rendering/RenderLineBoxList.cpp:
3934         (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild):
3935
3936             In some cases a special TrailingFloatsRootInlineBox may be added as the last root linebox of a flo