[WebKit-https.git] / Source / WebCore / ChangeLog

2018-01-19  Wenson Hsieh  <wenson_hsieh@apple.com>

        [macOS] [WK2] Drag location is computed incorrectly when dragging content from subframes
        https://bugs.webkit.org/show_bug.cgi?id=181896
        <rdar://problem/35479043>

        Reviewed by Tim Horton.

        In r218837, I packaged most of the information needed to start a drag into DragItem, which is propagated to the client layer
        via the startDrag codepath. However, this introduced a bug in computing the event position and drag location in window
        coordinates. Consider the case where we're determining the drag image offset for a dragged element in a subframe:

        Before the patch, the drag location (which starts out in the subframe's content coordinates) would be converted to root view
        coordinates, which would then be converted to mainframe content coordinates, which would then be converted to window coordinates
        using the mainframe's view. After the patch, we carry out the same math until the last step, where we erroneously use the
        _subframe's_ view to convert to window coordinates from content coordinates. This results in the position of the iframe relative
        to the mainframe being accounted for twice.

        To fix this, we simply use the main frame's view to convert from mainframe content coordinates to window coordinates while
        computing the drag location. As for the event position in window coordinates, this is currently unused by any codepath in WebKit,
        so we can just remove it altogether.

        Since this bug only affects drag and drop in the macOS WebKit2 port, there's currently no way to test this. I'll be using
        <https://bugs.webkit.org/show_bug.cgi?id=181898> to track adding test support for drag and drop on macOS WebKit2. Manually tested
        dragging in both WebKit1 and WebKit2 on macOS. dragLocationInWindowCoordinates isn't used at all for iOS drag and drop.

        * page/DragController.cpp:
        (WebCore::DragController::doSystemDrag):
        * platform/DragItem.h:
        (WebCore::DragItem::encode const):
        (WebCore::DragItem::decode):

2018-01-19  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r227235.

        The test for this change consistently times out on High
        Sierra.

        Reverted changeset:

        "Support for preconnect Link headers"
        https://bugs.webkit.org/show_bug.cgi?id=181657
        https://trac.webkit.org/changeset/227235

2018-01-19  Youenn Fablet  <youenn@apple.com>

        Cache storage errors like Quota should trigger console messages
        https://bugs.webkit.org/show_bug.cgi?id=181879
        <rdar://problem/36669048>

        Reviewed by Chris Dumez.

        Covered by rebased test.

        * Modules/cache/DOMCache.cpp:
        (WebCore::DOMCache::retrieveRecords):
        (WebCore::DOMCache::batchDeleteOperation):
        (WebCore::DOMCache::batchPutOperation):
        * Modules/cache/DOMCacheEngine.cpp:
        (WebCore::DOMCacheEngine::errorToException):
        (WebCore::DOMCacheEngine::logErrorAndConvertToException):
        * Modules/cache/DOMCacheEngine.h:
        * Modules/cache/DOMCacheStorage.cpp:
        (WebCore::DOMCacheStorage::retrieveCaches):
        (WebCore::DOMCacheStorage::doOpen):
        (WebCore::DOMCacheStorage::doRemove):

2018-01-19  Youenn Fablet  <youenn@apple.com>

        Do not go to the storage process when registering a service worker client if there is no service worker registered
        https://bugs.webkit.org/show_bug.cgi?id=181740
        <rdar://problem/36650400>

        Reviewed by Chris Dumez.

        Register a document as service worker client only if there is an existing service worker connection.
        This allows not creating any connection if no service worker is registered.

        Add internals API to test whether a service worker connection was created or not.
        This is used by API tests that cover the changes.

        * dom/Document.cpp:
        (WebCore::Document::privateBrowsingStateDidChange): No need to create a service worker connection if client is not registered yet.
        (WebCore::Document::setServiceWorkerConnection): No need to unregister/register if service worker connection is the same.
        Similarly, if Document is to be destroyed or suspended, we should not register it.
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::commitData):
        * testing/Internals.cpp:
        (WebCore::Internals::hasServiceWorkerConnection):
        * testing/Internals.h:
        * testing/Internals.idl:
        * workers/service/ServiceWorkerProvider.cpp:
        (WebCore::ServiceWorkerProvider::registerServiceWorkerClients):
        * workers/service/ServiceWorkerProvider.h:

2018-01-19  Dean Jackson  <dino@apple.com>

        REGRESSION (r221092): Swipe actions are hard to perform in FastMail app
        https://bugs.webkit.org/show_bug.cgi?id=181817
        <rdar://problem/35274055>

        Add a setting for controlling whether touch listeners are passive
        by default on document/window/body.

        Updated existing test.

        * dom/EventTarget.cpp:
        (WebCore::EventTarget::addEventListener):
        * page/Settings.yaml:

2018-01-19  Daniel Bates  <dabates@apple.com>

        Update frame-ancestor directive to match Content Security Policy Level 3
        https://bugs.webkit.org/show_bug.cgi?id=178891
        <rdar://problem/35209458>

        Reviewed by Alex Christensen.

        Derived from Blink e667cc2e501fabab3605b838e4ee0d642a9c4a59:
        <https://chromium.googlesource.com/chromium/src.git/+/e667cc2e501fabab3605b838e4ee0d642a9c4a59>

        Update frame-ancestor directive to match against the origin of the ancestor document per the
        Content Security Policy Level 3 spec.: <https://w3c.github.io/webappsec-csp/> (15 January 2018).
        Specifically this change in behavior was made to CSP 3 in <https://github.com/w3c/webappsec/issues/311>.
        In earlier versions of the spec, the frame-ancestor directive matched against the URL of the
        ancestor document.

        Disregarding allow-same-origin sandboxed iframes, a document with policy "frame-ancestor 'self'"
        will be blocked from loading in a sandboxed iframe as a result of this change.

        Tests: http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-allow-same-origin-sandboxed-cross-url-allow.html
               http/tests/security/contentSecurityPolicy/1.1/frame-ancestors/frame-ancestors-nested-cross-in-sandboxed-cross-url-block.html

        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::checkFrameAncestors):

2018-01-19  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Add timeout support to XMLHttpRequest
        https://bugs.webkit.org/show_bug.cgi?id=181876

        Reviewed by Alex Christensen 

        * platform/network/ResourceRequestBase.cpp:
        * platform/network/curl/CurlContext.cpp:
        (WebCore::CurlHandle::setTimeout):
        * platform/network/curl/CurlContext.h:
        * platform/network/curl/CurlRequest.cpp:
        (WebCore::CurlRequest::setupTransfer):
        (WebCore::CurlRequest::didCompleteTransfer):
        * platform/network/curl/ResourceError.h:
        * platform/network/curl/ResourceErrorCurl.cpp:
        (WebCore::ResourceError::httpError):

2018-01-19  Yoav Weiss  <yoav@yoav.ws>

        Support for preconnect Link headers
        https://bugs.webkit.org/show_bug.cgi?id=181657

        Reviewed by Darin Adler.

        Move the preconnect functionality into its own function, and
        also call this function when Link headers are processed.

        Test: http/tests/preconnect/link-header-rel-preconnect-http.php

        * loader/LinkLoader.cpp:
        (WebCore::LinkLoader::loadLinksFromHeader): Call preconnectIfNeeded.
        (WebCore::LinkLoader::preconnectIfNeeded): Preconnect to a host functionality moved here.
        (WebCore::LinkLoader::loadLink): Call preconnectIfNeeded.
        * loader/LinkLoader.h:

2018-01-19  Joseph Pecoraro  <pecoraro@apple.com>

        AppCache: Log a Deprecation warning to the Console when AppCache is used
        https://bugs.webkit.org/show_bug.cgi?id=181778

        Reviewed by Alex Christensen.

        * html/HTMLHtmlElement.cpp:
        (WebCore::HTMLHtmlElement::insertedByParser):

2018-01-19  Chris Dumez  <cdumez@apple.com>

        ASSERT(registration || isTerminating()) hit in SWServerWorker::skipWaiting()
        https://bugs.webkit.org/show_bug.cgi?id=181761
        <rdar://problem/36594564>

        Reviewed by Youenn Fablet.

        There is a short period of time, early in the registration process where a
        SWServerWorker object exists for a registration but is not in the registration's
        installing/waiting/active slots yet. As a result, if a registration is cleared
        during this period (for e.g. due to the user clearing all website data), that
        SWServerWorker will not be terminated. We then hit assertion later on when this
        worker is trying to do things (like call skipWaiting).

        To address the issue, we now keep a reference this SWServerWorker on the
        registration, via a new SWServerRegistration::m_preInstallationWorker data member.
        When the registration is cleared, we now take care of terminating this worker.

        No new tests, covered by existing tests that crash flakily in debug builds.

        * workers/WorkerThread.cpp:
        (WebCore::WorkerThread::stop):
        if the mutex is locked, then the worker thread is still starting. We spin the
        runloop and try to stop again later. This avoids the deadlock shown in
        Bug 181763 as the worker thread may need to interact with the main thread
        during startup.

        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::installContextData):
        * workers/service/server/SWServerJobQueue.cpp:
        (WebCore::SWServerJobQueue::scriptContextFailedToStart):
        (WebCore::SWServerJobQueue::install):
        * workers/service/server/SWServerRegistration.cpp:
        (WebCore::SWServerRegistration::~SWServerRegistration):
        (WebCore::SWServerRegistration::setPreInstallationWorker):
        (WebCore::SWServerRegistration::clear):
        * workers/service/server/SWServerRegistration.h:
        (WebCore::SWServerRegistration::preInstallationWorker const):

2018-01-19  Chris Dumez  <cdumez@apple.com>

        Service worker registrations restored from disk may not be reused when the JS calls register() again
        https://bugs.webkit.org/show_bug.cgi?id=181810
        <rdar://problem/36591711>

        Reviewed by Youenn Fablet.

        The issue was that when restoring a registration from disk, we would not set its active worker right
        away. We only set it later in installContextData(). installContextData() is only called after we’ve
        launched the service worker process and established a connection to it.

        However, we would start processing jobs (such as registrations) before we’ve established the connection
        to the service worker process. SWServerJobQueue::runRegisterJob(), in order to reuse an existing
        registration checks the registration’s active worker has the right script URL. The issue was that when
        this code would execute, we may not have set the registration’s active service worker yet, in which case,
        we would update the existing registration instead of reusing it as-is.

        To address the issue, we now delay the processing of jobs until the connection to the service worker
        process has been established and we've installed all pending contexts via installContextData().

        Changed is covered by new API test.

        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::Connection::scheduleJobInServer):
        (WebCore::SWServer::scheduleJob):
        (WebCore::SWServer::serverToContextConnectionCreated):
        * workers/service/server/SWServer.h:

2018-01-19  James Craig  <jcraig@apple.com>

        AX: when invert colors is on, double-invert image and picture elements in UserAgentStyleSheet
        https://bugs.webkit.org/show_bug.cgi?id=181281
        <rdar://problem/36291776>

        Reviewed by Simon Fraser.

        Updated "Smart Invert" to include img and picture element inversion and tests.

        Tests: accessibility/smart-invert-reference.html
               accessibility/smart-invert.html

        * css/html.css:
        (@media (inverted-colors)):
        (img:not(picture>img), picture, video):

2018-01-19  Chris Dumez  <cdumez@apple.com>

        The WebContent process should not process incoming IPC while waiting for a sync IPC reply
        https://bugs.webkit.org/show_bug.cgi?id=181560

        Reviewed by Ryosuke Niwa.

        Add internals API for testing purposes.

        Test: fast/misc/testIncomingSyncIPCMessageWhileWaitingForSyncReply.html

        * page/ChromeClient.h:
        * testing/Internals.cpp:
        (WebCore::Internals::testIncomingSyncIPCMessageWhileWaitingForSyncReply):
        * testing/Internals.h:
        * testing/Internals.idl:

2018-01-19  Keith Miller  <keith_miller@apple.com>

        HaveInternalSDK includes should be "#include?"
        https://bugs.webkit.org/show_bug.cgi?id=179670

        Reviewed by Dan Bernstein.

        * Configurations/Base.xcconfig:

2018-01-19  Daniel Bates  <dabates@apple.com>

        Fix misspelling; substitute willDetachRenderer for willDetatchRenderer.

        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::willDetachRenderers):
        * plugins/PluginViewBase.h:
        (WebCore::PluginViewBase::willDetachRenderer):
        (WebCore::PluginViewBase::willDetatchRenderer): Deleted.

2018-01-19  Jonathan Bedard  <jbedard@apple.com>

        Unreviewed build fix, remove unused lambda captures.

        * dom/messageports/MessagePortChannel.cpp:
        (WebCore::MessagePortChannel::takeAllMessagesForPort):
        * dom/messageports/MessagePortChannelRegistry.cpp:
        (WebCore::MessagePortChannelRegistry::messagePortChannelCreated):

2018-01-19  Antoine Quint  <graouts@apple.com>

        [Web Animations] Expose timing properties (delay, endDelay, fill, iterationStart, iterations, direction) and getComputedTiming()
        https://bugs.webkit.org/show_bug.cgi?id=181857
        <rdar://problem/36660081>

        Reviewed by Dean Jackson.

        We start the work to implement the rest of the Web Animations timing and animation model by exposing more properties on
        AnimationEffectTiming to control delay (delay, endDelay), looping (iterationStart, iterations), fill and direction.
        Additionally, we expose the getComputedTiming() method on AnimationEffect, although it currently lacks some computed
        properties that will come in later patch as we implement various processes defined by the spec. We also update the
        existing duration() method on AnimationEffectTiming to be called iterationDuration() to match the terms used in the
        specification.

        Finally, we make all new properties, and update existing ones, that expose a time value go through the new utility
        function secondsToWebAnimationsAPITime() to guarantee rounded values with microseconds precision, as advised by
        the Web Animations specification.

        * CMakeLists.txt:
        * DerivedSources.make:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * animation/AnimationEffect.cpp:
        (WebCore::AnimationEffect::localTime const):
        (WebCore::AnimationEffect::getComputedTiming):
        * animation/AnimationEffect.h:
        * animation/AnimationEffect.idl:
        * animation/AnimationEffectTiming.cpp:
        (WebCore::AnimationEffectTiming::AnimationEffectTiming):
        (WebCore::AnimationEffectTiming::setIterationStart):
        (WebCore::AnimationEffectTiming::setIterations):
        (WebCore::AnimationEffectTiming::bindingsDuration const):
        (WebCore::AnimationEffectTiming::setBindingsDuration):
        (WebCore::AnimationEffectTiming::endTime const):
        (WebCore::AnimationEffectTiming::activeDuration const):
        * animation/AnimationEffectTiming.h:
        * animation/AnimationEffectTiming.idl:
        * animation/AnimationPlaybackEvent.cpp:
        (WebCore::AnimationPlaybackEvent::bindingsCurrentTime const):
        (WebCore::AnimationPlaybackEvent::bindingsTimelineTime const):
        * animation/AnimationTimeline.cpp:
        (WebCore::AnimationTimeline::bindingsCurrentTime):
        * animation/ComputedTimingProperties.h: Added.
        * animation/ComputedTimingProperties.idl: Added. We set nullable double values to a default value of "null" since
        otherwise setting those properties to a null value would not set the properties in the converted JS dictionary.
        * animation/KeyframeEffect.cpp:
        (WebCore::KeyframeEffect::create): Handle new timing properties passed in the KeyframeEffectOptions dictionary.
        (WebCore::KeyframeEffect::applyAtLocalTime):
        (WebCore::KeyframeEffect::getAnimatedStyle):
        (WebCore::KeyframeEffect::startOrStopAccelerated):
        * animation/WebAnimation.cpp:
        (WebCore::WebAnimation::bindingsStartTime const):
        (WebCore::WebAnimation::bindingsCurrentTime const):
        (WebCore::WebAnimation::effectEndTime const):
        (WebCore::WebAnimation::timeToNextRequiredTick const):
        * animation/WebAnimationUtilities.h: Added.
        (WebCore::secondsToWebAnimationsAPITime):

2018-01-19  Alex Christensen  <achristensen@webkit.org>

        Remove dead networking code
        https://bugs.webkit.org/show_bug.cgi?id=181813

        Reviewed by Tim Horton.

        CFURLConnection is only used on Windows.

        * platform/network/cf/ResourceError.h:
        * platform/network/cf/ResourceRequest.h:
        (WebCore::ResourceRequest::encodingRequiresPlatformData const):
        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::findCFURLRequestCopyContentDispositionEncodingFallbackArrayFunction):
        (WebCore::ResourceRequest::doUpdatePlatformRequest):
        (WebCore::ResourceRequest::doUpdatePlatformHTTPBody):
        (WebCore::ResourceRequest::doUpdateResourceRequest):
        (WebCore::ResourceRequest::setStorageSession):
        * platform/network/cf/ResourceResponse.h:
        (WebCore::ResourceResponse::ResourceResponse):

2018-01-19  Alex Christensen  <achristensen@webkit.org>

        Remove unused WebViewPrivate _allowCookies
        https://bugs.webkit.org/show_bug.cgi?id=181812

        Reviewed by Tim Horton.

        This SPI was in the original iOS upstreaming and has not been used in many years.

        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::setDefaultAllowCookies): Deleted.
        (WebCore::ResourceRequestBase::defaultAllowCookies): Deleted.
        * platform/network/ResourceRequestBase.h:
        (WebCore::ResourceRequestBase::ResourceRequestBase):

2018-01-18  Brady Eidson  <beidson@apple.com>

        Make in-process MessagePorts be (mostly) asynchronous
        https://bugs.webkit.org/show_bug.cgi?id=181454

        Reviewed by Alex Christensen.

        No new tests (Covered *brutally* by existing tests)

        Part of making MessagePorts be a thing we can pass across processes is making them work async.
        
        The existing "MessagePortChannel" method of abstraction was not cut out for this.
        This patch gets rid of MessagePortChannel and adds a new MessagePortChannelProvider abstraction.
        It then gets the new machinery working in-process (with some pieces of out-of-process in place)

        One synchronous behavior this patch maintains is the hasPendingActivity() check used to support GC.
        That will (creatively) be made async in the next followup.
        
        More generally from MessagePorts, this patch also adds a "MessageWithMessagePorts" object to be used
        with all forms of postMessage(). Much better.
        
        * CMakeLists.txt:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * dom/InProcessMessagePortChannel.cpp: Removed.
        * dom/InProcessMessagePortChannel.h: Removed.
        * dom/MessagePortChannel.cpp: Removed.
        * dom/MessagePortChannel.h: Removed.

        * dom/MessageChannel.cpp:
        (WebCore::MessageChannel::create):
        (WebCore::MessageChannel::MessageChannel):
        (WebCore::m_port2): Deleted.
        * dom/MessageChannel.h:
        (WebCore::MessageChannel::create): Deleted.

        * dom/MessagePort.cpp:
        (WebCore::MessagePort::create):
        (WebCore::MessagePort::MessagePort):
        (WebCore::MessagePort::~MessagePort):
        (WebCore::MessagePort::entangle):
        (WebCore::MessagePort::postMessage):
        (WebCore::MessagePort::disentangle):
        (WebCore::MessagePort::messageAvailable):
        (WebCore::MessagePort::start):
        (WebCore::MessagePort::close):
        (WebCore::MessagePort::contextDestroyed):
        (WebCore::MessagePort::dispatchMessages):
        (WebCore::MessagePort::hasPendingActivity const):
        (WebCore::MessagePort::locallyEntangledPort const):
        (WebCore::MessagePort::disentanglePorts):
        (WebCore::MessagePort::entanglePorts):
        (WebCore::MessagePort::entangleWithRemote): Deleted.
        * dom/MessagePort.h:

        * dom/MessagePortIdentifier.h:
        (WebCore::MessagePortIdentifier::logString const):

        * dom/ScriptExecutionContext.cpp:
        (WebCore::ScriptExecutionContext::processMessageWithMessagePortsSoon):
        (WebCore::ScriptExecutionContext::dispatchMessagePortEvents):
        (WebCore::ScriptExecutionContext::processMessagePortMessagesSoon): Deleted.
        * dom/ScriptExecutionContext.h:

        Add a single object that represents two intertwined ports, tracks their pending
        messages, tracks which process they're in, etc etc:
        * dom/messageports/MessagePortChannel.cpp: Added.
        (WebCore::MessagePortChannel::create):
        (WebCore::MessagePortChannel::MessagePortChannel):
        (WebCore::MessagePortChannel::~MessagePortChannel):
        (WebCore::MessagePortChannel::includesPort):
        (WebCore::MessagePortChannel::entanglePortWithProcess):
        (WebCore::MessagePortChannel::disentanglePort):
        (WebCore::MessagePortChannel::closePort):
        (WebCore::MessagePortChannel::postMessageToRemote):
        (WebCore::MessagePortChannel::takeAllMessagesForPort):
        (WebCore::MessagePortChannel::hasAnyMessagesPendingOrInFlight const):
        * dom/messageports/MessagePortChannel.h: Added.
        (WebCore::MessagePortChannel::port1 const):
        (WebCore::MessagePortChannel::port2 const):
        (WebCore::MessagePortChannel::logString const):

        Abstraction for creating and operating on MessagePorts in a potentially cross-process way:
        * dom/messageports/MessagePortChannelProvider.cpp: Added.
        (WebCore::MessagePortChannelProvider::singleton):
        (WebCore::MessagePortChannelProvider::setSharedProvider):
        * dom/messageports/MessagePortChannelProvider.h: Added.
        (WebCore::MessagePortChannelProvider::~MessagePortChannelProvider):

        Adds a concrete implementation of that provider to be used in-process (e.g. WK1):
        * dom/messageports/MessagePortChannelProviderImpl.cpp: Added.
        (WebCore::MessagePortChannelProviderImpl::~MessagePortChannelProviderImpl):
        (WebCore::MessagePortChannelProviderImpl::performActionOnAppropriateThread):
        (WebCore::MessagePortChannelProviderImpl::createNewMessagePortChannel):
        (WebCore::MessagePortChannelProviderImpl::entangleLocalPortInThisProcessToRemote):
        (WebCore::MessagePortChannelProviderImpl::messagePortDisentangled):
        (WebCore::MessagePortChannelProviderImpl::messagePortClosed):
        (WebCore::MessagePortChannelProviderImpl::postMessageToRemote):
        (WebCore::MessagePortChannelProviderImpl::takeAllMessagesForPort):
        (WebCore::MessagePortChannelProviderImpl::hasMessagesForPorts_temporarySync):
        * dom/messageports/MessagePortChannelProviderImpl.h: Added.

        Adds a main thread object to handle the set of all MessagePortChannels that are open.
        For now it lives in the WebProcess, but for out-of-process it will live in the UIProcess:
        * dom/messageports/MessagePortChannelRegistry.cpp: Added.
        (WebCore::MessagePortChannelRegistry::~MessagePortChannelRegistry):
        (WebCore::MessagePortChannelRegistry::didCreateMessagePortChannel):
        (WebCore::MessagePortChannelRegistry::messagePortChannelCreated):
        (WebCore::MessagePortChannelRegistry::messagePortChannelDestroyed):
        (WebCore::MessagePortChannelRegistry::didEntangleLocalToRemote):
        (WebCore::MessagePortChannelRegistry::didDisentangleMessagePort):
        (WebCore::MessagePortChannelRegistry::didCloseMessagePort):
        (WebCore::MessagePortChannelRegistry::didPostMessageToRemote):
        (WebCore::MessagePortChannelRegistry::takeAllMessagesForPort):
        (WebCore::MessagePortChannelRegistry::hasMessagesForPorts_temporarySync): This is named against style
          and weird on purpose - to call attention to how bad it is and how it's temporary.
        (WebCore::MessagePortChannelRegistry::existingChannelContainingPort):
        * dom/messageports/MessagePortChannelRegistry.h: Added.

        Add an object that represents a "SerializedScriptValue for the message payload and the ports
        that are being transferred along with that payload". This is used in all forms of postMessage():
        * dom/messageports/MessageWithMessagePorts.cpp: Added.
        * dom/messageports/MessageWithMessagePorts.h: Added.

        * page/DOMWindow.cpp:
        (WebCore::PostMessageTimer::PostMessageTimer):
        (WebCore::PostMessageTimer::event):
        (WebCore::DOMWindow::postMessage):

        * platform/Logging.h:

        * workers/DedicatedWorkerGlobalScope.cpp:
        (WebCore::DedicatedWorkerGlobalScope::postMessage):

        * workers/Worker.cpp:
        (WebCore::Worker::postMessage):

        * workers/WorkerGlobalScopeProxy.h:

        * workers/WorkerMessagingProxy.cpp:
        (WebCore::WorkerMessagingProxy::postMessageToWorkerObject):
        (WebCore::WorkerMessagingProxy::postMessageToWorkerGlobalScope):
        * workers/WorkerMessagingProxy.h:

        * workers/WorkerObjectProxy.h:

        * workers/service/ServiceWorker.cpp:
        (WebCore::ServiceWorker::postMessage):

        * workers/service/ServiceWorkerClient.cpp:
        (WebCore::ServiceWorkerClient::postMessage):

        * workers/service/context/SWContextManager.cpp:
        (WebCore::SWContextManager::postMessageToServiceWorker):

        * workers/service/context/ServiceWorkerThread.cpp:
        (WebCore::fireMessageEvent):
        (WebCore::ServiceWorkerThread::postMessageToServiceWorker):
        * workers/service/context/ServiceWorkerThread.h:

2018-01-18  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed build fix, removed unused lambda capture.

        * workers/service/context/SWContextManager.cpp:
        (WebCore::SWContextManager::ServiceWorkerTerminationRequest::ServiceWorkerTerminationRequest):

2018-01-18  Chris Dumez  <cdumez@apple.com>

        We should be able to terminate service workers that are unresponsive
        https://bugs.webkit.org/show_bug.cgi?id=181563
        <rdar://problem/35280031>

        Reviewed by Alex Christensen.

        Test: http/tests/workers/service/postmessage-after-terminating-hung-worker.html

        * workers/service/context/SWContextManager.cpp:
        (WebCore::SWContextManager::terminateWorker):
        Before calling WorkerThread::stop(), set a timer with the given timeout parameter.
        If the worker thread has not stopped when the timer fires, forcefully exit the
        service worker process. The StorageProcess will take care of relaunching the
        service worker process if it exits abruptly.

        (WebCore::SWContextManager::serviceWorkerFailedToTerminate):
        Log error message if we failed to terminate a service worker and call exit().

        (WebCore::SWContextManager::ServiceWorkerTerminationRequest::ServiceWorkerTerminationRequest):

        * workers/service/context/SWContextManager.h:

2018-01-18  Youenn Fablet  <youenn@apple.com>

        Do not go to the storage process when loading a main resource if there is no service worker registered
        https://bugs.webkit.org/show_bug.cgi?id=181395

        Reviewed by Chris Dumez.

        No observable behavior change.
        Instead of creating a connection to know whether there is a potential service worker,
        Ask the service worker provider that will use the connection if needed.
        Otherwise, it will use a default value provided by the UIProcess.

        Tested by cleaning all service workers and checking the computed value of the default value,
        then observing whether pages registering service workers work well.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::startLoadingMainResource):
        * workers/service/ServiceWorkerProvider.cpp:
        (WebCore::ServiceWorkerProvider::mayHaveServiceWorkerRegisteredForOrigin):
        * workers/service/ServiceWorkerProvider.h:

2018-01-18  Dan Bernstein  <mitz@apple.com>

        [Xcode] Streamline and future-proof target-macOS-version-dependent build setting definitions
        https://bugs.webkit.org/show_bug.cgi?id=181803

        Reviewed by Tim Horton.

        * Configurations/Base.xcconfig: Updated.
        * Configurations/DebugRelease.xcconfig: Ditto.
        * Configurations/FeatureDefines.xcconfig: Adopted macOSTargetConditionals helpers.
        * Configurations/Version.xcconfig: Updated.
        * Configurations/macOSTargetConditionals.xcconfig: Added. Defines helper build settings
          useful for defining settings that depend on the target macOS version.

2018-01-18  Chris Dumez  <cdumez@apple.com>

        Service Workers restored from persistent storage have 'redundant' state
        https://bugs.webkit.org/show_bug.cgi?id=181749
        <rdar://problem/36556486>

        Reviewed by Youenn Fablet.

        Tested by new API test.

        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::installContextData):
        Make sure the SWServerWorker's state is set to "activated" after it is assigned to
        the registrations' active slot. Otherwise, it stays in its default state (redundant).

2018-01-18  Antti Koivisto  <antti@apple.com>

        REGRESSION(r225650): The scores of MotionMark tests Multiply and Leaves dropped by 8%
        https://bugs.webkit.org/show_bug.cgi?id=181460
        <rdar://problem/36379776>

        Reviewed by Ryosuke Niwa.

        * css/parser/CSSParser.cpp:
        (WebCore::CSSParserContext::CSSParserContext):

        Don't do the expensive security origin test if the supplied sheet base URL is null. This
        is true for rules coming from the same document.

2018-01-18  Antti Koivisto  <antti@apple.com>

        REGRESSION (r223604): Setting :before/after pseudo element on <noscript> asserts
        https://bugs.webkit.org/show_bug.cgi?id=181795
        <rdar://problem/36334524>

        Reviewed by David Kilzer.

        <noscript> disallows renderer generation outside CSS mechanisms, however we would still construct
        PseudoElements for them during style resolution. These were never removed properly because the
        pseudo element removal was tied to render tree teardown. Without proper removal the associated
        animations were also not canceled.

        Test: fast/css-generated-content/noscript-pseudo-anim-crash.html

        * dom/Element.cpp:
        (WebCore::Element::removedFromAncestor):

        Take care to get rid of PseudoElements when the element is removed from the tree.
        This also cancels any associated animations.

2018-01-18  Chris Fleizach  <cfleizach@apple.com>

        AX: Aria-activedescendant not supported
        https://bugs.webkit.org/show_bug.cgi?id=161734
        <rdar://problem/28202679>

        Reviewed by Joanmarie Diggs.

        When a combo-box owns/controls a list/listbox/grid/tree, the owned element needs to check the active-descendant of the combobox when
        checking if it has selected children. 
        The target of the selection change notification should also be the owned element in these cases.

        Test: accessibility/aria-combobox-controlling-list.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::selectedListItem):
        * accessibility/AccessibilityObject.h:
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::targetElementForActiveDescendant const):
        (WebCore::AccessibilityRenderObject::handleActiveDescendantChanged):
        (WebCore::AccessibilityRenderObject::canHaveSelectedChildren const):
        (WebCore::AccessibilityRenderObject::selectedChildren):
        * accessibility/AccessibilityRenderObject.h:
        * accessibility/mac/AXObjectCacheMac.mm:
        (WebCore::AXObjectCache::postPlatformNotification):

2018-01-17  Per Arne Vollan  <pvollan@apple.com>

        REGRESSION (r224780): Text stroke not applied to video captions.
        https://bugs.webkit.org/show_bug.cgi?id=181743
        <rdar://problem/35874338>

        Reviewed by Simon Fraser.

        Tests: media/track/track-css-visible-stroke-expected.html
               media/track/track-css-visible-stroke.html

        After r224780, it is no longer possible to mix text stroke styles with webkit
        legacy text stroke styles.

        * css/StyleResolver.cpp:
        (WebCore::isValidCueStyleProperty):
        * page/CaptionUserPreferencesMediaAF.cpp:
        (WebCore::CaptionUserPreferencesMediaAF::captionsTextEdgeCSS const):

2018-01-18  Andy Estes  <aestes@apple.com>

        [Payment Request] Support a default shipping address for Apple Pay
        https://bugs.webkit.org/show_bug.cgi?id=181754
        <rdar://problem/36009733>

        Reviewed by Brady Eidson.

        Move shippingContact from ApplePayPaymentRequest to ApplePayRequestBase. This allows
        merchants to specify a default shipping address when using Apple Pay with Payment Request.

        This also fixes a bug found during testing where
        +[NSPersonNameComponentsFormatter localizedStringFromPersonNameComponents:style:options:]
        would throw an exception when passed a nil NSPersonNameComponents.

        Test: http/tests/ssl/applepay/ApplePayRequestShippingContact.https.html

        * Modules/applepay/ApplePayPaymentRequest.h:
        * Modules/applepay/ApplePayPaymentRequest.idl:
        * Modules/applepay/ApplePayRequestBase.cpp:
        (WebCore::convertAndValidate):
        * Modules/applepay/ApplePayRequestBase.h:
        * Modules/applepay/ApplePayRequestBase.idl:
        * Modules/applepay/ApplePaySession.cpp:
        (WebCore::convertAndValidate):
        * Modules/applepay/ApplePaySessionPaymentRequest.h:
        (WebCore::ApplePaySessionPaymentRequest::version const):
        (WebCore::ApplePaySessionPaymentRequest::setVersion):
        * Modules/applepay/cocoa/PaymentContactCocoa.mm:
        (WebCore::convert):
        * Modules/applepay/paymentrequest/ApplePayRequest.idl:
        * testing/MockPaymentCoordinator.cpp:
        (WebCore::MockPaymentCoordinator::showPaymentUI):
        (WebCore::MockPaymentCoordinator::completeMerchantValidation):
        * testing/MockPaymentCoordinator.h:

2018-01-18  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS] Specify -[NSURL _title] for the associated URL when copying an image element
        https://bugs.webkit.org/show_bug.cgi?id=181783
        <rdar://problem/35785445>

        Reviewed by Ryosuke Niwa.

        Always specify the -[NSURL _title] to be either the title specified in a PasteboardImage's inner PasteboardURL,
        or if no title is specified, fall back to the user-visible URL string. This is because at least one internal
        client always tries to use the -_title property to determine the title of a pasted URL, or if none is specified,
        the -suggestedName. Since we need to set suggestedName to the preferred file name of the copied image and we
        don't want the suggested name to become the title of the link, we need to explicitly set the link title.

        In doing so, this patch also fixes a bug wherein we forget to set the _title of the NSURL we're registering to
        an NSItemProvider.

        Tests:  ActionSheetTests.CopyImageElementWithHREFAndTitle (new)
                ActionSheetTests.CopyImageElementWithHREF (modified)

        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::PlatformPasteboard::write):

2018-01-17  Jer Noble  <jer.noble@apple.com>

        WebVTT served via HLS never results in cues
        https://bugs.webkit.org/show_bug.cgi?id=181773

        Reviewed by Eric Carlson.

        Test: http/tests/media/hls/hls-webvtt-tracks.html

        Three independant errors conspired to keep in-band WebVTT samples from parsing:

        - The definition of ISOWebVTTCue::boxTypeName() was incorrect.
        - ISOWebVTTCue::parse() didn't call it's superclass's parse() method (leading to an incorrect size and offset).
        - Use String::fromUTF8() rather than String.adopt(StringVector&&).

        * platform/graphics/iso/ISOVTTCue.cpp:
        (WebCore::ISOWebVTTCue::parse):
        * platform/graphics/iso/ISOVTTCue.h:
        (WebCore::ISOWebVTTCue::boxTypeName):

2018-01-17  John Wilander  <wilander@apple.com>

        Resource Load Statistics: Block cookies for prevalent resources without user interaction
        https://bugs.webkit.org/show_bug.cgi?id=177394
        <rdar://problem/34613960>

        Reviewed by Alex Christensen.

        Tests: http/tests/resourceLoadStatistics/add-blocking-to-redirect.html
               http/tests/resourceLoadStatistics/non-prevalent-resources-can-access-cookies-in-a-third-party-context.html
               http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html
               http/tests/resourceLoadStatistics/remove-partitioning-in-redirect.html

        * platform/network/NetworkStorageSession.h:
            Now exports NetworkStorageSession::nsCookieStorage().
        * platform/network/cf/NetworkStorageSessionCFNet.cpp:
        (WebCore::NetworkStorageSession::setPrevalentDomainsToPartitionOrBlockCookies):
            Fixes the FIXME.

2018-01-17  Dean Jackson  <dino@apple.com>

        Remove linked-on test for Snow Leopard
        https://bugs.webkit.org/show_bug.cgi?id=181770

        Reviewed by Eric Carlson.

        Remove a very old linked-on-or-after test.

        * platform/graphics/ca/GraphicsLayerCA.cpp:

2018-01-17  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r227098.

        This broke the build.

        Reverted changeset:

        "Remove linked-on test for Snow Leopard"
        https://bugs.webkit.org/show_bug.cgi?id=181770
        https://trac.webkit.org/changeset/227098

2018-01-17  Dean Jackson  <dino@apple.com>

        Remove linked-on test for Snow Leopard
        https://bugs.webkit.org/show_bug.cgi?id=181770

        Reviewed by Eric Carlson.

        Remove a very old linked-on-or-after test.

        * platform/graphics/ca/GraphicsLayerCA.cpp:

2018-01-17  Stephan Szabo  <stephan.szabo@sony.com>

        [Curl] Use ResourceRequest::encodeWithPlatformData()
        https://bugs.webkit.org/show_bug.cgi?id=181768

        Reviewed by Alex Christensen.

        No new tests, assertion hit in downstream port, should be covered by
        existing tests.

        * platform/network/curl/ResourceRequest.h:
        (WebCore::ResourceRequest::encodeWithPlatformData const):
        (WebCore::ResourceRequest::decodeWithPlatformData):

2018-01-17  Eric Carlson  <eric.carlson@apple.com>

        Use existing RGB colorspace instead of creating a new one
        https://bugs.webkit.org/show_bug.cgi?id=181765
        <rdar://problem/36595753>

        Reviewed by Dean Jackson.

        * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm:
        (WebCore::ScreenDisplayCaptureSourceMac::createDisplayStream): Use sRGBColorSpaceRef instead
        of creating a new static colorspace.

2018-01-17  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r227076.

        This breaks internal builds

        Reverted changeset:

        "Resource Load Statistics: Block cookies for prevalent
        resources without user interaction"
        https://bugs.webkit.org/show_bug.cgi?id=177394
        https://trac.webkit.org/changeset/227076

2018-01-17  Ryosuke Niwa  <rniwa@webkit.org>

        input and textarea elements should reveal selection in setSelection when focused
        https://bugs.webkit.org/show_bug.cgi?id=181715
        <rdar://problem/36570546>

        Reviewed by Zalan Bujtas.

        Made input and textarea elements reveal selection in FrameSelection::setSelection instead of by directly
        invoking FrameSelection::revealSelection in their respective updateFocusAppearance to unify code paths.

        Also added options to reveal selection up to the main frame to SetSelectionOption to be used in iOS.

        * editing/FrameSelection.cpp:
        (WebCore::FrameSelection::FrameSelection):
        (WebCore::FrameSelection::moveWithoutValidationTo): Takes SelectionRevealMode as an argument and converts
        sets appropriate selection options.
        (WebCore::FrameSelection::setSelection): Reconstruct SelectionRevealMode out of selection option sets.
        (WebCore::FrameSelection::updateAndRevealSelection):
        * editing/FrameSelection.h:
        (WebCore::FrameSelection): Added RevealSelectionUpToMainFrame as a SelectionRevealMode and replaced
        m_shouldRevealSelection by m_selectionRevealMode.
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::updateFocusAppearance): Pass SelectionRevealMode to HTMLTextFormControlElement's
        select and restoreCachedSelection instead of directly invoking FrameSelection::revealSelection.
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::updateFocusAppearance): Ditto.
        * html/HTMLTextFormControlElement.cpp:
        (WebCore::HTMLTextFormControlElement::select):
        (WebCore::HTMLTextFormControlElement::setSelectionRange):
        (WebCore::HTMLTextFormControlElement::restoreCachedSelection):
        * html/HTMLTextFormControlElement.h:

2018-01-17  Michael Catanzaro  <mcatanzaro@igalia.com>

        WEBKIT_FRAMEWORK should not modify file-global include directories
        https://bugs.webkit.org/show_bug.cgi?id=181656

        Reviewed by Konstantin Tokarev.

        * CMakeLists.txt:
        * PlatformWPE.cmake:

2018-01-17  Michael Catanzaro  <mcatanzaro@igalia.com>

        [GTK] Try even harder not to static link WTF into libwebkit2gtk
        https://bugs.webkit.org/show_bug.cgi?id=181751

        Reviewed by Alex Christensen.

        We don't want two copies of WTF. It should only be in libjavascriptcoregtk.

        * PlatformGTK.cmake:

2018-01-17  Zalan Bujtas  <zalan@apple.com>

        Multicol: RenderMultiColumnFlow should not inherit the flow state
        https://bugs.webkit.org/show_bug.cgi?id=181762
        <rdar://problem/35448565>

        Reviewed by Simon Fraser.

        Do not compute the inherited flow state flag for RenderMultiColumnFlow.
        It is (by definition) always inside a fragmented flow.

        Test: fast/multicol/crash-when-out-of-flow-positioned-becomes-in-flow.html

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::computedFragmentedFlowState):

2018-01-17  Alex Christensen  <achristensen@webkit.org>

        Deprecate Application Cache
        https://bugs.webkit.org/show_bug.cgi?id=181764

        Reviewed by Geoffrey Garen.

        * features.json:

2018-01-17  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS simulator] API test WKAttachmentTests.InjectedBundleReplaceURLWhenPastingImage is failing
        https://bugs.webkit.org/show_bug.cgi?id=181758

        Reviewed by Tim Horton.

        This test is failing because Editor::clientReplacementURLForResource expects a MIME type, but on iOS, the type
        paramter passed into WebContentReader::readImage is a UTI; subsequently, the bundle editing delegate receives
        a MIME type that's actually a UTI, which is incorrect. To address this, ensure that a MIME type is passed to
        bundle SPI by converting the type in WebContentReader::readImage to a MIME type.

        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::WebContentReader::readImage):

2018-01-17  Antti Koivisto  <antti@apple.com>

        REGRESSION (r226385?): Crash in com.apple.WebCore: WebCore::MediaQueryEvaluator::evaluate const + 32
        https://bugs.webkit.org/show_bug.cgi?id=181742
        <rdar://problem/36334726>

        Reviewed by David Kilzer.

        Test: fast/media/mediaqueryevaluator-crash.html

        * css/MediaQueryEvaluator.cpp:
        (WebCore::MediaQueryEvaluator::MediaQueryEvaluator):

        Use WeakPtr<Document> instead of a plain Frame pointer.

        (WebCore::MediaQueryEvaluator::evaluate const):

        Get the frame via document.

        * css/MediaQueryEvaluator.h:
        * dom/Document.cpp:
        (WebCore::Document::prepareForDestruction):

        Take care to clear style resolver.

2018-01-17  Youenn Fablet  <youenn@apple.com>

        Put fetch request keepAlive behind a runtime flag
        https://bugs.webkit.org/show_bug.cgi?id=181592

        Reviewed by Chris Dumez.

        No change of behavior.

        * Modules/fetch/FetchRequest.idl:
        * page/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::fetchAPIKeepAliveEnabled const):
        (WebCore::RuntimeEnabledFeatures::setFetchAPIKeepAliveEnabled):

2018-01-17  Per Arne Vollan  <pvollan@apple.com>

        [Win] Use switch when converting from ResourceRequestCachePolicy to platform cache policy.
        https://bugs.webkit.org/show_bug.cgi?id=181686

        Reviewed by Alex Christensen.

        No new tests, covered by existing tests.

        A switch will make the function easier on the eyes. Also, use the function in places where the ResourceRequestCachePolicy
        is just casted to a platform cache policy.

        * platform/network/cf/ResourceRequestCFNet.cpp:
        (WebCore::toPlatformRequestCachePolicy):

2018-01-17  John Wilander  <wilander@apple.com>

        Resource Load Statistics: Block cookies for prevalent resources without user interaction
        https://bugs.webkit.org/show_bug.cgi?id=177394
        <rdar://problem/34613960>

        Reviewed by Alex Christensen.

        Tests: http/tests/resourceLoadStatistics/add-blocking-to-redirect.html
               http/tests/resourceLoadStatistics/non-prevalent-resources-can-access-cookies-in-a-third-party-context.html
               http/tests/resourceLoadStatistics/remove-blocking-in-redirect.html
               http/tests/resourceLoadStatistics/remove-partitioning-in-redirect.html

        * platform/network/NetworkStorageSession.h:
            Now exports NetworkStorageSession::nsCookieStorage().
        * platform/network/cf/NetworkStorageSessionCFNet.cpp:
        (WebCore::NetworkStorageSession::setPrevalentDomainsToPartitionOrBlockCookies):
            Fixes the FIXME.

2018-01-17  Daniel Bates  <dabates@apple.com>

        REGRESSION (r222795): Cardiogram never signs in
        https://bugs.webkit.org/show_bug.cgi?id=181693
        <rdar://problem/36286293>

        Reviewed by Ryosuke Niwa.

        Exempt Cardiogram from the XHR header restrictions in r222795.

        Following r222795 only Dashboard widgets are allowed to set arbitrary XHR headers.
        However Cardiogram also depends on such functionality.

        Test: fast/xmlhttprequest/set-dangerous-headers-from-file-when-setting-enabled.html

        * page/Settings.yaml:
        * platform/RuntimeApplicationChecks.h:
        * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
        (WebCore::IOSApplication::isCardiogram):
        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::setRequestHeader):

2018-01-17  Daniel Bates  <dabates@apple.com>

        ASSERTION FAILED: !m_completionHandler in PingHandle::~PingHandle()
        https://bugs.webkit.org/show_bug.cgi?id=181746
        <rdar://problem/36586248>

        Reviewed by Chris Dumez.

        Call PingHandle::pingLoadComplete() with an error when NSURLConnection queries
        whether the ping is able to respond to an authentication request. (Pings do not
        respond to authenticate requests.) It will call the completion handler, nullify
        the completion handler, and deallocate the PingHandle. Nullifying the completion
        handler is necessary to avoid the assertion failure in ~PingHandle().

        Test: http/tests/misc/before-unload-load-image.html

        * platform/network/PingHandle.h:

2018-01-17  Daniel Bates  <dabates@apple.com>

        WebCoreResourceHandleAsOperationQueueDelegate/ResourceHandleCFURLConnectionDelegateWithOperationQueue may
        be deleted in main thread callback
        https://bugs.webkit.org/show_bug.cgi?id=181747
        <rdar://problem/36588120>

        Reviewed by Alex Christensen.

        Retain the delegate (e.g. WebCoreResourceHandleAsOperationQueueDelegate) before scheduling
        a main thread callback and blocking on a semaphore for its reply because the main thread
        callback can do anything, including deleting the delegate, before the non-main thread
        has a chance to execute. For instance, a PingHandle will delete itself (and hence delete
        its resource handle delegate) in most of the code paths invoked by the delegate.

        * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
        (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace):
        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]):
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]):
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
        (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willCacheResponse:]):

2018-01-17  Chris Dumez  <cdumez@apple.com>

        'fetch' event may be sent to a service worker before its state is set to 'activated'
        https://bugs.webkit.org/show_bug.cgi?id=181698
        <rdar://problem/36554856>

        Reviewed by Youenn Fablet.

        'fetch' event may be sent to a service worker before its state is set to 'activated'.
        When the registration's active worker needs to intercept a load, and its state is 'activating',
        we queue the request to send the fetch event in SWServerWorker::m_whenActivatedHandlers.
        Once the SWServerWorker::setState() is called with 'activated' state, we then call the
        handlers in m_whenActivatedHandlers to make send the fetch event now that the worker is
        activated. The issue is that even though the worker is activated and its state was set to
        'activated' on Storage process side, we had not yet notified the ServiceWorker process
        of the service worker's new state yet.

        To address the issue, we now make sure that SWServerWorker::m_whenActivatedHandlers are
        called *after* we've sent the IPC to the ServiceWorker process to update the worker's
        state to 'activated'. Also, we now call ServiceWorkerFetch::dispatchFetchEvent()
        asynchronously in a postTask() as the service worker's state is also updated asynchronously
        in a postTask. This is as per specification [1], which says to "queue a task" to fire
        the fetch event.

        [1] https://w3c.github.io/ServiceWorker/#on-fetch-request-algorithm (step 18)

        No new tests, covered by imported/w3c/web-platform-tests/service-workers/service-worker/fetch-waits-for-activate.https.html
        which hits the new assertion without the fix.

        * workers/service/context/ServiceWorkerFetch.cpp:
        (WebCore::ServiceWorkerFetch::dispatchFetchEvent):
        Add assertions to make sure that we dispatch the fetch event on the right worker and
        that the worker is in 'activated' state.

        * workers/service/context/ServiceWorkerThread.cpp:
        (WebCore::ServiceWorkerThread::postFetchTask):
        Queue a task to fire the fetch event as per:
        - https://w3c.github.io/ServiceWorker/#on-fetch-request-algorithm (step 18)
        We need to match the specification exactly here or things will happen in the wrong
        order. In particular, things like "update registration state" and "update worker state"
        might happen *after* firing the fetch event, even though the IPC for "update registration/worker
        state" was sent before the "fire fetch event" one, because the code for updating a registration/
        worker state already queues a task, as per the specification.

        * workers/service/server/SWServerRegistration.cpp:
        (WebCore::SWServerRegistration::updateWorkerState):
        * workers/service/server/SWServerRegistration.h:
        * workers/service/server/SWServerWorker.cpp:
        (WebCore::SWServerWorker::setState):
        Move code to send the IPC to the Service Worker process whenever the service worker's state
        needs to be updated from SWServerRegistration::updateWorkerState() to SWServerWorker::setState().
        This way, we can make sure the IPC is sent *before* we call the m_whenActivatedHandlers handlers,
        as they may also send IPC to the Service Worker process, and we need to make sure this IPC happens
        after so that the service worker is in the right state.

2018-01-17  Stephan Szabo  <stephan.szabo@sony.com>

        Page.cpp only sees forward declaration of ApplicationStateChangeListener when ENABLE(VIDEO) is off
        https://bugs.webkit.org/show_bug.cgi?id=181713

        Reviewed by Darin Adler.

        No new tests (build fix).

        * page/Page.cpp: Add include for ApplicationStateChangeListener

2018-01-17  Wenson Hsieh  <wenson_hsieh@apple.com>

        Add injected bundle SPI to replace subresource URLs when dropping or pasting rich content
        https://bugs.webkit.org/show_bug.cgi?id=181637
        <rdar://problem/36508471>

        Reviewed by Tim Horton.

        Before carrying out blob URL conversion for pasted or dropped rich content, let the editor client replace
        subresource URLs in WebKit2 by calling out to new injected bundle SPI. See comments below for more detail.

        Tests:  WKAttachmentTests.InjectedBundleReplaceURLsWhenPastingAttributedString
                WKAttachmentTests.InjectedBundleReplaceURLWhenPastingImage

        * editing/Editor.cpp:
        (WebCore::Editor::clientReplacementURLForResource):
        * editing/Editor.h:

        Add a new helper to call out to the editor client for a URL string to replace a given ArchiveResource. In
        WebKit2, this calls out to the injected bundle's new `replacementURLForResource` SPI hook.

        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::shouldReplaceSubresourceURL):
        (WebCore::replaceRichContentWithAttachments):
        (WebCore::replaceSubresourceURLsWithURLsFromClient):

        Add a new static helper to replace subresource URLs in the given DocumentFragment with URLs supplied by the
        editor client. Additionally builds a list of ArchiveResources that have not been replaced, for use at call sites
        so that we don't unnecessarily create more Blobs for ArchiveResources that have already been replaced.

        (WebCore::createFragmentAndAddResources):
        (WebCore::sanitizeMarkupWithArchive):

        Tweak web content reading codepaths to first replace subresource URLs with editor-client-supplied URLs.

        (WebCore::WebContentReader::readImage):
        (WebCore::shouldConvertToBlob): Deleted.

        Rename this helper to shouldReplaceSubresourceURL, blob URL replacement is no longer the only scenario in which
        we replace resource URLs, but in both cases, we still want to ignore `http:`-family and `data:` URLs.

        * loader/EmptyClients.cpp:
        * page/EditorClient.h:

2018-01-17  Yacine Bandou  <yacine.bandou_ext@softathome.com>
        [EME][GStreamer] Add the full-sample encryption support in the GStreamer ClearKey decryptor
        https://bugs.webkit.org/show_bug.cgi?id=180080

        Reviewed by Xabier Rodriguez-Calvar.

        Currently the GStreamer clearKey decryptor doesn't support the full-sample encryption,
        where the buffer is entirely encrypted, it supports only the sub-sample encryption.

        Test: media/encrypted-media/clearKey/clearKey-cenc-audio-playback-mse.html

        * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
        (webKitMediaClearKeyDecryptorDecrypt):

2018-01-17  Zan Dobersek  <zdobersek@igalia.com>

        Unreviewed follow-up to r227051.

        * platform/graphics/cairo/CairoOperations.h: Fix declaration of the
        fillRoundedRect() function by removing the bool parameter that's not
        used at all in the definition. This went unspotted due to the unified
        source build including the implementation file before fillRoundedRect()
        usage in GrapihcsContextCairo.cpp, leaving the declaration undefined
        and instead using the definition directly.

2018-01-17  Zan Dobersek  <zdobersek@igalia.com>

        [Cairo] Don't mirror global alpha and image interpolation quality state values in PlatformContextCairo
        https://bugs.webkit.org/show_bug.cgi?id=181725

        Reviewed by Carlos Garcia Campos.

        Don't duplicate global alpha and image interpolation quality state
        values on the PlatformContextCairo. Instead, retrieve them from
        the managing GraphicsContextState when necessary.

        For Cairo operations, the FillSource and StrokeSource containers now
        store the global alpha value, using it during the operation executions.
        For drawNativeImage(), the global alpha and interpolation quality values
        are passed through arguments.

        In PlatformContextCairo, the two values are no longer stored on the
        internally-managed stack, and the getter-setter pairs for the two values
        are removed. In drawSurfaceToContext(), the two values are now expected
        to be passed through the method arguments.

        No new tests -- no change in behavior.

        * platform/graphics/cairo/CairoOperations.cpp:
        (WebCore::Cairo::prepareForFilling):
        (WebCore::Cairo::prepareForStroking):
        (WebCore::Cairo::drawPathShadow):
        (WebCore::Cairo::fillCurrentCairoPath):
        (WebCore::Cairo::FillSource::FillSource):
        (WebCore::Cairo::StrokeSource::StrokeSource):
        (WebCore::Cairo::strokeRect):
        (WebCore::Cairo::strokePath):
        (WebCore::Cairo::drawGlyphs):
        (WebCore::Cairo::drawNativeImage):
        (WebCore::Cairo::State::setGlobalAlpha): Deleted.
        (WebCore::Cairo::State::setImageInterpolationQuality): Deleted.
        * platform/graphics/cairo/CairoOperations.h:
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::drawNativeImage):
        (WebCore::GraphicsContext::setPlatformAlpha):
        (WebCore::GraphicsContext::setPlatformImageInterpolationQuality):
        * platform/graphics/cairo/PlatformContextCairo.cpp:
        (WebCore::PlatformContextCairo::save):
        (WebCore::PlatformContextCairo::drawSurfaceToContext):
        (WebCore::PlatformContextCairo::State::State): Deleted.
        (WebCore::PlatformContextCairo::setImageInterpolationQuality): Deleted.
        (WebCore::PlatformContextCairo::imageInterpolationQuality const): Deleted.
        (WebCore::PlatformContextCairo::globalAlpha const): Deleted.
        (WebCore::PlatformContextCairo::setGlobalAlpha): Deleted.
        * platform/graphics/cairo/PlatformContextCairo.h:
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::paintCurrentFrame):

2018-01-17  Philippe Normand  <pnormand@igalia.com>

        REGRESSION(r226973/r226974): Four multimedia tests failing
        https://bugs.webkit.org/show_bug.cgi?id=181696

        Reviewed by Carlos Garcia Campos.

        This patch reverts some of the changes of the above revisions so as to fix layout test failures.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): Properly
        prepare stalled event when an error was detected.
        (WebCore::MediaPlayerPrivateGStreamer::processBufferingStats): Revert to previous version.
        (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress const):
        Emit progress event also when streaming but not when an error was
        detected.
        (WebCore::MediaPlayerPrivateGStreamer::totalBytes const): use isLiveStream like everywhere else.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webkit_web_src_init): Revert to keep-alive FALSE by default.

2018-01-17  Zan Dobersek  <zdobersek@igalia.com>

        [Cairo] Move prepareForFilling(), prepareForStroking() code to CairoOperations
        https://bugs.webkit.org/show_bug.cgi?id=181721

        Reviewed by Carlos Garcia Campos.

        Move the prepareForFilling() and prepareForStroking() code off of the
        PlatformContextCairo class and into static functions inside the
        CairoOperations implementation files. The original methods weren't
        called from any place other than the Cairo operations, and they only
        operated with the cairo_t object that's stored in and retrievable from
        the PlatformContextCairo object.

        No new tests -- no change in behavior.

        * platform/graphics/cairo/CairoOperations.cpp:
        (WebCore::Cairo::reduceSourceByAlpha):
        (WebCore::Cairo::prepareCairoContextSource):
        (WebCore::Cairo::clipForPatternFilling):
        (WebCore::Cairo::prepareForFilling):
        (WebCore::Cairo::prepareForStroking):
        (WebCore::Cairo::drawPathShadow):
        (WebCore::Cairo::fillCurrentCairoPath):
        (WebCore::Cairo::strokeRect):
        (WebCore::Cairo::strokePath):
        (WebCore::Cairo::drawGlyphs):
        * platform/graphics/cairo/PlatformContextCairo.cpp:
        (WebCore::reduceSourceByAlpha): Deleted.
        (WebCore::prepareCairoContextSource): Deleted.
        (WebCore::PlatformContextCairo::prepareForFilling): Deleted.
        (WebCore::PlatformContextCairo::prepareForStroking): Deleted.
        (WebCore::PlatformContextCairo::clipForPatternFilling): Deleted.
        * platform/graphics/cairo/PlatformContextCairo.h:

2018-01-17  Zan Dobersek  <zdobersek@igalia.com>

        [Cairo] Use one-time ShadowBlur objects when performing shadowing
        https://bugs.webkit.org/show_bug.cgi?id=181720

        Reviewed by Carlos Garcia Campos.

        Don't maintain a ShadowBlur object in the PlatformContextCairo class.
        Instead, use temporary ShadowBlur objects whenever shadowing is needed,
        providing all the shadow state information to it and drawing shadow into
        the given GraphicsContext object.

        ShadowBlur constructors are cleaned up. The 'shadows ignored' argument
        can now also be provided to the variant that accepts explicit shadow
        attributes, but the argument is false by default.

        In CairoOperations, the ShadowBlurUsage functionality is rolled into the
        new ShadowState class. ShadowState parameter is now used for operations
        that might need to perform shadow painting. Call sites are modified
        accordingly.

        Cairo::State::setShadowValues() and Cairo::State::clearShadow() are
        removed, since the ShadowBlur object that was modified through those is
        being removed from the PlatformContextCairo class. We still have to flip
        the Y-axis of the shadow offset in GraphicsContext::setPlatformShadow()
        when shadows are ignoring transformations.

        No new tests -- no change in behavior.

        * platform/graphics/ShadowBlur.cpp:
        (WebCore::ShadowBlur::ShadowBlur):
        * platform/graphics/ShadowBlur.h:
        * platform/graphics/cairo/CairoOperations.cpp:
        (WebCore::Cairo::drawPathShadow):
        (WebCore::Cairo::drawGlyphsShadow):
        (WebCore::Cairo::ShadowState::ShadowState):
        (WebCore::Cairo::ShadowState::isVisible const):
        (WebCore::Cairo::ShadowState::isRequired const):
        (WebCore::Cairo::fillRect):
        (WebCore::Cairo::fillRoundedRect):
        (WebCore::Cairo::fillRectWithRoundedHole):
        (WebCore::Cairo::fillPath):
        (WebCore::Cairo::strokeRect):
        (WebCore::Cairo::strokePath):
        (WebCore::Cairo::drawGlyphs):
        (WebCore::Cairo::drawNativeImage):
        (WebCore::Cairo::State::setShadowValues): Deleted.
        (WebCore::Cairo::State::clearShadow): Deleted.
        (WebCore::Cairo::ShadowBlurUsage::ShadowBlurUsage): Deleted.
        (WebCore::Cairo::ShadowBlurUsage::required const): Deleted.
        * platform/graphics/cairo/CairoOperations.h:
        * platform/graphics/cairo/FontCairo.cpp:
        (WebCore::FontCascade::drawGlyphs):
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::restorePlatformState):
        (WebCore::GraphicsContext::drawNativeImage):
        (WebCore::GraphicsContext::fillPath):
        (WebCore::GraphicsContext::strokePath):
        (WebCore::GraphicsContext::fillRect):
        (WebCore::GraphicsContext::setPlatformShadow):
        (WebCore::GraphicsContext::clearPlatformShadow):
        (WebCore::GraphicsContext::strokeRect):
        (WebCore::GraphicsContext::platformFillRoundedRect):
        (WebCore::GraphicsContext::fillRectWithRoundedHole):
        * platform/graphics/cairo/PlatformContextCairo.cpp:
        (WebCore::PlatformContextCairo::drawSurfaceToContext):
        * platform/graphics/cairo/PlatformContextCairo.h:
        (WebCore::PlatformContextCairo::shadowBlur): Deleted.
        * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
        (WebCore::MediaPlayerPrivateMediaFoundation::Direct3DPresenter::paintCurrentFrame):

2018-01-17  Zan Dobersek  <zdobersek@igalia.com>

        CanvasImageData: createImageData() parameter should not be nullable
        https://bugs.webkit.org/show_bug.cgi?id=181670

        Reviewed by Sam Weinig.

        createImageData() method on the CanvasImageData interface should not
        treat the ImageData parameter as nullable, but should instead reject any
        null values with a TypeError, as demanded by the specification.

        No new tests -- current tests covering createImageData(null) are updated
        to properly cover new behavior of throwing a TypeError exception.

        * html/canvas/CanvasImageData.idl:
        * html/canvas/CanvasRenderingContext2DBase.cpp:
        (WebCore::CanvasRenderingContext2DBase::createImageData const):
        * html/canvas/CanvasRenderingContext2DBase.h:

2018-01-16  Fujii Hironori  <Hironori.Fujii@sony.com>

        [CMake] Remove WebCoreDerivedSources library target
        https://bugs.webkit.org/show_bug.cgi?id=181664

        Reviewed by Carlos Garcia Campos.

        After unified source build has been introduced, CMake Visual
        Studio build suffers complicated unnecessary recompilation issues
        because Visual Studio invokes scripts twice in both WebCore and
        WebCoreDerivedSources projects (Bug 181117).

        WebCoreDerivedSources library has been introduced in r198766 to
        avoid command line length limit of CMake Ninja build on macOS.
        Fortunately, unified source build has reduced the number of source
        files to compile, WebCore doesn't need to be split anymore.

        No new tests (No behavior change)

        * CMakeLists.txt: Replaced WebCore_DERIVED_SOURCES with WebCore_SOURCES. Removed WebCoreDerivedSources library target.
        Do not compile each JavaScript Builtins.cpp files because the unified source WebCoreJSBuiltins.cpp is already included.
        * PlatformGTK.cmake: Replaced WebCore_DERIVED_SOURCES with WebCore_SOURCES.
        * PlatformWin.cmake: Ditto.

2018-01-16  Simon Fraser  <simon.fraser@apple.com>

        Can't scroll iframe after toggling it to display:none and back
        https://bugs.webkit.org/show_bug.cgi?id=181708
        rdar://problem/13234778

        Reviewed by Tim Horton.

        Nothing updated the FrameView's set of scrollable areas when a subframe came back from display:none.
        Mirror the existing virtual removeChild() by making addChild() virtual, and using it to mark
        the FrameView's scrollable area set as dirty.

        Test: tiled-drawing/scrolling/non-fast-region/non-fast-scrollable-region-hide-show-iframe.html

        * page/FrameView.cpp:
        (WebCore::FrameView::addChild):
        * page/FrameView.h:
        * platform/ScrollView.h:

2018-01-16  Chris Dumez  <cdumez@apple.com>

        SWServerWorker::m_contextConnectionIdentifier may get out of date
        https://bugs.webkit.org/show_bug.cgi?id=181687
        <rdar://problem/36548111>

        Reviewed by Brady Eidson.

        SWServerWorker::m_contextConnectionIdentifier may get out of date. This happens when the
        context process crashes and is relaunched.

        No new tests, added assertion in terminateWorkerInternal() that hits without this fix.

        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::runServiceWorker):
        (WebCore::SWServer::terminateWorkerInternal):
        (WebCore::SWServer::unregisterServiceWorkerClient):
        * workers/service/server/SWServerWorker.h:
        (WebCore::SWServerWorker::setContextConnectionIdentifier):

2018-01-16  Jer Noble  <jer.noble@apple.com>

        Reset MediaSourcePrivateAVFObjC's m_sourceBufferWithSelectedVideo when the underlying SourceBufferPrivate is removed.
        https://bugs.webkit.org/show_bug.cgi?id=181707
        <rdar://problem/34809474>

        Reviewed by Eric Carlson.

        Test: media/media-source/media-source-remove-unload-crash.html

        * platform/graphics/avfoundation/objc/MediaSourcePrivateAVFObjC.mm:
        (WebCore::MediaSourcePrivateAVFObjC::removeSourceBuffer):

2018-01-12  Jiewen Tan  <jiewen_tan@apple.com>

        [WebAuthN] Implement dummy WebAuthN IDLs
        https://bugs.webkit.org/show_bug.cgi?id=181627
        <rdar://problem/36459864>

        Reviewed by Alex Christensen.

        This patch implements dummy WebAuthN IDLs and connect them with Credential Management as well.
        All implementations in this patch are subject to change when real implementations land. The
        purpose here on the other hand is to have IDLs, bindings and implementations connected. This
        patch should handle all IDLs that we need.

        No tests.

        * CMakeLists.txt:
        * DerivedSources.make:
        * Modules/credentialmanagement/CredentialCreationOptions.h:
        * Modules/credentialmanagement/CredentialCreationOptions.idl:
        * Modules/credentialmanagement/CredentialRequestOptions.h:
        * Modules/credentialmanagement/CredentialRequestOptions.idl:
        * Modules/webauthn/AuthenticatorAssertionResponse.cpp: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.cpp.
        (WebCore::AuthenticatorAssertionResponse::AuthenticatorAssertionResponse):
        (WebCore::AuthenticatorAssertionResponse::~AuthenticatorAssertionResponse):
        (WebCore::AuthenticatorAssertionResponse::authenticatorData):
        (WebCore::AuthenticatorAssertionResponse::signature):
        (WebCore::AuthenticatorAssertionResponse::userHandle):
        * Modules/webauthn/AuthenticatorAssertionResponse.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
        * Modules/webauthn/AuthenticatorAssertionResponse.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
        * Modules/webauthn/AuthenticatorAttestationResponse.cpp: Copied from Source/WebCore/Modules/credentialmanagement/CredentialCreationOptions.h.
        (WebCore::AuthenticatorAttestationResponse::AuthenticatorAttestationResponse):
        (WebCore::AuthenticatorAttestationResponse::~AuthenticatorAttestationResponse):
        (WebCore::AuthenticatorAttestationResponse::attestationObject):
        * Modules/webauthn/AuthenticatorAttestationResponse.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
        * Modules/webauthn/AuthenticatorAttestationResponse.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
        * Modules/webauthn/AuthenticatorResponse.cpp: Copied from Source/WebCore/Modules/credentialmanagement/CredentialCreationOptions.h.
        (WebCore::AuthenticatorResponse::AuthenticatorResponse):
        (WebCore::AuthenticatorResponse::~AuthenticatorResponse):
        (WebCore::AuthenticatorResponse::clientDataJSON):
        * Modules/webauthn/AuthenticatorResponse.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
        * Modules/webauthn/AuthenticatorResponse.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
        * Modules/webauthn/PublicKeyCredential.cpp:
        (WebCore::PublicKeyCredential::rawId):
        (WebCore::PublicKeyCredential::response):
        (WebCore::PublicKeyCredential::getClientExtensionResults):
        (WebCore::PublicKeyCredential::isUserVerifyingPlatformAuthenticatorAvailable):
        * Modules/webauthn/PublicKeyCredential.h:
        * Modules/webauthn/PublicKeyCredential.idl:
        * Modules/webauthn/PublicKeyCredentialCreationOptions.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
        * Modules/webauthn/PublicKeyCredentialCreationOptions.idl: Added.
        * Modules/webauthn/PublicKeyCredentialDescriptor.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialCreationOptions.h.
        * Modules/webauthn/PublicKeyCredentialDescriptor.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
        * Modules/webauthn/PublicKeyCredentialRequestOptions.h: Copied from Source/WebCore/Modules/credentialmanagement/CredentialCreationOptions.h.
        * Modules/webauthn/PublicKeyCredentialRequestOptions.idl: Copied from Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h.
        * Modules/webauthn/PublicKeyCredentialType.h: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
        * Modules/webauthn/PublicKeyCredentialType.idl: Copied from Source/WebCore/Modules/webauthn/PublicKeyCredential.idl.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:

2018-01-16  Zalan Bujtas  <zalan@apple.com>

        AX: Do not trigger layout in updateBackingStore() unless it is safe to do so
        https://bugs.webkit.org/show_bug.cgi?id=181703
        <rdar://problem/36365706>

        Reviewed by Ryosuke Niwa.

        Document::isSafeToUpdateStyleOrLayout() can tell whether it is safe to run layout.

        Unable to create test with WebInspector involved. 

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::updateBackingStore):
        * dom/Document.cpp:
        (WebCore::Document::isSafeToUpdateStyleOrLayout const):
        (WebCore::Document::updateStyleIfNeeded):
        (WebCore::Document::updateLayout):
        (WebCore::isSafeToUpdateStyleOrLayout): Deleted.
        * dom/Document.h:

2018-01-16  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r226962.

        The LayoutTest added with this change is a flaky timeout.

        Reverted changeset:

        "Support for preconnect Link headers"
        https://bugs.webkit.org/show_bug.cgi?id=181657
        https://trac.webkit.org/changeset/226962

2018-01-16  Simon Fraser  <simon.fraser@apple.com>

        Text looks bad on some CSS spec pages
        https://bugs.webkit.org/show_bug.cgi?id=181700
        rdar://problem/36552107

        Reviewed by Tim Horton.

        When making new tiles in a TileController, we failed to set their "supports antialiased layer text"
        setting, so tile caches could end up with a mixture of layers that do and do not support
        antialiased layer text.

        No tests because the tiled drawing tests don't dump out tiles inside of tile caches.

        * platform/graphics/ca/TileController.cpp:
        (WebCore::TileController::createTileLayer):

2018-01-16  Said Abou-Hallawa  <sabouhallawa@apple.com>

        REGRESSION(r221292): svg/animations/animateTransform-pattern-transform.html crashes with security assertion
        https://bugs.webkit.org/show_bug.cgi?id=179986

        Reviewed by Simon Fraser.

        This patch reverts all or parts of the following changes-sets
            <http://trac.webkit.org/changeset/221292>
            <http://trac.webkit.org/changeset/197967>
            <http://trac.webkit.org/changeset/196670>

        A JS statement like this:
            var item = text.x.animVal.getItem(0);

        Creates the following C++ objects:
            SVGAnimatedListPropertyTearOff<SVGLengthListValues> for 'text.x'
            SVGListPropertyTearOff<SVGLengthListValues> for 'text.x.animVal'
            SVGPropertyTearOff<SVGLengthValue> for 'text.x.animVal.getItem(0)'

        If 'item' changes, the attribute 'x' of the element '<text>' will change
        as well. But this binding works only in one direction. If the attribute
        'x' of the element '<text>' changes, e.g.:

            text.setAttribute('x', '10,20,30');

        This will detach 'item' from the element <text> and any further changes 
        in 'item' won't affect the attribute 'x' of element <text>.

        The one direction binding can only work if this chain of tear-off objects
        is kept connected. This is implemented by RefCounted back pointers from
        SVGPropertyTearOff and SVGListPropertyTearOff to SVGAnimatedListPropertyTearOff.

        The security crashes and the memory leaks are happening because of the
        raw forward pointers:
            -- SVGAnimatedListPropertyTearOff maintains raw pointers of type
               SVGListPropertyTearOff for m_baseVal and m_animVal
            -- The m_wrappers and m_animatedWrappers of SVGAnimatedListPropertyTearOff
               are vectors of raw pointer Vector<SVGLength*>

        To control the life cycle of the raw pointers, SVGListPropertyTearOff and
        SVGPropertyTearOff call SVGAnimatedListPropertyTearOff::propertyWillBeDeleted()
        to notify it they are going to be deleted. In propertyWillBeDeleted(), we
        clear the pointers so they are not used after being freed. This mechanism
        has been error-prone and we've never got it 100% right.

        The solution we need to adopt with SVG tear-off objects is the following:
            -- All the forward pointers should be weak pointers.
            -- All the back pointers should be ref pointers.

        This solution may not look intuitive but it solves the bugs and keeps the
        one direction binding. The forward weak pointers allows the tear-off
        objects to go aways if no reference from JS exists. The back ref pointers
        maintains the chain of objects and guarantees the correct binding.

        * svg/SVGPathSegList.h:
        * svg/SVGTransformList.h:
        * svg/properties/SVGAnimatedListPropertyTearOff.h:
        (WebCore::SVGAnimatedListPropertyTearOff::baseVal):
        (WebCore::SVGAnimatedListPropertyTearOff::animVal):
        * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
        * svg/properties/SVGAnimatedProperty.h:
        (WebCore::SVGAnimatedProperty::isAnimatedListTearOff const):
        (WebCore::SVGAnimatedProperty::propertyWillBeDeleted): Deleted.
        * svg/properties/SVGAnimatedPropertyTearOff.h:
        * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
        * svg/properties/SVGListProperty.h:
        (WebCore::SVGListProperty::initializeValuesAndWrappers):
        (WebCore::SVGListProperty::getItemValuesAndWrappers):
        (WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers):
        (WebCore::SVGListProperty::replaceItemValuesAndWrappers):
        (WebCore::SVGListProperty::removeItemValuesAndWrappers):
        (WebCore::SVGListProperty::appendItemValuesAndWrappers):
        (WebCore::SVGListProperty::createWeakPtr const):
        * svg/properties/SVGListPropertyTearOff.h:
        (WebCore::SVGListPropertyTearOff::removeItemFromList):
        (WebCore::SVGListPropertyTearOff::~SVGListPropertyTearOff): Deleted.
        * svg/properties/SVGPropertyTearOff.h:
        (WebCore::SVGPropertyTearOff::createWeakPtr const):
        (WebCore::SVGPropertyTearOff::~SVGPropertyTearOff):

2018-01-16  Eric Carlson  <eric.carlson@apple.com>

        AVSampleBufferDisplayLayer should be flushed when application activates
        https://bugs.webkit.org/show_bug.cgi?id=181623
        <rdar://problem/36487738>

        Reviewed by Darin Adler.

        No new tests, I wasn't able to reproduce it in a test.

        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::addApplicationStateChangeListener): New.
        (WebCore::Document::removeApplicationStateChangeListener): Ditto.
        (WebCore::Document::forEachApplicationStateChangeListener): Ditto.
        * dom/Document.h:

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::registerWithDocument): Register for application state changes.
        (WebCore::HTMLMediaElement::unregisterWithDocument): Unregister.
        (WebCore::HTMLMediaElement::applicationWillResignActive): Pass through to the player.
        (WebCore::HTMLMediaElement::applicationDidBecomeActive): Ditto.
        * html/HTMLMediaElement.h:

        * page/ApplicationStateChangeListener.h: Added.
        (WebCore::ApplicationStateChangeListener::applicationWillResignActive):
        (WebCore::ApplicationStateChangeListener::applicationDidBecomeActive):
        * page/Page.cpp:
        (WebCore::Page::forEachDocument):
        (WebCore::Page::applicationWillResignActive):
        (WebCore::Page::applicationDidEnterBackground):
        (WebCore::Page::applicationWillEnterForeground):
        (WebCore::Page::applicationDidBecomeActive):
        * page/Page.h:
        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::applicationWillResignActive):
        (WebCore::MediaPlayer::applicationDidBecomeActive):
        * platform/graphics/MediaPlayer.h:
        * platform/graphics/MediaPlayerPrivate.h:
        (WebCore::MediaPlayerPrivateInterface::applicationWillResignActive):
        (WebCore::MediaPlayerPrivateInterface::applicationDidBecomeActive):

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC): Switch
        to release logging.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueCorrectedVideoSample): Split out of enqueueVideoSample.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSample): Move code that updates
        the display later to enqueueCorrectedVideoSample. Rearrange logic to the image painter sample
        buffer has the correct timestamp.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::layerErrorDidChange): Switch to release logging.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::layerStatusDidChange): Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::applicationDidBecomeActive): f the display
        layer is in the "failed" state, flush the renderer and update the display mode.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayers): Switch to release logging.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::cancelLoad): Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::prepareToPlay): Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::play): Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::pause): Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVolume): Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setMuted): Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateReadyState) Ditto.:
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::logChannel const): Ditto.
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateSampleTimes): Deleted.

2018-01-16  Michael Catanzaro  <mcatanzaro@igalia.com>

        PAL should link to JavaScriptCore rather than WTF
        https://bugs.webkit.org/show_bug.cgi?id=181683

        Reviewed by Konstantin Tokarev.

        Do not link directly to JavaScriptCore. Get it via PAL.

        * CMakeLists.txt:

2018-01-16  Zach Li  <zachli@apple.com>

        Add pop-up policy support in website policies.
        https://bugs.webkit.org/show_bug.cgi?id=181544.
        rdar://problem/30521400.

        Reviewed by Alex Christensen.

        * loader/DocumentLoader.h:
        Introduce pop-up policy getter and setter. Initialize
        the policy as Default.
        (WebCore::DocumentLoader::popUpPolicy const):
        (WebCore::DocumentLoader::setPopUpPolicy):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::allowPopUp):
        Pop-up policy specified on a per-page basis holds
        precedence over the global policy. If no pop-up policy
        is specified during navigation, global policy is used.

2018-01-16  Jer Noble  <jer.noble@apple.com>

        Crash playing audio-only HLS stream via hls.js (MSE)
        https://bugs.webkit.org/show_bug.cgi?id=181691
        <rdar://problem/32967295>

        Reviewed by Eric Carlson.

        Add a weak-link check to the block called by -[AVSampleBufferDisplayLayer requestMediaDataWhenReadyOnQueue:usingBlock:].

        * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
        (WebCore::SourceBufferPrivateAVFObjC::trackDidChangeEnabled):
        (WebCore::SourceBufferPrivateAVFObjC::notifyClientWhenReadyForMoreSamples):
        (WebCore::SourceBufferPrivateAVFObjC::setVideoLayer):

2018-01-16  Simon Fraser  <simon.fraser@apple.com>

        Rename applyHorizontalScale/applyVerticalScale in SVG filters, and related cleanup
        https://bugs.webkit.org/show_bug.cgi?id=181684

        Reviewed by Alex Christensen.

        Rename the confusing applyHorizontalScale/applyVerticalScale to scaledByFilterResolution(),
        and have it take and return a FloatSize. Change callers to do math in terms of FloatSizes.

        Add inflate(size) to each of the rect classes.

        * platform/graphics/FloatRect.h:
        (WebCore::FloatRect::inflate):
        * platform/graphics/IntRect.h:
        (WebCore::IntRect::inflate):
        * platform/graphics/LayoutRect.h:
        (WebCore::LayoutRect::inflate):
        * platform/graphics/filters/FEDisplacementMap.cpp:
        (WebCore::FEDisplacementMap::platformApplySoftware):
        * platform/graphics/filters/FEDropShadow.cpp:
        (WebCore::FEDropShadow::determineAbsolutePaintRect):
        (WebCore::FEDropShadow::platformApplySoftware):
        * platform/graphics/filters/FEGaussianBlur.cpp:
        (WebCore::FEGaussianBlur::calculateUnscaledKernelSize):
        (WebCore::FEGaussianBlur::calculateKernelSize):
        (WebCore::FEGaussianBlur::determineAbsolutePaintRect):
        (WebCore::FEGaussianBlur::platformApplySoftware):
        * platform/graphics/filters/FEGaussianBlur.h:
        * platform/graphics/filters/FEMorphology.cpp:
        (WebCore::FEMorphology::determineAbsolutePaintRect):
        (WebCore::FEMorphology::platformApplySoftware):
        * platform/graphics/filters/FEOffset.cpp:
        (WebCore::FEOffset::determineAbsolutePaintRect):
        (WebCore::FEOffset::platformApplySoftware):
        * platform/graphics/filters/Filter.h:
        (WebCore::Filter::setSourceImage):
        (WebCore::Filter::scaledByFilterResolution const):
        (WebCore::Filter::applyHorizontalScale const): Deleted.
        (WebCore::Filter::applyVerticalScale const): Deleted.
        * platform/graphics/filters/FilterOperations.cpp:
        (WebCore::outsetSizeForBlur):
        * rendering/FilterEffectRenderer.h:
        * svg/graphics/filters/SVGFilter.cpp:
        (WebCore::SVGFilter::scaledByFilterResolution const):
        (WebCore::SVGFilter::applyHorizontalScale const): Deleted.
        (WebCore::SVGFilter::applyVerticalScale const): Deleted.
        * svg/graphics/filters/SVGFilter.h:

2018-01-16  Fujii Hironori  <Hironori.Fujii@sony.com>

        [CMake][Mac] Fix the build errors
        https://bugs.webkit.org/show_bug.cgi?id=181665

        Reviewed by Alex Christensen.

        No new tests (No behavior change)

        * CMakeLists.txt: Added Modules/paymentrequest/MerchantValidationEvent.idl to compile.
        * PlatformMac.cmake: Added Modules/paymentrequest/MerchantValidationEvent.cpp to compile.
        Added workers/service/context and Modules/applicationmanifest as forwarding header paths.

2018-01-16  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Provide the `src` of an attachment to the UI delegate when an attachment is inserted
        https://bugs.webkit.org/show_bug.cgi?id=181638
        <rdar://problem/36508702>

        Reviewed by Dan Bernstein.

        Adjust the `didInsertAttachment` codepath to additionally propagate the attachment element's `src`.
        Additionally, fix an issue with insertion and removal client notifications wherein the client can receive
        insertion calls without corresponding removal calls, or vice versa. This is an existing issue, but matters more
        now because we actually need to access the attachment element for its `src` when propagating changes to the
        client. See below for details.

        Test: WKAttachmentTests.AttachmentUpdatesWhenInsertingRichMarkup

        * dom/Document.h:
        (WebCore::Document::attachmentElementsByIdentifier const):
        * editing/Editor.cpp:
        (WebCore::Editor::notifyClientOfAttachmentUpdates):
        * page/EditorClient.h:
        (WebCore::EditorClient::didInsertAttachment):
        * page/Frame.cpp:
        (WebCore::Frame::setDocument):

        When a Frame's document changes, inform the client that the attachments in the previous document are going away.
        For each attachment currently connected to the document, we have either (1) already informed the client that it
        was inserted, or (2) the attachment is pending an insertion call to the client. If (1) is the case, then we'll
        tell the client that the attachment is removed, which will balance out the earlier insertion call. If (2) is the
        case, then we'll remove the previously inserted attachment identifier from the set of attachment identifiers
        pending insertion, and the client won't be informed of insertions or removals.

2018-01-16  Antoine Quint  <graouts@apple.com>

        Use traits for animation timing functions
        https://bugs.webkit.org/show_bug.cgi?id=181651

        Reviewed by Dean Jackson.

        Cleaning up Dean's previous patch as suggested by Darin's post-commit review comments. The
        downcast function can match const automatically and it's a better style to put the * inside
        the downcast call rather than outside.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::createTimingFunctionValue):
        * platform/animation/TimingFunction.cpp:
        (WebCore::operator<<):
        (WebCore::TimingFunction::transformTime const):
        * platform/animation/TimingFunction.h:
        * platform/graphics/ca/cocoa/PlatformCAAnimationCocoa.mm:
        (WebCore::toCAMediaTimingFunction):

2018-01-16  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] Live streaming cleanups
        https://bugs.webkit.org/show_bug.cgi?id=181672

        Reviewed by Michael Catanzaro.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): Switch to
        streaming code path when no content-length was reported by the
        http source element.
        (WebCore::MediaPlayerPrivateGStreamer::totalBytes const): Return early when streaming.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (CachedResourceStreamingClient::responseReceived): Emit headers as
        an element message, like souphttpsrc.

2018-01-15  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] misc fixes and cleanups
        https://bugs.webkit.org/show_bug.cgi?id=181647

        Reviewed by Michael Catanzaro.

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::convertEnumerationToString): New utility function to convert preload enum to string.
        * platform/graphics/MediaPlayerEnums.h: Ditto.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::load): Debug tweak
        (WebCore::MediaPlayerPrivateGStreamer::prepareToPlay): Ditto
        (WebCore::MediaPlayerPrivateGStreamer::play): Ditto
        (WebCore::MediaPlayerPrivateGStreamer::paused const): Ditto
        (WebCore::MediaPlayerPrivateGStreamer::processBufferingStats): Prevent useless state update.
        (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::updateStates): Debug tweak.
        (WebCore::MediaPlayerPrivateGStreamer::setDownloadBuffering): Ditto.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
        Remove useless handlesSyncMessage method.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::setMuted): Prevent useless state update.
        (WebCore::MediaPlayerPrivateGStreamerBase::muted const): Debug tweak.
        (WebCore::MediaPlayerPrivateGStreamerBase::setStreamVolumeElement): Ditto.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (webkit_web_src_init): Enable keepAlive by default like in souphttpsrc.
        (webKitWebSrcStart): Debug tweak.
        (webKitWebSrcQueryWithParent): Ditto.
        (webKitWebSrcNeedData): Ditto.
        (CachedResourceStreamingClient::responseReceived): Change appsrc
        stream-type when we wan't seek. Also update caps like souphttpsrc
        does.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.h: Add forward declaration of MediaPlayer.
        * platform/graphics/gstreamer/mse/MediaSourceClientGStreamerMSE.cpp:
        (WebCore::MediaSourceClientGStreamerMSE::append): Fix compilation warning.

2018-01-16  Yacine Bandou  <yacine.bandou_ext@softathome.com>

        [WPE] Two clearkey tests failing since r226621
        https://bugs.webkit.org/show_bug.cgi?id=181532

        Reviewed by Xabier Rodriguez-Calvar.

        Whith a fake initData, we can have a pssh size nul, thus we should check it.
        We saw this issue in the subtest "initData longer than 64Kb characters" in
        the clearkey-generate-request-disallowed-input layout test.

        * platform/encryptedmedia/clearkey/CDMClearKey.cpp:
        (WebCore::extractKeyidsLocationFromCencInitData):

2018-01-15  Yoav Weiss  <yoav@yoav.ws>

        Support for preconnect Link headers
        https://bugs.webkit.org/show_bug.cgi?id=181657

        Reviewed by Darin Adler.

        Move the preconnect functionality into its own function, and
        also call this function when Link headers are processed.

        Test: http/tests/preconnect/link-header-rel-preconnect-http.php

        * loader/LinkLoader.cpp:
        (WebCore::LinkLoader::loadLinksFromHeader): Call preconnect.
        (WebCore::LinkLoader::preconnect): Preconnect to a host functionality moved here.
        (WebCore::LinkLoader::preload): Renamed `preloadIfNeeded` to `preload`.
        (WebCore::LinkLoader::loadLink): Call preconnect.
        * loader/LinkLoader.h:

2018-01-15  Michael Catanzaro  <mcatanzaro@igalia.com>

        Improve use of ExportMacros
        https://bugs.webkit.org/show_bug.cgi?id=181652

        Reviewed by Konstantin Tokarev.

        Remove a comment.

        * platform/PlatformExportMacros.h:

2018-01-15  Konstantin Tokarev  <annulen@yandex.ru>

        image-rendering should affect scaling of border-image
        https://bugs.webkit.org/show_bug.cgi?id=169440

        Reviewed by Michael Catanzaro.

        Test: fast/borders/border-image-pixelated.html

        * rendering/style/NinePieceImage.cpp:
        (WebCore::NinePieceImage::paint):

2018-01-15  Tomas Popela  <tpopela@redhat.com>

        2.19.3 ACCELERATED_2D_CANVAS support is broken
        https://bugs.webkit.org/show_bug.cgi?id=180799

        Reviewed by Michael Catanzaro.

        * html/canvas/CanvasRenderingContext2DBase.cpp:
        (WebCore::CanvasRenderingContext2DBase::didDraw):

2018-01-15  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Enable HTTP/2
        https://bugs.webkit.org/show_bug.cgi?id=181551

        Reviewed by Michael Catanzaro.

        Start supporting HTTP/2 protocol. The first step is just enabling the HTTP/2 on Curl backend.
        Next step will be to enable multiplexing feature.

        No new tests because we don't have HTTP/2 test backend yet.

        * platform/network/curl/CurlContext.cpp:
        (WebCore::CurlContext::isHttp2Enabled const):
        (WebCore::CurlHandle::enableHttp):
        (WebCore::CurlHandle::enableHttpGetRequest):
        (WebCore::CurlHandle::enableHttpHeadRequest):
        (WebCore::CurlHandle::enableHttpPostRequest):
        (WebCore::CurlHandle::enableHttpPutRequest):
        (WebCore::CurlHandle::setHttpCustomRequest):
        * platform/network/curl/CurlContext.h:

2018-01-15  Dean Jackson  <dino@apple.com>

        Use a helper function for checked arithmetic in WebGL validation
        https://bugs.webkit.org/show_bug.cgi?id=181620
        <rdar://problem/36485879>

        Reviewed by Eric Carlson.

        Eric recommended using a templated helper function to do
        a common arithmetic check in WebGL validation.

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::validateIndexArrayConservative):
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::validateIndexArrayConservative):
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::validateIndexArrayPrecise):
        (WebCore::WebGLRenderingContextBase::validateDrawArrays):
        (WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0):
        (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0):
        * html/canvas/WebGLRenderingContextBase.h:
        (WebCore::WebGLRenderingContextBase::checkedAddAndMultiply): New helper.

2018-01-15  Dean Jackson  <dino@apple.com>

        Use traits for animation timing functions
        https://bugs.webkit.org/show_bug.cgi?id=181651
        <rdar://problem/36525328>

        Reviewed by Antoine Quint.

        Use the type traits for TimingFunction classes, so
        we can is<> and downcast<>.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::createTimingFunctionValue):
        * platform/animation/TimingFunction.cpp:
        (WebCore::TimingFunction::transformTime const):
        * platform/animation/TimingFunction.h:
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::animationHasStepsTimingFunction):
        (WebCore::animationHasFramesTimingFunction):
        * platform/graphics/ca/cocoa/PlatformCAAnimationCocoa.mm:
        (WebCore::toCAMediaTimingFunction):

2018-01-15  Youenn Fablet  <youenn@apple.com>

        RealtimeMediaSource should be ThreadSafeRefCounted
        https://bugs.webkit.org/show_bug.cgi?id=181649

        Reviewed by Eric Carlson.

        Difficult to write a test as this is really racy.
        RealtimeIncomingVideoSourceCocoa::OnFrame is taking a reference on a background thread
        to send a task to the main thread.
        This requires it to be thread safe ref counted.

        * platform/mediastream/RealtimeMediaSource.h:

2018-01-15  Philippe Normand  <pnormand@igalia.com>

        Prevent useless MediaPlayer mute state notifications
        https://bugs.webkit.org/show_bug.cgi?id=181646

        Reviewed by Carlos Garcia Campos.

        On GTK port the mute change notification was triggering the test
        runner to think the whole page mute state had changed and that
        media elements were muted. The simplest solution is to propagate
        the notification only if the state actually changed.

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::muteChanged): Propagate mute notification
        only if the mute state actually changed.

2018-01-15  Sebastian Dröge  <sebastian@centricular.com>

        [GStreamer] Don't wait for draw condition variable when shutting down.
        https://bugs.webkit.org/show_bug.cgi?id=180978

        Reviewed by Carlos Garcia Campos.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
        (WebCore::MediaPlayerPrivateGStreamerBase::cancelRepaint):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        By also waiting for the draw condition variable while shutting down,
        it is possible that the GStreamer video sink is waiting for the main
        thread to actually render the current frame, while at the same time
        the main thread is waiting for the GStreamer video sink to shut down,
        resulting in a deadlock.

2018-01-13  Minsheng Liu  <lambda@liu.ms>

        MathML Lengths should take zoom level into account
        https://bugs.webkit.org/show_bug.cgi?id=180029

        Reviewed by Frédéric Wang.

        The patch applies the effective zoom factor to physical units in toUserUnits().

        Test: mathml/presentation/mspace-units-with-zoom.html

        * rendering/mathml/RenderMathMLBlock.cpp:
        (WebCore::toUserUnits):

2018-01-12  Chris Dumez  <cdumez@apple.com>

        ASSERTION FAILED: registration || isTerminating() in WebCore::SWServerWorker::skipWaiting()
        https://bugs.webkit.org/show_bug.cgi?id=181603
        <rdar://problem/36476050>

        Reviewed by Youenn Fablet.

        No new tests, covered by existing tests that crash flakily.

        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::terminateWorkerInternal):
        If the connection to the context process is gone, make sure we make the worker as terminated
        so that it does not stay in Running state and in SWServer::m_runningOrTerminatingWorkers.

        * workers/service/server/SWServerRegistration.cpp:
        (WebCore::SWServerRegistration::~SWServerRegistration):
        Add assertions to make sure none of the registration's workers are still running when
        the registration is destroyed.

        (WebCore::SWServerRegistration::updateRegistrationState):
        Make sure registration workers that are overwritten are not still running.

        * workers/service/server/SWServerWorker.cpp:
        (WebCore::SWServerWorker::setState):
        If a worker's state is set to redundant, make sure we also terminate it.

2018-01-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r226927.
        https://bugs.webkit.org/show_bug.cgi?id=181621

        Breaks 32-bit and iOS release for some reason that i don't
        understand yet (Requested by dino on #webkit).

        Reverted changeset:

        "Use a helper function for checked arithmetic in WebGL
        validation"
        https://bugs.webkit.org/show_bug.cgi?id=181620
        https://trac.webkit.org/changeset/226927

2018-01-12  Myles C. Maxfield  <mmaxfield@apple.com>

        Data URL fonts split in the middle of an alphabet cause random letters to disappear
        https://bugs.webkit.org/show_bug.cgi?id=175845
        <rdar://problem/33996578>

        Reviewed by Brent Fulgham.

        It is fairly common practice for a font foundry to split a font up into two files such that a semi-random
        half of the alphabet is present in one of the files, and the other half is present in the other file. This
        practice involves representing the files as data URLs, so as to minimize the time it takes to load them.

        Because resource loading is asynchronous (even for data URLs), it is possible today to get a paint after
        the first file is loaded but before the second file is loaded. Indeed, because of the way font fallback
        works, we will never start loading the second file until a layout has occurred with the first font.

        Because a site usually only uses this pattern for a handful of fonts, and I've never seen this pattern
        being used for CJK fonts, it isn't very expensive to opportunistically decode these data URLs eagerly.
        Using this method doesn't actually guarantee that the two fonts will load in between successive paints,
        but it at least makes this much more likely. This patch implements this strategy, along with a size
        threshold to make sure that we won't decode any super large data URLs when it isn't necessary.

        Test: fast/text/font-load-data-partitioned-alphabet.html

        * css/CSSFontFace.cpp:
        (WebCore::CSSFontFace::opportunisticallyStartFontDataURLLoading):
        * css/CSSFontFace.h:
        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::opportunisticallyStartFontDataURLLoading):
        * css/CSSFontFaceSource.h:
        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::opportunisticallyStartFontDataURLLoading):
        * css/CSSFontSelector.h:
        * platform/graphics/FontCascadeFonts.cpp:
        (WebCore::opportunisticallyStartFontDataURLLoading):
        (WebCore::FontCascadeFonts::glyphDataForVariant):
        * platform/graphics/FontSelector.h:

2018-01-12  Alex Christensen  <achristensen@webkit.org>

        History state should be updated during client redirects with asynchronous policy decisions
        https://bugs.webkit.org/show_bug.cgi?id=181358
        <rdar://problem/35547689>

        Reviewed by Andy Estes.

        When decidePolicyForNavigationAction is responded to asynchronously during a client redirect, 
        HistoryController::updateForRedirectWithLockedBackForwardList does not update the history because
        the document loader has not been marked as a client redirect because the FrameLoader only looks
        at its provisional document loader to mark it as a client redirect.  When decidePolicyForNavigationAction
        is responded to asynchronously, though, the FrameLoader's provisional document loader has moved to 
        its policy document loader.  To get both asynchronous and synchronous cases, let's just mark the document
        loader as a client redirect whether it's the provisional or policy document loader.

        Covered by a new API test.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::loadPostRequest):

2018-01-12  Dean Jackson  <dino@apple.com>

        Use a helper function for checked arithmetic in WebGL validation
        https://bugs.webkit.org/show_bug.cgi?id=181620
        <rdar://problem/36485879>

        Reviewed by Eric Carlson.

        Eric recommended using a templated helper function to do
        a common arithmetic check in WebGL validation.

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::validateIndexArrayConservative):
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::validateIndexArrayConservative):
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::checkedAddAndMultiply): New helper.
        (WebCore::WebGLRenderingContextBase::validateIndexArrayPrecise):
        (WebCore::WebGLRenderingContextBase::validateDrawArrays):
        (WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0):
        (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0):
        * html/canvas/WebGLRenderingContextBase.h:

2018-01-12  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] CTFontCopyDefaultCascadeListForLanguages() can return nullptr
        https://bugs.webkit.org/show_bug.cgi?id=181615
        <rdar://problem/36334637>

        Reviewed by Jon Lee.

        Speculative fix. We are getting crash reports saying that this call can return nullptr, and we
        don't check for it.

        No new tests because I couldn't find the specific input that causes it to return nullptr. (I
        tried running this code with every 0, 1, and 2 length locale string, every weight value, and
        every italic value, and couldn't get it to crash. I also inspected the code to figure out what
        values would cause it to return nullptr, and I couldn't find anything other than if the system
        has a totally busted font setup.)

        * platform/graphics/cocoa/FontDescriptionCocoa.cpp:
        (WebCore::SystemFontDatabase::computeCascadeList):

2018-01-11  Dean Jackson  <dino@apple.com>

        [WebGL] Simulated vertexAttrib0 can sometimes cause OUT_OF_MEMORY errors
        https://bugs.webkit.org/show_bug.cgi?id=181558
        <rdar://problem/36189833>

        Reviewed by Eric Carlson.

        Very large element indices in the ELEMENT_ARRAY_BUFFER meant that
        our simulated vertexAttrib0 buffer might be too large. We need
        to check for out-of-memory, but we can also detect some of the issues
        earlier in our validation code. Additionally, make sure that we don't
        accidentally cast an unsigned to a signed.

        Test: fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies.html

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::validateIndexArrayConservative): Update validation
        code to look for overflow, rather than relying on looking for sign changes.
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::validateIndexArrayConservative): Ditto.
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::validateIndexArrayPrecise):
        (WebCore::WebGLRenderingContextBase::drawArrays): Check that we were able to simulate.
        (WebCore::WebGLRenderingContextBase::drawElements):
        (WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0): Update validation code, and
        use GC3Duint, since that's what the indicies are.
        (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Ditto.
        (WebCore::WebGLRenderingContextBase::drawArraysInstanced): Check that we were able to simulate.
        (WebCore::WebGLRenderingContextBase::drawElementsInstanced):
        * html/canvas/WebGLRenderingContextBase.h:

2018-01-12  Wenson Hsieh  <wenson_hsieh@apple.com>

        Large in-place attachment elements cause the document width to expand when inserted
        https://bugs.webkit.org/show_bug.cgi?id=181614

        Reviewed by Dan Bernstein.

        Make in-place images and videos have a max-width of 100%, so that large attachments aren't inserted with full
        display size, causing the document and viewport width to expand.

        * html/HTMLAttachmentElement.cpp:
        (WebCore::HTMLAttachmentElement::populateShadowRootIfNecessary):

2018-01-12  Keith Rollin  <krollin@apple.com>

        Logged JSON should escape "'s and \'s in strings.
        https://bugs.webkit.org/show_bug.cgi?id=181608

        Reviewed by Brent Fulgham.

        No new tests -- no new functionality, just changed logging. The
        efficacy of the logging was verified by inspecting its output.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):

2018-01-12  Dean Jackson  <dino@apple.com>

        drawElements should be invalid if vertexAttrib0 doesn't have data
        https://bugs.webkit.org/show_bug.cgi?id=181609
        <rdar://problem/36392883>

        Reviewed by Antoine Quint.

        If a vertex attribute has been enabled, but no data provided, then
        draw validation should fail.

        Test: fast/canvas/webgl/drawElements-empty-vertex-data.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::validateVertexAttributes): If there were
        never any data in the vertex buffer, then we incorrectly compared with 0.

2018-01-12  Youenn Fablet  <youenn@apple.com>

        FormDataElement::lengthInBytes should use ThreadableBlobRegistry
        https://bugs.webkit.org/show_bug.cgi?id=181554

        Reviewed by Chris Dumez.

        Covered by updated test.

        Fix blobRegistry() use and add support for creating a response that may trigger the issue.


        * platform/network/FormData.cpp:
        (WebCore::FormDataElement::lengthInBytes const): Was using directly blobRegistry() while ThreadableBlobRegistry is more appropriate
        in case this is called from workers.
        * Modules/fetch/FetchBody.h:
        * Modules/fetch/FetchResponse.h:
        * fileapi/Blob.h:
        * testing/ServiceWorkerInternals.cpp:
        (WebCore::ServiceWorkerInternals::createOpaqueWithBlobBodyResponse):
        * testing/ServiceWorkerInternals.h:
        * testing/ServiceWorkerInternals.idl:

2018-01-12  Jer Noble  <jer.noble@apple.com>

        Wrap CDMFairPlayStreaming and related classes in ENABLE(ENCRYPTED_MEDIA) checks
        https://bugs.webkit.org/show_bug.cgi?id=181602

        Reviewed by Maciej Stachowiak.

        * platform/graphics/avfoundation/CDMFairPlayStreaming.h:
        * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.h:
        * platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:

2018-01-12  Youenn Fablet  <youenn@apple.com>

        WebProcess should pass the registration identifier and not the worker identifier for fetch events
        https://bugs.webkit.org/show_bug.cgi?id=181591

        Reviewed by Chris Dumez.

        Test: http/wpt/service-workers/update-service-worker.https.html

        Store service worker registration identifier in ResourceLoaderOptions instead of service worker identifier.

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
        (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
        * loader/ResourceLoaderOptions.h:
        * loader/WorkerThreadableLoader.cpp:
        (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::prepareFetch):
        (WebCore::CachedResourceLoader::determineRevalidationPolicy const):
        * loader/cache/CachedResourceRequest.cpp:
        (WebCore::CachedResourceRequest::setSelectedServiceWorkerRegistrationIdentifierIfNeeded):
        (WebCore::CachedResourceRequest::setNavigationServiceWorkerRegistrationData):
        (WebCore::CachedResourceRequest::setSelectedServiceWorkerIdentifierIfNeeded): Deleted.
        * loader/cache/CachedResourceRequest.h:
        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::loadSynchronously):
        (WebCore::WorkerScriptLoader::loadAsynchronously):
        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::activeWorkerFromRegistrationID):
        * workers/service/server/SWServer.h:

2018-01-12  Fujii Hironori  <Hironori.Fujii@sony.com>

        [Win][CMake] Remove all-in-one file for WebCore DerivedSources
        https://bugs.webkit.org/show_bug.cgi?id=181582

        Reviewed by Alex Christensen.

        Those source files are compiled in unified source build nowadays.

        No new tests (No behavior change)

        * CMakeLists.txt: Removed calling PROCESS_ALLINONE_FILE.
        * DerivedSources.cpp: Removed.
        * WebCoreMacros.cmake: Removed a macro PROCESS_ALLINONE_FILE.

2018-01-12  Fujii Hironori  <Hironori.Fujii@sony.com>

        [WinCairo][CMake] Use ${CURL_LIBRARY} instead of specifying the library name libcurl_imp explicitly
        https://bugs.webkit.org/show_bug.cgi?id=181578

        Reviewed by Alex Christensen.

        vcpkg has libcurl.lib, not libcurl_imp.lib.

        No new tests because no behavior change.

        * PlatformWinCairo.cmake: Link ${CURL_LIBRARY} instead of libcurl_imp.

2018-01-12  Jer Noble  <jer.noble@apple.com>

        WebGL video texture black in Safari 11.0.2 and wrong colored in Safari Preview 11.1
        https://bugs.webkit.org/show_bug.cgi?id=181445
        <rdar://problem/36383183>

        Reviewed by Dean Jackson.

        Tests: added compile-time correctness tests for YCbCrMatrix values.

        Perform the derivation from YCbCr coefficients into matrices in constexpr expressions
        at compile-time. This allows us to also perform compile-time correctness checks to catch
        regressions which may cause incorrect color conversions.

        Since we now have general-purpose derivation of matrix values from coefficients,
        adding missing specificed matrices is trivial, so add support for SMPTE 240M and BT.2020
        matrices.

        * platform/graphics/cv/VideoTextureCopierCV.cpp:
        (WebCore::GLfloatColor::GLfloatColor):
        (WebCore::GLfloatColor::abs):
        (WebCore::GLfloatColor::isApproximatelyEqualTo const):
        (WebCore::YCbCrMatrix::operator Vector<GLfloat> const):
        (WebCore::YCbCrMatrix::YCbCrMatrix):
        (WebCore::YCbCrMatrix::operator* const):
        (WebCore::YCbCrToRGBMatrixForRangeAndTransferFunction):

2018-01-12  Antoine Quint  <graouts@apple.com>

        Add support for the frames() timing function
        https://bugs.webkit.org/show_bug.cgi?id=181585
        <rdar://problem/36463317>

        Reviewed by Dean.

        Implement the frames() timing function as specified in the CSS Timing Functions Level 1
        specification, specifically https://www.w3.org/TR/css-timing-1/#frames-timing-functions.
        A frames timing function is a type of timing function that divides the input time into a
        specified number of intervals of equal length.

        Test: transitions/frames-timing-function.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::createTimingFunctionValue):
        * css/CSSTimingFunctionValue.cpp:
        (WebCore::CSSFramesTimingFunctionValue::customCSSText const):
        (WebCore::CSSFramesTimingFunctionValue::equals const):
        * css/CSSTimingFunctionValue.h:
        * css/CSSToStyleMap.cpp:
        (WebCore::CSSToStyleMap::mapAnimationTimingFunction):
        * css/CSSValue.cpp:
        (WebCore::CSSValue::equals const):
        (WebCore::CSSValue::cssText const):
        (WebCore::CSSValue::destroy):
        * css/CSSValue.h:
        (WebCore::CSSValue::isFramesTimingFunctionValue const):
        * css/CSSValueKeywords.in:
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeSteps):
        (WebCore::consumeFrames):
        (WebCore::consumeAnimationTimingFunction):
        * platform/animation/TimingFunction.cpp:
        (WebCore::operator<<):
        (WebCore::TimingFunction::transformTime const):
        * platform/animation/TimingFunction.h:
        (WebCore::TimingFunction::isFramesTimingFunction const):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::animationHasFramesTimingFunction):
        (WebCore::GraphicsLayerCA::animationCanBeAccelerated const):

2018-01-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r226721.
        https://bugs.webkit.org/show_bug.cgi?id=181583

        Lets do a slightly different fix (Requested by anttik on
        #webkit).

        Reverted changeset:

        "REGRESSION(r225650): The scores of MotionMark tests Multiply
        and Leaves dropped by 8%"
        https://bugs.webkit.org/show_bug.cgi?id=181460
        https://trac.webkit.org/changeset/226721

2018-01-11  Keith Miller  <keith_miller@apple.com>

        Rename ENABLE_ASYNC_ITERATION to ENABLE_JS_ASYNC_ITERATION
        https://bugs.webkit.org/show_bug.cgi?id=181573

        Reviewed by Simon Fraser.

        * Configurations/FeatureDefines.xcconfig:

2018-01-11  Jiewen Tan  <jiewen_tan@apple.com>

        [WebAuthN] Import a CBOR coder from Chromium
        https://bugs.webkit.org/show_bug.cgi?id=181522
        <rdar://problem/36055729>

        Reviewed by Brent Fulgham.

        This patch imports a CBOR coder including encoder and decoder from Chromium. CBOR encoder
        is needed for WebAuthN to encode attestation object into binaries. When supporting extensions
        in the future, CBOR encoder/decoder will be needed as well. Implementating and maintaining
        a fully-fledged CBOR coder doesn't seem to align with WebKit's best interests. Therefore,
        importing a most suitable third party implementation will be wise.

        In this patch, it fully integrate the whole coder into our codebase. Those changes includes:
            1. Substitute data structures that enjoy a better WTF version.
            2. Replacing marcos.
            3. Implementating workarounds for some functionalities that we lack fundamental types' support.
            4. Changing the coding style to match ours.

        This patch doesn't intend to improve the logic of the original codebase. Hence some of the
        coding logic might not match what WebKit ususally has.

        Here is a full list of Chromium changes that constructed this CBOR coder in chronological order:
        6efcf495521d18d060027762f48bb292d6979136,
        9eb43fd347890b4c6cf54c4bd7ec1bbb88e381e1,
        31c85e74fd567772f18e0a41be468d04af721f21,
        68672fdcad280a8ff69b91927d38d0eabf2c87f2,
        0ca8667c0584fb21c0748ebd7468d32889759a07,
        df763d790d7e45d70116bdefacbfd4f9faa8995e,
        6d30c4a621c65314db63eb56e87c19ab75627b26,
        50fe92953f4739f17a62303fedbf8db9234317c8,
        47be22c3603424d1832d046a348ff3f982500288,
        98a59e46948b2c71608926004fac8192b0ff2208,
        07540c6d850ed6e0fa508d63c20a8ce96d751de6,
        06ae32d640c8e4b86ea8914a80ee419ea16e56d8.

        Covered by API tests.

        * Modules/webauthn/cbor/CBORBinary.h: Added.
        * Modules/webauthn/cbor/CBORReader.cpp: Added.
        (cbor::CBORReader::CBORReader):
        (cbor::CBORReader::~CBORReader):
        (cbor::CBORReader::read):
        (cbor::CBORReader::decodeCBOR):
        (cbor::CBORReader::readVariadicLengthInteger):
        (cbor::CBORReader::decodeValueToNegative):
        (cbor::CBORReader::decodeValueToUnsigned):
        (cbor::CBORReader::readSimpleValue):
        (cbor::CBORReader::readString):
        Workarounds applied.
        (cbor::CBORReader::readBytes):
        (cbor::CBORReader::readCBORArray):
        (cbor::CBORReader::readCBORMap):
        (cbor::CBORReader::canConsume):
        (cbor::CBORReader::checkMinimalEncoding):
        (cbor::CBORReader::checkExtraneousData):
        (cbor::CBORReader::checkDuplicateKey):
        (cbor::CBORReader::hasValidUTF8Format):
        Workarounds applied.
        (cbor::CBORReader::checkOutOfOrderKey):
        (cbor::CBORReader::getErrorCode):
        (cbor::CBORReader::errorCodeToString):
        * Modules/webauthn/cbor/CBORReader.h: Added.
        * Modules/webauthn/cbor/CBORValue.cpp: Added.
        (cbor::CBORValue::CBORValue):
        (cbor::CBORValue::operator=):
        (cbor::CBORValue::~CBORValue):
        (cbor::CBORValue::clone const):
        (cbor::CBORValue::getInteger const):
        (cbor::CBORValue::getUnsigned const):
        (cbor::CBORValue::getNegative const):
        (cbor::CBORValue::getString const):
        (cbor::CBORValue::getByteString const):
        (cbor::CBORValue::getArray const):
        (cbor::CBORValue::getMap const):
        (cbor::CBORValue::getSimpleValue const):
        (cbor::CBORValue::internalMoveConstructFrom):
        (cbor::CBORValue::internalCleanup):
        * Modules/webauthn/cbor/CBORValue.h: Added.
        * Modules/webauthn/cbor/CBORWriter.cpp: Added.
        (cbor::CBORWriter::~CBORWriter):
        (cbor::CBORWriter::write):
        (cbor::CBORWriter::CBORWriter):
        (cbor::CBORWriter::encodeCBOR):
        Workarounds applied.
        (cbor::CBORWriter::startItem):
        (cbor::CBORWriter::setAdditionalInformation):
        (cbor::CBORWriter::setUint):
        (cbor::CBORWriter::getNumUintBytes):
        * Modules/webauthn/cbor/CBORWriter.h: Added.
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:

2018-01-11  Chris Dumez  <cdumez@apple.com>

        Setting Window.opener to null should disown its opener
        https://bugs.webkit.org/show_bug.cgi?id=181505
        <rdar://problem/36443151>

        Reviewed by Ryosuke Niwa.

        Setting Window.opener to null should disown its opener as per:
        - https://html.spec.whatwg.org/#dom-opener

        With this change, tabs opened by clicking link inside Gmail no
        longer have the Gmail window as opener.

        Tests: fast/dom/Window/window-opener-set-to-null.html
               fast/dom/Window/window-opener-shadowing.html

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::setOpener):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::disownOpener):
        * page/DOMWindow.h:
        * page/DOMWindow.idl:

2018-01-11  Myles C. Maxfield  <mmaxfield@apple.com>

        [Cocoa] Star character disappears when bolded
        https://bugs.webkit.org/show_bug.cgi?id=181568
        <rdar://problem/18755569>

        Reviewed by Simon Fraser.

        We had some code in ComplexTextController to ask the FontCache for a font, given the name
        of a particular font CoreText used inside a CTRun. This is wrong for two reasons: fonts
        are not identifiable by PostScript name (in the general case), and because the lookup
        procedure requires a FontDescription, the result may yield a font that is not the one
        looked up. The goal of this code was simply to preserve the rendering mode of the font,
        but we removed support for these rendering modes years ago. So the solution is to skip
        that lookup and use the CoreText font directly.

        Test: fast/text/unknown-font.html

        * platform/graphics/mac/ComplexTextControllerCoreText.mm:
        (WebCore::ComplexTextController::collectComplexTextRunsForCharacters):

2018-01-11  Keith Rollin  <krollin@apple.com>

        Add optional logging of ITP-related user interaction information
        https://bugs.webkit.org/show_bug.cgi?id=181556

        Reviewed by Brent Fulgham.

        In order to support the tracking of the efficacy of Intelligent
        Tracking Protection, add some logging indicating when the user
        interacts with a page in a way that affects cookie partitioning. This
        logging is off by default, and is enabled with `defaults write -g
        WebKitLogCookieInformation -bool true`.

        No new tests -- no changed functionality.

        * loader/ResourceLoadObserver.cpp:
        (WebCore::ResourceLoadObserver::logUserInteractionWithReducedTimeResolution):
        * loader/ResourceLoadObserver.h:
        (WebCore::ResourceLoadObserver::shouldLogUserInteraction const):
        (WebCore::ResourceLoadObserver::setShouldLogUserInteraction):

2018-01-11  James Craig  <jcraig@apple.com>

        AX: when invert colors is on, double-invert video elements in UserAgentStyleSheet
        https://bugs.webkit.org/show_bug.cgi?id=168447
        <rdar://problem/30559874>

        Reviewed by Simon Fraser.

        Double-invert video when platform "invert colors" setting is enabled. Behavior matches 
        current "Smart Invert" feature of Safari Reader on macOS/iOS and other iOS native apps.

        Tests: accessibility/smart-invert-reference.html
               accessibility/smart-invert.html

        * Modules/modern-media-controls/controls/media-controls.css:
        (@media (inverted-colors)):
        (:host):
        (picture):
        * css/html.css:
        (@media (inverted-colors)):
        (video):

2018-01-11  Wenson Hsieh  <wenson_hsieh@apple.com>

        Don't load inline data when requesting info for an attachment element backed by a file path
        https://bugs.webkit.org/show_bug.cgi?id=181550

        Reviewed by Tim Horton.

        When requesting data for an attachment element that is backed by a file path, we currently trigger a load in the
        web process to fetch contents of the attachment data as inline data in the AttachmentInfo. This is unnecessary,
        since the file path of the attachment element must have come from the UI process anyways, so it is sufficient to
        simply send the file path to the UI process and have the UI process read the contents of the path as a memory-
        mapped NSData.

        This patch lets HTMLAttachmentElement skip over resource loading codepaths when creating an AttachmentInfo for
        the client, and also teaches _WKAttachment to read a AttachmentInfo's filepath as memory-mapped data if a file
        path is present, and no inline data was specified.

        Covered by existing API tests.

        * html/HTMLAttachmentElement.cpp:
        (WebCore::HTMLAttachmentElement::requestInfo):

2018-01-10  Ryosuke Niwa  <rniwa@webkit.org>

        Make elements of zero width or height focusable
        https://bugs.webkit.org/show_bug.cgi?id=181516

        Reviewed by Chris Dumez.

        Don't check render box's size or bounding rect when deciding whether an element is focusable.
        New behavior matches that of Firefox and Chrome.

        Test: fast/events/focus-zero-size-element.html

        * dom/Element.cpp:
        (WebCore::Element::isFocusable): Only update the style.
        * html/HTMLFormControlElement.cpp:
        (WebCore::HTMLFormControlElement::isFocusable const): Deleted.
        * html/HTMLFormControlElement.h:
        * mathml/MathMLElement.cpp:
        (WebCore::MathMLElement::isFocusable const): Deleted. As far as I can tell, no math ml element is focusable.
        * mathml/MathMLElement.h:
        * svg/SVGAElement.cpp:
        (WebCore::SVGAElement::isFocusable const): Deleted.
        * svg/SVGAElement.h:

2018-01-11  Filip Pizlo  <fpizlo@apple.com>

        Rename MarkedAllocator to BlockDirectory and AllocatorAttributes to CellAttributes
        https://bugs.webkit.org/show_bug.cgi?id=181543

        Rubber stamped by Michael Saboff.

        No new tests because I'm just renaming things.

        * ForwardingHeaders/heap/BlockDirectoryInlines.h: Copied from Source/WebCore/ForwardingHeaders/heap/MarkedAllocatorInlines.h.
        * ForwardingHeaders/heap/MarkedAllocatorInlines.h: Removed.
        * bindings/js/DOMGCOutputConstraint.cpp:

2018-01-11  Alex Christensen  <achristensen@webkit.org>

        REGRESSION(r225003): Loading hangs in environments where dispatch_async does not work
        https://bugs.webkit.org/show_bug.cgi?id=181553
        <rdar://problem/35733938>

        Reviewed by Eric Carlson.

        There is an environment where dispatch_async does not work, but performSelectorOnMainThread works.
        r225003 broke loading in this environment.  This fixes it and updates the test that r225003 fixed.
        It failed sometimes because loading was happening in a different order than html parsing, so I made
        the test not depend on html parsing timing by updating media/video-src-remove.html.

        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (-[WebCoreResourceHandleAsOperationQueueDelegate callFunctionOnMainThread:]):

2018-01-11  Dean Jackson  <dino@apple.com>

        Rolling out 226814. It crashes on some bots.

2018-01-11  Dean Jackson  <dino@apple.com>

        [WebGL] Simulated vertexAttrib0 can sometimes cause OUT_OF_MEMORY errors
        https://bugs.webkit.org/show_bug.cgi?id=181558
        <rdar://problem/36189833>

        Reviewed by Eric Carlson.

        Very large element indices in the ELEMENT_ARRAY_BUFFER meant that
        our simulated vertexAttrib0 buffer might be too large. We need
        to check for out-of-memory, but we can also detect some of the issues
        earlier in our validation code. Additionally, make sure that we don't
        accidentally cast an unsigned to a signed.

        Test: fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies.html

        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::validateIndexArrayConservative): Update validation
        code to look for overflow, rather than relying on looking for sign changes.
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::validateIndexArrayConservative): Ditto.
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::validateIndexArrayPrecise):
        (WebCore::WebGLRenderingContextBase::drawArrays): Check that we were able to simulate.
        (WebCore::WebGLRenderingContextBase::drawElements):
        (WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0): Update validation code, and
        use GC3Duint, since that's what the indicies are.
        (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Ditto.
        (WebCore::WebGLRenderingContextBase::drawArraysInstanced): Check that we were able to simulate.
        (WebCore::WebGLRenderingContextBase::drawElementsInstanced):
        * html/canvas/WebGLRenderingContextBase.h:

2018-01-11  Chris Dumez  <cdumez@apple.com>

        ASSERTION FAILED: registration in WebCore::SWServerWorker::skipWaiting()
        https://bugs.webkit.org/show_bug.cgi?id=181222
        <rdar://problem/36332686>

        Reviewed by Youenn Fablet.

        Replace assertion in SWServerWorker::skipWaiting() that assumes the worker
        has a registration. Nowadays, a SWServerWorker can stay alive for a short
        period without having a registration, while it is terminating.

        No new tests, unskipped existing test.

        * workers/service/server/SWServerWorker.cpp:
        (WebCore::SWServerWorker::skipWaiting):

2018-01-11  Antti Koivisto  <antti@apple.com>

        Don't call RenderElement::setStyle when nothing changes
        https://bugs.webkit.org/show_bug.cgi?id=181530

        Reviewed by Zalan Bujtas.

        * style/StyleChange.h:

        Remove 'Force' value. This essentially meant 'compute style for all descendants and call setStyle unconditionally'.
        Using this value lost information about whether anything actually changed in a particular style as it was automatically
        inherited by all descendants. The 'compute all descendants' part of the behavior is what is actually needed.

        Instead add separate DescendantsToResolve enum for communicating what else to compute.

        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::Parent::Parent):
        (WebCore::Style::computeDescendantsToResolve):

            Figure out which descendants will need resolving based on how the current elements style changed.

        (WebCore::Style::TreeResolver::resolveElement):
        (WebCore::Style::TreeResolver::createAnimatedElementUpdate):
        (WebCore::Style::TreeResolver::pushParent):
        (WebCore::Style::shouldResolveElement):

            Use DescendantsToResolve as input.

        (WebCore::Style::TreeResolver::resolveComposedTree):
        * style/StyleTreeResolver.h:
        * style/StyleUpdate.h:
        (WebCore::Style::ElementUpdates::ElementUpdates):

            Add DescendantsToResolve.

2018-01-11  Wenson Hsieh  <wenson_hsieh@apple.com>

        Send PromisedBlobInfo to the client through DragItem instead of DragClient::prepareToDragPromisedBlob
        https://bugs.webkit.org/show_bug.cgi?id=181497

        Reviewed by Tim Horton.

        Refactor drag initiation with DOMFile-backed attachment elements. See WebKit ChangeLog for more information. No
        change in behavior; promised blob dragging covered by WKAttachment API tests.

        * loader/EmptyClients.cpp:
        * page/DragClient.h:
        (WebCore::DragClient::prepareToDragPromisedBlob): Deleted.
        * page/DragController.cpp:
        (WebCore::DragController::startDrag):
        (WebCore::DragController::doImageDrag):
        (WebCore::DragController::doSystemDrag):
        (WebCore::DragController::promisedBlobInfo):
        (WebCore::DragController::dragAttachmentElement): Deleted.
        * page/DragController.h:
        * platform/DragItem.h:
        (WebCore::DragItem::encode const):
        (WebCore::DragItem::decode):

2018-01-11  Youenn Fablet  <youenn@apple.com>

        RTCController should disable ICE candidate filtering in case of getUserMedia based on the RTCPerrConnection origin
        https://bugs.webkit.org/show_bug.cgi?id=180851

        Reviewed by Eric Carlson.

        Test: http/wpt/webrtc/third-party-frame-ice-candidate-filtering.html

        RTCController now stores all the client origins (top+frame origins) of frames that got access to camera/microphone access.
        For any such client origin, PeerConnection objects ICE candidate filtering is disabled.
        ICE candidate filtering is reset whenever navigating/reloading the page.

        * Modules/mediastream/RTCController.cpp:
        (WebCore::RTCController::reset):
        (WebCore::matchDocumentOrigin):
        (WebCore::RTCController::shouldDisableICECandidateFiltering):
        (WebCore::RTCController::add):
        (WebCore::RTCController::disableICECandidateFilteringForAllOrigins):
        (WebCore::RTCController::disableICECandidateFiltering):
        (WebCore::RTCController::enableICECandidateFiltering):
        * Modules/mediastream/RTCController.h:
        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::create):
        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::allow):
        * page/Page.cpp:
        (WebCore::Page::disableICECandidateFiltering):
        * testing/Internals.cpp:
        (WebCore::Internals::setICECandidateFiltering):

2018-01-11  Ali Juma  <ajuma@chromium.org>

        window.visualViewport should behave as [SameObject]
        https://bugs.webkit.org/show_bug.cgi?id=181548

        Reviewed by Chris Dumez.

        Add 'GenerateIsReachable' to VisualViewport so that window.visualViewport's
        JS wrapper object doesn't get garbage collected too soon.

        Test: fast/visual-viewport/visual-viewport-same-object.html

        * page/VisualViewport.idl:

2018-01-11  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Extract multipart handling from ResourceHandle to CurlRequest.
        https://bugs.webkit.org/show_bug.cgi?id=181506

        Reviewed by Alex Christensen.

        Rename old MultipartHandle class to CurlMultipartHandle and modernize it. Also move the responsibility 
        of handling multi part from ResourceHandle to CurlRequest. This is required for upcoming NetworkLoadTask.

        No new tests because no new behavior.

        * platform/Curl.cmake:
        * platform/network/curl/CurlMultipartHandle.cpp: Renamed from Source/WebCore/platform/network/curl/MultipartHandle.cpp.
        (WebCore::CurlMultipartHandle::createIfNeeded):
        (WebCore::CurlMultipartHandle::extractBoundary):
        (WebCore::CurlMultipartHandle::extractBoundaryFromContentType):
        (WebCore::CurlMultipartHandle::CurlMultipartHandle):
        (WebCore::CurlMultipartHandle::didReceiveData):
        (WebCore::CurlMultipartHandle::didComplete):
        (WebCore::CurlMultipartHandle::processContent):
        (WebCore::CurlMultipartHandle::checkForBoundary):
        (WebCore::CurlMultipartHandle::matchedLength):
        (WebCore::CurlMultipartHandle::parseHeadersIfPossible):
        * platform/network/curl/CurlMultipartHandle.h: Renamed from Source/WebCore/platform/network/curl/MultipartHandle.h.
        (WebCore::CurlMultipartHandle::~CurlMultipartHandle):
        * platform/network/curl/CurlMultipartHandleClient.h: Added.
        (WebCore::CurlMultipartHandleClient::~CurlMultipartHandleClient):
        * platform/network/curl/CurlRequest.cpp:
        (WebCore::CurlRequest::CurlRequest):
        (WebCore::CurlRequest::didReceiveHeader):
        (WebCore::CurlRequest::didReceiveData):
        (WebCore::CurlRequest::didReceiveHeaderFromMultipart):
        (WebCore::CurlRequest::didReceiveDataFromMultipart):
        (WebCore::CurlRequest::didCompleteTransfer):
        (WebCore::CurlRequest::finalizeTransfer):
        (WebCore::CurlRequest::invokeDidReceiveResponseForFile):
        (WebCore::CurlRequest::invokeDidReceiveResponse):
        (WebCore::CurlRequest::completeDidReceiveResponse):
        * platform/network/curl/CurlRequest.h:
        (WebCore::CurlRequest::create):
        * platform/network/curl/ResourceHandleCurlDelegate.cpp:
        (WebCore::ResourceHandleCurlDelegate::createCurlRequest):
        (WebCore::ResourceHandleCurlDelegate::curlDidReceiveResponse):
        (WebCore::ResourceHandleCurlDelegate::curlDidReceiveBuffer):
        (WebCore::ResourceHandleCurlDelegate::curlDidComplete):
        * platform/network/curl/ResourceHandleCurlDelegate.h:

2018-01-11  Zalan Bujtas  <zalan@apple.com>

        RenderTreeUpdater::current() returns null_ptr when mutation is done through Document::resolveStyle.
        https://bugs.webkit.org/show_bug.cgi?id=181513
        <rdar://problem/36367085>

        Reviewed by Antti Koivisto.

        This patch ensures that we use a valid RenderTreeBuilder even when
        Document::resolveStyle (incorrectly) triggers tree mutation.
        It can be reverted soon after the incorrect mutations are taken care of.

        Test: fast/forms/button-set-text-crash.html

        * rendering/RenderButton.cpp:
        (WebCore::RenderButton::setText):
        * rendering/RenderMenuList.cpp:
        (RenderMenuList::setText):

2018-01-11  Antoine Quint  <graouts@apple.com>

        Only listen to webkitplaybacktargetavailabilitychanged when media controls are visible to the user
        https://bugs.webkit.org/show_bug.cgi?id=181547
        <rdar://problem/35947650>

        Reviewed by Eric Carlson.

        Because listening to "webkitplaybacktargetavailabilitychanged" events incurs some higher power usage on iOS,
        we only listen to such events when controls are visible to the user. In other words, the MediaControls need to
        have both "visible" set to "true" and "faded" set to "false". To support this, we add a delegate method on
        MediaControls such that it can tell the MediaController that the "visible" property changed. With this message,
        MediaController can inform its MediaControllerSupport objects that user visibility of the controls changed, which
        lets AirplaySupport disable itself when controls are no longer visible.

        Test: media/modern-media-controls/airplay-support/airplay-support-disable-event-listeners-with-hidden-controls.html

        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.set visible):
        * Modules/modern-media-controls/media/airplay-support.js:
        (AirplaySupport.prototype.controlsUserVisibilityDidChange):
        * Modules/modern-media-controls/media/media-controller-support.js:
        (MediaControllerSupport.prototype.controlsUserVisibilityDidChange):
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype.mediaControlsVisibilityDidChange):
        (MediaController.prototype.mediaControlsFadedStateDidChange):
        (MediaController.prototype._controlsUserVisibilityDidChange):

2018-01-11  Antoine Quint  <graouts@apple.com>

        [iOS] There should be no controls markup generated in fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=181540
        <rdar://problem/35060379>

        Reviewed by Eric Carlson.

        We completely forgo the display of any content when fullscreen on iOS by setting the
        "visible" flag to "false" on the MediaControls, which will prevent any DOM content from
        being added.

        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype.handleEvent):
        (MediaController.prototype._updateiOSFullscreenProperties):
        (MediaController):
        (MediaController.prototype._updateSupportingObjectsEnabledState): Deleted.

2018-01-11  Alex Christensen  <achristensen@webkit.org>

        Revert changes accidentally committed with r226789.
        https://bugs.webkit.org/show_bug.cgi?id=181423

        I had some local changes I did not mean to commit.

        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (scheduledWithCustomRunLoopMode):
        (-[WebCoreResourceHandleAsOperationQueueDelegate callFunctionOnMainThread:]):
        (WebCore::if): Deleted.
        (WebCore::>::fromCallable): Deleted.

2018-01-10  Simon Fraser  <simon.fraser@apple.com>

        On macOS, getBoundingClientRect gives incorrect values when pinch-zoomed
        https://bugs.webkit.org/show_bug.cgi?id=181511
        rdar://problem/33741427

        Reviewed by Zalan Bujtas.
        
        When reverting "client coordinates are relative to layout viewport" in r219829
        I broke documentToClientOffset() on macOS by failing to take pinch zoom scale into
        account (frameScaleFactor() is always 1 on iOs, so this bug doesn't manifest there).

        Covered by existing tests.

        * page/FrameView.cpp:
        (WebCore::FrameView::documentToClientOffset const):

2018-01-11  Youenn Fablet  <youenn@apple.com>

        Replace WebRTCLegacyAPIDisabled by WebRTCLegacyAPIEnabled and switch off WebRTC legacy flag by default
        https://bugs.webkit.org/show_bug.cgi?id=181480

        Reviewed by Eric Carlson.

        No change of behavior.

        * page/RuntimeEnabledFeatures.h: Set default value to false.

2018-01-11  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Support moving attachment elements in editable areas using drag and drop
        https://bugs.webkit.org/show_bug.cgi?id=181337
        <rdar://problem/36324813>

        Reviewed by Tim Horton.

        Makes slight adjustments to attachment-specific drag and drop logic to ensure that moving attachments via drag
        and drop behaves correctly. See per-change comments for more detail.

        Tests:  WKAttachmentTests.DragInPlaceVideoAttachmentElement
                WKAttachmentTests.MoveAttachmentElementAsIconByDragging
                WKAttachmentTests.MoveInPlaceAttachmentElementByDragging

        * editing/cocoa/EditorCocoa.mm:
        (WebCore::Editor::getPasteboardTypesAndDataForAttachment):

        Stop vending the private web archive pasteboard type for attachments, for now. This works around issues where an
        attachment element that is dragged and dropped within the same page may lose its blob backing data if we try to
        remove and insert it as a fragment from the archive. Providing a web archive would allow us to avoid destroying
        and recreating an attachment element when dragging within the same page, but this is a nice-to-have optimization
        we can re-enable after investigation in a subsequent patch.

        * html/HTMLAttachmentElement.cpp:
        (WebCore::HTMLAttachmentElement::populateShadowRootIfNecessary):

        Add `draggable=false` to the image element of an in-place attachment element.

        * page/DragController.cpp:
        (WebCore::enclosingAttachmentElement):
        (WebCore::DragController::draggableElement const):

        Tweak single-selected-attachment handling to account for in-place attachments. Since the hit-tested node is
        inside the shadow subtree of the attachment element, the condition needs to check for the startElement as well
        as the startElement's shadow host.

        (WebCore::DragController::startDrag):

        Make two tweaks here. First, don't require a RenderAttachment to drag an attachment element (this is required
        for dragging in-place attachments). This was added in r217083 to address <rdar://problem/32282831>, but is no
        longer correct, since attachments may now be displayed in-place.

        Secondly, only restore the previous selection if the attachment is in a richly contenteditable area. This was
        added to prevent the selection highlight from appearing in when dragging non-editable attachment elements in the
        Mail viewer. However, to allow drag moves to occur, we need the selection to persist after drag start.

2018-01-04  Filip Pizlo  <fpizlo@apple.com>

        CodeBlocks should be in IsoSubspaces
        https://bugs.webkit.org/show_bug.cgi?id=180884

        Reviewed by Saam Barati.

        No new tests because no new behavior.
        
        Adopting new parallel constraint API, so that more of the logic of doing parallel
        constraint solving is shared between the DOM's output constraints and JSC's output
        constraints.

        * bindings/js/DOMGCOutputConstraint.cpp:
        (WebCore::DOMGCOutputConstraint::executeImpl):
        (WebCore::DOMGCOutputConstraint::doParallelWorkImpl): Deleted.
        (WebCore::DOMGCOutputConstraint::finishParallelWorkImpl): Deleted.
        * bindings/js/DOMGCOutputConstraint.h:

2018-01-11  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Support dragging attachment elements out as files on iOS
        https://bugs.webkit.org/show_bug.cgi?id=181199
        <rdar://problem/36299316>

        Reviewed by Tim Horton, Andy Estes and Joseph Pecoraro.

        Adds support for dragging "files" (i.e. creating item providers with preferred attachment presentation styles)
        from attachment elements on iOS for Mail. See below for more detail.

        Tests:  WKAttachmentTestsIOS.DragAttachmentInsertedAsData
                WKAttachmentTestsIOS.DragAttachmentInsertedAsFile

        * page/DragController.cpp:
        (WebCore::DragController::platformContentTypeForBlobType const):
        (WebCore::DragController::dragAttachmentElement):
        * page/DragController.h:
        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::platformContentTypeForBlobType const):

        Add a private method to convert the type of a promised blob to a platform type. For Cocoa platforms, this
        converts the blob type (either a UTI or a MIME type) to a UTI for the platform to consume.

        * platform/ios/WebItemProviderPasteboard.h:
        * platform/ios/WebItemProviderPasteboard.mm:

        Refactor WebItemProviderRegistrationInfo. WebItemProviderRegistrationInfo currently encapsulates a single item
        provider registration call, and contains either a type identifier and data buffer, or an NSItemProviderWriting-
        conformant object. To register an item provider using a WebItemProviderRegistrationInfo, the item provider
        pasteboard currently checks to see whether the info contains an object or a type and data.

        This patch removes WebItemProviderRegistrationInfo and replaces it with WebItemProviderDataRegistrar. Objects
        that implement this protocol know how to take an NSItemProvider and register data to it. So far, there are
        three implementations below.

        (-[WebItemProviderDataRegistrar initWithData:type:]):
        (-[WebItemProviderDataRegistrar typeIdentifier]):
        (-[WebItemProviderDataRegistrar data]):
        (-[WebItemProviderDataRegistrar typeIdentifierForClient]):
        (-[WebItemProviderDataRegistrar dataForClient]):
        (-[WebItemProviderDataRegistrar registerItemProvider:]):
        (-[WebItemProviderDataRegistrar description]):

        A data registrar takes a UTI and data buffer, and registers the UTI to the data. This replaces a
        WebItemProviderRegistrationInfo with both a type and data, but no representing object.

        (-[WebItemProviderWritableObjectRegistrar initWithObject:]):
        (-[WebItemProviderWritableObjectRegistrar representingObjectForClient]):
        (-[WebItemProviderWritableObjectRegistrar registerItemProvider:]):
        (-[WebItemProviderWritableObjectRegistrar description]):

        The writable object registrar writes an NSItemProviderWriting-conformant object to an item provider. This
        replaces a WebItemProviderRegistrationInfo with only a representing object.

        (-[WebItemProviderPromisedFileRegistrar initWithType:callback:]):
        (-[WebItemProviderPromisedFileRegistrar registerItemProvider:]):
        (-[WebItemProviderPromisedFileRegistrar description]):
        (-[WebItemProviderRegistrationInfoList addData:forType:]):
        (-[WebItemProviderRegistrationInfoList addRepresentingObject:]):
        (-[WebItemProviderRegistrationInfoList addPromisedType:fileCallback:]):

        Helper methods to add new registrars to a registration info list.

        (-[WebItemProviderRegistrationInfoList itemAtIndex:]):
        (-[WebItemProviderRegistrationInfoList enumerateItems:]):
        (-[WebItemProviderRegistrationInfoList itemProvider]):
        (-[WebItemProviderRegistrationInfoList description]):
        (-[WebItemProviderRegistrationInfo initWithRepresentingObject:typeIdentifier:data:]): Deleted.
        (-[WebItemProviderRegistrationInfo representingObject]): Deleted.
        (-[WebItemProviderRegistrationInfo typeIdentifier]): Deleted.

2018-01-11  Michael Saboff  <msaboff@apple.com>

        Add a DOM gadget for Spectre testing
        https://bugs.webkit.org/show_bug.cgi?id=181351

        Reviewed by Ryosuke Niwa.

        This change is used to test Spectre mitigations.

        Added a new DOM class to test for Spectre issues in the DOM layer.
        This additional functionality is disabled by default and must be enabled
        through the JSC option "enableSpectreGadgets".

        * CMakeLists.txt:
        * DerivedSources.make:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:
        * dom/SpectreGadget.cpp: Added.
        (WebCore::SpectreGadget::SpectreGadget):
        (WebCore::SpectreGadget::create):
        (WebCore::SpectreGadget::setReadLength):
        (WebCore::SpectreGadget::charCodeAt):
        (WebCore::SpectreGadget::clflushReadLength):
        * dom/SpectreGadget.h: Added.
        * dom/SpectreGadget.idl: Added.
        * page/RuntimeEnabledFeatures.cpp:
        (WebCore::RuntimeEnabledFeatures::spectreGadgetsEnabled const):
        * page/RuntimeEnabledFeatures.h:

2018-01-11  Philippe Normand  <pnormand@igalia.com>

        [GTK] media/muted-video-is-playing-audio.html is timing out
        https://bugs.webkit.org/show_bug.cgi?id=163781

        Reviewed by Carlos Garcia Campos.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::notifyPlayerOfVideo): Sprinkle some debugging.
        (WebCore::MediaPlayerPrivateGStreamer::notifyPlayerOfAudio): Ditto.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::setMuted): Ditto.

2018-01-10  Andy Estes  <aestes@apple.com>

        [Payment Request] Rename ApplePayMerchantValidationEvent to MerchantValidationEvent
        https://bugs.webkit.org/show_bug.cgi?id=181437
        <rdar://problem/36376481>

        Reviewed by Tim Horton.
        
        Renamed ApplePayMerchantValidationEvent to MerchantValidationEvent and changed complete() to accept a Promise.

        Test: http/tests/paymentrequest/payment-request-merchant-validation.https.html

        * DerivedSources.make:
        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
        (WebCore::ApplePayPaymentHandler::merchantValidationCompleted):
        (WebCore::ApplePayPaymentHandler::validateMerchant):
        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h:
        * Modules/paymentrequest/MerchantValidationEvent.cpp: Renamed from Source/WebCore/Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.cpp.
        (WebCore::MerchantValidationEvent::create):
        (WebCore::MerchantValidationEvent::MerchantValidationEvent):
        (WebCore::MerchantValidationEvent::eventInterface const):
        (WebCore::MerchantValidationEvent::complete):
        * Modules/paymentrequest/MerchantValidationEvent.h: Renamed from Source/WebCore/Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.h.
        * Modules/paymentrequest/MerchantValidationEvent.idl: Renamed from Source/WebCore/Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.idl.
        * Modules/paymentrequest/PaymentHandler.h:
        * Modules/paymentrequest/PaymentRequest.cpp:
        (WebCore::PaymentRequest::completeMerchantValidation):
        * Modules/paymentrequest/PaymentRequest.h:
        * Modules/paymentrequest/PaymentRequest.idl:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/EventNames.h:
        * dom/EventNames.in:

2018-01-10  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Cross-protocol, cross-site scripting (XPXSS) using HTML forms
        Nhttps://bugs.webkit.org/show_bug.cgi?id=153088

        Reviewed by Alex Christensen.

        No new tests because it's covered by existing tests.

        * platform/network/curl/CurlContext.cpp:
        (WebCore::CurlHandle::getHttpVersion):
        * platform/network/curl/CurlContext.h:
        * platform/network/curl/CurlRequest.cpp:
        (WebCore::CurlRequest::didReceiveHeader):
        * platform/network/curl/CurlResponse.h:
        (WebCore::CurlResponse::isolatedCopy const):
        * platform/network/curl/ResourceResponseCurl.cpp:
        (WebCore::ResourceResponse::ResourceResponse):
        (WebCore::ResourceResponse::setStatusLine):

2018-01-10  Wenson Hsieh  <wenson_hsieh@apple.com>

        REGRESSION(r222507): Composition highlight doesn't render when using IME
        https://bugs.webkit.org/show_bug.cgi?id=181485
        <rdar://problem/35896516>

        Reviewed by Ryosuke Niwa.

        Fixes the order of arguments passed to paintTextSubrangeBackground from paintCompositionBackground.

        Test: editing/marked-text-appearance.html

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintCompositionBackground):

2018-01-10  Youenn Fablet  <youenn@apple.com>

        Use no-cache fetch mode when loading main documents with location.reload()
        https://bugs.webkit.org/show_bug.cgi?id=181285

        Reviewed by Alex Christensen.

        Covered by rebased tests.

        Start to translate cache policy used for navigation as FetchOptions::Cache.
        This allows ensuring service workers receive the right cache mode when intercepting navigation loads.
        To not change current navigation behavior, ReturnCacheDataElseLoad and ReturnCacheDataDontLoad still trigger default fetch cache mode.

        For Reload and ReloadExpiredOnly frame load types, using no-cache mode is more efficient than reload mode,
        as a conditional request will be sent if possible. This applies to location.reload which is consistent with other browsers.
        Keep reload mode for ReloadFromOrigin.

        * loader/DocumentLoader.cpp:
        (WebCore::toFetchOptionsCache):
        (WebCore::DocumentLoader::loadMainResource):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadFrameRequest):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::reload):
        (WebCore::FrameLoader::defaultRequestCachingPolicy):
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        * loader/NavigationScheduler.cpp:

2018-01-10  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r226667 and r226673.
        https://bugs.webkit.org/show_bug.cgi?id=181488

        This caused a flaky crash. (Requested by mlewis13 on #webkit).

        Reverted changesets:

        "CodeBlocks should be in IsoSubspaces"
        https://bugs.webkit.org/show_bug.cgi?id=180884
        https://trac.webkit.org/changeset/226667

        "REGRESSION (r226667): CodeBlocks should be in IsoSubspaces"
        https://bugs.webkit.org/show_bug.cgi?id=180884
        https://trac.webkit.org/changeset/226673

2018-01-10  Antti Koivisto  <antti@apple.com>

        REGRESSION(r225650): The scores of MotionMark tests Multiply and Leaves dropped by 8%
        https://bugs.webkit.org/show_bug.cgi?id=181460
        <rdar://problem/36379776>

        Reviewed by Ryosuke Niwa.

        * css/parser/CSSParser.cpp:
        (WebCore::CSSParserContext::CSSParserContext):

        Don't do the expensive security origin test if the sheet base URL and document URL are identical.
        This is true for inline style and inline stylesheets.

2018-01-10  Antti Koivisto  <antti@apple.com>

        Try to fix windows build.

        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::computeNextMatchElement):

2018-01-10  Zalan Bujtas  <zalan@apple.com>

        [RenderTreeBuilder] Move RenderRuby's moveChildren logic to RenderTreeBuilder
        https://bugs.webkit.org/show_bug.cgi?id=181470
        <rdar://problem/36397683>

        Reviewed by Antti Koivisto.

        This is about moving code, no cleanup and/or normalization (unfortunately it also means
        some temporary changes).  

        No change in functionality.

        * rendering/RenderBlockFlow.h:
        * rendering/RenderRubyBase.cpp:
        (WebCore::RenderRubyBase::moveChildren): Deleted.
        (WebCore::RenderRubyBase::mergeChildrenWithBase): Deleted.
        (WebCore::RenderRubyBase::moveInlineChildren): Deleted.
        (WebCore::RenderRubyBase::moveBlockChildren): Deleted.
        * rendering/RenderRubyBase.h:
        * rendering/RenderRubyRun.cpp:
        (WebCore::RenderRubyRun::takeChild):
        * rendering/updating/RenderTreeBuilder.cpp:
        (WebCore::RenderTreeBuilder::moveRubyChildren):
        * rendering/updating/RenderTreeBuilder.h:
        * rendering/updating/RenderTreeBuilderRuby.cpp:
        (WebCore::RenderTreeBuilder::Ruby::moveInlineChildren):
        (WebCore::RenderTreeBuilder::Ruby::moveBlockChildren):
        (WebCore::RenderTreeBuilder::Ruby::moveChildren):
        (WebCore::RenderTreeBuilder::Ruby::moveChildrenInternal):
        (WebCore::RenderTreeBuilder::Ruby::insertChild):
        * rendering/updating/RenderTreeBuilderRuby.h:

2018-01-10  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] fix critical GObject warning

        Rubber-stamped by Carlos Garcia Campos.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): No need to
        resort to complicated things to get the element name...

2018-01-10  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] REGRESSION(r226629): broke media/video-interruption-with-resume-allowing-play.html
        https://bugs.webkit.org/show_bug.cgi?id=181471
        <rdar://problem/36402323>

        Reviewed by Carlos Garcia Campos.

        This patch mainly reduces the amount of playback state changes
        emitted by the GStreamer player to its client. Emitting those
        notifications too often has bad side effects.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::paused const): Add debug messages.
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): This debug message appears too much. Demote.
        (WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded const): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress const): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::updateStates): Try to emit
        playback state change notification only when going to PLAYING.
        (WebCore::MediaPlayerPrivateGStreamer::loadingFailed): Add warning message.

2018-01-10  Youenn Fablet  <youenn@apple.com>

        Add Service Worker CSP persistency
        https://bugs.webkit.org/show_bug.cgi?id=181434

        Reviewed by Alex Christensen.

        Covered by manual testing.
        Future work on service worker test infrastructure should allow automating such tests.

        Add support for service worker CSP data persistency.
        Add a version parameter to increment each time the schema is changing.
        This allows the same store to be used by multiple WebKits.

        * workers/service/server/RegistrationDatabase.cpp:
        (WebCore::v1RecordsTableSchema):
        (WebCore::RegistrationDatabase::openSQLiteDatabase):
        (WebCore::RegistrationDatabase::doPushChanges):
        (WebCore::RegistrationDatabase::importRecords):

2018-01-10  Antti Koivisto  <antti@apple.com>

        Invalidate current element style on class change accurately
        https://bugs.webkit.org/show_bug.cgi?id=181210

        Reviewed by Zalan Bujtas.

        * css/DocumentRuleSets.cpp:
        (WebCore::DocumentRuleSets::collectFeatures const):
        (WebCore::DocumentRuleSets::subjectClassRules const):

            New rule set containing class rules affecting the subject element.

        (WebCore::DocumentRuleSets::ancestorClassRules const):
        * css/DocumentRuleSets.h:
        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):

            Classify selector components into various buckets based on the elements they match relative to
            the subject element. There are more categories than this patch strictly needs, for future use.

        (WebCore::RuleFeatureSet::collectFeatures):
        (WebCore::RuleFeatureSet::add):
        (WebCore::RuleFeatureSet::clear):
        (WebCore::RuleFeatureSet::shrinkToFit):
        * css/RuleFeature.h:
        * css/StyleResolver.h:
        (WebCore::StyleResolver::hasSelectorForClass const): Deleted.
        * style/ClassChangeInvalidation.cpp:
        (WebCore::Style::elementNeedsInvalidation):
        (WebCore::Style::ClassChangeInvalidation::computeInvalidation):

            Don't invalidate current element unconditionally on class change. Instead find the subject rulesets
            that might affect it use them to perform invalidation.

        (WebCore::Style::ClassChangeInvalidation::invalidateStyleWithRuleSets):
        (WebCore::Style::ClassChangeInvalidation::invalidateStyle): Deleted.
        (WebCore::Style::ClassChangeInvalidation::invalidateDescendantStyle): Deleted.
        * style/ClassChangeInvalidation.h:
        (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
        (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
        * style/StyleSharingResolver.cpp:
        (WebCore::Style::SharingResolver::classNamesAffectedByRules const):

2018-01-09  Antoine Quint  <graouts@apple.com>

        [Web Animations] Expose the id property on Animation
        https://bugs.webkit.org/show_bug.cgi?id=181450
        <rdar://problem/36383600>

        Reviewed by Dean Jackson.

        Expose the "id" property on Animation and handle the "id" property on the optional KeyframeAnimationOptions object
        passed to Element.animate(). All of the WPT tests related to this property are now passing.

        * animation/WebAnimation.h:
        * animation/WebAnimation.idl:
        * dom/Element.cpp:
        (WebCore::Element::animate):

2018-01-09  Chris Dumez  <cdumez@apple.com>

        Make service workers behave correctly with regards to Page Cache
        https://bugs.webkit.org/show_bug.cgi?id=181446
        <rdar://problem/36164291>

        Reviewed by Youenn Fablet.

        Make service workers behave correctly with regards to Page Cache:
        1. If a document has an active service worker, do not let it go into PageCache
        2. When a document goes into page cache, unregister it from the list of service worker clients
        3. When a document is restored from page cache, add it nack to the list of service worker clients

        Tests: http/tests/workers/service/client-added-to-clients-when-restored-from-page-cache.html
               http/tests/workers/service/client-removed-from-clients-while-in-page-cache.html
               http/tests/workers/service/no-page-cache-when-controlled.html
               http/tests/workers/service/other_resources/test.html

        * dom/Document.cpp:
        (WebCore::Document::suspend):
        (WebCore::Document::resume):
        * history/PageCache.cpp:
        (WebCore::canCacheFrame):
        * page/DiagnosticLoggingKeys.cpp:
        (WebCore::DiagnosticLoggingKeys::serviceWorkerKey):
        * page/DiagnosticLoggingKeys.h:

2018-01-09  Chris Dumez  <cdumez@apple.com>

        We should not return undefined for most properties of a detached Window
        https://bugs.webkit.org/show_bug.cgi?id=181416
        <rdar://problem/36162489>

        Reviewed by Ryosuke Niwa.

        We should not return undefined for most properties on a detached Window. WebKit previously only exposed "closed"
        and "close" properties on detached / frameless windows. However, this does not match the HTML specification [1]
        or the behavior of Firefox and Chrome.

        Note that Chrome does not seem to fully follow the HTML specification either, it seems to treat detached windows
        the same way as cross-origin ones. As a result, it only exposed properties that are visible cross-origin when
        a window is detached / frameless.

        [1] https://html.spec.whatwg.org/#windowproxy-get

        No new tests, updated existingt tests.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):

2018-01-09  Darin Adler  <darin@apple.com>

        Further refinement to list item and counter code after "list-item" counter fix
        https://bugs.webkit.org/show_bug.cgi?id=181426

        Reviewed by Zalan Bujtas.

        * css/StyleBuilderCustom.h:
        (WebCore::StyleBuilderCustom::applyInheritCounter): Use auto.
        (WebCore::StyleBuilderCustom::applyValueCounter): Use auto, removed unneeded
        null checks for things that can never be null, moved the saturated addition
        here and got rid of the addIncrementValue function from CounterDirectives.
        Use the saturatedAddition function from SaturatedArithmetic.h instead of the
        much less efficient one that did the same thing, CounterDirectives::addClamped.

        * rendering/RenderCounter.cpp:
        (WebCore::listItemCounterDirectives): Use aggregate syntax for the return
        statements.
        (WebCore::planCounter): Changed to use a struct return value instead of two
        out arguments. Use the saturatedAddition function from SaturatedArithmetic.h
        instead of the much less efficient one that did the same thing,
        CounterDirectives::addClamped.
        (WebCore::findPlaceForCounter): Changed to use a struct return value instead
        of two out arguments.
        (WebCore::makeCounterNode): Updated for the above changes. Changed code to
        use add instead of both get and set. Updated to keep the counter maps inside
        the values of the "map of maps" instead of using a unique_ptr and allocating
        each one on the heap.
        (WebCore::destroyCounterNodeWithoutMapRemoval): Changed argument to a reference
        instead of a pointer. Updated for changes to the map. Use RefPtr more
        consistently.
        (WebCore::RenderCounter::destroyCounterNodes): Use iterators less.
        (WebCore::RenderCounter::destroyCounterNode): Ditto.
        (WebCore::RenderCounter::rendererRemovedFromTree): Add a check of
        hasCounterNodeMap here before calling destroyCounterNodes, so that function
        can assume the flag is true (both other callers already check it).
        (WebCore::updateCounters): Use auto and update for changes above.
        (WebCore::RenderCounter::rendererStyleChanged): Use modern for loops instead
        of iterators.
        (showCounterRendererTree): Use auto and udpate for changes above.

        * rendering/RenderListItem.cpp:
        (WebCore::enclosingList): Stop referring to elements as "nodes". Changed
        the local variable names for clarity.
        (WebCore::nextListItemHelper): Renamed from nextListItem since it's not
        intended to be called directly and we want to use a function pointer to
        nextListItem. Fixed the algorithm to correctly handle ad hoc "lists" that
        are not actually HTML list elements, using the definition in the enclosingList
        function as the previousListItem function already did.
        (WebCore::nextListItem): Updated for name changes.
        (WebCore::firstListItem): Renamed from nextListItem for clarity.
        (WebCore::previousListItem): Rewrote loop so it doesn't have to do things
        so strangely when we find another list.
        (WebCore::RenderListItem::updateItemValuesForOrderedList): Use auto and
        update local variable names.
        (WebCore::RenderListItem::itemCountForOrderedList): Ditto.
        (WebCore::RenderListItem::updateValueNow const): Rewrote to use an iterative
        algorithm instead of a recursive one. Fixes the FIXME here.
        (WebCore::RenderListItem::updateValue): Use m_valueWasSetExplicitly
        instead of m_explicitValue.
        (WebCore::RenderListItem::explicitValueChanged): Use auto and simplified
        the loop a bit.
        (WebCore::RenderListItem::setExplicitValue): Set m_valueWasSetExplicitly
        instead of m_explicitValue.
        (WebCore::previousOrNextItem): Deleted.
        (WebCore::RenderListItem::updateListMarkerNumbers): Streamlined the loop
        a bit and used a fucntion pointer to handle the two different directions.
        (WebCore::RenderListItem::isInReversedOrderedList const): Simplified by
        getting rid of an unneeded use of pointers and local variables.

        * rendering/RenderListItem.h: Use a boolean, m_valueWasSetExplicitly,
        instead of a separate optional m_explicitValue.

        * rendering/style/CounterDirectives.h: Since all the code in this file was
        rewritten, removed old copyrights. Deleted the addIncrementValue function,
        since it is clear enough in the one call site in the style builder.
        Deleted the addClamped function because it was just a much slower
        version of the saturatedAddition function. Made == and != into constexpr
        functions since they are simple enough to be.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::getCounterDirectives const): Deleted. Caller can
        handle this just fine without a helper function.
        * rendering/style/RenderStyle.h: Ditto.

2018-01-09  Myles C. Maxfield  <mmaxfield@apple.com>

        font-display:fallback can cause a visual flash (which is supposed to be impossible)
        https://bugs.webkit.org/show_bug.cgi?id=181374

        Reviewed by Simon Fraser.

        A FontCascade represents an entire font-family fallback list, but sometimes we need to pull out a single
        representative font from the list to calculate things like line height. Previously, if the first item in
        the font-family list was in the middle of being downloaded, this representative font was hardcoded to be
        Times. However, when actually laying out and drawing the glyphs, we have logic to skip the interstitial
        Times if there are any installed fonts present in the font-family list (so you wouldn't ever actually
        see Times). This means that line height (among other things) was being calculated as if Times was used,
        but in reality, some other font from the font-family list was being used.

        Alone, this isn't a huge problem, but font-display:fallback makes a font transition between "timed out"
        and "failed," and when the font hits the failed state, the representative font skips over the cancelled
        item and hits the next item in the fallback list. This means that line heights will change, which causes
        a visual flash, even when font-display:fallback is specified.

        The solution is simply to educate the logic which identifies this representative font so that it
        understands what to do for currently-loading fonts.

        Tests: fast/text/font-display/swap-flash.html

        * platform/graphics/FontCascadeFonts.h:
        (WebCore::FontCascadeFonts::primaryFont):
        * rendering/line/BreakingContext.h:
        (WebCore::textWidth):

2018-01-04  Filip Pizlo  <fpizlo@apple.com>

        CodeBlocks should be in IsoSubspaces
        https://bugs.webkit.org/show_bug.cgi?id=180884

        Reviewed by Saam Barati.

        No new tests because no new behavior.
        
        Adopting new parallel constraint API, so that more of the logic of doing parallel
        constraint solving is shared between the DOM's output constraints and JSC's output
        constraints.

        * bindings/js/DOMGCOutputConstraint.cpp:
        (WebCore::DOMGCOutputConstraint::executeImpl):
        (WebCore::DOMGCOutputConstraint::doParallelWorkImpl): Deleted.
        (WebCore::DOMGCOutputConstraint::finishParallelWorkImpl): Deleted.
        * bindings/js/DOMGCOutputConstraint.h:

2018-01-08  Simon Fraser  <simon.fraser@apple.com>

        Clean up Marquee-related enums
        https://bugs.webkit.org/show_bug.cgi?id=181347

        Reviewed by Anders Carlsson.

        Modernize EMarqueeBehavior and EMarqueeDirection enums. Stop using the weird negative
        values in the MarqueeDirection and do manual reverse direction mapping.

        Make some member functions of RenderMarquee private.

        Stop using bitfields in RenderMarquee because the memory saving is not worth it, and doing so
        allows us to use modern initialization.

        No behavior change.

        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator MarqueeBehavior const):
        (WebCore::CSSPrimitiveValue::operator MarqueeDirection const):
        (WebCore::CSSPrimitiveValue::operator EMarqueeBehavior const): Deleted.
        (WebCore::CSSPrimitiveValue::operator EMarqueeDirection const): Deleted.
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::sizesLogicalWidthToFitContent const):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects const):
        * rendering/RenderMarquee.cpp:
        (WebCore::RenderMarquee::RenderMarquee):
        (WebCore::reverseDirection):
        (WebCore::RenderMarquee::direction const):
        (WebCore::RenderMarquee::isHorizontal const):
        (WebCore::RenderMarquee::computePosition):
        (WebCore::RenderMarquee::start):
        (WebCore::RenderMarquee::updateMarqueePosition):
        (WebCore::RenderMarquee::updateMarqueeStyle):
        (WebCore::RenderMarquee::timerFired):
        * rendering/RenderMarquee.h:
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::marqueeBehavior const):
        (WebCore::RenderStyle::marqueeDirection const):
        (WebCore::RenderStyle::setMarqueeDirection):
        (WebCore::RenderStyle::setMarqueeBehavior):
        (WebCore::RenderStyle::initialMarqueeBehavior):
        (WebCore::RenderStyle::initialMarqueeDirection):
        * rendering/style/RenderStyleConstants.h:
        * rendering/style/StyleMarqueeData.cpp:
        (WebCore::StyleMarqueeData::StyleMarqueeData):
        * rendering/style/StyleMarqueeData.h:

2018-01-09  Jer Noble  <jer.noble@apple.com>

        Many CVDisplayLink threads created and destroyed while watching a YouTube video
        https://bugs.webkit.org/show_bug.cgi?id=181396

        Reviewed by Simon Fraser.

        When watching some YouTube videos (or any video with default controls), event handlers for
        the "timeupdate" event which use rAF will cause the underlying platform objects to be
        destroyed in between "timeupdate" events being fired, since they occur every 250ms, and rAF
        objects are destroyed every 166ms (or 10/60hz). Update this constant to destroy the
        underlying objects every 333ms (or 20/60hz) so that this common pattern doesn't lead to
        excessive rAF platform object turnover.

        * platform/Logging.h:
        * platform/graphics/DisplayRefreshMonitor.h:
        (WebCore::DisplayRefreshMonitor::shouldBeTerminated const):
        * platform/graphics/DisplayRefreshMonitor.cpp:
        (WebCore::DisplayRefreshMonitor::displayDidRefresh):
        * platform/graphics/DisplayRefreshMonitorManager.cpp:
        (WebCore::DisplayRefreshMonitorManager::createMonitorForClient):
        (WebCore::DisplayRefreshMonitorManager::displayDidRefresh):

2018-01-09  Zalan Bujtas  <zalan@apple.com>

        [RenderTreeBuilder] Move RenderElement addChild mutation logic to RenderTreeBuilder
        https://bugs.webkit.org/show_bug.cgi?id=181451
        <rdar://problem/36385562>

        Reviewed by Antti Koivisto.

        This is about moving code, no cleanup and/or normalization (unfortunately it also means
        some temporary changes).  

        No change in functionality.

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::addChild):
        (WebCore::RenderElement::childRequiresTable const): Deleted.
        * rendering/RenderElement.h:
        * rendering/updating/RenderTreeBuilder.cpp:
        (WebCore::RenderTreeBuilder::insertChildToRenderElement):
        (WebCore::RenderTreeBuilder::childRequiresTable):
        * rendering/updating/RenderTreeBuilder.h:
        * rendering/updating/RenderTreeBuilderInline.cpp:
        (WebCore::RenderTreeBuilder::Inline::insertChildToContinuation):
        (WebCore::RenderTreeBuilder::Inline::insertChildIgnoringContinuation):
        (WebCore::RenderTreeBuilder::Inline::newChildIsInline):
        (WebCore::newChildIsInline): Deleted.
        * rendering/updating/RenderTreeBuilderInline.h:

2018-01-09  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r226531.

        This caused test failures on macOS WK2.

        Reverted changeset:

        "Use no-cache fetch mode when loading main documents with
        location.reload()"
        https://bugs.webkit.org/show_bug.cgi?id=181285
        https://trac.webkit.org/changeset/226531

2018-01-09  Michael Saboff  <msaboff@apple.com>

        Unreviewed, rolling out r226600 and r226603
        https://bugs.webkit.org/show_bug.cgi?id=181351

        Add a DOM gadget for Spectre testing

        * dom/Comment.cpp:
        (WebCore::Comment::Comment):
        (WebCore::Comment::setReadLength): Deleted.
        (WebCore::Comment::charCodeAt): Deleted.
        (WebCore::Comment::clflushReadLength): Deleted.
        * dom/Comment.h:
        * dom/Comment.idl:
        * page/RuntimeEnabledFeatures.cpp:
        (WebCore::RuntimeEnabledFeatures::spectreGadgetsEnabled const): Deleted.
        * page/RuntimeEnabledFeatures.h:

2018-01-09  Don Olmstead  <don.olmstead@sony.com>

        Add additional WEBCORE_EXPORTs
        https://bugs.webkit.org/show_bug.cgi?id=181414

        Reviewed by Alex Christensen.

        No new tests. No change in behavior.

        * dom/Document.h:
        * dom/ViewportArguments.h:
        * page/DOMWindow.h:
        * page/FrameView.h:
        * page/PageOverlayController.h:
        * platform/ContextMenuItem.h:
        * platform/Pasteboard.h:
        * platform/SharedBuffer.h:
        * platform/UserAgent.h:
        * platform/graphics/GLContext.h:
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/GraphicsLayerTransform.h:
        * platform/graphics/PlatformDisplay.h:
        * platform/graphics/cairo/BackingStoreBackendCairoImpl.h:
        * platform/graphics/cairo/PlatformContextCairo.h:
        * platform/graphics/cairo/RefPtrCairo.h:
        * platform/graphics/nicosia/NicosiaBuffer.h:
        * platform/graphics/nicosia/NicosiaPaintingEngine.h:
        * platform/graphics/texmap/TextureMapper.h:
        * platform/gra