Drawing an SVG image into a <canvas> that is not in the DOM draws the wrong region
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-06-30  Antoine Quint  <graouts@apple.com>
2
3         Drawing an SVG image into a <canvas> that is not in the DOM draws the wrong region
4         https://bugs.webkit.org/show_bug.cgi?id=159276
5
6         Reviewed by Dean Jackson.
7
8         In the event where the <img> element that we are passing to CanvasRenderingContext2D.drawImage()
9         points to an SVG resource, we ensure that the container for the SVG image is sized to match the
10         HTML element. The necessity for setting this container size, explained in webkit.org/b/148845,
11         is that we must ensure a cached image does not have an outdated container size.
12
13         Tests: svg/as-image/img-with-svg-resource-in-dom-and-drawImage.html
14                svg/as-image/img-with-svg-resource-in-dom-no-size-and-drawImage.html
15                svg/as-image/img-with-svg-resource-not-in-dom-and-drawImage.html
16                svg/as-image/img-with-svg-resource-not-in-dom-no-size-and-drawImage.html
17
18         * html/canvas/CanvasRenderingContext2D.cpp:
19         (WebCore::CanvasRenderingContext2D::drawImage):
20
21 2016-06-30  Eric Carlson  <eric.carlson@apple.com>
22
23         getUserMedia() exposed, but not functional
24         https://bugs.webkit.org/show_bug.cgi?id=158393
25         <rdar://problem/26642259>
26
27         Reviewed by Dean Jackson.
28         
29         Set default value of the Media Stream runtime flag to false on Mac OS X and iOS until the
30         browser support is in place.
31
32         * bindings/generic/RuntimeEnabledFeatures.cpp:
33         (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures): Disable media stream by default
34         on Mac OS X and iOS.
35         * bindings/generic/RuntimeEnabledFeatures.h:
36
37 2016-06-30  Commit Queue  <commit-queue@webkit.org>
38
39         Unreviewed, rolling out r202676.
40         https://bugs.webkit.org/show_bug.cgi?id=159314
41
42         This change caused storage/websql tests to crash on Mac and
43         iOS WK1 (Requested by ryanhaddad on #webkit).
44
45         Reverted changeset:
46
47         "Purge PassRefPtr in Modules/webdatabase"
48         https://bugs.webkit.org/show_bug.cgi?id=159255
49         http://trac.webkit.org/changeset/202676
50
51 2016-06-30  Antoine Quint  <graouts@apple.com>
52
53         [iOS] Media controls are too cramped with small video
54         https://bugs.webkit.org/show_bug.cgi?id=158815
55         <rdar://problem/26824238>
56
57         Reviewed by Eric Carlson.
58
59         In updateLayoutForDisplayedWidth(), we try to ensure a minimum width is guaranteed
60         for the progress indicator. However, we were not accounting for the width used by
61         the current and remaining time labels on either side of it, so we would incorrectly
62         conclude that we were guaranteeing the minimum time and yield incorrect layouts since
63         we were trying to fit more buttons than we had room for.
64
65         In order to correctly compute the available width for the progress indicator, we now
66         have clones of the current and remaining time labels, hidden from video and VoiceOver,
67         that we update along with the originals. The same styles apply to both clones and
68         originals, so we may measure the clones to determine the space used by the time labels.
69         The reason we need to use clones is that if the time labels had previously been hidden
70         from view, precisely because there was not enough space to display them along with the
71         progress indicator, then trying to obtain metrics from them would yield 0 since they had
72         "display: none" styles applied. In order to avoid extra layouts and possible flashing, we
73         use the clones so that we never have to toggle the "display" property of the originals
74         just to obtain their measurements.
75
76         As a result of this change, we adjust the constant used to set the minimum required
77         width available to display the progress indicator after all other essential controls
78         and labels have been measured. That constant used to account for the width of the
79         time labels, and this is no longer correct.
80
81         Test: media/video-controls-drop-and-restore-timeline.html
82
83         * Modules/mediacontrols/mediaControlsApple.css:
84         (::-webkit-media-controls-time-remaining-display.clone):
85         * Modules/mediacontrols/mediaControlsApple.js:
86         (Controller):
87         (Controller.prototype.createTimeClones):
88         (Controller.prototype.removeTimeClass):
89         (Controller.prototype.addTimeClass):
90         (Controller.prototype.updateDuration):
91         (Controller.prototype.updateLayoutForDisplayedWidth):
92         (Controller.prototype.updateTime):
93         (Controller.prototype.updateControlsWhileScrubbing):
94         * Modules/mediacontrols/mediaControlsiOS.css:
95         (::-webkit-media-controls-time-remaining-display.clone):
96         * Modules/mediacontrols/mediaControlsiOS.js:
97
98 2016-06-30  Brian Burg  <bburg@apple.com>
99
100         Unreviewed, fix the macOS Sierra Release configuration after r202642.
101
102         * platform/audio/mac/MediaSessionManagerMac.mm:
103         (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):
104         Add missing UNUSED_PARAM for when logging is not enabled.
105
106 2016-06-30  Commit Queue  <commit-queue@webkit.org>
107
108         Unreviewed, rolling out r202679.
109         https://bugs.webkit.org/show_bug.cgi?id=159302
110
111         Still causing timeouts on media/controls-drag-timebar.html
112         (Requested by ap on #webkit).
113
114         Reverted changeset:
115
116         "[iOS] Media controls are too cramped with small video"
117         https://bugs.webkit.org/show_bug.cgi?id=158815
118         http://trac.webkit.org/changeset/202679
119
120 2016-06-30  Antoine Quint  <graouts@apple.com>
121
122         [iOS] Media controls are too cramped with small video
123         https://bugs.webkit.org/show_bug.cgi?id=158815
124         <rdar://problem/26824238>
125
126         Reviewed by Eric Carlson.
127
128         In updateLayoutForDisplayedWidth(), we try to ensure a minimum width is guaranteed
129         for the progress indicator. However, we were not accounting for the width used by
130         the current and remaining time labels on either side of it, so we would incorrectly
131         conclude that we were guaranteeing the minimum time and yield incorrect layouts since
132         we were trying to fit more buttons than we had room for.
133
134         In order to correctly compute the available width for the progress indicator, we now
135         have clones of the current and remaining time labels, hidden from video and VoiceOver,
136         that we update along with the originals. The same styles apply to both clones and
137         originals, so we may measure the clones to determine the space used by the time labels.
138         The reason we need to use clones is that if the time labels had previously been hidden
139         from view, precisely because there was not enough space to display them along with the
140         progress indicator, then trying to obtain metrics from them would yield 0 since they had
141         "display: none" styles applied. In order to avoid extra layouts and possible flashing, we
142         use the clones so that we never have to toggle the "display" property of the originals
143         just to obtain their measurements.
144
145         As a result of this change, we adjust the constant used to set the minimum required
146         width available to display the progress indicator after all other essential controls
147         and labels have been measured. That constant used to account for the width of the
148         time labels, and this is no longer correct.
149
150         Test: media/video-controls-drop-and-restore-timeline.html
151
152         * Modules/mediacontrols/mediaControlsApple.css:
153         (::-webkit-media-controls-time-remaining-display.clone):
154         * Modules/mediacontrols/mediaControlsApple.js:
155         (Controller):
156         (Controller.prototype.createTimeClones):
157         (Controller.prototype.removeTimeClass):
158         (Controller.prototype.addTimeClass):
159         (Controller.prototype.updateDuration):
160         (Controller.prototype.updateLayoutForDisplayedWidth):
161         (Controller.prototype.updateTime):
162         (Controller.prototype.updateControlsWhileScrubbing):
163         * Modules/mediacontrols/mediaControlsiOS.css:
164         (::-webkit-media-controls-time-remaining-display.clone):
165         * Modules/mediacontrols/mediaControlsiOS.js:
166
167 2016-06-30  Eric Carlson  <eric.carlson@apple.com>
168
169         [Mac] Crash registering AVFoundation media engine
170         https://bugs.webkit.org/show_bug.cgi?id=159269
171         <rdar://problem/27017656>
172
173         Reviewed by Brent Fulgham.
174
175         * platform/graphics/MediaPlayer.cpp:
176         (WebCore::mediaEngineVectorLock): New, return the static Lock.
177         (WebCore::haveMediaEnginesVector): Wrap the naked bool.
178         (WebCore::buildMediaEnginesVector): Assert that the lock is locked.
179         (WebCore::installedMediaEngines): Hold the lock while checking/rebuilding the vector.
180         (WebCore::MediaPlayer::resetMediaEngines): Hold the lock while clearing the vector.
181
182         Use SOFT_LINK_CLASS_FOR_SOURCE instead of SOFT_LINK_CLASS because the former uses dispatch_once
183         to ensure that class loading is thread safe.
184         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
185         (WebCore::MediaPlayerPrivateAVFoundationObjC::registerMediaEngine):
186         (WebCore::assetCacheForPath):
187         (WebCore::MediaPlayerPrivateAVFoundationObjC::originsInMediaCache):
188         (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCache):
189         (WebCore::MediaPlayerPrivateAVFoundationObjC::clearMediaCacheForOrigins):
190         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):
191         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
192         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer):
193         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerItem):
194         (WebCore::MediaPlayerPrivateAVFoundationObjC::createVideoOutput):
195         (WebCore::MediaPlayerPrivateAVFoundationObjC::createOpenGLVideoOutput):
196         (WebCore::MediaPlayerPrivateAVFoundationObjC::waitForVideoOutputMediaDataWillChange):
197         (WebCore::MediaPlayerPrivateAVFoundationObjC::outputMediaDataWillChange):
198         (-[WebCoreAVFPullDelegate setCallback:]):
199         (-[WebCoreAVFPullDelegate outputMediaDataWillChange:]):
200         (-[WebCoreAVFPullDelegate outputSequenceWasFlushed:]):
201
202 2016-06-30  Carlos Garcia Campos  <cgarcia@igalia.com>
203
204         [image-decoders] Use final and override in ImageDecoder subclasses
205         https://bugs.webkit.org/show_bug.cgi?id=159291
206
207         Reviewed by Antonio Gomes.
208
209         * platform/image-decoders/bmp/BMPImageDecoder.h:
210         * platform/image-decoders/gif/GIFImageDecoder.h:
211         * platform/image-decoders/ico/ICOImageDecoder.cpp:
212         (WebCore::ICOImageDecoder::frameSizeAtIndex):
213         * platform/image-decoders/ico/ICOImageDecoder.h:
214         * platform/image-decoders/jpeg/JPEGImageDecoder.h:
215         * platform/image-decoders/png/PNGImageDecoder.h:
216         * platform/image-decoders/webp/WEBPImageDecoder.h:
217
218 2016-06-30  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
219
220         Purge PassRefPtr in Modules/webdatabase
221         https://bugs.webkit.org/show_bug.cgi?id=159255
222
223         Reviewed by Benjamin Poulain.
224
225         As a step to remove PassRefPtr use, this patch cleans it up in Modules/webdatabase.
226
227         Additionally unnecessary spaces and tabs are removed too.
228
229         * Modules/webdatabase/ChangeVersionWrapper.cpp:
230         * Modules/webdatabase/DOMWindowWebDatabase.h:
231         * Modules/webdatabase/Database.cpp:
232         (WebCore::Database::Database):
233         (WebCore::Database::~Database):
234         (WebCore::Database::scheduleTransaction):
235         (WebCore::Database::runTransaction):
236         * Modules/webdatabase/Database.h:
237         * Modules/webdatabase/DatabaseAuthorizer.cpp:
238         (WebCore::DatabaseAuthorizer::allowRead):
239         * Modules/webdatabase/DatabaseManager.cpp:
240         (WebCore::DatabaseManager::openDatabase):
241         (WebCore::DatabaseManager::fullPathForDatabase):
242         (WebCore::DatabaseManager::detailsForNameAndOrigin):
243         * Modules/webdatabase/DatabaseManager.h:
244         * Modules/webdatabase/DatabaseTask.cpp:
245         (WebCore::DatabaseTransactionTask::DatabaseTransactionTask):
246         * Modules/webdatabase/DatabaseTask.h:
247         * Modules/webdatabase/SQLCallbackWrapper.h:
248         (WebCore::SQLCallbackWrapper::SQLCallbackWrapper):
249         * Modules/webdatabase/SQLResultSetRowList.h:
250         * Modules/webdatabase/SQLStatement.cpp:
251         (WebCore::SQLStatement::SQLStatement):
252         (WebCore::SQLStatement::sqlError):
253         (WebCore::SQLStatement::sqlResultSet):
254         * Modules/webdatabase/SQLStatement.h:
255         * Modules/webdatabase/SQLTransaction.h:
256         * Modules/webdatabase/SQLTransactionBackend.cpp:
257         (WebCore::SQLTransactionBackend::create):
258         (WebCore::SQLTransactionBackend::SQLTransactionBackend):
259         (WebCore::SQLTransactionBackend::transactionError):
260         * Modules/webdatabase/SQLTransactionBackend.h:
261
262 2016-06-30  Carlos Garcia Campos  <cgarcia@igalia.com>
263
264         [Coordinated Graphics] Move CompositingCoordinator from platform to WebKit2 layer
265         https://bugs.webkit.org/show_bug.cgi?id=159209
266
267         Reviewed by Žan Doberšek.
268
269         Remove CompositingCoordinator and its helper classes from the platform layer.
270
271         * platform/TextureMapper.cmake:
272
273 2016-06-29  Youenn Fablet  <youenn@apple.com>
274
275         Pass SecurityOrigin as references in CORS check code
276         https://bugs.webkit.org/show_bug.cgi?id=159263
277
278         Reviewed by Alex Christensen.
279
280         No change of behavior.
281
282         * css/CSSImageSetValue.cpp:
283         (WebCore::CSSImageSetValue::cachedImageSet):
284         * css/CSSImageValue.cpp:
285         (WebCore::CSSImageValue::cachedImage):
286         * dom/ScriptElement.cpp:
287         (WebCore::ScriptElement::requestScript):
288         * loader/CrossOriginAccessControl.cpp:
289         (WebCore::updateRequestForAccessControl):
290         (WebCore::createAccessControlPreflightRequest):
291         (WebCore::passesAccessControlCheck):
292         * loader/CrossOriginAccessControl.h:
293         * loader/CrossOriginPreflightChecker.cpp:
294         (WebCore::CrossOriginPreflightChecker::validatePreflightResponse):
295         * loader/DocumentThreadableLoader.cpp:
296         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader):
297         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
298         (WebCore::DocumentThreadableLoader::preflightSuccess):
299         (WebCore::DocumentThreadableLoader::isAllowedRedirect):
300         (WebCore::DocumentThreadableLoader::securityOrigin):
301         * loader/DocumentThreadableLoader.h:
302         * loader/ImageLoader.cpp:
303         (WebCore::ImageLoader::updateFromElement):
304         * loader/LinkLoader.cpp:
305         (WebCore::preloadIfNeeded):
306         * loader/MediaResourceLoader.cpp:
307         (WebCore::MediaResourceLoader::requestResource):
308         * loader/SubresourceLoader.cpp:
309         (WebCore::SubresourceLoader::checkCrossOriginAccessControl):
310         * loader/TextTrackLoader.cpp:
311         (WebCore::TextTrackLoader::load):
312         * loader/cache/CachedResource.cpp:
313         (WebCore::CachedResource::passesAccessControlCheck):
314         * loader/cache/CachedResourceRequest.cpp:
315         (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin):
316
317 2016-06-29  Adam Bergkvist  <adam.bergkvist@ericsson.com>
318
319         WebRTC: Implement MediaEndpointPeerConnection::setConfiguration()
320         https://bugs.webkit.org/show_bug.cgi?id=159254
321
322         Reviewed by Eric Carlson.
323
324         Implement MediaEndpointPeerConnection::setConfiguration() which is the
325         MediaEndpointPeerConnection implementation of RTCPeerConnection.setConfiguration() [1].
326
327         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#dom-rtcpeerconnection-setconfiguration
328
329         Testing: Updated existing test.
330
331         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
332         (WebCore::MediaEndpointPeerConnection::setConfiguration):
333         Implemented.
334         * Modules/mediastream/RTCConfiguration.cpp:
335         (WebCore::RTCConfiguration::initialize):
336         * Modules/mediastream/RTCConfiguration.h:
337         Use shared enums.
338         * Modules/mediastream/RTCConfiguration.idl:
339         Remove 'None'/'Public' IceTransportPolicy enum value (removed from WebRTC 1.0).
340         * platform/mediastream/MediaEndpointConfiguration.cpp:
341         (WebCore::MediaEndpointConfiguration::MediaEndpointConfiguration):
342         * platform/mediastream/MediaEndpointConfiguration.h:
343         Use shared enums.
344         (WebCore::MediaEndpointConfiguration::create):
345         * platform/mediastream/PeerConnectionStates.h: Renamed from Source/WebCore/Modules/mediastream/PeerConnectionStates.h.
346         Make shared enums accessible to platform objects (currently MediaEndpointConfiguration).
347
348 2016-06-29  Hunseop Jeong  <hs85.jeong@samsung.com>
349
350         Unreviewed, CMake build fix - 2.
351
352         * PlatformMac.cmake:
353
354 2016-06-29  Hunseop Jeong  <hs85.jeong@samsung.com>
355
356         Unreviewed, CMake build fix. 
357
358         * PlatformMac.cmake:
359
360 2016-06-29  Jer Noble  <jer.noble@apple.com>
361
362         Unprefix webkit-playsinline.
363         https://bugs.webkit.org/show_bug.cgi?id=159283
364
365         Reviewed by Eric Carlson.
366
367         Tests: media/video-playsinline.html
368                media/video-webkit-playsinline.html
369
370         Unprefix the webkit-playsinline content attribute, as an unprefixed version
371         was added to the HTML spec by <https://github.com/whatwg/html/pull/1444>.
372         The new 'playsinline' content attribute reflects to a new DOM property of
373         the same name.
374
375         * html/HTMLAttributeNames.in:
376         * html/HTMLVideoElement.idl:
377         * html/MediaElementSession.cpp:
378         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
379
380 2016-06-29  Alex Christensen  <achristensen@webkit.org>
381
382         Fix null dereferencing after r201441
383         https://bugs.webkit.org/show_bug.cgi?id=159282
384         rdar://problem/27082559
385
386         Reviewed by Andreas Kling.
387
388         No new tests.  This is reproducible when dragging from regular to high-DPI displays, 
389         and we don't have testing infrastructure for simulating that.
390
391         * css/MediaQueryMatcher.cpp:
392         (WebCore::MediaQueryMatcher::styleResolverChanged):
393         MediaQueryListListener::queryChanged can mutate the Vector of listeners while we are iterating it.
394         Copy the Vector of listeners and iterate the copy so we don't go out of bounds.
395
396 2016-06-29  Antti Koivisto  <antti@apple.com>
397
398         Factor pending CSS resources into a struct
399         https://bugs.webkit.org/show_bug.cgi?id=159268
400
401         Reviewed by Andreas Kling.
402
403         To fix resource loading related re-entrancy issues in StyleResolver we should move the triggering of
404         resource loads outside the style resolver. The first step for that is to capture pending resources to a struct.
405
406         * CMakeLists.txt:
407         * WebCore.xcodeproj/project.pbxproj:
408         * css/CSSCursorImageValue.cpp:
409         (WebCore::CSSCursorImageValue::cachedImage):
410         (WebCore::CSSCursorImageValue::cachedOrPendingImage):
411         * css/CSSCursorImageValue.h:
412         * css/CSSGradientValue.cpp:
413         (WebCore::GradientStop::GradientStop):
414         (WebCore::CSSGradientValue::gradientWithStylesResolved):
415         * css/CSSGradientValue.h:
416         (WebCore::CSSGradientValue::loadSubimages):
417         (WebCore::CSSGradientValue::CSSGradientValue):
418         * css/CSSImageSetValue.cpp:
419         (WebCore::CSSImageSetValue::cachedImageSet):
420         (WebCore::CSSImageSetValue::cachedOrPendingImageSet):
421         * css/CSSImageSetValue.h:
422         * css/StyleResolver.cpp:
423         (WebCore::StyleResolver::State::clear):
424         (WebCore::StyleResolver::State::setParentStyle):
425         (WebCore::StyleResolver::State::ensurePendingResources):
426         (WebCore::isAtShadowBoundary):
427         (WebCore::StyleResolver::cachedOrPendingFromValue):
428         (WebCore::StyleResolver::generatedOrPendingFromValue):
429         (WebCore::StyleResolver::setOrPendingFromValue):
430         (WebCore::StyleResolver::cursorOrPendingFromValue):
431         (WebCore::filterOperationForType):
432         (WebCore::StyleResolver::createFilterOperations):
433         (WebCore::StyleResolver::loadPendingResources):
434         (WebCore::StyleResolver::MatchedProperties::MatchedProperties):
435         (WebCore::StyleResolver::loadPendingSVGDocuments): Deleted.
436         (WebCore::StyleResolver::loadPendingImage): Deleted.
437         (WebCore::StyleResolver::loadPendingShapeImage): Deleted.
438         (WebCore::StyleResolver::loadPendingImages): Deleted.
439         * css/StyleResolver.h:
440         (WebCore::StyleResolver::rootElementStyle):
441         (WebCore::StyleResolver::element):
442         (WebCore::StyleResolver::document):
443         (WebCore::StyleResolver::documentSettings):
444         (WebCore::StyleResolver::State::setApplyPropertyToVisitedLinkStyle):
445         (WebCore::StyleResolver::State::applyPropertyToRegularStyle):
446         (WebCore::StyleResolver::State::applyPropertyToVisitedLinkStyle):
447         (WebCore::StyleResolver::State::setFontDirty):
448         (WebCore::StyleResolver::State::fontDirty):
449         (WebCore::StyleResolver::State::useSVGZoomRules):
450         (WebCore::StyleResolver::State::takePendingResources):
451         (WebCore::StyleResolver::State::cssToLengthConversionData):
452         (WebCore::StyleResolver::State::cascadeLevel):
453         (WebCore::StyleResolver::State::setCascadeLevel):
454         (WebCore::StyleResolver::state):
455         (WebCore::StyleResolver::State::pendingImageProperties): Deleted.
456         (WebCore::StyleResolver::State::filtersWithPendingSVGDocuments): Deleted.
457         * style/StylePendingResources.cpp: Added.
458         (WebCore::Style::loadPendingImage):
459         (WebCore::Style::loadPendingImages):
460         (WebCore::Style::loadPendingSVGFilters):
461         (WebCore::Style::loadPendingResources):
462
463             Move the functions for triggering the resource loads from StyleResolver.
464
465         * style/StylePendingResources.h: Added.
466
467             Add struct for pending resources.
468
469 2016-06-29  Anders Carlsson  <andersca@apple.com>
470
471         Add "type" and "paymentPass" properties in PaymentMethod
472         https://bugs.webkit.org/show_bug.cgi?id=159278
473         rdar://problem/26999112
474
475         Reviewed by Dean Jackson.
476
477         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
478         (WebCore::toString):
479         (WebCore::toDictionary):
480
481 2016-06-29  Nan Wang  <n_wang@apple.com>
482
483         AX: Crash in WebCore::Document::focusNavigationStartingNode(WebCore::FocusDirection) const + 128
484         https://bugs.webkit.org/show_bug.cgi?id=159240
485
486         Reviewed by Ryosuke Niwa.
487
488         This crash is caused by passing an empty node to ElementTraversal::previous(Node&). When the
489         focusNavigationStartingNode has been removed and it has no next sibling, we should fallback
490         to itself for calculating the next focused element.
491
492         Test: fast/events/remove-focus-navigation-starting-point-crash.html
493
494         * dom/Document.cpp:
495         (WebCore::Document::focusNavigationStartingNode):
496
497 2016-06-29  Ryan Haddad  <ryanhaddad@apple.com>
498
499         Unreviewed, rolling out r202617.
500
501         The LayoutTest from this change crashes under GuardMalloc
502
503         Reverted changeset:
504
505         "Throw exceptions for invalid number of channels for
506         ConvolverNode"
507         https://bugs.webkit.org/show_bug.cgi?id=159238
508         http://trac.webkit.org/changeset/202617
509
510 2016-06-29  Anders Carlsson  <andersca@apple.com>
511
512         Rename addressFields to contactFields
513         https://bugs.webkit.org/show_bug.cgi?id=159271
514         rdar://problem/27086955
515
516         Reviewed by Beth Dakin.
517
518         * Modules/applepay/ApplePaySession.cpp:
519         (WebCore::createContactFields):
520         (WebCore::isValidPaymentRequestPropertyName):
521         (WebCore::createPaymentRequest):
522         (WebCore::createAddressFields): Deleted.
523         * Modules/applepay/PaymentRequest.h:
524         (WebCore::PaymentRequest::requiredBillingContactFields):
525         (WebCore::PaymentRequest::setRequiredBillingContactFields):
526         (WebCore::PaymentRequest::requiredShippingContactFields):
527         (WebCore::PaymentRequest::setRequiredShippingContactFields):
528         (WebCore::PaymentRequest::requiredBillingAddressFields): Deleted.
529         (WebCore::PaymentRequest::setRequiredBillingAddressFields): Deleted.
530         (WebCore::PaymentRequest::requiredShippingAddressFields): Deleted.
531         (WebCore::PaymentRequest::setRequiredShippingAddressFields): Deleted.
532
533 2016-06-29  Jiewen Tan  <jiewen_tan@apple.com>
534
535         Unreviewed, third attempt to fix ASAN build for r202599
536
537         * platform/text/TextCodecReplacement.cpp:
538         (WebCore::TextCodecReplacement::decode):
539
540 2016-06-29  Jer Noble  <jer.noble@apple.com>
541
542         Adopt MediaRemote.
543         https://bugs.webkit.org/show_bug.cgi?id=159250
544
545         Reviewed by Eric Carlson.
546
547         Adopt MediaRemote and use the framework to implement MediaSessionManageMac
548         and RemoteCommandListenerMac.
549
550         * WebCore.xcodeproj/project.pbxproj:
551         * platform/RemoteCommandListener.cpp:
552         * platform/audio/PlatformMediaSessionManager.cpp:
553         * platform/audio/cocoa/MediaSessionManagerCocoa.cpp: Renamed from Source/WebCore/platform/audio/mac/MediaSessionManagerMac.cpp.
554         (PlatformMediaSessionManager::updateSessionState):
555         * platform/audio/mac/MediaSessionManagerMac.h: Added.
556         * platform/audio/mac/MediaSessionManagerMac.mm: Added.
557         (WebCore::PlatformMediaSessionManager::sharedManager):
558         (WebCore::PlatformMediaSessionManager::sharedManagerIfExists):
559         (WebCore::MediaSessionManagerMac::MediaSessionManagerMac):
560         (WebCore::MediaSessionManagerMac::~MediaSessionManagerMac):
561         (WebCore::MediaSessionManagerMac::sessionWillBeginPlayback):
562         (WebCore::MediaSessionManagerMac::removeSession):
563         (WebCore::MediaSessionManagerMac::sessionWillEndPlayback):
564         (WebCore::MediaSessionManagerMac::clientCharacteristicsChanged):
565         (WebCore::MediaSessionManagerMac::nowPlayingEligibleSession):
566         (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):
567         * platform/cocoa/SoftLinking.h:
568         * platform/mac/MediaRemoteSoftLink.cpp: Added.
569         * platform/mac/MediaRemoteSoftLink.h: Added.
570         * platform/mac/RemoteCommandListenerMac.h: Added.
571         (WebCore::RemoteCommandListenerMac::createWeakPtr):
572         * platform/mac/RemoteCommandListenerMac.mm: Added.
573         (WebCore::RemoteCommandListener::create):
574         (WebCore::RemoteCommandListenerMac::RemoteCommandListenerMac):
575         (WebCore::RemoteCommandListenerMac::~RemoteCommandListenerMac):
576         * platform/spi/mac/MediaRemoteSPI.h: Added.
577
578 2016-06-29  Jer Noble  <jer.noble@apple.com>
579
580         Cannot clear a MediaSource SourceBuffer in Safari 9 and WebKit nightly
581         https://bugs.webkit.org/show_bug.cgi?id=159230
582
583         Reviewed by Eric Carlson.
584
585         Test: media/media-source/media-source-remove.html (modified)
586
587         Move to using a MediaTime directly (rather than as a double) to add
588         and removed buffered ranges. Also, drop the use of the "microsecond"
589         fudge factor when adding buffered ranges.
590
591         * Modules/mediasource/SourceBuffer.cpp:
592         (WebCore::removeSamplesFromTrackBuffer):
593         (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
594
595 2016-06-29  Jiewen Tan  <jiewen_tan@apple.com>
596
597         Unreviewed, second attempt to fix ASAN build for r202599
598
599         * platform/text/TextCodecReplacement.cpp:
600
601 2016-06-29  Jiewen Tan  <jiewen_tan@apple.com>
602
603         Unreviewed, first attempt to fix ASAN build for r202599
604
605         * platform/text/TextCodecReplacement.cpp:
606
607 2016-06-29  Joseph Pecoraro  <pecoraro@apple.com>
608
609         Web Inspector: Show Shadow Root type in DOM Tree
610         https://bugs.webkit.org/show_bug.cgi?id=159236
611         <rdar://problem/27068521>
612
613         Reviewed by Timothy Hatcher.
614
615         Test: inspector/dom/shadowRootType.html
616
617         * inspector/InspectorDOMAgent.cpp:
618         (WebCore::shadowRootType):
619         (WebCore::InspectorDOMAgent::buildObjectForNode):
620         Set the shadowRootType property when a node is a ShadowRoot.
621
622 2016-06-29  Jeremy Jones  <jeremyj@apple.com>
623
624         Replace MPAudioVideoRoutingActionSheet with MPAVRoutingSheet.
625         https://bugs.webkit.org/show_bug.cgi?id=159161
626         <rdar://problem/26017691>
627
628         Reviewed by Sam Weinig.
629
630         Replace MPAudioVideoRoutingActionSheet SPI with MPAVRoutingSheet SPI.
631
632         * platform/spi/ios/MediaPlayerSPI.h:
633
634 2016-06-29  Alejandro G. Castro  <alex@igalia.com>
635
636         WebRTC: ice-char can not contain '=' characters for credentials
637         https://bugs.webkit.org/show_bug.cgi?id=159207
638
639         Reviewed by Eric Carlson.
640
641         Avoid a general calculation to get a base64 without padding which
642         was wrong in the randomString function. Because each parameter
643         using the function requires a different setup depending of the
644         specification and this is not a general API, it is a better
645         solution to calculate and store the sizes we want to use, comment
646         them and test them, considering we use base64 to generate the
647         strings we just need to avoid padding.
648
649         Existing test modified to match the correct behavior.
650
651         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
652         (WebCore::randomString): Now the size is the one passed.
653         (WebCore::MediaEndpointPeerConnection::MediaEndpointPeerConnection):
654         Used different valid values following the sdp parser in each case.
655
656 2016-06-29  David Kilzer  <ddkilzer@apple.com>
657
658         Crash when 'input' event handler for input[type=color] changes the input type
659         <https://webkit.org/b/159262>
660         <rdar://problem/27020404>
661
662         Reviewed by Daniel Bates.
663
664         Fix based on a Blink change (patch by <tkent@chromium.org>):
665         <https://chromium.googlesource.com/chromium/src.git/+/a17cb3ecef49a078657524cdeaba33ad2083646c>
666
667         Test: fast/forms/color/color-type-change-on-input-crash.html
668
669         * html/ColorInputType.cpp:
670         (WebCore::ColorInputType::didChooseColor): Add EventQueueScope
671         before setValueFromRenderer() to fix the bug.
672         * html/HTMLInputElement.h:
673         (WebCore::HTMLInputElement::setValueFromRenderer): Add comment
674         about how to use this method.
675
676 2016-06-29  Adam Bergkvist  <adam.bergkvist@ericsson.com>
677
678         WebRTC: Misc MediaStreamEvent fixes: Update build flag and remove PassRefPtr usage
679         https://bugs.webkit.org/show_bug.cgi?id=159132
680
681         Reviewed by Eric Carlson.
682
683         Use the WEB_RTC build flag instead of MEDIA_STREAM since this event is related to
684         RTCPeerConnection. Also remove PassRefPtr usage.
685
686         Updated existing expected results.
687
688         * Modules/mediastream/MediaStreamEvent.cpp:
689         (WebCore::MediaStreamEvent::create):
690         (WebCore::MediaStreamEvent::MediaStreamEvent):
691         * Modules/mediastream/MediaStreamEvent.h:
692         * Modules/mediastream/MediaStreamEvent.idl:
693         * dom/EventNames.in:
694
695 2016-06-29  Adam Bergkvist  <adam.bergkvist@ericsson.com>
696
697         REGRESSION(r202337) [WebRTC] Crash when loading html5test.com
698         https://bugs.webkit.org/show_bug.cgi?id=159145
699
700         Reviewed by Eric Carlson.
701
702         MediaEndpointPeerConnection uses an implementation of the MediaEndpoint interface to
703         interact with the port's WebRTC backend. A mock (MockMediaEndpoint) is used for testing.
704         This change adds an "empty" MediaEndpoint implementation that simplifies the case when a
705         port builds and tests with MediaEndpointPeerConnection/MockMediaEndpoint, but doesn't have
706         a "real" MediaEndpoint implementation yet (to use with MiniBrowser).
707
708         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
709         (WebCore::MediaEndpointPeerConnection::MediaEndpointPeerConnection):
710         * platform/mediastream/MediaEndpoint.cpp:
711         (WebCore::EmptyRealtimeMediaSource::create):
712         (WebCore::EmptyRealtimeMediaSource::EmptyRealtimeMediaSource):
713         (WebCore::EmptyMediaEndpoint::EmptyMediaEndpoint):
714         (WebCore::createMediaEndpoint):
715
716 2016-06-29  Alejandro G. Castro  <alex@igalia.com>
717
718         Fix assertion in debug build when creating the SocketStreamHandle object.
719
720         We have to call relaxAdoptionRequirement to avoid the assertion
721         when protecting the non-adopted SocketStreamHandle we are
722         creating. Update to r202370.
723
724         Rubber-stamped by Carlos Garcia Campos.
725
726         * platform/network/soup/SocketStreamHandleSoup.cpp:
727         (WebCore::SocketStreamHandle::SocketStreamHandle):
728
729 2016-06-29  David Kilzer  <ddkilzer@apple.com>
730
731         Throw exceptions for invalid number of channels for ConvolverNode
732         <https://webkit.org/b/159238>
733         <rdar://problem/27020410>
734
735         Reviewed by Brent Fulgham.
736
737         Fix based on a Blink change (patch by <rtoy@chromium.org>):
738         <https://chromium.googlesource.com/chromium/src.git/+/0cc26bbb7175aec77910d0b47faf9f8c8a640fe5>
739
740         Test: webaudio/convolver-channels.html
741
742         * Modules/webaudio/ConvolverNode.cpp:
743         (WebCore::ConvolverNode::setBuffer): Throw an exception for
744         anything but 1, 2 or 4 channels.
745
746 2016-06-29  Carlos Garcia Campos  <cgarcia@igalia.com>
747
748         REGRESSION(r198782, r201043): [image-decoders] Flickering with some animated gif
749         https://bugs.webkit.org/show_bug.cgi?id=159089
750
751         Reviewed by Antonio Gomes.
752
753         There's some flickering when loading big enough animated gifs running the animation in a loop. The first time it
754         loads everything is fine, but after the first loop iteration there are several flickering effects, once every
755         time the animation finishes and some others happening in the middle of the animation loop. The flickering
756         happens because we fail to render some of the frames, and it has two diferent causes:
757
758          - In r198782, ImageDecoder::createFrameImageAtIndex(), was modified to check first if the image is empty to
759         return early, and then try to get the frame image from the decoder. This is the aone causing the flickering
760         always on the first frame after one iteration. It happens because ImageDecoder::size() is always empty at that
761         point. The first time doesn't happen because the gif is loaded and BitmapImage calls isSizeAvailable() from
762         BitmapImage::dataChanged(). The isSizeAvailable call makes the gif decoder calculate the size. But for the next
763         iterations, frames are cached and BitmapImage already has the decoded data so isSizeAvailable is not called
764         again. When createFrameImageAtIndex() is called again for the first frame, size is empty until the gif decoder
765         creates the reader again, which happens when frameBufferAtIndex() is called, so after that the size is
766         available. So, we could call isSizeAvailable before checking the size, or simply do the check after the
767         frameBufferAtIndex() call as we used to do.
768
769          - In r201043 BitmapImage::destroyDecodedDataIfNecessary() was fixed to use the actual bytes used by the frame
770         in order to decide whether to destroy decoded data or not. This actually revealed a bug, it didn't happen before
771         because we were never destroying frames before. The bug is in the gif decoder that doesn't correctly handle the
772         case of destroying only some of the frames from the buffer cache. The gif decoder is designed to always process the
773         frames in order, the reader keeps an index of the currently processed frame, so when some frames are read from the
774         cache, and then we ask the decoder for a not cached frame, the currently processed frame is not in sync with the
775         actual frame we are asking for, and we end do not processing any frame at all.
776
777         * platform/image-decoders/ImageDecoder.cpp:
778         (WebCore::ImageDecoder::createFrameImageAtIndex): Check the size after calling frameBufferAtIndex().
779         * platform/image-decoders/gif/GIFImageDecoder.cpp:
780         (WebCore::GIFImageDecoder::clearFrameBufferCache): Delete the reader when clearing the cache since it's out of sync.
781
782 2016-06-28  Carlos Garcia Campos  <cgarcia@igalia.com>
783
784         [GStreamer] Adaptive streaming issues
785         https://bugs.webkit.org/show_bug.cgi?id=144040
786
787         Reviewed by Philippe Normand.
788
789         There are multiple deadlocks in the web process when HLS content is loaded by GStreamer. It happens because gst
790         is using several threads to download manifest, fragments, monitor the downloads, etc. To download the fragments
791         and manifest it always creates the source element in a separate thread, something that is not actually expected
792         to happen in WebKit source element. Our source element is always scheduling tasks (start, stop, need-data,
793         enough-data and seek) to the main thread, and those downloads that use the ResourceHandleStreamingClient
794         (there's no player associated) also happen in the main thread, because libsoup calls all its async callbacks in
795         the main thread. So, the result is that it can happen that we end up blocking the main thread in a lock until
796         the download finishes, but the download never finishes because tasks are scheduled in the main thread that is
797         blocked in a lock. This can be prevented by always using a secondary thread for downloads made by
798         ResourceHandleStreamingClient, using its own run loop with a different GMainContext so that libsoup sends
799         callbacks to the right thread. We also had to refactor the tasks a bit, leaving the thread safe parts to be run
800         in the calling thread always, and only scheduling to the main thread in case of not using
801         ResourceHandleStreamingClient and only for the non thread safe parts.
802         This patch also includes r200455 that was rolled out, but it was a perfectly valid workaround for GST bug.
803
804         * platform/graphics/gstreamer/GRefPtrGStreamer.cpp:
805         (WTF::ensureGRef): Consume the floating ref if needed.
806         * platform/graphics/gstreamer/GRefPtrGStreamer.h:
807         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
808         (webkit_web_src_init): Check if object is being created in the main thread.
809         (webKitWebSrcStop): Stop the media resource loader in the main thread and the resource handle streaming in the
810         current thread.
811         (webKitWebSrcStart): Start the media resource loader in the main thread and the resource handle streaming in
812         the current thread.
813         (webKitWebSrcChangeState): Call webKitWebSrcStart and webKitWebSrcStop in the current thread.
814         (webKitWebSrcNeedData): Update status in the current thread and notify the media resource loader in the main thread.
815         (webKitWebSrcEnoughData): Ditto.
816         (webKitWebSrcSeek): Ditto.
817         (webKitWebSrcSetMediaPlayer): Add an assert to ensure that source elements used by WebKit are always created in
818         the main thread.
819         (ResourceHandleStreamingClient::ResourceHandleStreamingClient): Use a secondary thread to do the download.
820         (ResourceHandleStreamingClient::~ResourceHandleStreamingClient): Stop the secondary thread.
821         (ResourceHandleStreamingClient::setDefersLoading): Notify the secondary thread.
822
823 2016-06-28  Youenn Fablet  <youennf@gmail.com>
824
825         Remove ThreadableLoaderOptions origin
826         https://bugs.webkit.org/show_bug.cgi?id=159221
827
828         Reviewed by Sam Weinig.
829
830         No change of behavior.
831
832         * loader/DocumentThreadableLoader.cpp:
833         (WebCore::DocumentThreadableLoader::loadResourceSynchronously): Adding origing parameter.
834         (WebCore::DocumentThreadableLoader::create): Ditto.
835         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
836         (WebCore::DocumentThreadableLoader::redirectReceived): Setting m_origin.
837         (WebCore::DocumentThreadableLoader::securityOrigin): Checking m_origin.
838         * loader/DocumentThreadableLoader.h: Adding m_origin member.
839         * loader/ThreadableLoader.cpp:
840         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing origin.
841         (WebCore::ThreadableLoaderOption::isolatedCopy): Deleted.
842         * loader/ThreadableLoader.h: Removing origin parameter and isolatedCopy function.
843         * loader/WorkerThreadableLoader.cpp:
844         (WebCore::LoaderTaskOptions::LoaderTaskOptions): Structure to pass loader task options from one thread to another.
845         (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge):
846         * page/EventSource.cpp:
847         (WebCore::EventSource::connect): Removing setting of the origin.
848         * workers/WorkerScriptLoader.cpp:
849         (WebCore::WorkerScriptLoader::loadSynchronously): Ditto.
850         (WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.
851         * xml/XMLHttpRequest.cpp:
852         (WebCore::XMLHttpRequest::createRequest): Ditto.
853
854 2016-06-28  Commit Queue  <commit-queue@webkit.org>
855
856         Unreviewed, rolling out r202580.
857         https://bugs.webkit.org/show_bug.cgi?id=159245
858
859         Caused all WKTR tests to fail on GuardMalloc and Production
860         only for unknown reasons, investigating offline. (Requested by
861         brrian on #webkit).
862
863         Reverted changeset:
864
865         "RunLoop::Timer should use constructor templates instead of
866         class templates"
867         https://bugs.webkit.org/show_bug.cgi?id=159153
868         http://trac.webkit.org/changeset/202580
869
870 2016-06-28  Benjamin Poulain  <benjamin@webkit.org>
871
872         Rename ChildrenAffectedByActive to StyleAffectedByActive
873         https://bugs.webkit.org/show_bug.cgi?id=159187
874
875         Reviewed by Antti Koivisto.
876
877         Flags named "ChildrenAffectedBy" are used when the invalidation
878         of children is so crazy that we invalidate the whole parent subtree instead.
879
880         That's not the case for :active. It is a straightforward element invalidation.
881         Consequently, the property is renamed to StyleAffectedByActive.
882
883         * dom/Element.cpp:
884         (WebCore::Element::setActive):
885         (WebCore::Element::setStyleAffectedByActive):
886         (WebCore::Element::hasFlagsSetDuringStylingOfChildren):
887         (WebCore::Element::rareDataStyleAffectedByActive):
888         (WebCore::Element::setChildrenAffectedByActive): Deleted.
889         (WebCore::Element::rareDataChildrenAffectedByActive): Deleted.
890         * dom/Element.h:
891         (WebCore::Element::styleAffectedByActive):
892         (WebCore::Element::childrenAffectedByActive): Deleted.
893         * dom/ElementRareData.h:
894         (WebCore::ElementRareData::styleAffectedByActive):
895         (WebCore::ElementRareData::setStyleAffectedByActive):
896         (WebCore::ElementRareData::ElementRareData):
897         (WebCore::ElementRareData::resetDynamicRestyleObservations):
898         (WebCore::ElementRareData::childrenAffectedByActive): Deleted.
899         (WebCore::ElementRareData::setChildrenAffectedByActive): Deleted.
900         * style/StyleRelations.cpp:
901         (WebCore::Style::commitRelations):
902
903 2016-06-28  Jiewen Tan  <jiewen_tan@apple.com>
904
905         Implement "replacement" codec
906         https://bugs.webkit.org/show_bug.cgi?id=159180
907         <rdar://problem/26015178>
908
909         Reviewed by Brent Fulgham.
910
911         Test: fast/encoding/charset-replacement.html
912
913         Add support for "replacement" codec according to the spec:
914         https://encoding.spec.whatwg.org/#replacement
915         According to the spec, encoding labels {"csiso2022kr", "hz-gb-2312", "iso-2022-cn",
916         "iso-2022-cn-ext", "iso-2022-kr"} are used to conduct certain attacks that abuse
917         a mismatch between encodings supported on the server and the client. Therefore,
918         they are grouped under the "replacement" codec, which does the following things
919         to prevent those attacks.
920         1) Decode: terminates with a single U+FFFD.
921         2) Encode: treated as UTF-8.
922
923         Furthermore, the "replacement" codec is a specification convenience to group those
924         vulnerable encoding labels. Therefore, it should not be able to use directly.
925
926         This change is based on the following Blink changes:
927         https://codereview.chromium.org/265973003, and
928         https://codereview.chromium.org/261013007.
929
930         * CMakeLists.txt:
931         * WebCore.xcodeproj/project.pbxproj:
932         * platform/text/TextAllInOne.cpp:
933         * platform/text/TextCodecReplacement.cpp: Added.
934         (WebCore::TextCodecReplacement::create):
935         (WebCore::TextCodecReplacement::TextCodecReplacement):
936         (WebCore::TextCodecReplacement::registerEncodingNames):
937         (WebCore::TextCodecReplacement::registerCodecs):
938         (WebCore::TextCodecReplacement::decode):
939         * platform/text/TextCodecReplacement.h: Added.
940         * platform/text/TextEncoding.cpp:
941         (WebCore::TextEncoding::TextEncoding):
942         * platform/text/TextEncodingRegistry.cpp:
943         (WebCore::isReplacementEncoding):
944         (WebCore::extendTextCodecMaps):
945         * platform/text/TextEncodingRegistry.h:
946
947 2016-06-28  Dean Jackson  <dino@apple.com>
948
949         Remove incorrect comments in HTMLCanvasElement
950         https://bugs.webkit.org/show_bug.cgi?id=159229
951
952         Reviewed by Sam Weinig.
953
954         These comments are wrong.
955
956         * html/HTMLCanvasElement.cpp:
957         (WebCore::HTMLCanvasElement::probablySupportsContext):
958         (WebCore::HTMLCanvasElement::getContext): Deleted.
959
960 2016-06-28  Geoffrey Garen  <ggaren@apple.com>
961
962         CrashTracer beneath JSC::MarkedBlock::specializedSweep
963         https://bugs.webkit.org/show_bug.cgi?id=159223
964
965         Reviewed by Saam Barati.
966
967         This crash is caused by a media element re-entering JS during the GC
968         sweep phase.
969
970         In theory, other CachedResourceClients in the DOM might also trigger
971         similar bugs, but our data only implicates the media elements, so this
972         fix targets them.
973
974         * html/HTMLDocument.h: Document has no reason to inherit from
975         CachedResourceClient. I found this becuase I had to search for all
976         CachedResourceClients in researching this patch.
977
978         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
979         (WebCore::WebCoreAVCFResourceLoader::invalidate): Delay our call to
980         stopLoading because it might re-enter JS, and we might have been called
981         by the GC sweep phase destroying a media element.
982
983         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
984         (WebCore::WebCoreAVFResourceLoader::invalidate): Ditto.
985
986 2016-06-28  Saam Barati  <sbarati@apple.com>
987
988         some Watchpoints' ::fireInternal method will call operations that might GC where the GC will cause the watchpoint itself to destruct
989         https://bugs.webkit.org/show_bug.cgi?id=159198
990         <rdar://problem/26302360>
991
992         Reviewed by Filip Pizlo.
993
994         * bindings/js/JSDOMWindowBase.cpp:
995         (WebCore::JSDOMWindowBase::fireFrameClearedWatchpointsForWindow):
996         * bindings/scripts/CodeGeneratorJS.pm:
997         (GenerateHeader):
998         * bindings/scripts/test/JS/JSTestEventTarget.h:
999         (WebCore::JSTestEventTarget::create):
1000
1001 2016-06-28  Anders Carlsson  <andersca@apple.com>
1002
1003         Move the user gesture requirement to the ApplePaySession constructor
1004         https://bugs.webkit.org/show_bug.cgi?id=159225
1005         rdar://problem/26507267
1006
1007         Reviewed by Tim Horton.
1008
1009         By doing this, clients can do pre-validation before showing the sheet, while we still maintain the user gesture requirement.
1010
1011         * Modules/applepay/ApplePaySession.cpp:
1012         (WebCore::ApplePaySession::create):
1013         (WebCore::ApplePaySession::begin): Deleted.
1014
1015 2016-06-28  Youenn Fablet  <youenn@apple.com>
1016
1017         Iterable interfaces should have their related prototype @@iterator property writable
1018         https://bugs.webkit.org/show_bug.cgi?id=159211
1019         <rdar://problem/26950766>
1020
1021         Reviewed by Chris Dumez.
1022
1023         Updating @@iterator property according  http://heycam.github.io/webidl/#es-iterator.
1024
1025         Covered by updated test.
1026
1027         * bindings/scripts/CodeGeneratorJS.pm:
1028         (GenerateImplementation): Removing ReadOnly flag from @@iterator property of iterable interfaces.
1029         * bindings/scripts/test/JS/JSTestNode.cpp:
1030         (WebCore::JSTestNodePrototype::finishCreation): Rebasing expectation.
1031         * bindings/scripts/test/JS/JSTestObj.cpp:
1032         (WebCore::JSTestObjPrototype::finishCreation): Ditto.
1033
1034 2016-06-28  Anders Carlsson  <andersca@apple.com>
1035
1036         "Total amount is too big" error message is displaying on clicking Pay button
1037         https://bugs.webkit.org/show_bug.cgi?id=159219
1038         rdar://problem/26722110
1039
1040         Reviewed by Tim Horton.
1041
1042         Match the PassKit max amount.
1043
1044         * Modules/applepay/PaymentRequestValidator.cpp:
1045         (WebCore::PaymentRequestValidator::validateTotal):
1046
1047 2016-06-28  Anders Carlsson  <andersca@apple.com>
1048
1049         PaymentMerchantSession should wrap a PKPaymentMerchantSession
1050         https://bugs.webkit.org/show_bug.cgi?id=159218
1051         rdar://problem/26872118
1052
1053         Reviewed by Tim Horton.
1054
1055         * Modules/applepay/ApplePaySession.cpp:
1056         (WebCore::ApplePaySession::completeMerchantValidation):
1057         Use PaymentMerchantSession::fromJS.
1058
1059         (WebCore::createMerchantSession): Deleted.
1060
1061         * Modules/applepay/PaymentCoordinator.h:
1062         PaymentMerchantSession is now a class.
1063
1064         * Modules/applepay/PaymentCoordinatorClient.h:
1065         PaymentMerchantSession is now a class.
1066
1067         * Modules/applepay/PaymentMerchantSession.h:
1068         (WebCore::PaymentMerchantSession::PaymentMerchantSession):
1069         (WebCore::PaymentMerchantSession::~PaymentMerchantSession):
1070         (WebCore::PaymentMerchantSession::pkPaymentMerchantSession):
1071         Store a PKPaymentMerchantSession in a RetainPtr inside the PaymentMerchantSession object.
1072
1073         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
1074         (WebCore::PaymentMerchantSession::fromJS):
1075         Convert the JS object to a PKPaymentMerchantSession and return a PaymentMerchantSession that wraps it.
1076
1077         * WebCore.xcodeproj/project.pbxproj:
1078         Add new files.
1079
1080         * bindings/js/Dictionary.h:
1081         (WebCore::Dictionary::initializerObject):
1082         Add new getter.
1083
1084 2016-06-28  Brian Burg  <bburg@apple.com>
1085
1086         RunLoop::Timer should use constructor templates instead of class templates
1087         https://bugs.webkit.org/show_bug.cgi?id=159153
1088
1089         Reviewed by Alex Christensen.
1090
1091         Remove the RunLoop::Timer class template argument, and pass its constructor
1092         a reference to `this` instead of a pointer to `this`.
1093
1094         * Modules/mediasession/WebMediaSessionManager.cpp:
1095         (WebCore::WebMediaSessionManager::WebMediaSessionManager):
1096         * Modules/mediasession/WebMediaSessionManager.h:
1097         * page/WheelEventTestTrigger.cpp:
1098         (WebCore::WheelEventTestTrigger::WheelEventTestTrigger):
1099         * page/WheelEventTestTrigger.h:
1100         * page/mac/TextIndicatorWindow.h:
1101         * page/mac/TextIndicatorWindow.mm:
1102         (WebCore::TextIndicatorWindow::TextIndicatorWindow):
1103         * platform/MainThreadSharedTimer.h:
1104         * platform/cocoa/ScrollController.h:
1105         * platform/cocoa/ScrollController.mm:
1106         (WebCore::ScrollController::ScrollController):
1107         * platform/glib/MainThreadSharedTimerGLib.cpp:
1108         (WebCore::MainThreadSharedTimer::MainThreadSharedTimer):
1109         * platform/graphics/MediaPlaybackTargetPicker.cpp:
1110         (WebCore::MediaPlaybackTargetPicker::MediaPlaybackTargetPicker):
1111         * platform/graphics/MediaPlaybackTargetPicker.h:
1112         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1113         (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer):
1114         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
1115         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1116         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
1117         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
1118         * platform/graphics/gstreamer/VideoSinkGStreamer.cpp:
1119         (VideoRenderRequestScheduler::VideoRenderRequestScheduler):
1120         * platform/graphics/texmap/TextureMapperPlatformLayerProxy.cpp:
1121         (WebCore::TextureMapperPlatformLayerProxy::TextureMapperPlatformLayerProxy):
1122         (WebCore::TextureMapperPlatformLayerProxy::activateOnCompositingThread):
1123         * platform/graphics/texmap/TextureMapperPlatformLayerProxy.h:
1124         * platform/mock/MediaPlaybackTargetPickerMock.cpp:
1125         (WebCore::MediaPlaybackTargetPickerMock::MediaPlaybackTargetPickerMock):
1126         * platform/mock/MediaPlaybackTargetPickerMock.h:
1127         * platform/mock/MockRealtimeVideoSource.cpp:
1128         (WebCore::MockRealtimeVideoSource::MockRealtimeVideoSource):
1129         * platform/mock/MockRealtimeVideoSource.h:
1130         * platform/network/ResourceHandleInternal.h:
1131         (WebCore::ResourceHandleInternal::ResourceHandleInternal):
1132
1133 2016-06-27  Jer Noble  <jer.noble@apple.com>
1134
1135         Cross-domain video loads do not prompt for authorization.
1136         https://bugs.webkit.org/show_bug.cgi?id=159195
1137         <rdar://problem/26234612>
1138
1139         Reviewed by Brent Fulgham.
1140
1141         Test: http/tests/media/video-auth.html (modified)
1142
1143         We should prompt for authorization when a cross-origin <video> is embedded
1144         in a web page.
1145
1146         * loader/MediaResourceLoader.cpp:
1147         (WebCore::MediaResourceLoader::requestResource):
1148
1149 2016-06-28  Ryosuke Niwa  <rniwa@webkit.org>
1150
1151         REGRESSION(r201471): FormClient.textFieldDidEndEditing is no longer called when a text field is removed
1152         https://bugs.webkit.org/show_bug.cgi?id=159199
1153         <rdar://problem/26748189>
1154
1155         Reviewed by Alexey Proskuryakov.
1156
1157         The bug was caused by HTMLInputElement's endEditing no longer getting called due to the behavior change.
1158         Preserve the WebKit2 API semantics by manually calling HTMLInputElement::endEditing in setFocusedElement.
1159
1160         Tests: WebKit2TextFieldDidBeginAndEndEditing
1161
1162         * dom/Document.cpp:
1163         (WebCore::Document::setFocusedElement):
1164
1165 2016-06-28  Frederic Wang  <fwang@igalia.com>
1166
1167         Phrasing content should be accepted in <mo> elements
1168         https://bugs.webkit.org/show_bug.cgi?id=130245
1169
1170         Reviewed by Brent Fulgham.
1171
1172         After r202420, the RenderMathMLOperator element no longer messes with anonymous block and
1173         text nodes. Hence it is now safe to allow foreign content inside <mo>.
1174
1175         We extend foreign-element-in-token.html to cover the mo case.
1176
1177         * mathml/MathMLTextElement.cpp:
1178         (WebCore::MathMLTextElement::childShouldCreateRenderer): Remove the early return for <mo> so
1179         that it accepts phrasing content children.
1180
1181 2016-06-27  Anders Carlsson  <andersca@apple.com>
1182
1183         WebKit::WebPaymentCoordinator leak
1184         https://bugs.webkit.org/show_bug.cgi?id=159168
1185         rdar://problem/26929772
1186
1187         Reviewed by Beth Dakin.
1188
1189         * Modules/applepay/PaymentCoordinator.cpp:
1190         (WebCore::PaymentCoordinator::~PaymentCoordinator):
1191         Call paymentCoordinatorDestroyed().
1192
1193         * Modules/applepay/PaymentCoordinatorClient.h:
1194         Rename mainFrameDestroyed to paymentCoordinatorDestroyed().
1195
1196         * loader/EmptyClients.cpp:
1197
1198 2016-06-28  Frederic Wang  <fwang@igalia.com>
1199
1200         Remove anonymous in renderName for all MathML renderers but RenderMathMLOperator
1201         https://bugs.webkit.org/show_bug.cgi?id=159114
1202
1203         Reviewed by Martin Robinson.
1204
1205         After r202420, the only anonymous MathML renderers are the RenderMathMLOperators created by
1206         the mfenced element. Hence we remove the special case for anonymous in the renderName
1207         implementation of most MathML renderers.
1208
1209         No new tests, behavior unchanged.
1210
1211         * rendering/mathml/RenderMathMLRow.h:
1212         * rendering/mathml/RenderMathMLSpace.h:
1213         * rendering/mathml/RenderMathMLToken.h:
1214
1215 2016-06-28  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1216
1217         WebRTC: Robustify 'this' type check in RTCPeerConnection JS built-ins
1218         https://bugs.webkit.org/show_bug.cgi?id=158831
1219
1220         Reviewed by Youenn Fablet.
1221
1222         Use @operations slot in RTCPeerConnection type check.
1223
1224         Updated results of existing test.
1225
1226         * Modules/mediastream/RTCPeerConnection.js:
1227         (initializeRTCPeerConnection):
1228         Initialize @operations slot in constructor.
1229         * Modules/mediastream/RTCPeerConnectionInternals.js:
1230         (isRTCPeerConnection):
1231         Use @operations slot in type check.
1232
1233 2016-06-28  Frederic Wang  <fwang@igalia.com>
1234
1235         AX: Remove dead code in AccessibilityRenderObject::textUnderElement
1236         https://bugs.webkit.org/show_bug.cgi?id=159205
1237
1238         Reviewed by Joanmarie Diggs.
1239
1240         RenderMathMLOperator used to destroy its descendants and to replace them with an anonymous
1241         text node wrapped inside anonymous blocks. After r202420, it just behaves as any other token
1242         elements. Hence we remove the code in AccessibilityRenderObject::textUnderElement that was
1243         used to handle this specific render tree structure.
1244
1245         No new tests, already covered by accessibility/math-text.html.
1246
1247         * accessibility/AccessibilityRenderObject.cpp:
1248         (WebCore::AccessibilityRenderObject::textUnderElement): Remove dead code for RenderText and RenderMathMLOperator.
1249
1250 2016-06-28  Per Arne Vollan  <pvollan@apple.com>
1251
1252         [Win] Custom elements tests are failing.
1253         https://bugs.webkit.org/show_bug.cgi?id=159139
1254
1255         Reviewed by Alex Christensen.
1256
1257         Fix compile errors after enabling custom element API.
1258
1259         * bindings/js/JSHTMLElementCustom.cpp:
1260         (WebCore::constructJSHTMLElement):
1261         * dom/CustomElementDefinitions.cpp:
1262         (WebCore::CustomElementDefinitions::addElementDefinition):
1263         * dom/Document.cpp:
1264         (WebCore::createHTMLElementWithNameValidation):
1265         (WebCore::createFallbackHTMLElement):
1266         * dom/Element.cpp:
1267         (WebCore::Element::attributeChanged):
1268         * dom/LifecycleCallbackQueue.cpp:
1269         (WebCore::LifecycleQueueItem::LifecycleQueueItem):
1270         (WebCore::LifecycleCallbackQueue::enqueueElementUpgrade):
1271         (WebCore::LifecycleCallbackQueue::enqueueAttributeChangedCallback):
1272         * html/parser/HTMLConstructionSite.cpp:
1273         (WebCore::HTMLConstructionSite::insertHTMLElementOrFindCustomElementInterface):
1274         (WebCore::HTMLConstructionSite::createHTMLElementOrFindCustomElementInterface):
1275         * html/parser/HTMLDocumentParser.cpp:
1276         (WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder):
1277         * html/parser/HTMLTreeBuilder.cpp:
1278         (WebCore::CustomElementConstructionData::CustomElementConstructionData):
1279         (WebCore::HTMLTreeBuilder::insertGenericHTMLElement):
1280         * html/parser/HTMLTreeBuilder.h:
1281
1282 2016-06-28  Philippe Normand  <pnormand@igalia.com>
1283
1284         [GStreamer] usec rounding is wrong during accurate seeking
1285         https://bugs.webkit.org/show_bug.cgi?id=90734
1286
1287         Reviewed by Carlos Garcia Campos.
1288
1289         Use floor() to round the microseconds value, this is more robust
1290         than roundf.
1291
1292         * platform/graphics/gstreamer/GStreamerUtilities.cpp:
1293         (WebCore::toGstClockTime):
1294         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1295         (WebCore::MediaPlayerPrivateGStreamer::playbackPosition):
1296
1297 2016-06-28  Philippe Normand  <pnormand@igalia.com>
1298
1299         [GStreamer] improved duration query support in the HTTP source element
1300         https://bugs.webkit.org/show_bug.cgi?id=159204
1301
1302         Reviewed by Carlos Garcia Campos.
1303
1304         When we have the Content-Length value it is possible to infer the TIME
1305         duration in most cases by performing a convert query in the downstream
1306         elements. This is especially useful when the duration query wasn't
1307         managed by the sinks and thus reached the source element.
1308
1309         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
1310         (webKitWebSrcQueryWithParent):
1311
1312 2016-06-28  Youenn Fablet  <youenn@apple.com>
1313
1314         Binding generator should generate accessors for constructors safely accessed from JS builtin
1315         https://bugs.webkit.org/show_bug.cgi?id=159087
1316
1317         Reviewed by Alex Christensen.
1318
1319         Removed constructor private slots direct additions in JSDOMGlobalObject.
1320         Added support for generating the code that will do that.
1321         Advantage of the implementation:
1322         - Private slots will expose constructors that are also publically visible (previously workers had some private slots filled with WebRTC constructors).
1323         - Private slots no longer require the creation of the constructors at window creation time.
1324
1325         Although PublicIdentifier and PrivateIdentifier are both added where needed, the binding generator does not
1326         support the case of a constructor accessible only privately.
1327
1328         Covered by existing test set and adding binding test.
1329
1330         * Modules/mediastream/MediaStream.idl: Marked as PublicIdentifier/PrivateIdentifier.
1331         * Modules/mediastream/MediaStreamTrack.idl: Ditto.
1332         * Modules/mediastream/RTCIceCandidate.idl: Ditto.
1333         * Modules/mediastream/RTCSessionDescription.idl: Ditto.
1334         * Modules/streams/ReadableStream.idl: Ditto.
1335         * bindings/js/JSDOMGlobalObject.cpp:
1336         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Removed unneeded additions.
1337         * bindings/scripts/CodeGeneratorJS.pm:
1338         (GenerateImplementation): Added support for private slots for interface constructors marked as
1339         PrivateIdentifier.
1340         * bindings/scripts/preprocess-idls.pl:
1341         (GenerateConstructorAttribute): Make PublicIdentifier/PrivateIdentifier copied interface attributes.
1342         * bindings/scripts/test/GObject/WebKitDOMTestGlobalObject.cpp:
1343         (webkit_dom_test_global_object_set_property):
1344         (webkit_dom_test_global_object_get_property):
1345         (webkit_dom_test_global_object_class_init):
1346         (webkit_dom_test_global_object_get_public_and_private_attribute):
1347         (webkit_dom_test_global_object_set_public_and_private_attribute):
1348         * bindings/scripts/test/GObject/WebKitDOMTestGlobalObject.h:
1349         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
1350         (WebCore::JSTestGlobalObject::finishCreation):
1351         (WebCore::jsTestGlobalObjectPublicAndPrivateAttribute):
1352         (WebCore::setJSTestGlobalObjectPublicAndPrivateAttribute):
1353         * bindings/scripts/test/ObjC/DOMTestGlobalObject.h:
1354         * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
1355         (-[DOMTestGlobalObject publicAndPrivateAttribute]):
1356         (-[DOMTestGlobalObject setPublicAndPrivateAttribute:]):
1357         * bindings/scripts/test/TestGlobalObject.idl:
1358
1359
1360 2016-06-27  Jer Noble  <jer.noble@apple.com>
1361
1362         REGRESSION?(r202466): http/tests/security/canvas-remote-read-remote-video-redirect.html failing on Sierra
1363         https://bugs.webkit.org/show_bug.cgi?id=159172
1364         <rdar://problem/27030025>
1365
1366         Reviewed by Brent Fulgham.
1367
1368         Add a hasSingleSecurityOrigin property to WebCoreNSURLSession that gets updated each time one of that
1369         sessions' tasks receieves a response or a redirect request. Check that property from the MediaPlayerPrivate.
1370
1371         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
1372         (WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin):
1373         * platform/network/cocoa/WebCoreNSURLSession.h:
1374         * platform/network/cocoa/WebCoreNSURLSession.mm:
1375         (-[WebCoreNSURLSession updateHasSingleSecurityOrigin:]):
1376         (-[WebCoreNSURLSession dataTaskWithRequest:]):
1377         (-[WebCoreNSURLSession dataTaskWithURL:]):
1378         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
1379         (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]):
1380
1381 2016-06-27  Alex Christensen  <achristensen@webkit.org>
1382
1383         CMake build fix.
1384
1385         * PlatformMac.cmake:
1386
1387 2016-06-27  Youenn Fablet  <youenn@apple.com>
1388
1389         Remove didFailAccessControlCheck ThreadableLoaderClient callback
1390         https://bugs.webkit.org/show_bug.cgi?id=159149
1391
1392         Reviewed by Daniel Bates.
1393
1394         Adding an AccessControl ResourceError type.
1395         Replacing didFailAccessControlCheck callback by a direct call to didFail with an error of type AccessControl.
1396
1397         Making CrossOriginPreflightChecker always return an AccessControl error. Previously some errors created below
1398         were passed directly to threadable loader clients.
1399
1400         When doing preflight on unauthorized web sites, WTR/DRT will trigger a cancellation error which was translating into an abort event in XMLHttpRequest.
1401         This patch is changing the error type to AccessControl, which translates into an error event in XMLHttpReauest.
1402
1403         This change of behavior is seen in imported/w3c/web-platform-tests/XMLHttpRequest/send-authentication-cors-setrequestheader-no-cred.htm.
1404         No other observable change of behavior should be expected.
1405
1406         * inspector/InspectorNetworkAgent.cpp: Computing error message in didFail according the error type.
1407         * loader/CrossOriginPreflightChecker.cpp:
1408         (WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Setting preflightFailure error type to AccessControl.
1409         (WebCore::CrossOriginPreflightChecker::notifyFinished): Ditto.
1410         (WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.
1411         * loader/DocumentThreadableLoader.cpp:
1412         (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest): Replacing didFailAccessControlCheck
1413         callback by a direct call to didFail with an error of type AccessControl.
1414         (WebCore::reportContentSecurityPolicyError): Ditto.
1415         (WebCore::reportCrossOriginResourceSharingError): Ditto.
1416         (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
1417         (WebCore::DocumentThreadableLoader::preflightFailure): Calling didFail directly.
1418         * loader/ThreadableLoaderClient.h: Removing didFailAccessControlCheck.
1419         * loader/ThreadableLoaderClientWrapper.h: Ditto.
1420         * loader/WorkerThreadableLoader.cpp: Ditto.
1421         * loader/WorkerThreadableLoader.h: Ditto.
1422         * page/EventSource.cpp:
1423         (WebCore::EventSource::didFail): Removing didFailAccessControlCheck and putting handling code in didFail.
1424         * page/EventSource.h:
1425         * platform/network/ResourceErrorBase.cpp:
1426         (WebCore::ResourceErrorBase::setType): Softening the assertion to cover the case of migration to AccessControl.
1427         * platform/network/ResourceErrorBase.h: Adding AccessControl error type.
1428         (WebCore::ResourceErrorBase::isAccessControl):
1429
1430 2016-06-27  Chris Dumez  <cdumez@apple.com>
1431
1432         HTMLElement / SVGElement should implement GlobalEventHandlers, not Element
1433         https://bugs.webkit.org/show_bug.cgi?id=159191
1434         <rdar://problem/27019299>
1435
1436         Reviewed by Ryosuke Niwa.
1437
1438         HTMLElement / SVGElement should implement GlobalEventHandlers, not Element:
1439         - https://html.spec.whatwg.org/multipage/dom.html#htmlelement
1440         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
1441
1442         Firefox and Chrome behave as per the specification.
1443
1444         Fixing this also fixes rendering on http://survey123.arcgis.com/.
1445
1446         No new tests, covered by existing tests that were rebaselined.
1447
1448         * dom/Element.idl:
1449         * html/HTMLElement.idl:
1450         * svg/SVGElement.idl:
1451
1452 2016-06-27  Myles C. Maxfield  <mmaxfield@apple.com>
1453
1454         [macOS] Test gardening: Generic font families should not map to fonts which aren't installed
1455         https://bugs.webkit.org/show_bug.cgi?id=159111
1456         <rdar://problem/25807529>
1457
1458         Unreviewed.
1459
1460         Osaka-Mono does not come preinstalled on macOS Sierra. However, many Japanese users
1461         will have the font installed. Before setting the generic font family, we should check
1462         to see if the font is present.
1463
1464         * page/cocoa/SettingsCocoa.mm:
1465         (WebCore::osakaMonoIsInstalled):
1466         (WebCore::Settings::initializeDefaultFontFamilies):
1467
1468 2016-06-24  Ryosuke Niwa  <rniwa@webkit.org>
1469
1470         Don't keep all newly created potential custom elements alive when the feature is disabled
1471         https://bugs.webkit.org/show_bug.cgi?id=159113
1472
1473         Reviewed by Daniel Bates.
1474
1475         Don't keep all HTML unknown elements which has a valid custom element alive when the feature is turned off.
1476
1477         Ideally we want to conform to the behavior in the Custom Elements specification and only upgrade an element
1478         that is inserted into the document. We'll implement that later.
1479
1480         * dom/Document.cpp:
1481         (WebCore::createHTMLElementWithNameValidation):
1482
1483 2016-06-27  Simon Fraser  <simon.fraser@apple.com>
1484
1485         [iOS] -webkit-overflow-scrolling: touch prevents repaint with RTL
1486         https://bugs.webkit.org/show_bug.cgi?id=159186
1487         rdar://problem/26659341
1488
1489         Reviewed by Zalan Bujtas.
1490         
1491         There were two issues with repaints in -webkit-overflow-scrolling:touch scrolling
1492         layers.
1493
1494         First, if the scrolled contents were inline (e.g. a <span>), then repaints were
1495         broken because RenderInline didn't call shouldApplyClipAndScrollPositionForRepaint().
1496         Fix by making shouldApplyClipAndScrollPositionForRepaint() a member function of RenderBox
1497         and calling it from RenderBox::computeRectForRepaint() and RenderInline::clippedOverflowRectForRepaint().
1498
1499         Second, repaints were broken in RTL because RenderLayerBacking::setContentsNeedDisplayInRect()
1500         confused scroll offset and scroll position; it needs to subtract scrollPosition.
1501         
1502         Finally renamed to applyCachedClipAndScrollOffsetForRepaint() to applyCachedClipAndScrollPositionForRepaint()
1503         to make it clear that it uses scrollPosition, not scrollOffset.
1504
1505         Tests: compositing/scrolling/touch-scrolling-repaint-spans.html
1506                compositing/scrolling/touch-scrolling-repaint.html
1507
1508         * rendering/RenderBox.cpp:
1509         (WebCore::RenderBox::applyCachedClipAndScrollPositionForRepaint):
1510         (WebCore::RenderBox::shouldApplyClipAndScrollPositionForRepaint):
1511         (WebCore::RenderBox::computeRectForRepaint):
1512         (WebCore::RenderBox::applyCachedClipAndScrollOffsetForRepaint): Deleted.
1513         (WebCore::shouldApplyContainersClipAndOffset): Deleted.
1514         * rendering/RenderBox.h:
1515         * rendering/RenderInline.cpp:
1516         (WebCore::RenderInline::clippedOverflowRectForRepaint):
1517         (WebCore::RenderInline::computeRectForRepaint):
1518         * rendering/RenderLayerBacking.cpp:
1519         (WebCore::RenderLayerBacking::setContentsNeedDisplayInRect):
1520         * rendering/RenderObject.cpp:
1521         (WebCore::RenderObject::computeRectForRepaint):
1522
1523 2016-06-27  Commit Queue  <commit-queue@webkit.org>
1524
1525         Unreviewed, rolling out r202436.
1526         https://bugs.webkit.org/show_bug.cgi?id=159190
1527
1528         We don't need to make this change. (Requested by thorton on
1529         #webkit).
1530
1531         Reverted changeset:
1532
1533         "Do not use iOS specific telephone detection on macOS."
1534         https://bugs.webkit.org/show_bug.cgi?id=159096
1535         http://trac.webkit.org/changeset/202436
1536
1537 2016-06-27  Benjamin Poulain  <benjamin@webkit.org>
1538
1539         Adopt the iOS TouchEventHandler API for cases that must have synchronous dispatch
1540         https://bugs.webkit.org/show_bug.cgi?id=159179
1541         rdar://problem/27006387
1542
1543         Reviewed by Simon Fraser.
1544
1545         Tests: fast/events/touch/ios/block-without-overflow-scroll-and-passive-observer-on-block-scrolling-state.html
1546                fast/events/touch/ios/block-without-overflow-scroll-and-passive-observer-on-document-scrolling-state.html
1547                fast/events/touch/ios/block-without-overflow-scroll-scrolling-state.html
1548                fast/events/touch/ios/drag-block-without-overflow-scroll-and-passive-observer-on-block.html
1549                fast/events/touch/ios/drag-block-without-overflow-scroll-and-passive-observer-on-document.html
1550                fast/events/touch/ios/drag-block-without-overflow-scroll.html
1551
1552         * dom/Document.cpp:
1553         (WebCore::Document::prepareForDestruction):
1554         (WebCore::Document::removeAllEventListeners):
1555         * dom/Node.cpp:
1556         (WebCore::Node::willBeDeletedFrom):
1557         (WebCore::tryAddEventListener):
1558         (WebCore::tryRemoveEventListener):
1559         * html/shadow/SliderThumbElement.cpp:
1560         (WebCore::SliderThumbElement::registerForTouchEvents):
1561         (WebCore::SliderThumbElement::unregisterForTouchEvents):
1562         * rendering/RenderLayer.cpp:
1563         (WebCore::RenderLayer::registerAsTouchEventListenerForScrolling):
1564         (WebCore::RenderLayer::unregisterAsTouchEventListenerForScrolling):
1565
1566 2016-06-27  Alex Christensen  <achristensen@webkit.org>
1567
1568         Fix Windows build.
1569
1570         * bindings/js/SerializedScriptValue.h:
1571         WTF
1572
1573 2016-06-27  Commit Queue  <commit-queue@webkit.org>
1574
1575         Unreviewed, rolling out r202520.
1576         https://bugs.webkit.org/show_bug.cgi?id=159185
1577
1578         This change broke the 32-bit El Capitan build (Requested by
1579         ryanhaddad on #webkit).
1580
1581         Reverted changeset:
1582
1583         "REGRESSION?(r202466): http/tests/security/canvas-remote-read-
1584         remote-video-redirect.html failing on Sierra"
1585         https://bugs.webkit.org/show_bug.cgi?id=159172
1586         http://trac.webkit.org/changeset/202520
1587
1588 2016-06-27  Jer Noble  <jer.noble@apple.com>
1589
1590         REGRESSION?(r202466): http/tests/security/canvas-remote-read-remote-video-redirect.html failing on Sierra
1591         https://bugs.webkit.org/show_bug.cgi?id=159172
1592         <rdar://problem/27030025>
1593
1594         Reviewed by Brent Fulgham.
1595
1596         Add a hasSingleSecurityOrigin property to WebCoreNSURLSession that gets updated each time one of that
1597         sessions' tasks receieves a response or a redirect request. Check that property from the MediaPlayerPrivate.
1598
1599         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
1600         (WebCore::MediaPlayerPrivateAVFoundationObjC::hasSingleSecurityOrigin):
1601         * platform/network/cocoa/WebCoreNSURLSession.h:
1602         * platform/network/cocoa/WebCoreNSURLSession.mm:
1603         (-[WebCoreNSURLSession updateHasSingleSecurityOrigin:]):
1604         (-[WebCoreNSURLSession dataTaskWithRequest:]):
1605         (-[WebCoreNSURLSession dataTaskWithURL:]):
1606         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
1607         (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]):
1608
1609 2016-06-27  Benjamin Poulain  <benjamin@webkit.org>
1610
1611         Fix style invalidation for :active when the activated node has no renderer
1612         https://bugs.webkit.org/show_bug.cgi?id=159125
1613
1614         Reviewed by Antti Koivisto.
1615
1616         Same old bug: a style invalidation path was depending
1617         on the style.
1618
1619         Here we really need both flags. An element can have
1620         childrenAffectedByActive() false and renderStyle->affectedByActive() true
1621         if it was subject to style sharing.
1622
1623         The element state "childrenAffectedByActive" should be renamed
1624         "styleAffectedByActive" since it is not a parent invalidation flag.
1625         That will be done separately.
1626
1627         Tests: fast/css/pseudo-active-on-labeled-control-without-renderer.html
1628                fast/css/pseudo-active-style-sharing-1.html
1629                fast/css/pseudo-active-style-sharing-2.html
1630                fast/css/pseudo-active-style-sharing-3.html
1631                fast/css/pseudo-active-style-sharing-4.html
1632                fast/css/pseudo-active-style-sharing-5.html
1633                fast/css/pseudo-active-style-sharing-6.html
1634
1635         * dom/Element.cpp:
1636         (WebCore::Element::setActive):
1637         * style/StyleRelations.cpp:
1638         (WebCore::Style::commitRelationsToRenderStyle):
1639
1640 2016-06-27  Joanmarie Diggs  <jdiggs@igalia.com>
1641
1642         AX: REGRESSION (r202063): ARIA role attribute is being ignored for label element
1643         https://bugs.webkit.org/show_bug.cgi?id=159162
1644
1645         Reviewed by Chris Fleizach.
1646
1647         createFromRenderer() was creating an AccessibilityLabel for any HTMLLabelElement which
1648         lacked an explicitly-handled ARIA role. We should instead create an AccessibilityLabel
1649         when there is no ARIA role.
1650
1651         Test: accessibility/aria-role-on-label.html
1652
1653         * accessibility/AXObjectCache.cpp:
1654         (WebCore::createFromRenderer):
1655
1656 2016-06-27  Commit Queue  <commit-queue@webkit.org>
1657
1658         Unreviewed, rolling out r202505.
1659         https://bugs.webkit.org/show_bug.cgi?id=159169
1660
1661         The test added with this change is flaky and it caused an
1662         existing test to time out on El Capitan. (Requested by
1663         ryanhaddad on #webkit).
1664
1665         Reverted changeset:
1666
1667         "[iOS] Media controls are too cramped with small video"
1668         https://bugs.webkit.org/show_bug.cgi?id=158815
1669         http://trac.webkit.org/changeset/202505
1670
1671 2016-06-27  Benjamin Poulain  <bpoulain@apple.com>
1672
1673         Add :focus-within to the status page
1674
1675         * features.json:
1676         I forgot to update the json file when landing the feature.
1677
1678 2016-06-27  Eric Carlson  <eric.carlson@apple.com>
1679
1680         [Mac] PiP placeholder should remain visible when 'controls' attribute is removed
1681         https://bugs.webkit.org/show_bug.cgi?id=159158
1682         <rdar://problem/26727435>
1683
1684         Reviewed by Jer Noble.
1685
1686         No new tests, existing test updated.
1687
1688         * Modules/mediacontrols/mediaControlsApple.js:
1689         (Controller.prototype.shouldHaveControls): Always return true when in PiP or AirPlay mode.
1690
1691 2016-06-27  Oliver Hunt  <oliver@apple.com>
1692
1693         Update ATS WebContent exception for more robust framework information
1694         https://bugs.webkit.org/show_bug.cgi?id=159151
1695
1696         Reviewed by Alex Christensen.
1697
1698         We found some unexpected poor interaction with AVFoundation in the existing
1699         CFNetwork SPI. This new SPI is more solid and let's us provide more useful
1700         information while also being more future proof against new frameworks and
1701         ATS modes.
1702
1703         * platform/network/mac/ResourceHandleMac.mm:
1704         (WebCore::ResourceHandle::createNSURLConnection):
1705
1706 2016-06-27  Antoine Quint  <graouts@apple.com>
1707
1708         [iOS] Media controls are too cramped with small video
1709         https://bugs.webkit.org/show_bug.cgi?id=158815
1710         <rdar://problem/26824238>
1711
1712         Reviewed by Dean Jackson.
1713
1714         In updateLayoutForDisplayedWidth(), we try to ensure a minimum width is guaranteed
1715         for the progress indicator. However, we were not accounting for the width used by
1716         the current and remaining time labels on either side of it, so we would incorrectly
1717         conclude that we were guaranteeing the minimum time and yield incorrect layouts since
1718         we were trying to fit more buttons than we had room for.
1719
1720         In order to correctly compute the available width for the progress indicator, we now
1721         have clones of the current and remaining time labels, hidden from video and VoiceOver,
1722         that we update along with the originals. The same styles apply to both clones and
1723         originals, so we may measure the clones to determine the space used by the time labels.
1724         The reason we need to use clones is that if the time labels had previously been hidden
1725         from view, precisely because there was not enough space to display them along with the
1726         progress indicator, then trying to obtain metrics from them would yield 0 since they had
1727         "display: none" styles applied. In order to avoid extra layouts and possible flashing, we
1728         use the clones so that we never have to toggle the "display" property of the originals
1729         just to obtain their measurements.
1730
1731         As a result of this change, we adjust the constant used to set the minimum required
1732         width available to display the progress indicator after all other essential controls
1733         and labels have been measured. That constant used to account for the width of the
1734         time labels, and this is no longer correct.
1735
1736         Test: media/video-controls-drop-and-restore-timeline.html
1737
1738         * Modules/mediacontrols/mediaControlsApple.css:
1739         (::-webkit-media-controls-time-remaining-display.clone):
1740         * Modules/mediacontrols/mediaControlsApple.js:
1741         (Controller):
1742         (Controller.prototype.createTimeClones):
1743         (Controller.prototype.removeTimeClass):
1744         (Controller.prototype.addTimeClass):
1745         (Controller.prototype.updateDuration):
1746         (Controller.prototype.updateLayoutForDisplayedWidth):
1747         (Controller.prototype.updateTime):
1748         (Controller.prototype.updateControlsWhileScrubbing):
1749         * Modules/mediacontrols/mediaControlsiOS.css:
1750         (::-webkit-media-controls-time-remaining-display.clone):
1751         * Modules/mediacontrols/mediaControlsiOS.js:
1752
1753 2016-06-27  Anders Carlsson  <andersca@apple.com>
1754
1755         No error message when passing an invalid API version to ApplePaySession constructor
1756         https://bugs.webkit.org/show_bug.cgi?id=159154
1757
1758         Reviewed by Tim Horton.
1759
1760         Log an error message if the version is not supported. Also, check for version 0 since that is also not supported.
1761
1762         * Modules/applepay/ApplePaySession.cpp:
1763         (WebCore::ApplePaySession::create):
1764
1765 2016-06-27  Joanmarie Diggs  <jdiggs@igalia.com>
1766
1767         AX: Anonymous RenderMathMLOperators are not exposed to the accessibility tree
1768         https://bugs.webkit.org/show_bug.cgi?id=139582
1769         <rdar://problem/26938849>
1770
1771         Reviewed by Chris Fleizach.
1772
1773         This is based on a patch by Frederic Wang <fwang@igalia.com>.
1774
1775         WebCore assigns the generic MathElementRole AccessibilityRole to elements
1776         which are expected to be included in the accessibility tree. This assignment
1777         is based on the AccessibilityRenderObject's node being a MathMLElement. The
1778         anonymous RenderMathMLOperators fail that test.
1779
1780         From the perspective of accessibility support, these operators function
1781         like MathMLElements. Furthermore, both WebCore and the platforms rely
1782         upon MathElementRole to identify accessible MathML objects. The simplest
1783         fix is to have AccessibilityRenderObject::isMathElement() treat anonymous
1784         MathML operators as if they were MathMLElements.
1785
1786         Now that these operators are being exposed, we need to handle them in
1787         AccessibilityRenderObject::textUnderElement() which assumes that anonymous
1788         objects either have nodes or have children with nodes. And crashes when
1789         that fails to be the case. Making RenderMathMLOperator::textContent()
1790         public and then using it to get the text under anonymous operators solves
1791         this problem. We also assign StaticTextRole to these operators on the Mac
1792         because the default platform mapping of MathElementRole is GroupRole, which
1793         made sense when we had a child RenderText object holding the operator.
1794
1795         Lastly, AccessibilityRenderObject::isIgnoredElementWithinMathTree() no
1796         longer needs to special-case anonymous operators because they now have
1797         MathElementRole.
1798
1799         Tests: accessibility/math-fenced.html
1800                accessibility/math-foreign-content.html
1801
1802         * accessibility/AccessibilityObject.h:
1803         (WebCore::AccessibilityObject::isAnonymousMathOperator):
1804         * accessibility/AccessibilityRenderObject.cpp:
1805         (WebCore::AccessibilityRenderObject::textUnderElement):
1806         (WebCore::AccessibilityRenderObject::stringValue):
1807         (WebCore::AccessibilityRenderObject::isMathElement):
1808         (WebCore::AccessibilityRenderObject::isAnonymousMathOperator):
1809         (WebCore::AccessibilityRenderObject::isIgnoredElementWithinMathTree):
1810         * accessibility/AccessibilityRenderObject.h:
1811         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
1812         (-[WebAccessibilityObjectWrapper role]):
1813         * rendering/mathml/RenderMathMLMath.h:
1814         * rendering/mathml/RenderMathMLOperator.h:
1815         (WebCore::RenderMathMLOperator::textContent):
1816
1817 2016-06-27  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1818
1819         WebRTC: Remove unused RTCOfferAnswerOptionsPrivate.h
1820         https://bugs.webkit.org/show_bug.cgi?id=159130
1821
1822         Reviewed by Eric Carlson.
1823
1824         Remove unused RTCOfferAnswerOptionsPrivate.h file.
1825
1826         * platform/mediastream/RTCOfferAnswerOptionsPrivate.h: Removed.
1827
1828 2016-06-27  Jer Noble  <jer.noble@apple.com>
1829
1830         Crash in layout test /media/video-buffered-range-contains-currentTime.html
1831         https://bugs.webkit.org/show_bug.cgi?id=159109
1832         <rdar://problem/26535750>
1833
1834         Reviewed by Alex Christensen.
1835
1836         Guard against a dealloc race condition by holding a retain on the session
1837         until the task's _resource:loadFinishedWithError: completes, including
1838         main thread callbacks.
1839         
1840         * platform/network/cocoa/WebCoreNSURLSession.mm:
1841         (-[WebCoreNSURLSessionDataTask _resource:loadFinishedWithError:]):
1842
1843 2016-06-27  Frederic Wang  <fwang@igalia.com>
1844
1845         Set an upper limit for the size or number of pieces of stretchy operators
1846         https://bugs.webkit.org/show_bug.cgi?id=155434
1847
1848         Reviewed by Brent Fulgham.
1849
1850         Stretchy MathML operators can currently use an arbitrary number of extension glyphs to cover
1851         a target size. This may result in hangs if large stretch sizes are requested. This change
1852         only allow at most the 128 first extensions to be painted by the MathOperator class, which
1853         should really be enough for mathematical formulas used in practice.
1854
1855         No new tests, already tested by very-large-stretchy-operators.
1856
1857         * rendering/mathml/MathOperator.cpp: Add a new kMaximumExtensionCount constant.
1858         (WebCore::MathOperator::fillWithVerticalExtensionGlyph): Limit the number of step in this loop to kMaximumExtensionCount.
1859         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph): Ditto.
1860
1861 2016-06-27  Frederic Wang  <fred.wang@free.fr>
1862
1863         Small refactoring MathMLInlineContainerElement::createElementRenderer
1864         https://bugs.webkit.org/show_bug.cgi?id=159131
1865
1866         Reviewed by Brent Fulgham.
1867
1868         Many of the MathML renderer classes have been merged during the MathML refactoring. We
1869         simplify how instances are created in MathMLInlineContainerElement::createElementRenderer
1870         by removing duplicate createRenderer calls.
1871
1872         No new tests, behavior unchanged.
1873
1874         * mathml/MathMLInlineContainerElement.cpp:
1875         (WebCore::MathMLInlineContainerElement::createElementRenderer):
1876
1877 2016-06-27  Miguel Gomez  <magomez@igalia.com>
1878
1879         [GTK][EFL] Build with threaded compositor enabled is broken
1880         https://bugs.webkit.org/show_bug.cgi?id=159138
1881
1882         Reviewed by Carlos Garcia Campos.
1883
1884         No need to set the device scale. The compositor buffer is only used for the accelerated
1885         canvas scenario, and the device scale is always 1 there.
1886         This change was introduced in r202421.
1887
1888         Covered by existing tests.
1889
1890         * platform/graphics/cairo/ImageBufferCairo.cpp:
1891         (WebCore::ImageBufferData::createCompositorBuffer):
1892
1893 2016-06-27  Philippe Normand  <philn@igalia.com>
1894
1895         [GStreamer] top/bottom black bars added needlessly in fullscreen
1896         https://bugs.webkit.org/show_bug.cgi?id=158980
1897
1898         Reviewed by Carlos Garcia Campos.
1899
1900         The natural video size calculation depends on the validity of the
1901         current sample, so whenever the first sample reached the sink it's a
1902         good idea to reflect this on the player which will update its natural
1903         size accordingly.
1904
1905         Fixes an issue where black borders were added on top and bottom of
1906         fullscreen video.
1907
1908         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1909         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
1910
1911 2016-06-27  Youenn Fablet  <youenn@apple.com>
1912
1913         Remove didFailRedirectCheck ThreadableLoaderClient callback
1914         https://bugs.webkit.org/show_bug.cgi?id=159085
1915
1916         Reviewed by Daniel Bates.
1917
1918         Removing didFailRedirectCheck and using didFailAccessControlCheck instead.
1919         The change in behavior is that additional error messages are outputted in the console.
1920         These messages give additional debugging information.
1921
1922         Covered by rebased tests.
1923
1924         * Modules/fetch/FetchLoader.cpp: Removing didFailRedirectCheck.
1925         * Modules/fetch/FetchLoader.h: Ditto.
1926         * inspector/InspectorNetworkAgent.cpp: Ditto.
1927         * loader/DocumentThreadableLoader.cpp:
1928         (WebCore::DocumentThreadableLoader::redirectReceived): Calling didFailAccessControlCheck with information on failing
1929         URL.
1930         (WebCore::DocumentThreadableLoader::loadRequest): Ditto.
1931         * loader/ThreadableLoaderClient.h: Removing didFailRedirectCheck.
1932         * loader/ThreadableLoaderClientWrapper.h: Ditto.
1933         * loader/WorkerThreadableLoader.cpp: Ditto.
1934         * loader/WorkerThreadableLoader.h: Ditto.
1935         * page/EventSource.cpp: Ditto.
1936         * page/EventSource.h: Ditto.
1937         * workers/WorkerScriptLoader.cpp: Ditto.
1938         * workers/WorkerScriptLoader.h: Ditto.
1939         * xml/XMLHttpRequest.cpp: Ditto.
1940         * xml/XMLHttpRequest.h: Ditto.
1941
1942 2016-06-26  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1943
1944         [EFL] Fix build warning when using geoclue2
1945         https://bugs.webkit.org/show_bug.cgi?id=159128
1946
1947         Reviewed by Antonio Gomes.
1948
1949         EFL port has handled build warning as error. So EFL port
1950         hasn't been built when we use geoclue2 library because a generated geoclue2 file
1951         has unused-parameter build warning. To fix it this patch set to ignore the build warning
1952         in the generated geoclue2 file.
1953
1954         * PlatformEfl.cmake:
1955
1956 2016-06-26  Chris Dumez  <cdumez@apple.com>
1957
1958         Regression: HTMLOptionsCollection's named properties have precedence over indexed properties
1959         https://bugs.webkit.org/show_bug.cgi?id=159058
1960         <rdar://problem/26988542>
1961
1962         Reviewed by Ryosuke Niwa.
1963
1964         HTMLOptionsCollection's named properties had precedence over indexed properties,
1965         which is wrong as per:
1966         http://heycam.github.io/webidl/#getownproperty-guts
1967
1968         The reason is that there was a named property getter defined on HTMLOptionsCollection
1969         but no indexed property getter. As a result, HTMLOptionsCollection would fall back to
1970         using HTMLCollection's indexed property getter but HTMLOptionsCollection's named getter
1971         would take precedence. This patch defines an indexed property getter on
1972         HTMLOptionsCollection to fix the problem.
1973
1974         Ideally, HTMLOptionsCollection would have no indexed / named property getters and would
1975         entirely rely on the ones from HTMLCollection. However, our bindings generator currently
1976         has trouble with this and requires HTMLOptionsCollection to have a named getter.
1977
1978         Test: fast/dom/HTMLSelectElement/options-indexed-getter-precedence.html
1979
1980         * html/HTMLOptionsCollection.idl:
1981
1982 2016-06-26  Chris Dumez  <cdumez@apple.com>
1983
1984         Regression(r202262): Infinite loop under searchForLinkRemovingExistingDDLinks()
1985         https://bugs.webkit.org/show_bug.cgi?id=159122
1986         <rdar://problem/27014649>
1987
1988         Reviewed by Ryosuke Niwa.
1989
1990         Infinite loop under searchForLinkRemovingExistingDDLinks() because the
1991         value returned by NodeTraversal::next() was ignored and the node iterator
1992         was never updated.
1993
1994         * editing/cocoa/DataDetection.mm:
1995         (WebCore::searchForLinkRemovingExistingDDLinks):
1996
1997 2016-06-25  Benjamin Poulain  <bpoulain@apple.com>
1998
1999         The active state of elements can break when focus changes
2000         https://bugs.webkit.org/show_bug.cgi?id=159112
2001
2002         Reviewed by Antti Koivisto.
2003
2004         The pseudo class :active was behaving weirdly when used
2005         with label elements with an associated form element.
2006         The form element would get the :active state on the first click
2007         then no longer get the state until the focus changes.
2008
2009         What was happenning is setFocusedElement() was clearing active
2010         for some unknown reason. When you really do that on an active element,
2011         you end up in an inconsistent state where no invalidation works.
2012
2013         The two tests illustrates 2 ways this breaks.
2014
2015         The test "pseudo-active-on-labeled-element-not-canceled-by-focus" clicks
2016         several time on a lable element. The first time, the input element gets
2017         the focus. The second time, it already has the focus, setFocusedElement()
2018         clears :active before finding the focusable element and end up clearing
2019         the active state on a target in the active chain.
2020
2021         The test "pseudo-active-with-programmatic-focus.html" shows how to invalidate
2022         arbitrary elements using JavaScript. This can cause severely broken active
2023         chains where invalidation never cleans some ancestors.
2024
2025         Tests: fast/css/pseudo-active-on-labeled-element-not-canceled-by-focus.html
2026                fast/css/pseudo-active-with-programmatic-focus.html
2027
2028         * dom/Document.cpp:
2029         (WebCore::Document::setFocusedElement): Deleted.
2030
2031         * page/EventHandler.cpp:
2032         (WebCore::EventHandler::handleMouseDoubleClickEvent):
2033         This is WebKit1 specific. The double click event was dispatching
2034         the mouseUp and Click with after doing an Active hit test.
2035         This causes us to have :active state in and after mouseUp in WebKit1.
2036
2037 2016-06-24  Jer Noble  <jer.noble@apple.com>
2038
2039         Consider exposing or hiding knowledge of a redirect from clients of WebCoreNSURLSession
2040         https://bugs.webkit.org/show_bug.cgi?id=156722
2041         <rdar://problem/25780035>
2042
2043         Reviewed by Alex Christensen.
2044
2045         Fixes tests: http/tests/security/contentSecurityPolicy/audio-redirect-allowed2.html
2046                      http/tests/security/contentSecurityPolicy/video-redirect-allowed2.html
2047
2048         When receieving a NSURLResponse containing a redirected URL, AVFoundadtion will use the
2049         URL in the response for subsequent requests. This violates the HTTP specification if the
2050         redirect was temporary, and it also breaks two CSP tests by bypassing the redirect step
2051         for subsequent requests.
2052
2053         Work around this behavior in AVFoundation by recreating the NSURLResponse with the original
2054         request URL in the case of a temporary redirect.
2055
2056         * platform/network/cocoa/WebCoreNSURLSession.mm:
2057         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
2058         (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]):
2059
2060 2016-06-24  Jer Noble  <jer.noble@apple.com>
2061
2062         MSE gets confused by in-band text tracks
2063         https://bugs.webkit.org/show_bug.cgi?id=159107
2064         <rdar://problem/26871330>
2065
2066         Reviewed by Eric Carlson.
2067
2068         We can't currently handle text track samples in SourceBufferPrivateAVFObjC,
2069         so don't pass them up to SourceBuffer.
2070
2071         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2072         (WebCore::SourceBufferPrivateAVFObjC::didParseStreamDataAsAsset):
2073         (WebCore::SourceBufferPrivateAVFObjC::processCodedFrame):
2074
2075 2016-06-24  Mark Lam  <mark.lam@apple.com>
2076
2077         [JSC] Error prototypes are called on remote scripts.
2078         https://bugs.webkit.org/show_bug.cgi?id=52192
2079
2080         Reviewed by Keith Miller.
2081
2082         Test: http/tests/security/regress-52192.html
2083
2084         Parsing errors are reported to the main script's window.onerror function.  AFAIK,
2085         both Chrome and Firefox have the error reporting mechanism use an internal
2086         sanitized version of Error.prototype.toString() that will not invoke any getters
2087         or proxies instead.
2088
2089         This patch fixes this issue by matching Chrome and Firefox's behavior.
2090
2091         Note: we did not choose to make error objects and prototypes read-only because
2092         that was observed to have broken the web.
2093         See https://bugs.chromium.org/p/chromium/issues/detail?id=69187#c73
2094
2095         Credit for reporting this issue goes to Daniel Divricean (http://divricean.ro).
2096
2097         * bindings/js/JSDOMBinding.cpp:
2098         (WebCore::reportException):
2099         * ForwardingHeaders/runtime/ErrorInstance.h: Added.
2100
2101 2016-06-24  Jer Noble  <jer.noble@apple.com>
2102
2103         Media elements should not lose playback controls when muted by a user gesture
2104         https://bugs.webkit.org/show_bug.cgi?id=159078
2105         <rdar://problem/26925904>
2106
2107         Reviewed by Beth Dakin.
2108
2109         Rearrange canControlControlsManager() so that the muted check only occurs if
2110         a user gesture is required.
2111
2112         * html/MediaElementSession.cpp:
2113         (WebCore::MediaElementSession::canControlControlsManager):
2114
2115 2016-06-24  Beth Dakin  <bdakin@apple.com>
2116
2117         Include enclosingListType in EditorState
2118         https://bugs.webkit.org/show_bug.cgi?id=159102
2119         -and corresponding-
2120         rdar://problem/26932490
2121
2122         Reviewed by Enrica Casucci.
2123
2124         Make HTMLOListElement.h and HTMLUListElement.h Private instead of Project.
2125         * WebCore.xcodeproj/project.pbxproj:
2126
2127         Export enclosingList(Node*)
2128         * editing/htmlediting.h:
2129
2130 2016-06-24  Anders Carlsson  <andersca@apple.com>
2131
2132         Another Windows build fix.
2133
2134         * platform/network/BlobRegistry.h:
2135
2136 2016-06-24  Anders Carlsson  <andersca@apple.com>
2137
2138         Yet another Windows build fix.
2139
2140         * dom/ActiveDOMCallbackMicrotask.h:
2141
2142 2016-06-24  Anders Carlsson  <andersca@apple.com>
2143
2144         Another Windows build fix.
2145
2146         * page/FrameView.h:
2147
2148 2016-06-24  Anders Carlsson  <andersca@apple.com>
2149
2150         Inline more of the Apple Pay source code
2151         https://bugs.webkit.org/show_bug.cgi?id=159099
2152
2153         Reviewed by Andreas Kling.
2154
2155         * page/Settings.h:
2156         (WebCore::Settings::applePayEnabled):
2157         (WebCore::Settings::setApplePayEnabled):
2158         (WebCore::Settings::applePayCapabilityDisclosureAllowed):
2159         (WebCore::Settings::setApplePayCapabilityDisclosureAllowed):
2160
2161 2016-06-24  Anders Carlsson  <andersca@apple.com>
2162
2163         Windows build fix.
2164
2165         * platform/GenericTaskQueue.h:
2166         (WebCore::TaskDispatcher::postTask):
2167
2168 2016-06-24  Frederic Wang  <fwang@igalia.com>
2169
2170         Use auto* for MathML elements and renderers when possible
2171         https://bugs.webkit.org/show_bug.cgi?id=159090
2172
2173         Reviewed by Alex Christensen.
2174
2175         No new tests, behavior is unchanged.
2176
2177         * mathml/MathMLElement.cpp:
2178         (WebCore::MathMLElement::attributeChanged):
2179         * mathml/MathMLSelectElement.cpp:
2180         (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
2181         (WebCore::MathMLSelectElement::getSelectedActionChild):
2182         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2183         (WebCore::MathMLSelectElement::updateSelectedChild):
2184         * rendering/mathml/RenderMathMLFraction.cpp:
2185         (WebCore::RenderMathMLFraction::isValid):
2186         * rendering/mathml/RenderMathMLMenclose.cpp:
2187         (WebCore::RenderMathMLMenclose::layoutBlock):
2188         * rendering/mathml/RenderMathMLRoot.cpp:
2189         (WebCore::RenderMathMLRoot::isValid):
2190         * rendering/mathml/RenderMathMLRow.cpp:
2191         (WebCore::RenderMathMLRow::firstLineBaseline):
2192         (WebCore::RenderMathMLRow::computeLineVerticalStretch):
2193         (WebCore::RenderMathMLRow::computePreferredLogicalWidths):
2194         (WebCore::RenderMathMLRow::layoutRowItems):
2195         * rendering/mathml/RenderMathMLScripts.cpp:
2196         (WebCore::RenderMathMLScripts::unembellishedOperator):
2197         (WebCore::RenderMathMLScripts::getBaseAndScripts):
2198         (WebCore::RenderMathMLScripts::computePreferredLogicalWidths):
2199         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
2200         (WebCore::RenderMathMLScripts::layoutBlock):
2201         (WebCore::RenderMathMLScripts::firstLineBaseline):
2202         * rendering/mathml/RenderMathMLUnderOver.cpp:
2203         (WebCore::RenderMathMLUnderOver::firstLineBaseline):
2204         (WebCore::RenderMathMLUnderOver::isValid):
2205         (WebCore::RenderMathMLUnderOver::over):
2206
2207 2016-06-24  Joseph Pecoraro  <pecoraro@apple.com>
2208
2209         Remove unused and static return value from InspectorStyle::populateAllProperties
2210         https://bugs.webkit.org/show_bug.cgi?id=159069
2211
2212         Reviewed by Andreas Kling.
2213
2214         * inspector/InspectorStyleSheet.cpp:
2215         (WebCore::InspectorStyle::populateAllProperties):
2216         * inspector/InspectorStyleSheet.h:
2217
2218 2016-06-21  Anders Carlsson  <andersca@apple.com>
2219
2220         Rename NoncopyableFunction to Function
2221         https://bugs.webkit.org/show_bug.cgi?id=158354
2222
2223         Reviewed by Chris Dumez.
2224
2225         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
2226         (WebCore::MediaEndpointPeerConnection::runTask):
2227         * Modules/mediastream/MediaEndpointPeerConnection.h:
2228         * Modules/webaudio/AudioDestinationNode.h:
2229         (WebCore::AudioDestinationNode::resume):
2230         (WebCore::AudioDestinationNode::suspend):
2231         (WebCore::AudioDestinationNode::close):
2232         * Modules/webaudio/DefaultAudioDestinationNode.cpp:
2233         (WebCore::DefaultAudioDestinationNode::resume):
2234         (WebCore::DefaultAudioDestinationNode::suspend):
2235         (WebCore::DefaultAudioDestinationNode::close):
2236         * Modules/webaudio/DefaultAudioDestinationNode.h:
2237         * dom/ActiveDOMCallbackMicrotask.cpp:
2238         (WebCore::ActiveDOMCallbackMicrotask::ActiveDOMCallbackMicrotask):
2239         * dom/ActiveDOMCallbackMicrotask.h:
2240         * dom/ScriptExecutionContext.h:
2241         (WebCore::ScriptExecutionContext::Task::Task):
2242         * fileapi/AsyncFileStream.cpp:
2243         (WebCore::callOnFileThread):
2244         (WebCore::AsyncFileStream::perform):
2245         * fileapi/AsyncFileStream.h:
2246         * page/FrameView.cpp:
2247         (WebCore::FrameView::queuePostLayoutCallback):
2248         (WebCore::FrameView::flushPostLayoutTasksQueue):
2249         * page/FrameView.h:
2250         * page/scrolling/ScrollingThread.cpp:
2251         (WebCore::ScrollingThread::dispatch):
2252         (WebCore::ScrollingThread::dispatchBarrier):
2253         (WebCore::ScrollingThread::dispatchFunctionsFromScrollingThread):
2254         * page/scrolling/ScrollingThread.h:
2255         * platform/GenericTaskQueue.cpp:
2256         (WebCore::TaskDispatcher<Timer>::postTask):
2257         * platform/GenericTaskQueue.h:
2258         (WebCore::TaskDispatcher::postTask):
2259         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
2260         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
2261         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::scheduleDeferredTask):
2262         * platform/mediastream/MediaStreamPrivate.cpp:
2263         (WebCore::MediaStreamPrivate::scheduleDeferredTask):
2264         * platform/mediastream/MediaStreamPrivate.h:
2265         * platform/mediastream/mac/AVMediaCaptureSource.h:
2266         * platform/mediastream/mac/AVMediaCaptureSource.mm:
2267         (WebCore::AVMediaCaptureSource::scheduleDeferredTask):
2268         * style/StyleTreeResolver.cpp:
2269         (WebCore::Style::postResolutionCallbackQueue):
2270         (WebCore::Style::queuePostResolutionCallback):
2271         * style/StyleTreeResolver.h:
2272
2273 2016-06-24  Amir Alavi  <aalavi@apple.com>
2274
2275         Use _CFHTTPCookieStorageGetDefault directly instead of NSHTTPCookieStorage to get default cookie storage
2276         https://bugs.webkit.org/show_bug.cgi?id=159095
2277         rdar://problem/26630073
2278
2279         Reviewed by Brent Fulgham.
2280
2281         No new tests, it isn't possible to test this in a LayoutTest.
2282
2283         * platform/network/mac/CookieJarMac.mm:
2284         (WebCore::httpCookiesForURL): Get a CFHTTPCookieStorageRef when no cookie storage is provided to match the case when cookie storage is provided.
2285
2286 2016-06-24  Enrica Casucci  <enrica@apple.com>
2287
2288         Do not use iOS specific telephone detection on macOS.
2289         https://bugs.webkit.org/show_bug.cgi?id=159096
2290         rdar://problem/25870571
2291
2292         Reviewed by Anders Carlsson.
2293
2294         Adding platform guard.
2295
2296         * platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
2297         (WebCore::TelephoneNumberDetector::phoneNumbersScanner):
2298
2299 2016-06-24  Jer Noble  <jer.noble@apple.com>
2300
2301         Unreviewed build fix after r202429; AVStreamDataParser does not exist on iOS.
2302
2303         * platform/spi/mac/AVFoundationSPI.h:
2304
2305 2016-06-24  Jer Noble  <jer.noble@apple.com>
2306
2307         Unreviewed build fix after r202429; Fix the type of the delegate property on AVStreamDataParser.
2308
2309         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2310         * platform/spi/mac/AVFoundationSPI.h:
2311
2312 2016-06-02  Jer Noble  <jer.noble@apple.com>
2313
2314         [MSE] Adopt +[AVStreamDataParser outputMIMECodecParameterForInputMIMECodecParameter:]
2315         https://bugs.webkit.org/show_bug.cgi?id=158312
2316
2317         Reviewed by Eric Carlson.
2318
2319         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
2320         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::supportsType):
2321
2322         Move the declaration of AVStreamDataParser into AVFoundationSPI.h:
2323
2324         * platform/graphics/avfoundation/objc/CDMSessionAVStreamSession.mm:
2325         (WebCore::CDMSessionAVStreamSession::update):
2326         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
2327         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2328         (-[WebAVStreamDataParserListener streamDataParser:didProvideMediaData:forTrackID:mediaType:flags:]):
2329         * platform/spi/mac/AVFoundationSPI.h:
2330
2331 2016-06-24  Eric Carlson  <eric.carlson@apple.com>
2332
2333         [iOS, Mac] Assume a media file has audio during AirPlay
2334         https://bugs.webkit.org/show_bug.cgi?id=159088
2335         <rdar://problem/24616592>
2336
2337         Reviewed by Jer Noble.
2338
2339         No new tests, it isn't possible to test this in a LayoutTest.
2340
2341         * html/HTMLMediaElement.cpp:
2342         (WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged): Call 
2343           mediaSession->setCanProduceAudio(true) when AirPlay becomes active.
2344
2345 2016-06-24  Jer Noble  <jer.noble@apple.com>
2346
2347         Playback controls refer to wrong element when playing multiple items in a page.
2348         https://bugs.webkit.org/show_bug.cgi?id=159076
2349         <rdar://problem/26953532>
2350
2351         Reviewed by Beth Dakin.
2352
2353         Use a new method PlatformMediaSessionManager::currentSessionMatching() to get
2354         the most recently active media element which qualifies for playback controls.
2355
2356         * html/HTMLMediaElement.cpp:
2357         (WebCore::HTMLMediaElement::updatePlaybackControlsManager): Get the most recently active session.
2358         * html/MediaElementSession.cpp:
2359         (WebCore::MediaElementSession::canControlControlsManager): Make virtual; no longer takes an element.
2360         * html/MediaElementSession.h:
2361         (isType): Allow downcasting from PlatformMediaSession -> MediaElementSession.
2362         * page/ChromeClient.h:
2363         * platform/audio/PlatformMediaSession.h:
2364         (WebCore::PlatformMediaSession::canControlControlsManager): Defaults to false;
2365         * platform/audio/PlatformMediaSessionManager.cpp:
2366         (WebCore::PlatformMediaSessionManager::currentSessionMatching): Added.
2367         * platform/audio/PlatformMediaSessionManager.h:
2368
2369 2016-06-24  Dan Bernstein  <mitz@apple.com>
2370
2371         Fixed the macOS build.
2372
2373         * platform/spi/cocoa/DataDetectorsCoreSPI.h:
2374
2375 2016-06-24  Dan Bernstein  <mitz@apple.com>
2376
2377         [iOS] Inline DataDetectorsAdditions.h
2378         https://bugs.webkit.org/show_bug.cgi?id=159093
2379
2380         Reviewed by Anders Carlsson.
2381
2382         * editing/cocoa/DataDetection.mm:
2383         (WebCore::constructURLStringForResult): Use soft-linked constant directly.
2384
2385         * platform/cocoa/DataDetectorsCoreSoftLink.h: Declare soft-linked constant.
2386         * platform/cocoa/DataDetectorsCoreSoftLink.mm: Define soft-linked constant.
2387         * platform/spi/cocoa/DataDetectorsCoreSPI.h: Declare constant.
2388
2389 2016-06-24  Yusuke Suzuki  <utatane.tea@gmail.com>
2390
2391         [GTK][EFL] ImageBufferCairo should accept resolution factor
2392         https://bugs.webkit.org/show_bug.cgi?id=157848
2393
2394         Reviewed by Martin Robinson.
2395
2396         ImageBufferCairo ignored the resolution factor passed in its constructor.
2397         This resolution factor is originally introduced for HiDPI Canvas,
2398         and since HiDPI canvas is not enabled in the ports using Cairo,
2399         the lack of this implementation does not cause any problems.
2400         And now, HiDPI Canvas is removed from the tree.
2401
2402         However, WebKit CSS filter uses this path.
2403         The missing implementation is required under the HiDPI environment.
2404
2405         Since Cairo surface can have the device scale factor transparently,
2406         the operations onto the surface is correctly done in the logical coordinate system.
2407         So all we need to handle carefully is the direct surface modification done
2408         in filter effects.
2409
2410         In this patch, we extend the image buffer size according to the resolution factor,
2411         as the same to the CoreGraphics' implementation (ImageBufferCG). And by setting the
2412         device scale factor of the surface correctly, we ensure that the rest of the Cairo
2413         painting stack works with the existing logical coordinate system. And in ImageBufferCairo,
2414         we carefully handle the logical and backing store coordinate system.
2415
2416         The attached test applies the CSS filter onto the svg image. And we resize the image size,
2417         and perform scrolling. It incurs the paint, and filter effect recalcuation.
2418         In that path, the filter effect side assumes that the image buffer size is scaled with the
2419         resolution factor. So without this patch, it incurs buffer overflow and leads WebProcess crash.
2420
2421         * platform/graphics/IntPoint.h:
2422         (WebCore::IntPoint::scale):
2423         * platform/graphics/cairo/ImageBufferCairo.cpp:
2424         (WebCore::ImageBufferData::createCompositorBuffer):
2425         (WebCore::ImageBuffer::ImageBuffer):
2426         (WebCore::ImageBuffer::copyImage):
2427         (WebCore::ImageBuffer::platformTransformColorSpace):
2428         (WebCore::getImageData):
2429         (WebCore::logicalUnit):
2430         (WebCore::backingStoreUnit):
2431         (WebCore::ImageBuffer::getUnmultipliedImageData):
2432         (WebCore::ImageBuffer::getPremultipliedImageData):
2433         (WebCore::ImageBuffer::putByteArray):
2434         (WebCore::ImageBuffer::copyToPlatformTexture):
2435
2436 2016-06-24  Frederic Wang  <fwang@igalia.com>
2437
2438         Refactor RenderMathMLOperator and RenderMathMLToken to avoid using anonymous renderers.
2439         https://bugs.webkit.org/show_bug.cgi?id=155018
2440
2441         Reviewed by Martin Robinson.
2442
2443         No new tests, already covered by existing tests.
2444
2445         We use MathOperator for RenderMathMLOperator to avoid creating anonymous text nodes again
2446         and again. We reimplement implicit mathvariant="italic" on single-char mi in a way that does
2447         not rely on creating anonymous text nodes. Finally, we improve the determination/update of
2448         when mathvariant is italic to avoid breaking foreign-mi-dynamic test.
2449         The change in the render tree structure breaks mfenced accessibility support but that will
2450         be fixed in follow-up patches. The simplifications made here will also allow to simplify the
2451         accessibility code.
2452
2453         * css/mathml.css:
2454         (mo): Deleted. This flexbox rule is no longer needed.
2455         * rendering/mathml/RenderMathMLBlock.cpp:
2456         (WebCore::RenderMathMLBlock::createAnonymousMathMLBlock): Deleted. We no longer need to
2457         create anonymous renderer with this function.
2458         * rendering/mathml/RenderMathMLBlock.h: Delete createAnonymousMathMLBlock.
2459         * rendering/mathml/RenderMathMLOperator.cpp: Implement layout functions without relying on
2460         flexbox or anonymous.
2461         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Handle the case of !useMathOperator()
2462         for which we need to add extra operator spacing after the RenderMathMLToken layout.
2463         (WebCore::RenderMathMLOperator::layoutBlock): Ditto.
2464         (WebCore::RenderMathMLOperator::isChildAllowed): Deleted. We allow the non-anonymous text.
2465         (WebCore::RenderMathMLOperator::rebuildTokenContent): No longer destroy and rebuild
2466         anonymous wrapper. Remove updateStyle call.
2467         (WebCore::RenderMathMLOperator::updateStyle): Deleted. We no longer need anonymous style for the spacing.
2468         * rendering/mathml/RenderMathMLOperator.h: Remove updateStyle() and isChildAllowed().
2469         Make textContent() public so that it can be accessed from the accessibility code.
2470         * rendering/mathml/RenderMathMLToken.cpp: Reimplement implicit mathvariant="italic" by
2471         painting MATHEMATICAL ITALIC characters instead of styling an anonymous wrapper.
2472         (WebCore::RenderMathMLToken::RenderMathMLToken): Init m_mathVariantGlyph and m_mathVariantGlyphDirty
2473         (WebCore::RenderMathMLToken::updateTokenContent): Set mathvariant glyph dirty when the content changes.
2474         (WebCore::transformToItalic): Helper function to map latin and greek alphabets to their
2475         MATHEMATICAL ITALIC counterpart.
2476         (WebCore::RenderMathMLToken::computePreferredLogicalWidths): Implement this function to
2477         handle the case where the mathvariant glyph is used.
2478         (WebCore::RenderMathMLToken::updateMathVariantGlyph): Helper function to update the mathvariant glyph.
2479         For now, we try and keep with the old (and limited) implementation: a mathvariant glyph may
2480         only used for single-char <mi> without mathvariant attribute attached to it.
2481         (WebCore::RenderMathMLToken::styleDidChange): Set the mathvariant glyph dirty when the style
2482         changes.
2483         (WebCore::RenderMathMLToken::updateFromElement): Remove updateStyle call and set mathvariant
2484         glyph dirty.
2485         (WebCore::RenderMathMLToken::firstLineBaseline): Implement this function to handle the case
2486          where the mathvariant glyph is used.
2487         (WebCore::RenderMathMLToken::layoutBlock): Ditto.
2488         (WebCore::RenderMathMLToken::paint): Ditto.
2489         (WebCore::RenderMathMLToken::paintChildren): Ditto.
2490         (WebCore::RenderMathMLToken::addChild): Deleted. No need to bother with anonymous renderer
2491         or style.
2492         (WebCore::RenderMathMLToken::createWrapperIfNeeded): Deleted. Ditto.
2493         (WebCore::RenderMathMLToken::updateStyle): Deleted. Ditto.
2494         * rendering/mathml/RenderMathMLToken.h: Update declarations of functions.
2495         (WebCore::RenderMathMLToken::setMathVariantGlyphDirty): Helper function to indicate that the
2496         mathvariant glyph will need to be updated.
2497
2498 2016-06-24  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
2499
2500         Unreviewed EFL build fix.
2501
2502         There is forward declaration build error on EFL port.
2503
2504         * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp: Include DOMWindow.h and Document.h.
2505
2506 2016-06-23  Brady Eidson  <beidson@apple.com>
2507
2508         Retrieving Blobs from IndexedDB using cursors fails in WK2 (Sandboxing)
2509         https://bugs.webkit.org/show_bug.cgi?id=158991
2510
2511         Reviewed by Alex Christensen.
2512
2513         Test: storage/indexeddb/modern/blob-cursor.html
2514
2515         * platform/network/BlobDataFileReference.cpp:
2516         (WebCore::BlobDataFileReference::startTrackingModifications): Deleted.
2517
2518 2016-06-23  Alex Christensen  <achristensen@webkit.org>
2519
2520         Remove unused didCancelAuthenticationChallenge
2521         https://bugs.webkit.org/show_bug.cgi?id=158819
2522
2523         Reviewed by David Kilzer.
2524
2525         No change in behavior.  This callback was deprecated in Yosemite.  It is never called.
2526
2527         * loader/EmptyClients.h:
2528         * loader/FrameLoaderClient.h:
2529         * loader/ResourceLoadNotifier.cpp:
2530         (WebCore::ResourceLoadNotifier::didCancelAuthenticationChallenge): Deleted.
2531         * loader/ResourceLoadNotifier.h:
2532         * loader/ResourceLoader.cpp:
2533         (WebCore::ResourceLoader::didCancelAuthenticationChallenge): Deleted.
2534         * loader/ResourceLoader.h:
2535         * platform/network/ResourceHandle.h:
2536         * platform/network/ResourceHandleClient.h:
2537         (WebCore::ResourceHandleClient::didCancelAuthenticationChallenge): Deleted.
2538         * platform/network/mac/ResourceHandleMac.mm:
2539         (WebCore::ResourceHandle::didCancelAuthenticationChallenge): Deleted.
2540         * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
2541         (-[WebCoreResourceHandleAsDelegate connection:didCancelAuthenticationChallenge:]): Deleted.
2542         * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
2543         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didCancelAuthenticationChallenge:]): Deleted.
2544         * platform/spi/cocoa/NSURLDownloadSPI.h:
2545
2546 2016-06-23  Anders Carlsson  <andersca@apple.com>
2547
2548         Add "shippingType" to the list of valid payment request properties
2549         https://bugs.webkit.org/show_bug.cgi?id=159079
2550         <rdar://problem/26988429>
2551
2552         Reviewed by Dean Jackson.
2553
2554         * Modules/applepay/ApplePaySession.cpp:
2555         (WebCore::isValidPaymentRequestPropertyName):
2556
2557 2016-06-23  Benjamin Poulain  <benjamin@webkit.org>
2558
2559         Specialize synchronous event tracking per event type
2560         https://bugs.webkit.org/show_bug.cgi?id=158826
2561
2562         Reviewed by Simon Fraser.
2563
2564         First, kudos to Rick Byers for all his helps on passive event dispatch.
2565         The specs are pretty damn good and his help reviewing patches is very useful.
2566
2567         This patch change synchronous event dispatch to happen per event
2568         instead of per sequence touchstart->touchend.
2569
2570         The big advantage of this is we can dispatch more events asynchronously.
2571         For example, to handle a tap programmatically, you can limit the active listener
2572         to the touchend event. The touchstart and touchmove are now dispatched asynchronously.
2573
2574         The implementation is a simple extension to EventTrackingRegions.
2575         Instead of a single synchronous region, we have one region per event type.
2576         When processing the events, we only need to send the events synchronously
2577         if that particular event type has a synchronous region.
2578
2579         Note that EventDispatcher's touch event support already supports
2580         mixing synchronous and asynchronous events. The events are always processed
2581         in order even if asynchronous events are pending when a synchronous dispatch
2582         happens.
2583
2584         Tests: fast/events/touch/ios/tap-with-active-listener-inside-document-with-passive-listener.html
2585                fast/events/touch/ios/tap-with-active-listener-inside-window-with-passive-listener.html
2586                fast/events/touch/ios/tap-with-active-touch-end-listener.html
2587                fast/events/touch/ios/tap-with-passive-listener-inside-active-listener.html
2588                fast/events/touch/ios/tap-with-passive-touch-end-listener.html
2589                fast/events/touch/ios/tap-with-passive-touch-start-active-touch-end-listeners-on-elements.html
2590                fast/events/touch/ios/tap-with-passive-touch-start-active-touch-move-listeners-on-elements.html
2591
2592         * CMakeLists.txt:
2593         * WebCore.xcodeproj/project.pbxproj:
2594         * dom/EventTarget.cpp:
2595         (WebCore::EventTarget::hasActiveTouchEventListeners): Deleted.
2596         * dom/EventTarget.h:
2597         * page/DebugPageOverlays.cpp:
2598         (WebCore::NonFastScrollableRegionOverlay::updateRegion):
2599         * page/Page.cpp:
2600         (WebCore::Page::nonFastScrollableRects):
2601         * page/scrolling/ScrollingCoordinator.cpp:
2602         (WebCore::ScrollingCoordinator::absoluteEventTrackingRegionsForFrame):
2603         * page/scrolling/ScrollingStateFrameScrollingNode.cpp:
2604         (WebCore::ScrollingStateFrameScrollingNode::dumpProperties):
2605         * page/scrolling/ScrollingTree.cpp:
2606         (WebCore::ScrollingTree::shouldHandleWheelEventSynchronously):
2607         (WebCore::ScrollingTree::eventTrackingTypeForPoint):
2608         * page/scrolling/ScrollingTree.h:
2609         * platform/EventTrackingRegions.cpp: Added.
2610         (WebCore::EventTrackingRegions::trackingTypeForPoint):
2611         (WebCore::EventTrackingRegions::isEmpty):
2612         (WebCore::EventTrackingRegions::translate):
2613         (WebCore::EventTrackingRegions::uniteSynchronousRegion):
2614         (WebCore::EventTrackingRegions::unite):
2615         (WebCore::operator==):
2616         * platform/EventTrackingRegions.h:
2617         (WebCore::EventTrackingRegions::isEmpty): Deleted.
2618         (WebCore::EventTrackingRegions::trackingTypeForPoint): Deleted.
2619         (WebCore::operator==): Deleted.
2620
2621 2016-06-23  Simon Fraser  <simon.fraser@apple.com>
2622
2623         More attempting to fix external iOS builds.
2624
2625         * platform/spi/cocoa/QuartzCoreSPI.h:
2626
2627 2016-06-23  Simon Fraser  <simon.fraser@apple.com>
2628
2629         Try to fix the non-internal builds by defining CARenderServerBufferRef.
2630
2631         * platform/spi/cocoa/QuartzCoreSPI.h:
2632
2633 2016-06-23  Simon Fraser  <simon.fraser@apple.com>
2634
2635         [iOS] Make DumpRenderTree and WebKitTestRunner in the simulator use render server snapshotting
2636         https://bugs.webkit.org/show_bug.cgi?id=159077
2637
2638         Reviewed by Tim Horton.
2639
2640         Add CARenderServer SPIs.
2641
2642         Test: fast/harness/snapshot-captures-compositing.html
2643
2644         * platform/spi/cocoa/QuartzCoreSPI.h:
2645
2646 2016-06-23  Brian Burg  <bburg@apple.com>
2647
2648         Web Inspector: add assertions to catch dangling frontends that persist between tests
2649         https://bugs.webkit.org/show_bug.cgi?id=159073
2650
2651         Reviewed by Joseph Pecoraro.
2652
2653         Based on the analysis in https://webkit.org/b/159070, we suspect that some test
2654         flakiness might be caused by dangling frontends from previous test cases. Add an
2655         assertion that should catch any frontends that are attached to the inspected page's
2656         backend. There should never be any frontends connected when a test first starts.
2657
2658         * inspector/InspectorController.cpp:
2659         (WebCore::InspectorController::setIsUnderTest):
2660         * inspector/InspectorController.h:
2661
2662 2016-06-23  Said Abou-Hallawa  <sabouhallawa@apple.com>
2663
2664         requestFrameAnimation() callback timestamp should be very close to Performance.now() 
2665         https://bugs.webkit.org/show_bug.cgi?id=159038
2666
2667         Reviewed by Simon Fraser.
2668
2669         Pass the Performance.now() to requestFrameAnimation() callback. Do not add
2670         the timeUntilOutput which is the difference between outputTime and now since
2671         this addition makes us report a timestamp ahead in the future by almost 33ms.
2672
2673         A new function named "nowTimestamp()" is added to the DOMWindow class. It
2674         calls Performance.now() if WEB_TIMING is enabled, otherwise it calls
2675         monotonicallyIncreasingTime(). The returned timestamp is seconds and it is
2676         relative to the document loading time.
2677
2678         The timestamp passing will be removed all the down till the callers of
2679         ScriptedAnimationController::serviceScriptedAnimations(). The callers will
2680         getting the now timestamp by calling DOMWindow::nowTimestamp().
2681
2682         Tests: animations/animation-callback-timestamp.html
2683                animations/animation-multiple-callbacks-timestamp.html
2684
2685         * dom/Document.cpp:
2686         (WebCore::Document::monotonicTimestamp):
2687         (WebCore::Document::serviceScriptedAnimations):
2688         * dom/Document.h:
2689         * dom/ScriptedAnimationController.cpp:
2690         (WebCore::ScriptedAnimationController::serviceScriptedAnimations):
2691         (WebCore::ScriptedAnimationController::animationTimerFired):
2692         (WebCore::ScriptedAnimationController::displayRefreshFired):
2693         * dom/ScriptedAnimationController.h:
2694         * html/HTMLMediaElement.cpp:
2695         (WebCore::HTMLMediaElement::getVideoPlaybackQuality):
2696         * loader/DocumentLoadTiming.h:
2697         (WebCore::DocumentLoadTiming::referenceWallTime):
2698         * page/DOMWindow.cpp:
2699         (WebCore::DOMWindow::nowTimestamp):
2700         * page/DOMWindow.h:
2701         * page/FrameView.cpp:
2702         (WebCore::FrameView::serviceScriptedAnimations):
2703         * page/FrameView.h:
2704         * platform/graphics/DisplayRefreshMonitor.cpp:
2705         (WebCore::DisplayRefreshMonitor::DisplayRefreshMonitor):
2706         (WebCore::DisplayRefreshMonitor::displayDidRefresh):
2707         * platform/graphics/DisplayRefreshMonitor.h:
2708         (WebCore::DisplayRefreshMonitor::setMonotonicAnimationStartTime): Deleted.
2709         * platform/graphics/DisplayRefreshMonitorClient.cpp:
2710         (WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded):
2711         * platform/graphics/DisplayRefreshMonitorClient.h:
2712         * platform/graphics/GraphicsLayerUpdater.cpp:
2713         (WebCore::GraphicsLayerUpdater::displayRefreshFired):
2714         * platform/graphics/GraphicsLayerUpdater.h:
2715         * platform/graphics/ios/DisplayRefreshMonitorIOS.h:
2716         * platform/graphics/ios/DisplayRefreshMonitorIOS.mm:
2717         (-[WebDisplayLinkHandler handleDisplayLink:]):
2718         (WebCore::DisplayRefreshMonitorIOS::displayLinkFired):
2719         (WebCore::mediaTimeToCurrentTime): Deleted.
2720         * platform/graphics/mac/DisplayRefreshMonitorMac.cpp:
2721         (WebCore::displayLinkCallback):
2722         (WebCore::DisplayRefreshMonitorMac::displayLinkFired):
2723         * platform/graphics/mac/DisplayRefreshMonitorMac.h:
2724         * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
2725         (WebCore::CompositingCoordinator::syncDisplayState):
2726         (WebCore::CompositingCoordinator::nextAnimationServiceTime):
2727
2728 2016-06-23  David Kilzer  <ddkilzer@apple.com>
2729
2730         Remove unused HarfBuzzFaceCoreText.cpp
2731         <https://webkit.org/b/159065>
2732
2733         Reviewed by Myles C. Maxfield.
2734
2735         * platform/graphics/harfbuzz/HarfBuzzFaceCoreText.cpp: Removed.
2736
2737 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
2738
2739         Web Inspector: Memory Timeline sometimes shows impossible value for bmalloc size (underflowed)
2740         https://bugs.webkit.org/show_bug.cgi?id=158110
2741         <rdar://problem/26498584>
2742
2743         Reviewed by Andreas Kling.
2744
2745         IOSurface memory backing Canvas element buffers should be classified as "GC Owned",
2746         but should not be considered a part of bmalloc. In fact, the actual memory cost is
2747         external to the Web Content Process. The majority of extra memory reporters tend
2748         to report extra memory that is also allocated in bmalloc. However, some report
2749         non-bmalloc memory, such as the IOSurfaces here.
2750         
2751         Continue to report the memory cost without changes to inform the Heap for garbage
2752         collection. However, also keep better accounting of GCOwned memory that is external
2753         to the process for better accounting for the Resource Usage overlay and Web Inspector
2754         Memory timeline.
2755         
2756         This is a bit of a game where we want to display the best possible number for
2757         "GCOwned memory" in the tools, but some of that memory shows up in the other
2758         regions (bmalloc, system malloc, etc). Already many sizes are estimates
2759         (ReportExtraMemory, reportExtraMemory ignores small allocations), so we just focus
2760         on getting the largest sources of allocations, such as Canvas IOSurfaces here,
2761         into the right bucket. ResourceUsageThreadCocoa continues to subtract the "extra"
2762         memory from bmalloc. So, we should address other large sources of "extra memory"
2763         not in bmalloc. A likely candidate is HTMLMediaElement which uses the deprecated
2764         reporting right now.
2765
2766         * bindings/scripts/CodeGeneratorJS.pm:
2767         (GenerateImplementation):
2768         * bindings/scripts/IDLAttributes.txt:
2769         Add a way to report External memory, dependent on reporting Extra memory.
2770
2771         * html/HTMLCanvasElement.cpp:
2772         (WebCore::HTMLCanvasElement::externalMemoryCost):
2773         * html/HTMLCanvasElement.h:
2774         * html/HTMLCanvasElement.idl:
2775         Report external memory cost just like extra memory.
2776
2777         * page/ResourceUsageData.cpp:
2778         (WebCore::ResourceUsageData::ResourceUsageData):
2779         * page/ResourceUsageData.h:
2780         (WebCore::MemoryCategoryInfo::totalSize):
2781         * page/cocoa/ResourceUsageOverlayCocoa.mm:
2782         (WebCore::RingBuffer::at):
2783         (WebCore::appendDataToHistory):
2784         (WebCore::ResourceUsageOverlay::platformDraw):
2785         * page/cocoa/ResourceUsageThreadCocoa.mm:
2786         (WebCore::categoryForVMTag):
2787         (WebCore::ResourceUsageThread::platformThreadBody):
2788         Do not count the GCOwned External memory as dirty memory.
2789         Include External memory output in the overlay.
2790
2791         * inspector/InspectorMemoryAgent.cpp:
2792         (WebCore::InspectorMemoryAgent::collectSample):
2793         When sizing the JavaScript portion, include both the GC Owned
2794         category's dirty and external memory. Ultimately we will
2795         want this everywhere in case things change.
2796
2797         * platform/graphics/ImageBuffer.cpp:
2798         (WebCore::memoryCost):
2799         (WebCore::externalMemoryCost):
2800         * platform/graphics/ImageBuffer.h:
2801         * platform/graphics/cg/ImageBufferCG.cpp:
2802         (WebCore::ImageBuffer::memoryCost):
2803         (WebCore::ImageBuffer::externalMemoryCost):
2804         Report IOSurface total bytes as extra memory and external memory
2805         so that it can be tracked as GC Owned memory that is separate from
2806         regular (bmalloc/other) in process memory.
2807
2808 2016-06-23  Alexey Proskuryakov  <ap@apple.com>
2809
2810         Handle (0, 0) ranges from Lookup
2811         https://bugs.webkit.org/show_bug.cgi?id=159062
2812         rdar://problem/26960385
2813
2814         Reviewed by Tim Horton.
2815
2816         * editing/mac/DictionaryLookup.mm: (WebCore::DictionaryLookup::rangeAtHitTestResult):
2817         Paper over <https://bugs.webkit.org/show_bug.cgi?id=159063>, which seems too involved
2818         to fix now.
2819
2820 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
2821
2822         Web Inspector: first heap snapshot taken when a page is reloaded happens before the reload navigation
2823         https://bugs.webkit.org/show_bug.cgi?id=158995
2824         <rdar://problem/26923778>
2825
2826         Reviewed by Brian Burg.
2827
2828         When the "Heap" instrument is included in the Timeline list
2829         of instruments, defer starting it in an auto-capture scenario
2830         until after the page does its first navigation.
2831
2832         AutoCapture on the backend happens when it is enabled at
2833         the main resource starts loading. In that case it proceeds
2834         through the following phases:
2835
2836             No Auto Capture:
2837                 None
2838
2839             Auto Capture:
2840                 BeforeLoad -> FirstNavigation -> AfterFirstNavigation
2841
2842         When toggling instruments for backend initiated capture
2843         most instruments do not care and will just start/stop.
2844
2845         * inspector/InspectorInstrumentation.cpp:
2846         (WebCore::InspectorInstrumentation::didCommitLoadImpl):
2847         Inform the TimelineAgent that the main frame navigated.
2848         Do this after informing the HeapAgent (so any potential
2849         snapshot does not get cleared) and PageAgent (so the
2850         frontend knows the page navigated before the agent starts).
2851
2852         * inspector/InspectorTimelineAgent.h:
2853         * inspector/InspectorTimelineAgent.cpp:
2854         (WebCore::InspectorTimelineAgent::internalStop):
2855         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
2856         (WebCore::InspectorTimelineAgent::mainFrameNavigated):
2857         Update the auto capture phase transitions.
2858
2859         (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
2860         Only start the heap agent during the None phase (console.profile)
2861         or with the first navigation (auto capture page navigation).
2862
2863 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
2864
2865         Web Inspector: Snapshots should be cleared at some point
2866         https://bugs.webkit.org/show_bug.cgi?id=157907
2867         <rdar://problem/26373610>
2868
2869         Reviewed by Timothy Hatcher.
2870
2871         * CMakeLists.txt:
2872         * WebCore.xcodeproj/project.pbxproj:
2873         * inspector/InspectorAllInOne.cpp:
2874         New specialized agent.
2875
2876         * inspector/InspectorController.cpp:
2877         (WebCore::InspectorController::InspectorController):
2878         Construct a specialized HeapAgent.
2879
2880         * inspector/PageHeapAgent.h:
2881         * inspector/PageHeapAgent.cpp:
2882         (WebCore::PageHeapAgent::PageHeapAgent):
2883         (WebCore::PageHeapAgent::enable):
2884         (WebCore::PageHeapAgent::disable):
2885         (WebCore::PageHeapAgent::mainFrameNavigated):
2886         Clear backend snapshots on page navigations.
2887         Set the PageHeapAgent instrumenting agent on enable/disable.
2888
2889         * inspector/InstrumentingAgents.cpp:
2890         (WebCore::InstrumentingAgents::reset):
2891         * inspector/InstrumentingAgents.h:
2892         (WebCore::InstrumentingAgents::pageHeapAgent):
2893         (WebCore::InstrumentingAgents::setPageHeapAgent):
2894         Active PageHeapAgent.
2895
2896         * inspector/InspectorInstrumentation.cpp:
2897         (WebCore::InspectorInstrumentation::didCommitLoadImpl):
2898         Inform the PageHeapAgent when the mainframe navigates.
2899
2900 2016-06-23  Joseph Pecoraro  <pecoraro@apple.com>
2901
2902         CSSComputedStyleDeclaration::length should recalculate styles if needed to provide the correct value
2903         https://bugs.webkit.org/show_bug.cgi?id=159053
2904         <rdar://problem/26638119>
2905
2906         Reviewed by Simon Fraser.
2907
2908         Test: fast/css/variables/custom-property-computed-style-length-update.html
2909
2910         * css/CSSComputedStyleDeclaration.cpp:
2911         (WebCore::CSSComputedStyleDeclaration::length):
2912
2913 2016-06-23  John Wilander  <wilander@apple.com>
2914
2915         Enable window.open() for existing versions of Secret Society
2916         https://bugs.webkit.org/show_bug.cgi?id=159049
2917         <rdar://problem/26528349>
2918
2919         Reviewed by Andy Estes.
2920
2921         The Secret Society Hidden Mystery app has a broken version check treating iOS 10
2922         as iOS 1 on iPads. Therefore it believes it can use window.open() in a tap
2923         handler. We should allow the existing versions of the app to do this to not break
2924         them.
2925
2926         No new tests. Tested manually in the app.
2927
2928         * page/DOMWindow.cpp:
2929         (WebCore::DOMWindow::allowPopUp):
2930             Now checks with Settings whether it should allow a popup even though it is
2931             not processing a user gesture.
2932         * page/Settings.in:
2933             Added setting allowWindowOpenWithoutUserGesture.
2934         * platform/RuntimeApplicationChecks.h:
2935         * platform/RuntimeApplicationChecks.mm:
2936         (WebCore::IOSApplication::isTheSecretSocietyHiddenMystery):
2937             Added.
2938
2939 2016-06-23  Chris Dumez  <cdumez@apple.com>
2940
2941         Only call sqlite3_initialize() when a SQLite database is actually being opened
2942         https://bugs.webkit.org/show_bug.cgi?id=159033
2943
2944         Reviewed by Brady Eidson.
2945
2946         Only call sqlite3_initialize() when a SQLite database is actually being opened
2947         instead of doing it unconditionally. sqlite3_initialize() was previously called
2948         in the SQLiteDatabase constructor which gets called on WebContent process
2949         initialization because a DatabaseTracker is constructed on initialization and
2950         DatabaseTracker has a SQLiteDatabase data member.
2951
2952         * platform/sql/SQLiteDatabase.cpp:
2953         (WebCore::initializeSQLiteIfNecessary):
2954         (WebCore::SQLiteDatabase::open):
2955         (WebCore::SQLiteDatabase::SQLiteDatabase): Deleted.
2956         * platform/sql/SQLiteDatabase.h:
2957
2958 2016-06-23  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2959
2960         WebRTC: Align 'update ICE connection/gathering state' steps with the WebRTC 1.0 specification
2961         https://bugs.webkit.org/show_bug.cgi?id=159054
2962
2963         Reviewed by Eric Carlson.
2964
2965         Add checks for same state and closed RTCPeerConnection in the 'update ICE connection state'
2966         and 'update ICE gathering state' routines as described in [1].
2967
2968         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#update-ice-gathering-state
2969
2970         No change in current behavior.
2971
2972         * Modules/mediastream/RTCPeerConnection.cpp:
2973         (WebCore::RTCPeerConnection::updateIceGatheringState):
2974         (WebCore::RTCPeerConnection::updateIceConnectionState):
2975
2976 2016-06-23  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2977
2978         WebRTC: Add support for RTCPeerConnection legacy MediaStream-based API
2979         https://bugs.webkit.org/show_bug.cgi?id=158940
2980
2981         Reviewed by Eric Carlson.
2982
2983         Implement the legacy MediaStream-based RTCPeerConnection API as JS built-ins. The
2984         getRemoteStreams() function and the 'addstream' event are partly implemented with native
2985         code.
2986
2987         Test: fast/mediastream/RTCPeerConnection-legacy-stream-based-api.html
2988
2989         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
2990         (WebCore::MediaEndpointPeerConnection::setRemoteDescriptionTask):
2991         (WebCore::MediaEndpointPeerConnection::getRemoteStreams):
2992         The getRemoteStreams() function and the 'addstream' event is backed up by native code.
2993         * Modules/mediastream/MediaEndpointPeerConnection.h:
2994         * Modules/mediastream/MediaStream.idl:
2995         * Modules/mediastream/PeerConnectionBackend.h:
2996         * Modules/mediastream/RTCPeerConnection.h:
2997         * Modules/mediastream/RTCPeerConnection.idl:
2998         * Modules/mediastream/RTCPeerConnection.js:
2999         (initializeRTCPeerConnection):
3000         (getLocalStreams):
3001         (getRemoteStreams):
3002         (getStreamById):
3003         (addStream):
3004         (removeStream):
3005         Legacy API implemented as JS built-ins.
3006         * bindings/js/JSDOMGlobalObject.cpp:
3007         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
3008         * bindings/js/WebCoreBuiltinNames.h:
3009
3010 2016-06-23  Carlos Garcia Campos  <cgarcia@igalia.com>
3011
3012         Unreviewed. Fix the build with CSS Shapes disabled.
3013
3014         * css/StyleBuilderConverter.h:
3015
3016 2016-06-23  Carlos Garcia Campos  <cgarcia@igalia.com>
3017
3018         [Soup] Clean up SocketStreamHandle soup implementation
3019         https://bugs.webkit.org/show_bug.cgi?id=159024
3020
3021         Reviewed by Žan Doberšek.
3022
3023         Stop using a global HashMap to "acivate"/"deactivate" handles, and just take a reference of the handle and
3024         pass the ownership to the callbacks, using a GCancellable to cancel all async operations.
3025
3026         * platform/network/soup/SocketStreamHandle.h:
3027         (WebCore::SocketStreamHandle::create):
3028         (WebCore::SocketStreamHandle::id): Deleted.
3029         * platform/network/soup/SocketStreamHandleSoup.cpp:
3030         (WebCore::SocketStreamHandle::SocketStreamHandle):
3031         (WebCore::SocketStreamHandle::connected):
3032         (WebCore::SocketStreamHandle::connectedCallback):
3033         (WebCore::SocketStreamHandle::readBytes):
3034         (WebCore::SocketStreamHandle::readReadyCallback):
3035         (WebCore::SocketStreamHandle::didFail):
3036         (WebCore::SocketStreamHandle::platformSend):
3037         (WebCore::SocketStreamHandle::platformClose):
3038         (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):
3039         (WebCore::SocketStreamHandle::writeReadyCallback):
3040         (WebCore::getHandleFromId): Deleted.
3041         (WebCore::deactivateHandle): Deleted.
3042         (WebCore::activateHandle): Deleted.
3043         (WebCore::SocketStreamHandle::~SocketStreamHandle): Deleted.
3044         (WebCore::connectedCallback): Deleted.
3045         (WebCore::readReadyCallback): Deleted.
3046         (WebCore::writeReadyCallback): Deleted.
3047
3048 2016-06-22  Brady Eidson  <beidson@apple.com>
3049
3050         DatabaseProcess doesn't handle WebProcesses going away uncleanly.
3051         https://bugs.webkit.org/show_bug.cgi?id=158894
3052
3053         Reviewed by Alex Christensen.
3054
3055         No new tests (Covered by additions to existing API test).
3056
3057         * Modules/indexeddb/server/IDBConnectionToClient.cpp:
3058         (WebCore::IDBServer::IDBConnectionToClient::registerDatabaseConnection):
3059         (WebCore::IDBServer::IDBConnectionToClient::unregisterDatabaseConnection):
3060         (WebCore::IDBServer::IDBConnectionToClient::connectionToClientClosed):
3061         * Modules/indexeddb/server/IDBConnectionToClient.h:
3062         
3063         * Modules/indexeddb/server/IDBServer.cpp:
3064         (WebCore::IDBServer::IDBServer::unregisterConnection): Call connectionToClientClosed() on
3065           the connection, which cleans up after it in the server.
3066         
3067         * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
3068         (WebCore::IDBServer::UniqueIDBDatabaseConnection::UniqueIDBDatabaseConnection):
3069         (WebCore::IDBServer::UniqueIDBDatabaseConnection::~UniqueIDBDatabaseConnection):
3070
3071 2016-06-22  Benjamin Poulain  <bpoulain@apple.com>
3072
3073         AX: Add support for CSS4 :focus-within pseudo
3074         https://bugs.webkit.org/show_bug.cgi?id=140144
3075
3076         Reviewed by Antti Koivisto.
3077
3078         Tests: fast/css/pseudo-focus-within-basics.html
3079                fast/css/pseudo-focus-within-inside-shadow-dom.html
3080                fast/css/pseudo-focus-within-style-sharing-1.html
3081                fast/css/pseudo-focus-within-style-sharing-2.html
3082                fast/selectors/focus-within-style-update.html
3083
3084         * css/CSSSelector.cpp:
3085         (WebCore::CSSSelector::selectorText):
3086         * css/CSSSelector.h:
3087         * css/SelectorChecker.cpp:
3088         (WebCore::SelectorChecker::checkOne):
3089         * css/SelectorPseudoClassAndCompatibilityElementMap.in:
3090         * cssjit/SelectorCompiler.cpp:
3091         (WebCore::SelectorCompiler::addPseudoClassType):
3092         (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementMatching):
3093         (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasFocusWithin):
3094         * dom/ContainerNode.cpp:
3095         (WebCore::destroyRenderTreeIfNeeded):
3096         * dom/Element.cpp:
3097         (WebCore::Element::~Element):
3098         (WebCore::Element::setFocus):
3099         (WebCore::Element::unregisterNamedFlowContentElement):
3100         (WebCore::Element::setIsNamedFlowContentElement):
3101         (WebCore::Element::clearIsNamedFlowContentElement):
3102         (WebCore::Element::setStyleAffectedByFocusWithin):
3103         (WebCore::Element::rareDataStyleAffectedByFocusWithin):
3104         (WebCore::Element::rareDataIsNamedFlowContentElement):
3105         * dom/Element.h:
3106         (WebCore::Element::hasFocusWithin):
3107         (WebCore::Element::styleAffectedByFocusWithin):
3108         (WebCore::Element::isNamedFlowContentElement):
3109         (WebCore::Element::setHasFocusWithin):
3110         * dom/ElementRareData.h:
3111         (WebCore::ElementRareData::styleAffectedByFocusWithin):
3112         (WebCore::ElementRareData::setStyleAffectedByFocusWithin):
3113         (WebCore::ElementRareData::isNamedFlowContentElement):
3114         (WebCore::ElementRareData::setIsNamedFlowContentElement):
3115         (WebCore::ElementRareData::ElementRareData):
3116         (WebCore::ElementRareData::resetComputedStyle):
3117         * dom/Node.h:
3118         (WebCore::Node::flagHasFocusWithin):
3119         (WebCore::Node::isNamedFlowContentNode): Deleted.
3120         (WebCore::Node::setIsNamedFlowContentNode): Deleted.
3121         (WebCore::Node::clearIsNamedFlowContentNode): Deleted.
3122         * rendering/RenderNamedFlowThread.cpp:
3123         (WebCore::RenderNamedFlowThread::clearContentElements):
3124         (WebCore::RenderNamedFlowThread::registerNamedFlowContentElement):
3125         (WebCore::RenderNamedFlowThread::unregisterNamedFlowContentElement):
3126         (WebCore::nextNodeInsideContentElement):
3127         * style/RenderTreeUpdater.cpp:
3128         (WebCore::RenderTreeUpdater::updateElementRenderer):
3129         * style/StyleRelations.cpp:
3130         (WebCore::Style::commitRelationsToRenderStyle):
3131         (WebCore::Style::commitRelations):
3132         * style/StyleRelations.h:
3133         * style/StyleSharingResolver.cpp:
3134         (WebCore::Style::SharingResolver::canShareStyleWithElement):
3135
3136 2016-06-22  Oliver Hunt  <oliver@apple.com>
3137
3138         Integrate WebKit's CFURLConnection with App Transport Security
3139         https://bugs.webkit.org/show_bug.cgi?id=159039
3140         <rdar://problem/26953685>
3141
3142         Reviewed by Alex Christensen.
3143
3144         Pass additional options to NSURLConnect initialiser to identify that
3145         this connection is for WebKit content loading.
3146
3147         * platform/network/mac/ResourceHandleMac.mm:
3148         (WebCore::ResourceHandle::createNSURLConnection):
3149
3150 2016-06-20  Jeremy Jones  <jeremyj@apple.com>
3151
3152         Adopt commitPriority to get rid of the 2 AVPL solution for PiP
3153         https://bugs.webkit.org/show_bug.cgi?id=158949
3154         rdar://problem/26867866
3155
3156         Reviewed by Simon Fraser.
3157
3158         No new tests because there is no behavior change. This reverts changes from 
3159         https://bugs.webkit.org/show_bug.cgi?id=158148 and instead uses -[CAContext commitPriority:]
3160         to prevent flicker when moving a layer between contexts. 
3161         commitPriority allows the layer to be added to the destination context before it is 
3162         removed from the source context.
3163
3164         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h: remove m_secondaryVideoLayer.
3165         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm: ditto
3166         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenGravity): ditto.
3167         (WebCore::MediaPlayerPrivateAVFoundationObjC::syncTextTrackBounds): ditto.
3168         (WebCore::MediaPlayerPrivateAVFoundationObjC::destroyVideoLayer): ditto.
3169         (WebCore::MediaPlayerPrivateAVFoundationObjC::updateVideoLayerGravity): ditto.
3170         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: ditto
3171         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::addDisplayLayer): ditto
3172         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: ditto
3173         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers):ditto
3174         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.h: ditto
3175         * platform/graphics/avfoundation/objc/VideoFullscreenLayerManager.mm: ditto
3176         (WebCore::VideoFullscreenLayerManager::setVideoLayer): ditto
3177         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenLayer): ditto and adopt commitPriority.
3178         (WebCore::VideoFullscreenLayerManager::setVideoFullscreenFrame): ditto
3179         (WebCore::VideoFullscreenLayerManager::setVideoLayers): Deleted. 
3180         (WebCore::VideoFullscreenLayerManager::didDestroyVideoLayer): remove m_secondaryVideoLayer.
3181         * platform/spi/cocoa/QuartzCoreSPI.h: Add commitPriority.
3182
3183 2016-06-22  Simon Fraser  <simon.fraser@apple.com>
3184
3185         REGRESSION (r201629): Weird button glitching on github.com
3186         https://bugs.webkit.org/show_bug.cgi?id=159031
3187         rdar://problem/26880332
3188
3189         Reviewed by Tim Horton.
3190
3191         r201629 changed the logic slightly when creating an image buffer for a scaled context;
3192         it set the buffer context's scale to the scale in the source context, but this failed
3193         to take into account the rounding up of the buffer size, which the old code did.
3194
3195         Fix by reverting to the old behavior.
3196
3197         Since buffer sizes can only be integral, changed compatibleBufferSize() to return
3198         an IntSize.
3199
3200         Test: fast/backgrounds/scaled-gradient-background.html
3201
3202         * platform/graphics/ImageBuffer.cpp:
3203         (WebCore::ImageBuffer::createCompatibleBuffer):
3204         (WebCore::ImageBuffer::compatibleBufferSize):
3205         * platform/graphics/ImageBuffer.h:
3206         * platform/graphics/IntRect.h:
3207         (WebCore::IntRect::area):
3208         * platform/graphics/IntSize.h:
3209         (WebCore::IntSize::area): Make this return an unsigned.
3210
3211 2016-06-22  Anders Carlsson  <andersca@apple.com>
3212
3213         Inline the last of the Apple Pay WebCore code
3214         https://bugs.webkit.org/show_bug.cgi?id=159032
3215
3216         Reviewed by Tim Horton.
3217
3218         * loader/EmptyClients.cpp:
3219         (WebCore::fillWithEmptyClients):
3220         * page/MainFrame.cpp:
3221         (WebCore::MainFrame::MainFrame):
3222         * page/MainFrame.h:
3223         * page/PageConfiguration.h:
3224         * platform/cocoa/ThemeCocoa.mm:
3225         (WebCore::passKitBundle):
3226         (WebCore::loadPassKitPDFPage):
3227         (WebCore::applePayButtonLogoBlack):
3228         (WebCore::applePayButtonLogoWhite):
3229         (WebCore::drawApplePayButton):
3230         (WebCore::ThemeCocoa::drawNamedImage):
3231
3232 2016-06-22  Anders Carlsson  <andersca@apple.com>
3233
3234         Exception is not thrown when shipping method is an invalid amount
3235         https://bugs.webkit.org/show_bug.cgi?id=159030
3236         rdar://problem/26700413
3237
3238         Reviewed by Tim Horton.
3239
3240         * Modules/applepay/ApplePaySession.cpp:
3241         (WebCore::createShippingMethods):
3242         Bail if createShippingMethod returns Nullopt.
3243
3244         (WebCore::createPaymentRequest):
3245         Bail if createShippingMethods returns Nullopt.
3246
3247 2016-06-22  Anders Carlsson  <andersca@apple.com>
3248
3249         Exception is not thrown when shipping method is an invalid amount
3250         https://bugs.webkit.org/show_bug.cgi?id=159029
3251         rdar://problem/26700413
3252
3253         Reviewed by Tim Horton.
3254
3255         * Modules/applepay/PaymentRequest.h:
3256         Change ShippingMethod::amount to be a signed 64-bit integer.
3257
3258         * Modules/applepay/PaymentRequestValidator.cpp:
3259         (WebCore::PaymentRequestValidator::validate):
3260         Call validateShippingMethods.
3261
3262         (WebCore::PaymentRequestValidator::validateShippingMethods):
3263         Validate all the shipping methods.
3264
3265         (WebCore::PaymentRequestValidator::validateShippingMethod):
3266         Check that the amount is >= 0.
3267
3268         * Modules/applepay/PaymentRequestValidator.h:
3269         Add new members.
3270
3271 2016-06-22  Adam Bergkvist  <adam.bergkvist@ericsson.com>
3272
3273         WebRTC: Add support for the negotiationneeded event in MediaEndpointPeerConnection
3274         https://bugs.webkit.org/show_bug.cgi?id=158985
3275
3276         Reviewed by Eric Carlson.
3277
3278         Implement MediaEndpointPeerConnection's isNegotiationNeeded, markAsNeedingNegotiation and
3279         clearNegotiationNeededState functions. The calls to these functions are already up-to-date.
3280
3281         Test: fast/mediastream/RTCPeerConnection-more-media-to-negotiate.html
3282
3283         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
3284         (WebCore::MediaEndpointPeerConnection::markAsNeedingNegotiation):
3285         * Modules/mediastream/MediaEndpointPeerConnection.h:
3286         * Modules/mediastream/RTCPeerConnection.cpp:
3287         (WebCore::RTCPeerConnection::scheduleNegotiationNeededEvent):
3288
3289 2016-06-22  Adam Bergkvist  <adam.bergkvist@ericsson.com>
3290
3291         WebRTC: Replace RTCPeerConnection custom constructor with a JS built-in constructor
3292         https://bugs.webkit.org/show_bug.cgi?id=158832
3293
3294         Reviewed by Eric Carlson and Youenn Fablet.
3295
3296         Use a JS built-in constructor instead of a custom constructor. This makes it easier to
3297         initialize private fields for functions implemented as JS built-ins. The constructor
3298         behavior is in need of updating, but that is left to a follow-up change [1].
3299
3300         [1] http://webkit.org/b/158936
3301         No change in behavior.
3302
3303         * CMakeLists.txt:
3304         * Modules/mediastream/RTCPeerConnection.cpp:
3305         (WebCore::RTCPeerConnection::create):
3306         (WebCore::RTCPeerConnection::RTCPeerConnection):
3307         (WebCore::RTCPeerConnection::~RTCPeerConnection):
3308         (WebCore::RTCPeerConnection::initializeWith):
3309         * Modules/mediastream/RTCPeerConnection.h:
3310         * Modules/mediastream/RTCPeerConnection.idl:
3311         * Modules/mediastream/RTCPeerConnection.js:
3312         (initializeRTCPeerConnection):
3313         Add JS built-in constructor function.
3314         * WebCore.xcodeproj/project.pbxproj:
3315         * bindings/js/JSRTCPeerConnectionCustom.cpp: Removed.
3316         (WebCore::constructJSRTCPeerConnection): Deleted.
3317
3318 2016-06-22  Youenn Fablet  <youenn@apple.com>
3319
3320         CrossOriginPreflightChecker should call DocumentThreadableLoader preflightFailure instead of didFailLoading
3321         https://bugs.webkit.org/show_bug.cgi?id=158984
3322
3323         Reviewed by Darin Adler.
3324
3325         No change of behavior.
3326
3327         Calling DocumentThreadableLoader preflightFailure instead of didFailLoading for any preflight error case.
3328
3329         * loader/CrossOriginPreflightChecker.cpp:
3330         (WebCore::CrossOriginPreflightChecker::notifyFinished): Directly calling preflightFailure callback.
3331         (WebCore::CrossOriginPreflightChecker::doPreflight): Ditto.
3332         (WebCore::CrossOriginPreflightChecker::handleLoadingFailure): Deleted.
3333         (WebCore::CrossOriginPreflightChecker::redirectReceived): Deleted (should have been removed as part of
3334         https://bugs.webkit.org/show_bug.cgi?id=111008).
3335         * loader/CrossOriginPreflightChecker.h:
3336
3337 2016-06-22  Youenn Fablet  <youennf@gmail.com>
3338
3339         JSDOMIterator forEach should support second optional parameter
3340         https://bugs.webkit.org/show_bug.cgi?id=159020
3341
3342         Reviewed by Chris Dumez.
3343
3344         Covered by beefed up test.
3345
3346         * bindings/js/JSDOMIterator.h:
3347         (WebCore::iteratorForEach): Setting callback thisValue to the second argument passed to forEach.
3348
3349 2016-06-22  Jer Noble  <jer.noble@apple.com>
3350
3351         Media controls stop working after exiting PiP
3352         https://bugs.webkit.org/show_bug.cgi?id=159026
3353         <rdar://problem/26753579>
3354
3355         Reviewed by Eric Carlson.
3356
3357         Do not slave setting WebVideoFullscreenModelVideoElement::setVideoElement() to
3358         WebPlaybackSessionModelVideoElement::setMediaElement(). After all, someone else
3359         (i.e., the media controls) may still be using it.
3360
3361         * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
3362         (WebVideoFullscreenModelVideoElement::setVideoElement): Deleted.
3363         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
3364         (WebVideoFullscreenControllerContext::didCleanupFullscreen):
3365         (WebVideoFullscreenControllerContext::setUpFullscreen):
3366
3367 2016-06-22  Jer Noble  <jer.noble@apple.com>
3368
3369         Update document's isPlayingMedia() state whenever media element's media state changes
3370         https://bugs.webkit.org/show_bug.cgi?id=159018
3371         <rdar://problem/26586630>
3372
3373         Reviewed by Beth Dakin.
3374
3375         The Document can end up with a stale m_mediaState if its own value isn't updated when
3376         its constituent HTMLMediaElement's m_mediaStates change.
3377
3378         * html/HTMLMediaElement.cpp:
3379         (WebCore::HTMLMediaElement::updateMediaState):
3380
3381 2016-06-22  Simon Fraser  <simon.fraser@apple.com>
3382
3383         Crash under GraphicsLayerCA::recursiveCommitChanges() with deep layer trees
3384         https://bugs.webkit.org/show_bug.cgi?id=159023
3385         rdar://problem/25377842
3386
3387         Reviewed by Tim Horton.
3388
3389         Having an on-stack DisplayList::Recorder increased the stack frame size significantly,
3390         causing stack exhaustion with deep layer trees, despite the existing depth check.
3391
3392         Make the Recorder heap-allocated to fix this.
3393
3394         Tested by LayoutTests/compositing//layer-creation/deep-tree.html.
3395
3396         * platform/graphics/ca/GraphicsLayerCA.cpp:
3397         (WebCore::GraphicsLayerCA::recursiveCommitChanges):
3398
3399 2016-06-22  Carlos Garcia Campos  <cgarcia@igalia.com>
3400
3401         [GTK] Add support for variadic parameters to GObject DOM bindings
3402         https://bugs.webkit.org/show_bug.cgi?id=158942
3403
3404         Reviewed by Michael Catanzaro.
3405
3406         Generate code for functions having variadic parameters.
3407
3408         * bindings/scripts/CodeGeneratorGObject.pm:
3409         (GenerateFunction):
3410         (SkipFunction):
3411         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
3412         (webkit_dom_test_obj_variadic_string_method):
3413         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
3414
3415 2016-06-21  Benjamin Poulain  <bpoulain@apple.com>
3416
3417         :hover CSS pseudo-class sometimes keeps matching ever after mouse has left the element
3418         https://bugs.webkit.org/show_bug.cgi?id=158340
3419
3420         Reviewed by Simon Fraser.
3421
3422         When removing a hovered subtree from the document, we were getting
3423         into an inconsistent state where m_hoveredElement is in the detached
3424         subtree and we have no way of clearing the existing IsHovered flags.
3425
3426         What happens is:
3427         -The root "a" has an child "b" that is hovered.
3428         -"a" starts being removed from the tree, its renderer is destroyed.
3429         -RenderTreeUpdater::tearDownRenderers() pushes "a" on the teardownStack
3430          and calls hoveredElementDidDetach().
3431         -hoveredElementDidDetach() is called with "a". "a" is not the hovered
3432          element, the function does nothing.
3433         -RenderTreeUpdater::tearDownRenderers() pushes "b" on the teardownStack
3434          and calls hoveredElementDidDetach().
3435         -hoveredElementDidDetach() is called with "b". The next parent with a renderer
3436          is "a", m_hoveredElement is set to "a".
3437         -"a"'s parent is set to nullptr.
3438
3439         -> We have a m_hoveredElement on the root of a detached tree, making
3440           &n