[BlackBerry] Some media controls are mispositioned for dynamic live streams (HLS)
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2012-08-16  Max Feil  <mfeil@rim.com>
2
3         [BlackBerry] Some media controls are mispositioned for dynamic live streams (HLS)
4         https://bugs.webkit.org/show_bug.cgi?id=94176
5
6         Reviewed by Antonio Gomes.
7
8         The default HTML5 media controls for dynamic live streams have
9         no timeline or timeline container, which for BlackBerry results
10         in mispositioning of the buttons that are supposed to be to
11         the right of the timeline (fullscreen and mute). Instead of
12         being right justified they incorrectly appear on the left next
13         to the play button. The fix is to explicitly position these 2
14         buttons whenever the media duration is infinite (indicating a
15         live stream).
16
17         Manual test: ManualTests/blackberry/video-hls-controls.html
18
19         * platform/blackberry/RenderThemeBlackBerry.cpp:
20         (WebCore::RenderThemeBlackBerry::adjustMediaControlStyle):
21
22 2012-08-16  Abhishek Arya  <inferno@chromium.org>
23
24         Regression(r118248): Replaced element not layout
25         https://bugs.webkit.org/show_bug.cgi?id=85804
26
27         Reviewed by Levi Weintraub.
28
29         r118248 moved the layout call of replaced elements to nextLineBreak.
30         This was intended to delay the layout after all the lineboxes are cleared
31         in RenderBlock::layoutInlineChildren. However, this caused the end line
32         object to not layout at all. We revert to the old planned way to just
33         keep a local vector of replaced elements to layout and then layout all of them
34         after the lineboxes are cleared.
35
36         Test: fast/replaced/replaced-last-line-layout.html
37
38         * rendering/RenderBlockLineLayout.cpp:
39         (WebCore::RenderBlock::layoutInlineChildren):
40         (WebCore::RenderBlock::LineBreaker::nextLineBreak):
41
42 2012-08-16  Benjamin Poulain  <bpoulain@apple.com>
43
44         Do not perform 8 to 16bits characters conversion when converting a WTFString to NSString/CFString
45         https://bugs.webkit.org/show_bug.cgi?id=90720
46
47         Reviewed by Geoffrey Garen.
48
49         In most String to CFString conversion, we should be able to use the "NoCopy" constructor and have
50         a relatively cheap conversion from WTF::String to CFString.
51
52         When the String is 8 bits, it was converted to 16 bits by getData16SlowCase() because of the call
53         to String::characters().
54
55         This patch adds a path for creating a CFString from a 8bits string using CFStringCreateWithBytes.
56
57         This is covered by existing tests.
58
59         * platform/text/cf/StringCF.cpp:
60         (WTF::String::createCFString): CFSTR() create static CFString, it is unecessary to retain it.
61         * platform/text/cf/StringImplCF.cpp:
62         (WTF::StringImpl::createCFString): The logic to avoid the StringWrapperCFAllocator has also been simplified.
63         The allocator creation is now closer to where it is useful.
64
65         The function CFStringCreateWithBytesNoCopy() does not necessarilly allocate a new string, it can reuse
66         existing strings. In those cases, the allocator is not used. For that reason, the assertion regarding
67         currentString is moved to the branch that always allocate new strings.
68
69 2012-08-16  Adam Barth  <abarth@webkit.org>
70
71         DirectoryEntry should use Dictionary rather than custom bindings code
72         https://bugs.webkit.org/show_bug.cgi?id=94207
73
74         Reviewed by Eric Seidel.
75
76         Since this code was written, we added native support for WebIDL
77         Dictionary objects. This patch moves DirectoryEntry to use this
78         automatic facility instead of custom code.
79
80         I've also renamed and simplified WebKitFlags. This is possible because
81         this object was no longer exposed via IDL (even before to this patch).
82
83         * GNUmakefile.list.am:
84         * Modules/filesystem/DOMFileSystemBase.cpp:
85         (WebCore::DOMFileSystemBase::getFile):
86         (WebCore::DOMFileSystemBase::getDirectory):
87         * Modules/filesystem/DOMFileSystemBase.h:
88         (DOMFileSystemBase):
89         * Modules/filesystem/DirectoryEntry.cpp:
90         (WebCore::DirectoryEntry::getFile):
91         (WebCore::DirectoryEntry::getDirectory):
92         * Modules/filesystem/DirectoryEntry.h:
93         (DirectoryEntry):
94         * Modules/filesystem/DirectoryEntry.idl:
95         * Modules/filesystem/DirectoryEntrySync.cpp:
96         (WebCore::DirectoryEntrySync::getFile):
97         (WebCore::DirectoryEntrySync::getDirectory):
98         * Modules/filesystem/DirectoryEntrySync.h:
99         (DirectoryEntrySync):
100         * Modules/filesystem/DirectoryEntrySync.idl:
101         * Modules/filesystem/FileSystemCallbacks.cpp:
102         (WebCore):
103         (WebCore::ResolveURICallbacks::didOpenFileSystem):
104         * Modules/filesystem/FileSystemFlags.h: Renamed from Source/WebCore/Modules/filesystem/WebKitFlags.h.
105         (WebCore):
106         (WebCore::FileSystemFlags::FileSystemFlags):
107         (FileSystemFlags):
108         * Modules/filesystem/WorkerContextFileSystem.cpp:
109         (WebCore::WorkerContextFileSystem::webkitResolveLocalFileSystemSyncURL):
110         * Target.pri:
111         * UseJSC.cmake:
112         * UseV8.cmake:
113         * WebCore.gypi:
114         * WebCore.vcproj/WebCore.vcproj:
115         * WebCore.xcodeproj/project.pbxproj:
116         * bindings/js/JSDirectoryEntryCustom.cpp: Removed.
117         * bindings/js/JSDirectoryEntrySyncCustom.cpp: Removed.
118         * bindings/v8/custom/V8DirectoryEntryCustom.cpp: Removed.
119         * bindings/v8/custom/V8DirectoryEntrySyncCustom.cpp: Removed.
120
121 2012-08-15  Antti Koivisto  <antti@apple.com>
122
123         Remove StyleSheetContents::m_finalURL 
124         https://bugs.webkit.org/show_bug.cgi?id=94140
125
126         Reviewed by Andreas Kling.
127
128         It is equal (or empty in case of inline stylesheets) to the baseURL passed in CSSParserContext.
129         Removing it simplifies the constructors and the related code.
130
131         * css/CSSStyleSheet.cpp:
132         (WebCore::CSSStyleSheet::createInline):
133         (WebCore::CSSStyleSheet::canAccessRules):
134         (WebCore::CSSStyleSheet::rules):
135         (WebCore::CSSStyleSheet::cssRules):
136
137             - factor access check to a function
138             - allow document always access rules of its inline stylesheets
139
140         * css/StyleRuleImport.cpp:
141         (WebCore::StyleRuleImport::setCSSStyleSheet):
142         (WebCore::StyleRuleImport::requestStyleSheet):
143         * css/StyleSheetContents.cpp:
144         (WebCore::StyleSheetContents::StyleSheetContents):
145         (WebCore::StyleSheetContents::parseAuthorStyleSheet):
146         * css/StyleSheetContents.h:
147         (WebCore::StyleSheetContents::create):
148         (WebCore::StyleSheetContents::originalURL):
149         (StyleSheetContents):
150         * dom/ProcessingInstruction.cpp:
151         (WebCore::ProcessingInstruction::setCSSStyleSheet):
152         * html/HTMLLinkElement.cpp:
153         (WebCore::HTMLLinkElement::setCSSStyleSheet):
154         * inspector/InspectorStyleSheet.cpp:
155         (WebCore::fillMediaListChain):
156         (WebCore::InspectorStyleSheet::styleSheetURL):
157         * xml/XSLImportRule.cpp:
158         (WebCore::XSLImportRule::loadSheet):
159
160 2012-08-16  Justin Novosad  <junov@chromium.org>
161
162         [Chromium] Changing Canvas2DLayerBridge to use SkDeferredCanvas's notification client API
163         https://bugs.webkit.org/show_bug.cgi?id=94234
164
165         Reviewed by James Robinson.
166
167         The existing DeviceContext API in skia's SkDeferredCanvas is being
168         deprecated in favor of the new NotificationClient interface, which is
169         designed to allow WebKit to control deferred canvas global memory
170         consumption.
171
172         No new tests: this patch does not fix any bug and does not add new
173         functionality. It is just a transition to a new skia interface.
174         Coverage is assured by existing tests.
175
176         * platform/graphics/chromium/Canvas2DLayerBridge.cpp:
177         (WebCore):
178         Removed the AcceleratedDeviceContext class completely and mixed it
179         into Canvas2DLayerBridge by inheriting
180         SkDeferredCanvas::NotificationClient
181         (WebCore::Canvas2DLayerBridge::~Canvas2DLayerBridge):
182         (WebCore::Canvas2DLayerBridge::deferredCanvas):
183         (WebCore::Canvas2DLayerBridge::prepareForDraw):
184         (WebCore::Canvas2DLayerBridge::skCanvas):
185         * platform/graphics/chromium/Canvas2DLayerBridge.h:
186         (Canvas2DLayerBridge):
187         * platform/graphics/skia/ImageBufferSkia.cpp:
188         Cleaning up unnecessary include of SkDeferredCanvas.h
189
190 2012-08-16  David Reveman  <reveman@chromium.org>
191
192         [Chromium] Avoid aliasing global symbol monotonicallyIncreasingTime().
193         https://bugs.webkit.org/show_bug.cgi?id=94233
194
195         Reviewed by James Robinson.
196
197         Rename virtual function CCDelayBasedTimeSource::monotonicallyIncreasingTime()
198         that exist for testing purposes to CCDelayBasedTimeSource::monotonicTimeNow().
199
200         No new tests.
201
202         * platform/graphics/chromium/cc/CCDelayBasedTimeSource.cpp:
203         (WebCore::CCDelayBasedTimeSource::setActive):
204         (WebCore::CCDelayBasedTimeSource::onTimerFired):
205         (WebCore::CCDelayBasedTimeSource::monotonicTimeNow):
206         * platform/graphics/chromium/cc/CCDelayBasedTimeSource.h:
207
208 2012-08-16  David Reveman  <reveman@chromium.org>
209
210         [Chromium] Schedule texture uploads based on hard-coded timer and vsync.
211         https://bugs.webkit.org/show_bug.cgi?id=84281
212
213         Reviewed by James Robinson.
214
215         Improve interaction between vsync and texture uploads by performing
216         uploads in smaller batches and use a hard-coded timer to emulate
217         upload completion. This greatly reduces the chance of the compositor
218         missing a vsync due to being busy with texture uploads.
219
220         The CCScheduler client is now given a time limit when told to update
221         more resources. This time limit is passed to an instance of the
222         CCTextureUpdateController class, which is responsible for performing
223         texture updates until the limit is reached.
224
225         Unit tests: CCSchedulerTest.RequestCommit
226                     CCTextureUpdateControllerTest.UpdateMoreTextures
227                     CCTextureUpdateControllerTest.HasMoreUpdates
228
229         * platform/graphics/chromium/cc/CCFrameRateController.cpp:
230         (WebCore::CCFrameRateController::nextTickTime):
231         (WebCore):
232         * platform/graphics/chromium/cc/CCFrameRateController.h:
233         (CCFrameRateController):
234         * platform/graphics/chromium/cc/CCScheduler.cpp:
235         (WebCore::CCScheduler::processScheduledActions):
236         * platform/graphics/chromium/cc/CCScheduler.h:
237         (CCSchedulerClient):
238         * platform/graphics/chromium/cc/CCTextureUpdateController.cpp:
239         (WebCore::CCTextureUpdateController::maxPartialTextureUpdates):
240         (WebCore::CCTextureUpdateController::CCTextureUpdateController):
241         (WebCore::CCTextureUpdateController::updateMoreTextures):
242         (WebCore):
243         (WebCore::CCTextureUpdateController::onTimerFired):
244         (WebCore::CCTextureUpdateController::monotonicTimeNow):
245         (WebCore::CCTextureUpdateController::updateMoreTexturesTime):
246         (WebCore::CCTextureUpdateController::updateMoreTexturesSize):
247         (WebCore::CCTextureUpdateController::updateMoreTexturesIfEnoughTimeRemaining):
248         (WebCore::CCTextureUpdateController::updateMoreTexturesNow):
249         * platform/graphics/chromium/cc/CCTextureUpdateController.h:
250         (WebCore::CCTextureUpdateController::create):
251         (CCTextureUpdateController):
252         * platform/graphics/chromium/cc/CCThreadProxy.cpp:
253         (WebCore::CCThreadProxy::beginFrameCompleteOnImplThread):
254         (WebCore::CCThreadProxy::scheduledActionUpdateMoreResources):
255         * platform/graphics/chromium/cc/CCThreadProxy.h:
256
257 2012-08-16  Dana Jansens  <danakj@chromium.org>
258
259         [chromium] Impl scrolling crashes when the renderer's initialization failed
260         https://bugs.webkit.org/show_bug.cgi?id=94232
261
262         Reviewed by James Robinson.
263
264         CCLayerTreeHostImpl::calculateRenderSurfaceLayerList should not be
265         called when there is no renderer present or it will crash.
266
267         Chromium bug: crbug.com/125482
268
269         Tests: CCLayerTreeHostImplTest.scrollWithoutRenderer
270
271         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
272         (WebCore::CCLayerTreeHostImpl::calculateRenderSurfaceLayerList):
273         (WebCore::CCLayerTreeHostImpl::ensureRenderSurfaceLayerList):
274
275 2012-08-15  Levi Weintraub  <leviw@chromium.org>
276
277         Accumulate sub-pixel offsets through layers and transforms
278         https://bugs.webkit.org/show_bug.cgi?id=89238
279
280         Reviewed by Eric Seidel.
281
282         Pixel snapping logic makes use of sub-pixel offsets accumulated when walking down
283         the render tree. When we align RenderLayers to paint on pixel boundaries, we were
284         also losing that accumulated value. This preserves the fractional offset and passes
285         it to the RenderLayer's RenderObjects so they paint the proper size and offset.
286
287         This also necessitates a new mode of mapLocalToContainer whereby we pixel snap the
288         offset used in transforms. Otherwise, they wouldn't account for the pixel snapping
289         done elsewhere in the render tree.
290
291         Test: fast/sub-pixel/sub-pixel-accumulates-to-layers.html
292
293         * css/CSSComputedStyleDeclaration.cpp:
294         (WebCore::pixelSnappedSizingBox): The LayoutUnit version of sizingBox returns a
295         LayoutRect with the location zeroed out. This leads to incorrect pixel snapping, so
296         we shouldn't put these numbers into a transform. Sadly, I couldn't figure out a
297         test for this without the rest of the patch.
298         (WebCore):
299         (WebCore::computedTransform): Using pixel-snapped values when generating transforms.
300         * rendering/RenderBox.cpp:
301         (WebCore::RenderBox::mapLocalToContainer): Adding a mode whereby the values inputed
302         into the transform are properly pixel snapped.
303         (WebCore::RenderBox::computeRectForRepaint): Using pixel snapped values for the transform.
304         * rendering/RenderBox.h:
305         (RenderBox):
306         * rendering/RenderGeometryMap.cpp:
307         (WebCore::RenderGeometryMap::mapToAbsolute):
308         * rendering/RenderInline.cpp:
309         (WebCore::RenderInline::mapLocalToContainer):
310         * rendering/RenderInline.h:
311         (RenderInline):
312         * rendering/RenderLayer.cpp:
313         (WebCore::RenderLayer::updateTransform): Using pixel snapped values for the transform.
314         (WebCore::RenderLayer::currentTransform): Ditto.
315         (WebCore::RenderLayer::perspectiveTransform): Ditto.
316         (WebCore::RenderLayer::paint): Support passing along the accumulated sub-pixel offset instead
317         of rounding and use enclosingIntRect for the damageRect.
318         (WebCore::RenderLayer::paintOverlayScrollbars): Updating to the new paintLayer contract
319         (WebCore::RenderLayer::paintLayer): Adding a sub-pixel accumulation LayoutSize. We pass this
320         delta to the Layer's RenderObject when we paint, but align the graphics context to the proper
321         pixel value.
322         (WebCore::RenderLayer::paintLayerContentsAndReflection): Ditto.
323         (WebCore::RenderLayer::paintLayerContents): Ditto.
324         (WebCore::RenderLayer::paintList): Ditto.
325         (WebCore::RenderLayer::paintChildLayerIntoColumns): Ditto.
326         (WebCore::RenderLayer::calculateClipRects): Avoid unnecessary rounding when sub-pixel is enabled.
327         (WebCore::RenderLayer::calculateRects): Remove unnecessary pixel snapping.
328         * rendering/RenderLayer.h:
329         (RenderLayer):
330         * rendering/RenderLayerBacking.cpp:
331         (WebCore::RenderLayerBacking::updateLayerTransform): Use pixel-snapped values for transforms.
332         (WebCore::RenderLayerBacking::paintIntoLayer): Update to new paintLayer contract.
333         * rendering/RenderObject.cpp:
334         (WebCore::RenderObject::localToContainerQuad): Adding a mode for optionally pixel snapping.
335         (WebCore::RenderObject::localToContainerPoint): Ditto.
336         * rendering/RenderObject.h:
337         (WebCore::RenderObject::localToAbsoluteQuad): Ditto.
338         (RenderObject):
339         * rendering/RenderReplica.cpp:
340         (WebCore::RenderReplica::paint): Updating to new paintLayer contract.
341         * rendering/RenderView.h:
342         (RenderView):
343         * rendering/svg/RenderSVGForeignObject.cpp:
344         (WebCore::RenderSVGForeignObject::mapLocalToContainer):
345         * rendering/svg/RenderSVGForeignObject.h:
346         (RenderSVGForeignObject):
347         * rendering/svg/RenderSVGInline.cpp:
348         (WebCore::RenderSVGInline::mapLocalToContainer):
349         * rendering/svg/RenderSVGInline.h:
350         (RenderSVGInline):
351         * rendering/svg/RenderSVGModelObject.cpp:
352         (WebCore::RenderSVGModelObject::mapLocalToContainer):
353         * rendering/svg/RenderSVGModelObject.h:
354         (RenderSVGModelObject):
355         * rendering/svg/RenderSVGRoot.h:
356         (RenderSVGRoot):
357         * rendering/svg/RenderSVGText.cpp:
358         (WebCore::RenderSVGText::mapLocalToContainer):
359         * rendering/svg/RenderSVGText.h:
360         (RenderSVGText):
361         * rendering/svg/SVGRenderSupport.cpp:
362         (WebCore::SVGRenderSupport::mapLocalToContainer):
363         * rendering/svg/SVGRenderSupport.h:
364         (SVGRenderSupport):
365
366 2012-08-16  Mario Sanchez Prada  <msanchez@igalia.com>
367
368         [GTK] Bad utf8 data is being passed to enchant_dict_check
369         https://bugs.webkit.org/show_bug.cgi?id=94202
370
371         Reviewed by Martin Robinson.
372
373         Pass the number of bytes instead of the number of UTF8 characters
374         when calling enchant_dict_check.
375
376         * platform/text/gtk/TextCheckerEnchant.cpp:
377         (TextCheckerEnchant::checkSpellingOfString): Use 'bytes' instead
378         of 'wordLength'.
379
380 2012-08-16  Sergey Rogulenko  <rogulenko@google.com>
381
382         Web Inspector: added Paint events for Images to TimelineAgent
383         https://bugs.webkit.org/show_bug.cgi?id=90277
384
385         Reviewed by Pavel Feldman.
386
387         - add DecodeImage & ResizeImage timeline events;
388         - implement {will,did}DecodeImage and {will,did}ResizeImage methods of Timeline agent;
389
390         Test: inspector/timeline/timeline-decode-resize.html
391
392         * English.lproj/localizedStrings.js:
393         * inspector/InspectorTimelineAgent.cpp:
394         (TimelineRecordType):
395         (WebCore::InspectorTimelineAgent::willDecodeImage):
396         (WebCore::InspectorTimelineAgent::didDecodeImage):
397         (WebCore::InspectorTimelineAgent::willResizeImage):
398         (WebCore::InspectorTimelineAgent::didResizeImage):
399         * inspector/TimelineRecordFactory.cpp:
400         (WebCore::TimelineRecordFactory::createDecodeImageData):
401         (WebCore):
402         (WebCore::TimelineRecordFactory::createResizeImageData):
403         * inspector/TimelineRecordFactory.h:
404         (TimelineRecordFactory):
405         * inspector/front-end/TimelineModel.js:
406         * inspector/front-end/TimelinePresentationModel.js:
407         (WebInspector.TimelinePresentationModel.initRecordStyles_):
408         (WebInspector.TimelinePresentationModel.Record.prototype._getRecordDetails):
409
410 2012-08-16  James Robinson  <jamesr@chromium.org>
411
412         [chromium] Remove alwaysReserveTextures code - it doesn't do anything
413         https://bugs.webkit.org/show_bug.cgi?id=94183
414
415         Reviewed by Dimitri Glazkov.
416
417         LayerChromium::setAlwaysReservesTextures doesn't do anything and hasn't since the prioritized texture manager
418         landed. This deletes the associated code.
419
420         * platform/graphics/chromium/LayerChromium.cpp:
421         (WebCore::LayerChromium::LayerChromium):
422         * platform/graphics/chromium/LayerChromium.h:
423         (LayerChromium):
424
425 2012-08-16  Adam Barth  <abarth@webkit.org>
426
427         Unreviewed. Sort the xcodeproj file.
428
429         * WebCore.xcodeproj/project.pbxproj:
430
431 2012-08-16  Adam Barth  <abarth@webkit.org>
432
433         Unreviewed. Update bindings tests results from my recent VoidCallback
434         patch. The new result is correct.
435
436         * bindings/scripts/test/V8/V8TestCallback.cpp:
437
438 2012-08-16  Andrey Kosyakov  <caseq@chromium.org>
439
440         Web Inspector: CPU profiler status bar is broken.
441         https://bugs.webkit.org/show_bug.cgi?id=94212
442
443         Reviewed by Pavel Feldman.
444
445         - properly compute floating status bar buttons offset for profile and timeline panels,
446             taking actual number of panel status bar buttons and panel sidebar offset into account;
447
448         * inspector/front-end/ProfilesPanel.js:
449         (WebInspector.ProfilesPanel.prototype.get statusBarItems):
450         (WebInspector.ProfilesPanel.prototype.sidebarResized):
451         (WebInspector.ProfilesPanel.prototype.onResize):
452         * inspector/front-end/SplitView.js:
453         (WebInspector.SplitView.prototype.sidebarWidth):
454         * inspector/front-end/StatusBarButton.js:
455         * inspector/front-end/TimelinePanel.js:
456         (WebInspector.TimelinePanel.prototype.sidebarResized):
457         (WebInspector.TimelinePanel.prototype.onResize):
458
459 2012-08-16  Jocelyn Turcotte  <jocelyn.turcotte@nokia.com>
460
461         Fix the Mac build.
462
463         Unreviewed build fix.
464
465         * WebCore.exp.in: Export FrameView::didFirstLayout()
466
467 2012-08-16  Konrad Piascik  <kpiascik@rim.com>
468
469         Add BB10 User Agent String to Web Inspector.
470         https://bugs.webkit.org/show_bug.cgi?id=94217
471
472         Reviewed by George Staikos.
473
474         Add the new BlackBerry 10 User Agent String and device metrics for
475         emulation.
476
477         * inspector/front-end/SettingsScreen.js:
478         (WebInspector.UserAgentSettingsTab.prototype._createUserAgentSelectRowElement.get const):
479
480 2012-08-16  Marcelo Lira  <marcelo.lira@openbossa.org>
481
482         [Qt] Input method hints are not being set.
483         https://bugs.webkit.org/show_bug.cgi?id=92386
484
485         Reviewed by Kenneth Rohde Christiansen.
486
487         Input method hints for an editable element must be obtained from a proper
488         HTML element. If the editable element is a complex one, it will have elements
489         in the Shadow DOM, and it's one of those that will be returned as the root
490         editable element. This works for editable DIVs, but not for INPUT elements.
491         Using Element::shadowHost() on the root editable element will provide the
492         needed HTML element, and for further clarity a method that does this was added
493         to FrameSelection.
494
495         * editing/FrameSelection.cpp:
496         (WebCore::FrameSelection::rootEditableElementRespectingShadowTree): Similar to
497         WebCore::FrameSelection::rootEditableElement, but returns the first ancestor of
498         the editable element outside the shadow tree.
499         (WebCore):
500         * editing/FrameSelection.h:
501         (FrameSelection):
502
503 2012-08-16  Zeno Albisser  <zeno@webkit.org>
504
505         Make GraphicsSurface double buffered by default.
506         https://bugs.webkit.org/show_bug.cgi?id=93252
507
508         Create only a single GraphicsSurface per canvas
509         on both supported platforms Mac/Linux.
510         The GraphicsSurface on Mac internally uses two IOSurface
511         to provide a front and a back buffer.
512         The GLX implementation of GraphicsSurface uses
513         an XWindow which already provides a front and a back buffer.
514
515         Reviewed by Noam Rosenthal.
516
517         * platform/graphics/qt/GraphicsContext3DQt.cpp:
518         (GraphicsContext3DPrivate):
519             Remove creation of second GraphicsSurface.
520         (WebCore::GraphicsContext3DPrivate::GraphicsContext3DPrivate):
521         (WebCore::GraphicsContext3DPrivate::copyToGraphicsSurface):
522         (WebCore):
523         (WebCore::GraphicsContext3DPrivate::graphicsSurfaceToken):
524         (WebCore::GraphicsContext3DPrivate::createGraphicsSurfaces):
525         * platform/graphics/surfaces/GraphicsSurface.cpp:
526         (WebCore::GraphicsSurface::create):
527             Adjust token type to uint64_t.
528         (WebCore::GraphicsSurface::exportToken):
529             Adjust return type to uint64_t.
530         (WebCore::GraphicsSurface::frontBuffer):
531         (WebCore):
532         (WebCore::GraphicsSurface::swapBuffers):
533             Add forwarding function to swap buffers inside GraphicsSurface.
534         * platform/graphics/surfaces/GraphicsSurface.h:
535         (GraphicsSurface):
536             Add SupportsSingleBuffered flag to allow for single buffered implementations.
537             Currently single buffered surfaces are either not implemented or disabled.
538         * platform/graphics/surfaces/mac/GraphicsSurfaceMac.cpp:
539             Move implementation details into GraphicsSurfacePrivate.
540             This way the platform specific code can be hidden in the specific cpp file
541             instead of polluting the global GraphicsSurface header.
542         (WebCore::createTexture):
543         (GraphicsSurfacePrivate):
544         (WebCore::GraphicsSurfacePrivate::GraphicsSurfacePrivate):
545         (WebCore::GraphicsSurfacePrivate::~GraphicsSurfacePrivate):
546         (WebCore::GraphicsSurfacePrivate::swapBuffers):
547         (WebCore::GraphicsSurfacePrivate::token):
548         (WebCore::GraphicsSurfacePrivate::frontBufferTextureID):
549         (WebCore::GraphicsSurfacePrivate::backBufferTextureID):
550         (WebCore::GraphicsSurfacePrivate::frontBuffer):
551         (WebCore::GraphicsSurfacePrivate::backBuffer):
552         (WebCore):
553         (WebCore::GraphicsSurface::platformExport):
554         (WebCore::GraphicsSurface::platformGetTextureID):
555         (WebCore::GraphicsSurface::platformCopyToGLTexture):
556         (WebCore::GraphicsSurface::platformCopyFromFramebuffer):
557         (WebCore::GraphicsSurface::platformFrontBuffer):
558         (WebCore::GraphicsSurface::platformSwapBuffers):
559         (WebCore::GraphicsSurface::platformCreate):
560         (WebCore::GraphicsSurface::platformImport):
561         (WebCore::ioSurfaceLockOptions):
562         (WebCore::GraphicsSurface::platformLock):
563         (WebCore::GraphicsSurface::platformUnlock):
564         (WebCore::GraphicsSurface::platformDestroy):
565         * platform/graphics/surfaces/qt/GraphicsSurfaceGLX.cpp:
566         (WebCore::OffScreenRootWindow::get):
567         (WebCore::GraphicsSurfacePrivate::swapBuffers):
568             Make sure that framebuffer bindings remain consistent
569             after swapping buffers on the XWindow.
570         (WebCore::GraphicsSurface::platformExport):
571             Make sure the GLXPixmap is only bound to the texture once.
572         (WebCore::GraphicsSurface::platformGetTextureID):
573         (WebCore::GraphicsSurface::platformCopyFromFramebuffer):
574         (WebCore):
575         (WebCore::GraphicsSurface::platformFrontBuffer):
576             The GLX surface does not know how to destinguish between
577             the front and the back buffer by an id. This is not necessary
578             for GraphicsSurfaceGLX, because the texture can just be
579             read from the XWindow at any time.
580         (WebCore::GraphicsSurface::platformSwapBuffers):
581         (WebCore::GraphicsSurface::platformCreate):
582         (WebCore::GraphicsSurface::platformImport):
583         * platform/graphics/texmap/TextureMapperBackingStore.cpp:
584             Remove code that was used for switching between two GraphicsSurfaces,
585             as this is now handled directly inside GraphicsSurface.
586         (WebCore::TextureMapperSurfaceBackingStore::setGraphicsSurface):
587         (WebCore::TextureMapperSurfaceBackingStore::paintToTextureMapper):
588         (WebCore::TextureMapperSurfaceBackingStore::setSurface):
589         (WebCore):
590         * platform/graphics/texmap/TextureMapperBackingStore.h:
591             Remove GraphicsSurfaceData struct. This class is not needed anymore
592             as we do not keep track of more than one GraphicsSurface at the time.
593         (WebCore):
594         (TextureMapperSurfaceBackingStore):
595         (WebCore::TextureMapperSurfaceBackingStore::graphicsSurface):
596         (WebCore::TextureMapperSurfaceBackingStore::TextureMapperSurfaceBackingStore):
597         * platform/graphics/texmap/TextureMapperPlatformLayer.h:
598         (WebCore::TextureMapperPlatformLayer::graphicsSurfaceToken):
599
600 2012-08-16  Mike West  <mkwst@chromium.org>
601
602         Implement the form-action Content Security Policy directive.
603         https://bugs.webkit.org/show_bug.cgi?id=93777
604
605         Reviewed by Jochen Eisinger.
606
607         The CSP 1.1 editor's draft defines the 'form-action' directive as a
608         mechanism for whitelisting valid targets for form submission from a
609         protected resource. A web author might desire to restrict form
610         submissions to the same origin as the protected resource itself via
611         a Content Security Policy of "form-action 'self'", or ensure that all
612         submissions were sent over an SSL connection via "form-action https:".
613
614         Specification details available at: https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#form-action--experimental
615
616         This experimental directive is gated on the ENABLE_CSP_NEXT flag, which
617         is currently only enabled in Chromium.
618
619         Tests: http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed.html
620                http/tests/security/contentSecurityPolicy/1.1/form-action-src-blocked.html
621                http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored.html
622                http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed.html
623                http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-blocked.html
624                http/tests/security/contentSecurityPolicy/1.1/form-action-src-javascript-blocked.html
625                http/tests/security/contentSecurityPolicy/1.1/form-action-src-redirect-blocked.html
626
627         * loader/FrameLoader.cpp:
628         (WebCore::FrameLoader::checkIfFormActionAllowedByCSP):
629             Adding a callback to FrameLoader in order to allow the
630             MainResourceLoader to check the relevant CSP status without knowing
631             anything about CSP.
632         (WebCore):
633         * loader/FrameLoader.h:
634         (FrameLoader):
635         * loader/MainResourceLoader.cpp:
636         (WebCore::MainResourceLoader::willSendRequest):
637             Check against the protected resource's Content Security Policy when
638             presented with a request that is itself a form submission, or is the
639             result of a redirect in response to a form submission. If CSP would
640             block the target, cancel the request.
641         * page/ContentSecurityPolicy.cpp:
642         (CSPDirectiveList):
643         (WebCore::CSPDirectiveList::checkSourceAndReportViolation):
644             Added explanatory text to the source violation console warning that
645             specifically calls out sending form data (as opposed to "connect to"
646             or "load the").
647         (WebCore::CSPDirectiveList::allowFormAction):
648             Check a URL against a directive list's the 'form-action' source list.
649         (WebCore):
650         (WebCore::CSPDirectiveList::addDirective):
651             Recognize the 'form-action' CSP directive.
652         (WebCore::ContentSecurityPolicy::allowFormAction):
653             Public interface to check a form action.
654         * page/ContentSecurityPolicy.h:
655
656 2012-08-16  Arvid Nilsson  <anilsson@rim.com>
657
658         [BlackBerry] WebGL and Canvas fail to display after being restored from page cache
659         https://bugs.webkit.org/show_bug.cgi?id=94105
660
661         Reviewed by George Staikos.
662
663         The EGLImage was being destroyed when releasing layer resources on the
664         compositing thread, but the WebKit thread layer never found out and
665         failed to create a new image.
666
667         Fixed by extending the release layer resources mechanism to also make a
668         pass on the WebKit thread so that thread's layers have a chance to
669         delete their textures and related resources.
670
671         WebGL and canvas layers now take this opportunity to release their
672         textures so the EGLImage gets recreated when compositing commits
673         resume.
674
675         The only detail that deserves extra explanation is the ownership of the
676         EGLImage.
677
678         Since the EGLImage is created in updateTextureContentsIfNeeded() and
679         that one is always followed by commitPendingTextureUploads() which
680         transfers the EGLImage to the compositing thread layer's custody, the
681         EGLImage currently referenced by EGLImageLayerWebKitThread::m_image
682         should never be deleted by the WebKit thread layer.
683
684         Thus all we have to do in deleteFrontBuffer() is to set the m_image
685         member to 0 so the image gets recreated on the next commit. It will be
686         deleted by the part of releaseLayerResources() that executes on the
687         compositing thread (which, if you recall, was the original source of
688         this bug).
689
690         Reviewed internally by Filip Spacek.
691
692         PR 192899
693
694         Not currently testable by the BlackBerry testing infrastructure.
695
696         * platform/graphics/blackberry/CanvasLayerWebKitThread.cpp:
697         (WebCore::CanvasLayerWebKitThread::deleteTextures):
698         (WebCore):
699         * platform/graphics/blackberry/CanvasLayerWebKitThread.h:
700         (CanvasLayerWebKitThread):
701         * platform/graphics/blackberry/EGLImageLayerWebKitThread.cpp:
702         (WebCore::EGLImageLayerWebKitThread::~EGLImageLayerWebKitThread):
703         (WebCore::EGLImageLayerWebKitThread::deleteFrontBuffer):
704         * platform/graphics/blackberry/EGLImageLayerWebKitThread.h:
705         (EGLImageLayerWebKitThread):
706         * platform/graphics/blackberry/LayerWebKitThread.cpp:
707         (WebCore::LayerWebKitThread::releaseLayerResources):
708         (WebCore):
709         * platform/graphics/blackberry/LayerWebKitThread.h:
710         (LayerWebKitThread):
711         (WebCore::LayerWebKitThread::deleteTextures):
712         * platform/graphics/blackberry/WebGLLayerWebKitThread.cpp:
713         (WebCore::WebGLLayerWebKitThread::~WebGLLayerWebKitThread):
714         (WebCore::WebGLLayerWebKitThread::deleteTextures):
715         (WebCore):
716         * platform/graphics/blackberry/WebGLLayerWebKitThread.h:
717         (WebGLLayerWebKitThread):
718
719 2012-08-16  Andrey Kosyakov  <caseq@chromium.org>
720
721         Web Inspector: enable instrumentation of platform code
722         https://bugs.webkit.org/show_bug.cgi?id=94125
723
724         Reviewed by Pavel Feldman.
725
726         - add PlatformInstrumentation class that exposes instrumentation methods that may be used by code under WebCore/platform;
727         - move TRACE_EVENT_XXX() macros into PlatformInstrumentation.h to minimize instrumentation hassle in the client code;
728         - implement PlatformInstrumentationClient by InspectorTimelineAgent;
729         - only install PlatformInstrumentationClient when we have outer events for which we expect low-level details
730
731         * CMakeLists.txt:
732         * GNUmakefile.list.am:
733         * Target.pri:
734         * WebCore.gypi:
735         * WebCore.vcproj/WebCore.vcproj:
736         * inspector/InspectorTimelineAgent.cpp:
737         (WebCore::InspectorTimelineAgent::willDecodeImage): to be implemented by subsequent change;
738         (WebCore::InspectorTimelineAgent::didDecodeImage): to be implemented by subsequent change;
739         (WebCore::InspectorTimelineAgent::willResizeImage): to be implemented by subsequent change;
740         (WebCore::InspectorTimelineAgent::didResizeImage): to be implemented by subsequent change;
741         (WebCore::InspectorTimelineAgent::didCompleteCurrentRecord):
742         (WebCore::InspectorTimelineAgent::InspectorTimelineAgent):
743         (WebCore::InspectorTimelineAgent::pushCurrentRecord):
744         (WebCore::InspectorTimelineAgent::clearRecordStack):
745         * inspector/InspectorTimelineAgent.h:
746         (InspectorTimelineAgent):
747         * platform/PlatformInstrumentation.cpp: Added.
748         (WebCore):
749         (WebCore::PlatformInstrumentation::setClient):
750         * platform/PlatformInstrumentation.h: Added.
751         (WebCore):
752         (PlatformInstrumentationClient):
753         (PlatformInstrumentation):
754         (WebCore::PlatformInstrumentation::hasClient):
755         (WebCore::PlatformInstrumentation::willDecodeImage):
756         (WebCore::PlatformInstrumentation::didDecodeImage):
757         (WebCore::PlatformInstrumentation::willResizeImage):
758         (WebCore::PlatformInstrumentation::didResizeImage):
759         * platform/graphics/skia/NativeImageSkia.cpp:
760         (WebCore::NativeImageSkia::resizedBitmap): added calls to PlatformInstrumentation, removed TRACE_EVENT();
761         * platform/image-decoders/bmp/BMPImageDecoder.cpp:
762         (WebCore::BMPImageDecoder::frameBufferAtIndex): added calls to PlatformInstrumentation;
763         (WebCore::BMPImageDecoder::decode): removed TRACE_EVENT()
764         * platform/image-decoders/gif/GIFImageDecoder.cpp:
765         (WebCore::GIFImageDecoder::frameBufferAtIndex): added calls to PlatformInstrumentation;
766         (WebCore::GIFImageDecoder::decode): removed TRACE_EVENT()
767         * platform/image-decoders/ico/ICOImageDecoder.cpp:
768         (WebCore::ICOImageDecoder::frameBufferAtIndex): added calls to PlatformInstrumentation;
769         (WebCore::ICOImageDecoder::decode): removed TRACE_EVENT()
770         * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
771         (WebCore::JPEGImageDecoder::frameBufferAtIndex): added calls to PlatformInstrumentation;
772         (WebCore::JPEGImageDecoder::decode): removed TRACE_EVENT()
773         * platform/image-decoders/png/PNGImageDecoder.cpp:
774         (WebCore::PNGImageDecoder::frameBufferAtIndex): added calls to PlatformInstrumentation;
775         * platform/image-decoders/webp/WEBPImageDecoder.cpp:
776         (WebCore::WEBPImageDecoder::frameBufferAtIndex): added calls to PlatformInstrumentation;
777         (WebCore::WEBPImageDecoder::decode): removed TRACE_EVENT();
778         * inspector/InspectorInstrumentation.cpp: removed orphan event support;
779         (WebCore):
780         * inspector/InspectorInstrumentation.h: ditto.
781
782 2012-08-16  Vsevolod Vlasov  <vsevik@chromium.org>
783
784         Web Inspector: Breakpoints are not correctly restored on reload.
785         https://bugs.webkit.org/show_bug.cgi?id=94209
786
787         Reviewed by Pavel Feldman.
788
789         BreakpointManager now resets uiLocations on workspace reset (was doing it on GlobalObjectCleared).
790         Breakpoint manager now calls restoreBreakpoints automatically when uiSourceCode is added to workspace.
791
792         * inspector/front-end/BreakpointManager.js:
793         (WebInspector.BreakpointManager):
794         (WebInspector.BreakpointManager.prototype._uiSourceCodeAdded):
795         (WebInspector.BreakpointManager.prototype._workspaceReset):
796         * inspector/front-end/UISourceCode.js:
797         (WebInspector.UISourceCode):
798         * inspector/front-end/inspector.js:
799
800 2012-08-16  Pierre Rossi  <pierre.rossi@gmail.com>
801
802         [Qt] Remove FontQt4, HAVE_QRAWFONT flag and the related dead code
803         https://bugs.webkit.org/show_bug.cgi?id=93960
804
805         Reviewed by Simon Hausmann.
806
807         Following the removal of Qt 4 support from trunk in r124879.
808
809         No new tests. Simple cleanup job.
810
811         * Target.pri:
812         * platform/graphics/Font.cpp:
813         (WebCore::Font::codePath):
814         * platform/graphics/Font.h:
815         (Font):
816         * platform/graphics/GraphicsContext.cpp:
817         (WebCore):
818         * platform/graphics/SimpleFontData.cpp:
819         (WebCore::SimpleFontData::platformGlyphInit):
820         (WebCore::SimpleFontData::glyphForCharacter):
821         * platform/graphics/SimpleFontData.h:
822         (SimpleFontData):
823         (WebCore::SimpleFontData::widthForGlyph):
824         * platform/graphics/qt/FontCacheQt.cpp:
825         (WebCore::rawFontForCharacters):
826         (WebCore::FontCache::getFontDataForCharacters):
827         * platform/graphics/qt/FontCustomPlatformData.h:
828         (FontCustomPlatformData):
829         * platform/graphics/qt/FontCustomPlatformDataQt.cpp:
830         (WebCore::FontCustomPlatformData::fontPlatformData):
831         (WebCore::createFontCustomPlatformData):
832         * platform/graphics/qt/FontPlatformData.h:
833         (WebCore::FontPlatformDataPrivate::FontPlatformDataPrivate):
834         (FontPlatformDataPrivate):
835         (FontPlatformData):
836         (WebCore::FontPlatformData::FontPlatformData):
837         * platform/graphics/qt/FontPlatformDataQt.cpp:
838         (WebCore::FontPlatformData::FontPlatformData):
839         (WebCore::FontPlatformData::operator==):
840         (WebCore::FontPlatformData::hash):
841         * platform/graphics/qt/FontQt4.cpp: Removed.
842         * platform/graphics/qt/GlyphPageTreeNodeQt.cpp:
843         (WebCore::GlyphPage::fill):
844         * platform/graphics/qt/SimpleFontDataQt.cpp:
845         (WebCore::SimpleFontData::determinePitch):
846         (WebCore::SimpleFontData::platformBoundsForGlyph):
847         (WebCore::SimpleFontData::platformInit):
848         (WebCore::SimpleFontData::platformCharWidthInit):
849         * rendering/svg/SVGTextMetricsBuilder.cpp:
850         (WebCore::SVGTextMetricsBuilder::advance):
851         (WebCore::SVGTextMetricsBuilder::advanceSimpleText):
852         (WebCore::SVGTextMetricsBuilder::initializeMeasurementWithTextRenderer):
853
854 2012-08-16  Yury Semikhatsky  <yurys@chromium.org>
855
856         Web Inspector: memory instrumentation for Resource{Request/Response}Base
857         https://bugs.webkit.org/show_bug.cgi?id=94109
858
859         Reviewed by Vsevolod Vlasov.
860
861         Added reportMemoryUsage methods to ResourceRequestBase, ResourceResponseBase
862         and several related classes.
863
864         * dom/MemoryInstrumentation.cpp:
865         (WebCore::MemoryInstrumentation::addInstrumentedObjectImpl): added overrides
866         for String, StringImpl and AtomicString object types so that we can reuse
867         existing addInstrumentedCollection method instead of adding a counterpart
868         that would operate on not instrumented content. Next step would be to get
869         rid od addObject overrides for these types so that all kinds of Strings are
870         considered as instrumented classes despite they don't have reportMemoryUsage
871         method.
872         (WebCore):
873         * dom/MemoryInstrumentation.h:
874         (WebCore::MemoryInstrumentation::addInstrumentedObjectImpl):
875         (MemoryInstrumentation):
876         * loader/DocumentLoader.cpp:
877         (WebCore::DocumentLoader::reportMemoryUsage):
878         * platform/network/FormData.cpp:
879         (WebCore::FormData::reportMemoryUsage):
880         (WebCore):
881         * platform/network/FormData.h:
882         (WebCore):
883         (FormData):
884         * platform/network/ResourceRequestBase.cpp:
885         (WebCore::ResourceRequestBase::reportMemoryUsage):
886         (WebCore):
887         * platform/network/ResourceRequestBase.h:
888         (ResourceRequestBase):
889         * platform/network/ResourceResponseBase.cpp:
890         (WebCore):
891         (WebCore::ResourceResponseBase::reportMemoryUsage):
892         * platform/network/ResourceResponseBase.h:
893         (WebCore):
894         (ResourceResponseBase):
895
896 2012-08-16  Adam Barth  <abarth@webkit.org>
897
898         Delete DOMWindow::securityOrigin()
899         https://bugs.webkit.org/show_bug.cgi?id=93991
900
901         Reviewed by Eric Seidel.
902
903         DOMWindow::securityOrigin() just calls through to
904         document()->securityOrigin(). This patch updates all the callers to do
905         that work themselves, making it clearer what's going on at each call
906         site.
907
908         * bindings/generic/BindingSecurity.cpp:
909         (WebCore::canAccessDocument):
910         * bindings/js/JSDOMWindowBase.cpp:
911         (WebCore::JSDOMWindowBase::allowsAccessFrom):
912         * bindings/js/JSDOMWindowCustom.h:
913         (WebCore::JSDOMWindowBase::allowsAccessFromPrivate):
914         * bindings/js/ScriptController.cpp:
915         (WebCore::ScriptController::collectIsolatedContexts):
916         * page/DOMWindow.cpp:
917         (WebCore::DOMWindow::isInsecureScriptAccess):
918         (WebCore::DOMWindow::createWindow):
919         * page/DOMWindow.h:
920         (DOMWindow):
921         * page/Location.cpp:
922         (WebCore::Location::reload):
923
924 2012-08-16  Sheriff Bot  <webkit.review.bot@gmail.com>
925
926         Unreviewed, rolling out r125751.
927         http://trac.webkit.org/changeset/125751
928         https://bugs.webkit.org/show_bug.cgi?id=94206
929
930         we shouldn't be rolling out this patch without a formal
931         review. (Requested by rniwa_ on #webkit).
932
933         * dom/CharacterData.cpp:
934         (WebCore::CharacterData::setDataAndUpdate):
935         * editing/FrameSelection.cpp:
936         (WebCore::updatePositionAfterAdoptingTextReplacement):
937         (WebCore::FrameSelection::textWasReplaced):
938         * editing/FrameSelection.h:
939         (FrameSelection):
940
941 2012-08-16  Marja Hölttä  <marja@chromium.org>
942
943         FormController, FileInputType: Enable reading selected file names from document state
944         https://bugs.webkit.org/show_bug.cgi?id=91231
945
946         Reviewed by Jochen Eisinger.
947
948         This change enables Chromium to set up file permissions properly when
949         the session restore feature restores a page with selected files.
950
951         Test: fast/forms/file/selected-files-from-history-state.html
952
953         * WebCore.exp.in: Exported FormController::getReferencedFilePaths.
954         * html/FileInputType.cpp:
955         (WebCore::FileInputType::filesFromFormControlState): Added. Extracts FileChooserFileInfos from a FormControlState.
956         (WebCore):
957         (WebCore::FileInputType::restoreFormControlState): Refactored to use filesFromFormControlState.
958         * html/FileInputType.h:
959         (FileInputType): Added filesFromFormControlState.
960         * html/FormController.cpp:
961         (SavedFormState): Added getReferencedFilePaths.
962         (WebCore::SavedFormState::getReferencedFilePaths): Added. Extracts selected file paths from SavedFormState.
963         (WebCore):
964         (WebCore::FormController::setStateForNewFormElements): Refactored to use formStatesFromStateVector.
965         (WebCore::FormController::formStatesFromStateVector):
966         (WebCore::FormController::getReferencedFilePaths): Added. Static. Extracts selected file paths from a document state.
967         * html/FormController.h:
968         (FormController): Added getReferencedFilePaths and formStatesFromStateVector.
969         * html/HTMLInputElement.cpp:
970         (WebCore::HTMLInputElement::filesFromFileInputFormControlState): Added. Delegates to FileInputType::filesFromFormControlState.
971         (WebCore):
972         * html/HTMLInputElement.h: Added filesFromFileInputFormControlState.
973         (HTMLInputElement):
974         * testing/Internals.cpp:
975         (WebCore::Internals::getReferencedFilePaths): Calls FormController::getReferencedFilePaths.
976         (WebCore):
977         * testing/Internals.h:
978         (Internals): Added getReferencedFilePaths.
979         * testing/Internals.idl: Added binding for getReferencedFilePaths.
980
981 2012-08-15  Shawn Singh  <shawnsingh@chromium.org>
982
983         [chromium] set scissorRect per quad so that quads are correctly clipped
984         https://bugs.webkit.org/show_bug.cgi?id=94050
985
986         Reviewed by Adrienne Walker.
987
988         Certain quad types rely on scissoring to do correct
989         clipping. Refactoring the quad types to remove this assumption
990         will be done in a later patch, but for now, we have to apply the
991         scissor rect to every quad to ensure that those quads are
992         correctly clipped.
993
994         Test: compositing/overflow/overflow-hidden-canvas-layer.html
995
996         Also updated two unit tests to reflect the change in semantics.
997
998         * platform/graphics/chromium/LayerRendererChromium.cpp:
999         (WebCore::LayerRendererChromium::drawRenderPass):
1000         (WebCore::LayerRendererChromium::drawQuad):
1001
1002 2012-08-16  Yoshifumi Inoue  <yosin@chromium.org>
1003
1004         [Forms] Wheel event support in multiple fields time input UI
1005         https://bugs.webkit.org/show_bug.cgi?id=94166
1006
1007         Reviewed by Kent Tamura.
1008
1009         This patch makes multiple fields time input UI to handle wheel event
1010         on spin button.
1011
1012         This patch affects if ENABLE_INPUT_TYPE_TIME and ENABLE_INPUT_TYPE_MULTIPLE_FIELDS
1013         are enabled.
1014
1015         Test: fast/forms/time-multiple-fields/time-multiple-fields-wheel-event.html
1016
1017         * html/shadow/DateTimeEditElement.cpp:
1018         (WebCore::DateTimeEditElement::defaultEventHandler): Changed to forward
1019         event to spin button if available.
1020
1021 2012-08-16  Zhigang Gong  <zhigang.gong@linux.intel.com>
1022
1023         TextureMapperGL::beginPainting has a duplicate call to get GL_FRAMEBUFFER_BINDING.
1024         https://bugs.webkit.org/show_bug.cgi?id=94180
1025
1026         Reviewed by Noam Rosenthal.
1027
1028         * platform/graphics/texmap/TextureMapperGL.cpp:
1029         (WebCore::TextureMapperGL::beginPainting):
1030
1031 2012-08-16  Sheriff Bot  <webkit.review.bot@gmail.com>
1032
1033         Unreviewed, rolling out r119705.
1034         http://trac.webkit.org/changeset/119705
1035         https://bugs.webkit.org/show_bug.cgi?id=94192
1036
1037         Causing crash on ClusterFuzz due to incorrect layout ordering
1038         change (Requested by inferno-sec on #webkit).
1039
1040         * dom/CharacterData.cpp:
1041         (WebCore::CharacterData::setDataAndUpdate):
1042         * editing/FrameSelection.cpp:
1043         (WebCore::updatePositionAfterAdoptingTextReplacement):
1044         (WebCore::FrameSelection::textWillBeReplaced):
1045         * editing/FrameSelection.h:
1046         (FrameSelection):
1047
1048 2012-08-15  Kent Tamura  <tkent@chromium.org>
1049
1050         [Chromium] Refactoring: Introduce a new function for some part of PopupContainer::layoutAndCalculateWidgetRect()
1051         https://bugs.webkit.org/show_bug.cgi?id=94087
1052
1053         Reviewed by Hajime Morita.
1054
1055         Move some part of PopupContainer::layoutAndCalculateWidgetRect() to a
1056         new function which is not a member of PopupContainer because we'd like
1057         to add a unit test for the position calculation code, and to reduce the
1058         dependency.
1059
1060         No new tests. Popup positioning code is not testable in WebKit.
1061
1062         * platform/chromium/PopupContainer.cpp:
1063         (WebCore::layoutAndCalculateWidgetRectInternal):
1064         Added. Move the code from PopupContainer::layoutAndCalculateWidgetRect.
1065         In order to avoid to call member functions of PopupContainer, we
1066         don't call layoutAndGetRTLOffset() and height(). Use
1067         PopupListBox::layout() to recalculate the popup content size, and use
1068         PopupListBox::height() + kBorderSize * 2 instead of height(). We
1069         resize the view after finishing layoutAndCalculateWidgetRectInternal
1070         in PopupContainer::layoutAndCalculateWidgetRect.
1071         (WebCore::PopupContainer::layoutAndCalculateWidgetRect):
1072         Move some code to layoutAndCalculateWidgetRectInternal.
1073         (WebCore::PopupContainer::fitToListBox):
1074         Added. Move the code from PopupContainer::layoutAndGetRTLOffset.
1075         (WebCore::PopupContainer::layoutAndGetRTLOffset):
1076         Move some code to fitToListBox.
1077         * platform/chromium/PopupContainer.h:
1078         (PopupContainer): Added fitToListBox.
1079
1080 2012-08-15  Adam Barth  <abarth@webkit.org>
1081
1082         VoidCallback should not be a special snowflake
1083         https://bugs.webkit.org/show_bug.cgi?id=94119
1084
1085         Reviewed by Eric Seidel.
1086
1087         VoidCallback is the oldest of the callbacks and it predates our ability
1088         to autogenerate callback objects. The existing implementation of
1089         VoidCallback is wrong because it doesn't call
1090         ActiveDOMCallback::canInvokeCallback. The net result of that is that
1091         void callbacks can race with navigations and occationally execute after
1092         the Frame has navigated to a new Document, which was causing the
1093         flakiness.
1094
1095         This patch changes VoidCallback to no longer be a unique snowflake.
1096         Instead, we autogenerate the implementation, just like every other
1097         callback in WebCore.
1098
1099         Tests: storage/websql/database-lock-after-reload.html is no longer flaky.
1100
1101         * DerivedSources.make:
1102         * GNUmakefile.list.am:
1103         * Modules/filesystem/SyncCallbackHelper.h:
1104         (WebCore::SyncCallbackHelper::SuccessCallbackImpl::handleEvent):
1105         * Target.pri:
1106         * UseJSC.cmake:
1107         * UseV8.cmake:
1108         * WebCore.gyp/WebCore.gyp:
1109         * WebCore.gypi:
1110         * WebCore.vcproj/WebCore.vcproj:
1111         * WebCore.xcodeproj/project.pbxproj:
1112         * bindings/cpp/WebDOMCustomVoidCallback.cpp: Removed.
1113         * bindings/cpp/WebDOMCustomVoidCallback.h: Removed.
1114         * bindings/js/JSBindingsAllInOne.cpp:
1115         * bindings/js/JSCustomVoidCallback.cpp: Removed.
1116         * bindings/js/JSCustomVoidCallback.h: Removed.
1117         * bindings/js/JSDesktopNotificationsCustom.cpp:
1118         (WebCore::JSNotificationCenter::requestPermission):
1119         * bindings/scripts/CodeGeneratorCPP.pm:
1120         (GetClassName):
1121         (AddIncludesForType):
1122         * bindings/scripts/CodeGeneratorJS.pm:
1123         (GetCallbackClassName):
1124         (GenerateCallbackImplementation):
1125         (JSValueToNative):
1126         * bindings/scripts/CodeGeneratorV8.pm:
1127         (GenerateCallbackImplementation):
1128         (TypeCanFailConversion):
1129         (GetCallbackClassName):
1130         * bindings/scripts/test/JS/JSTestCallback.cpp:
1131         (WebCore::JSTestCallback::callbackWithNoParam):
1132         * bindings/scripts/test/V8/V8TestCallback.cpp:
1133         * bindings/v8/custom/V8CustomSQLStatementErrorCallback.cpp:
1134         * bindings/v8/custom/V8CustomVoidCallback.cpp: Removed.
1135         * bindings/v8/custom/V8CustomVoidCallback.h: Removed.
1136         * bindings/v8/custom/V8MutationCallbackCustom.cpp:
1137         * bindings/v8/custom/V8NotificationCenterCustom.cpp:
1138         (WebCore::V8NotificationCenter::requestPermissionCallback):
1139         * html/VoidCallback.h:
1140         (VoidCallback):
1141         * html/VoidCallback.idl:
1142         * inspector/InspectorDatabaseAgent.cpp:
1143         (WebCore):
1144
1145 2012-08-15  Hayato Ito  <hayato@chromium.org>
1146
1147         [Shadow] Stop 'load' and 'error' events at shadow boundaries
1148         https://bugs.webkit.org/show_bug.cgi?id=93425
1149
1150         Reviewed by Dimitri Glazkov.
1151
1152         The shadow DOM spec has added these events as 'always-be-stopped' events at shadow boundaries.
1153         http://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/shadow/index.html#events-that-are-always-stopped
1154
1155         Test: fast/dom/shadow/events-stopped-at-shadow-boundary.html
1156
1157         * dom/EventDispatcher.cpp:
1158         (WebCore::EventDispatcher::determineDispatchBehavior):
1159
1160 2012-08-15  Kent Tamura  <tkent@chromium.org>
1161
1162         Calendar Picker: Localize numbers in a calendar picker
1163         https://bugs.webkit.org/show_bug.cgi?id=93704
1164
1165         Reviewed by Hajime Morita.
1166
1167         Because Number.toLocaleString() of V8 returns no localized
1168         numbers, we provide a localization function via
1169         PagePopupController.
1170
1171         No new tests. We have no ways to change the locale in layout tests.
1172
1173         * Resources/pagepopups/calendarPicker.js:
1174         (localizeNumber): Added. A wrapper for pagePopupController.localizeNumberString().
1175         (formatJapaneseImperialEra): Use localizeNumber().
1176         (formatYearMonth): ditto.
1177         (DaysTable.prototype._renderMonth): ditto.
1178         * page/PagePopupController.cpp:
1179         (WebCore::PagePopupController::localizeNumberString):
1180         Added. Just calls WebCore::convertToLocalizedNumber().
1181         * page/PagePopupController.h:
1182         (PagePopupController): Declare localizeNumberString().
1183         * page/PagePopupController.idl: Add localizeNumberString().
1184
1185 2012-08-15  MORITA Hajime  <morrita@google.com>
1186
1187         Regression(121518) TextFieldDecorationElement formatting is broken.
1188         https://bugs.webkit.org/show_bug.cgi?id=90913
1189
1190         Reviewed by Dimitri Glazkov.
1191
1192         NodeRenderingContext::nextRenderer() has a problem which cannot retrieve the renderer
1193         across an insertion point in some case. That is because ad-hoc composed tree traversal on
1194         NodeRenderingContext is broken. The problem is hidden before r121518 though.
1195
1196         This change rewrite nextRenderer() using ComposedShadowTreeWalker to eliminate the ad-hoc
1197         traversal. previousRenderer() is also rewritten in the same way.
1198
1199         Test: fast/dom/shadow/shadow-div-reflow.html
1200
1201         * dom/NodeRenderingContext.cpp:
1202         (WebCore):
1203         (WebCore::NodeRenderingContext::nextRenderer):
1204         (WebCore::NodeRenderingContext::previousRenderer):
1205
1206 2012-08-15  Julien Chaffraix  <jchaffraix@webkit.org>
1207
1208         Add a was-inserted-into-tree notification to RenderObject
1209         https://bugs.webkit.org/show_bug.cgi?id=93874
1210
1211         Reviewed by Eric Seidel.
1212
1213         This change adds insertedIntoTree to RenderObject so that renderers
1214         can now do their post-insertion task inside this function.
1215
1216         Our current architecture has 2 ways of doing post-insertion tasks:
1217         - overriding RenderObject::addChild
1218         - RenderObjectChildList::insertChildNode / appendChildNode
1219
1220         Because the former is not guaranteed to be called for each insertion
1221         (on top of being called on the parent and not the inserted child), the
1222         2 latter functions are the one that have been mostly used recently. This
1223         led to code duplication between the functions but also doesn't scale as
1224         other renderers need to hop on this notification and currently don't (for
1225         example, table parts). The other renderer's migration will be done in
1226         follow-up patches.
1227
1228         Refactoring covered by existing tests.
1229
1230         * rendering/RenderObjectChildList.cpp:
1231         (WebCore::RenderObjectChildList::removeChildNode):
1232         * rendering/RenderObject.cpp:
1233         (WebCore::RenderObject::enclosingRenderNamedFlowThread):
1234         Moved the code from renderNamedFlowThreadContainer to RenderObject::enclosingRenderNamedFlowThread.
1235         This is needed as now 2 classes need to access the function.
1236
1237         * rendering/RenderObjectChildList.cpp:
1238         (WebCore::RenderObjectChildList::appendChildNode):
1239         (WebCore::RenderObjectChildList::insertChildNode):
1240         Moved the code duplicated from those 2 functions into
1241         the instances of insertedIntoTree below.
1242
1243         * rendering/RenderObject.cpp:
1244         (WebCore::RenderObject::insertedIntoTree):
1245         Base function that needs to be called from all the other
1246         specialized functions below.
1247
1248         * rendering/RenderListItem.cpp:
1249         (WebCore::RenderListItem::insertedIntoTree):
1250         * rendering/RenderListItem.h:
1251         * rendering/RenderObject.h:
1252         * rendering/RenderObjectChildList.h:
1253         * rendering/RenderRegion.cpp:
1254         (WebCore::RenderRegion::insertedIntoTree):
1255         * rendering/RenderRegion.h:
1256         Added the overriden insertedIntoTree function.
1257
1258         * rendering/RenderQuote.h:
1259         Moved the comment from RenderObjectChildList about RenderQuote here.
1260
1261 2012-08-14  Jeffrey Pfau  <jpfau@apple.com>
1262
1263         Allow blocking of Web SQL databases in third-party documents
1264         https://bugs.webkit.org/show_bug.cgi?id=94057
1265
1266         Reviewed by Adam Barth.
1267
1268         Add a check for pages in third-party pages to allow third-party storage blocking of Web SQL databases.
1269
1270         Tests: http/tests/security/cross-origin-websql-allowed.html
1271                http/tests/security/cross-origin-websql.html
1272
1273         * Modules/webdatabase/DOMWindowWebDatabase.cpp:
1274         (WebCore::DOMWindowWebDatabase::openDatabase): Pass top origin to canAccessDatabase
1275         * page/SecurityOrigin.cpp:
1276         (WebCore::SecurityOrigin::canAccessStorage): Common method for various types of storage that use the same criteria
1277         * page/SecurityOrigin.h:
1278         (WebCore::SecurityOrigin::canAccessDatabase): Use canAccessStorage
1279         (WebCore::SecurityOrigin::canAccessLocalStorage): Change to using canAccessStorage
1280         (SecurityOrigin):
1281
1282 2012-08-15  Nikhil Bhargava  <nbhargava@google.com>
1283
1284         Improve Document.h compile time - reduce includes of ScriptCallStack.h
1285         https://bugs.webkit.org/show_bug.cgi?id=94161
1286
1287         Reviewed by Eric Seidel.
1288
1289         ScriptCallStack.h no longer included from ScriptExecutionContext. It's
1290         relatively expensive to compile and gets compiled a ton because
1291         Document.h indirectly includes it.
1292
1293         No new tests. Functionality should remain the same
1294
1295         * Modules/indexeddb/IDBDatabase.cpp:
1296         * Modules/indexeddb/IDBIndex.cpp:
1297         * Modules/indexeddb/IDBObjectStore.cpp:
1298         * bindings/js/ScriptController.cpp:
1299         * dom/ScriptElement.cpp:
1300         * dom/ScriptExecutionContext.h:
1301         (WebCore):
1302         * fileapi/Blob.cpp:
1303         * fileapi/WebKitBlobBuilder.cpp:
1304         * html/HTMLTrackElement.cpp:
1305         * loader/TextTrackLoader.cpp:
1306         * page/DOMSecurityPolicy.cpp:
1307
1308 2012-08-15  Alec Flett  <alecflett@chromium.org>
1309
1310         IndexedDB: IDB*::keyPath should return IDBKeyPath, not IDBAny
1311         https://bugs.webkit.org/show_bug.cgi?id=92434
1312
1313         Reviewed by Tony Chang.
1314
1315         Clean up IDBKeyPath conversion to IDBAny objects. This gets rid of
1316         some implicit conversion from IDBKeyPath to IDBAny.
1317
1318         No new tests, just changing method signatures.
1319
1320         * Modules/indexeddb/IDBAny.cpp:
1321         (WebCore::IDBAny::set):
1322         (WebCore):
1323         * Modules/indexeddb/IDBAny.h:
1324         (WebCore):
1325         (WebCore::IDBAny::create):
1326         (IDBAny):
1327         * Modules/indexeddb/IDBIndex.h:
1328         (WebCore::IDBIndex::keyPathAny):
1329         (WebCore::IDBIndex::keyPath):
1330         * Modules/indexeddb/IDBIndex.idl:
1331         * Modules/indexeddb/IDBKeyPath.cpp:
1332         * Modules/indexeddb/IDBKeyPath.h:
1333         * Modules/indexeddb/IDBObjectStore.h:
1334         (WebCore::IDBObjectStore::keyPathAny):
1335         (WebCore::IDBObjectStore::keyPath):
1336         * Modules/indexeddb/IDBObjectStore.idl:
1337
1338 2012-08-15  Ryosuke Niwa  <rniwa@webkit.org>
1339
1340         EFL build fix attempt after r125711. Touch an IDL file to regenerate derived sources.
1341
1342         * html/HTMLAllCollection.idl:
1343
1344 2012-08-15  Alec Flett  <alecflett@chromium.org>
1345
1346         IndexedDB: generate index keys for existing data in createIndex in front end
1347         https://bugs.webkit.org/show_bug.cgi?id=91125
1348
1349         Reviewed by Tony Chang.
1350
1351         Make createIndex() do index key generation in the frontend, rather
1352         than the backend. When an index is created, the frontend uses the
1353         cursor API to iterate through the values in the backend to
1354         generate keys, sending them back to the backend using
1355         IDBObjectStore::setIndexKeys()
1356
1357         This confines all key injection/extraction to the frontend.
1358
1359         The new test verifies the implemented behavior with respect to
1360         error handling in degenerate uses of put(), though that behavior
1361         is still in discussion as the spec is vague on the proper error
1362         behavior.
1363
1364         Test: storage/indexeddb/lazy-index-population.html
1365
1366         * Modules/indexeddb/IDBCursorBackendImpl.cpp: Make sure that the
1367         TaskType propagates throught the cursor and all subsequent
1368         continue() calls.
1369         (WebCore::IDBCursorBackendImpl::IDBCursorBackendImpl):
1370         (WebCore::IDBCursorBackendImpl::continueFunction):
1371         (WebCore::IDBCursorBackendImpl::prefetchContinue):
1372         * Modules/indexeddb/IDBCursorBackendImpl.h:
1373         (WebCore::IDBCursorBackendImpl::create):
1374         (IDBCursorBackendImpl):
1375         * Modules/indexeddb/IDBObjectStore.cpp: Add an IndexPopulator
1376         class to run a cursor from the frontend.
1377         (WebCore):
1378         (WebCore::IDBObjectStore::createIndex):
1379         (WebCore::IDBObjectStore::openCursor):
1380         * Modules/indexeddb/IDBObjectStore.h:
1381         (WebCore::IDBObjectStore::openCursor):
1382         (IDBObjectStore):
1383         (WebCore::IDBObjectStore::createIndex):
1384         * Modules/indexeddb/IDBObjectStore.idl: Pass along ScriptContext
1385         so that openCursor can be called from createIndex.
1386         * Modules/indexeddb/IDBObjectStoreBackendImpl.cpp:
1387         (WebCore):
1388         (WebCore::makeIndexWriters):
1389         (WebCore::IDBObjectStoreBackendImpl::setIndexKeys):
1390         (WebCore::IDBObjectStoreBackendImpl::setIndexesReady):
1391         (WebCore::IDBObjectStoreBackendImpl::setIndexesReadyInternal):
1392         (WebCore::IDBObjectStoreBackendImpl::putInternal):
1393         (WebCore::IDBObjectStoreBackendImpl::deleteInternal):
1394         (WebCore::IDBObjectStoreBackendImpl::createIndexInternal):
1395         (WebCore::IDBObjectStoreBackendImpl::openCursor):
1396         (WebCore::IDBObjectStoreBackendImpl::openCursorInternal):
1397         * Modules/indexeddb/IDBObjectStoreBackendImpl.h:
1398         (IDBObjectStoreBackendImpl):
1399         (WebCore::IDBObjectStoreBackendImpl::iterIndexesBegin):
1400         (WebCore::IDBObjectStoreBackendImpl::iterIndexesEnd):
1401         (WebCore::IDBObjectStoreBackendImpl::backingStore):
1402         (WebCore::IDBObjectStoreBackendImpl::databaseId):
1403         * Modules/indexeddb/IDBObjectStoreBackendInterface.h:
1404         * Modules/indexeddb/IDBRequest.cpp:
1405         Allow requests to keep their own TaskType, to give certain
1406         requests priority over others.
1407         (WebCore::IDBRequest::create):
1408         (WebCore):
1409         (WebCore::IDBRequest::IDBRequest):
1410         (WebCore::IDBRequest::abort):
1411         * Modules/indexeddb/IDBRequest.h:
1412         (IDBRequest):
1413         (WebCore::IDBRequest::taskType):
1414         * Modules/indexeddb/IDBTransactionBackendImpl.cpp:
1415         Introduce a second, higher priority event queue, m_preemptiveTaskQueue,
1416         which takes priority over the regular task queue.
1417         (WebCore::IDBTransactionBackendImpl::IDBTransactionBackendImpl):
1418         (WebCore::IDBTransactionBackendImpl::scheduleTask):
1419         (WebCore::IDBTransactionBackendImpl::isTaskQueueEmpty):
1420         (WebCore):
1421         (WebCore::IDBTransactionBackendImpl::commit):
1422         (WebCore::IDBTransactionBackendImpl::taskTimerFired):
1423         (WebCore::IDBTransactionBackendImpl::taskEventTimerFired):
1424         * Modules/indexeddb/IDBTransactionBackendImpl.h:
1425         (WebCore::IDBTransactionBackendImpl::scheduleTask):
1426         (IDBTransactionBackendImpl):
1427         (WebCore::IDBTransactionBackendImpl::addEarlyEvent):
1428         (WebCore::IDBTransactionBackendImpl::didCompleteEarlyEvent):
1429         * Modules/indexeddb/IDBVersionChangeRequest.cpp:
1430         (WebCore::IDBVersionChangeRequest::IDBVersionChangeRequest):
1431
1432 2012-08-15  Hayato Ito  <hayato@chromium.org>
1433
1434         A 'load' event should be fired on the shadow host directly, not on an inner image element of shadow dom subtree.
1435         https://bugs.webkit.org/show_bug.cgi?id=93920
1436
1437         Reviewed by Dimitri Glazkov.
1438
1439         A 'load' event is a must-stoppable event at shadow boundary. So we
1440         should fire a 'load' event on a shadow host directly, not on an
1441         inner image element.
1442
1443         Test: fast/dom/shadow/shadowdom-for-image-event.html
1444
1445         * html/HTMLImageLoader.cpp:
1446         (WebCore::HTMLImageLoader::dispatchLoadEvent):
1447         * loader/ImageLoaderClient.h:
1448         (WebCore::ImageLoaderClient::eventTarget):
1449
1450 2012-08-15  Otto Derek Cheung  <otcheung@rim.com>
1451
1452         [BlackBerry] Show custom error page when 407 is received
1453         https://bugs.webkit.org/show_bug.cgi?id=94138
1454
1455          Reviewed by George Staikos.
1456          Internally reviewed by Lianghui Chen
1457
1458          Adding a new custom error page when the browser receieves
1459          a Wifi proxy authentication error. The previous behaviour
1460          is to ask for user credentials everytime, and silently fails
1461          when the username and password fields in the Wifi settings
1462          are not empty. UX suggests modifying the behaviour to simply
1463          asks the user to change their credentials in the Wifi settings
1464          when we receive such an error.
1465
1466          The fix is to prevent notifyAuthReceived from sending another
1467          networkjob when authCallbacks are called, and to listen to any 407
1468          calls in notifyStatusReceived. Once we hit a 407, tell the frame we
1469          failed and should load the custom error page.
1470
1471          Also removed checking functions in sendRequestWithCredentials because
1472          proxy auth requests won't get into that function anymore.
1473
1474          #PR163400
1475
1476          Tested by loading on device and loading/reloading pages under
1477          these scenarios:
1478          - Connected to wifi (no proxy)
1479          - Connected to wifi (proxy with no credentials)
1480          - Connected to wifi (proxy with invalid credentials)
1481          - Connected to wifi (proxy with valid credentials)
1482
1483          * platform/network/blackberry/NetworkJob.cpp:
1484          (WebCore::NetworkJob::handleNotifyStatusReceived):
1485          (WebCore::NetworkJob::notifyAuthReceived):
1486          (WebCore::NetworkJob::sendRequestWithCredentials):
1487
1488 2012-08-15  Dan Carney  <dcarney@google.com>
1489
1490         Refactor away IsolatedWorld
1491         https://bugs.webkit.org/show_bug.cgi?id=93971
1492
1493         Reviewed by Adam Barth.
1494
1495         Remove IsolatedWorld class as it was 1:1 with DOMWrapperWorld.
1496         This paves the way towards a JSC-like use of DOMWrapperWorld.
1497
1498         No tests.  No change in functionality.
1499
1500         * UseV8.cmake:
1501         * WebCore.gypi:
1502         * bindings/v8/DOMWrapperWorld.cpp:
1503         (WebCore):
1504         (WebCore::mainThreadNormalWorld):
1505         * bindings/v8/DOMWrapperWorld.h:
1506         (WebCore):
1507         (DOMWrapperWorld):
1508         (WebCore::DOMWrapperWorld::create):
1509         (WebCore::DOMWrapperWorld::~DOMWrapperWorld):
1510         (WebCore::DOMWrapperWorld::count):
1511         (WebCore::DOMWrapperWorld::worldId):
1512         (WebCore::DOMWrapperWorld::domDataStore):
1513         (WebCore::DOMWrapperWorld::DOMWrapperWorld):
1514         * bindings/v8/IsolatedWorld.cpp: Removed.
1515         * bindings/v8/IsolatedWorld.h: Removed.
1516         * bindings/v8/V8DOMWrapper.h:
1517         (WebCore::V8DOMWrapper::getCachedWrapper):
1518         * bindings/v8/V8IsolatedContext.cpp:
1519         (WebCore::V8IsolatedContext::V8IsolatedContext):
1520         (WebCore::V8IsolatedContext::destroy):
1521         * bindings/v8/V8IsolatedContext.h:
1522         (WebCore::V8IsolatedContext::getEntered):
1523         (WebCore::V8IsolatedContext::world):
1524         (V8IsolatedContext):
1525
1526 2012-08-15  Bruno de Oliveira Abinader  <bruno.abinader@basyskom.com>
1527
1528         [css3-text] Add CSS3 Text decoration compile flag
1529         https://bugs.webkit.org/show_bug.cgi?id=93863
1530
1531         Reviewed by Julien Chaffraix.
1532
1533         This patch handles the compile flag implementation, which will come disabled by
1534         default, thus not exposing the CSS3 text decoration features to the web, unless
1535         when explicitly enabling it with "--css3-text-decoration" build parameter.
1536
1537         Changeset r125205 added "-webkit-text-decoration-line" support without proper
1538         compile flag. I am fixing this on this patch by adding #ifdef's along the added
1539         code and reverting getComputedStyle* layout test changes until further notice.
1540         The text-decoration-line.html layout test is now moved to
1541         fast/css3-text-decoration directory, which is skipped on all platforms until
1542         feature is sound and ready to be exposed to web.
1543
1544         Test: fast/css3-text-decoration/text-decoration-line.html
1545
1546         * Configurations/FeatureDefines.xcconfig:
1547         * GNUmakefile.am:
1548         * css/CSSComputedStyleDeclaration.cpp:
1549         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
1550         * css/CSSParser.cpp:
1551         (WebCore::CSSParser::parseValue):
1552         (WebCore::CSSParser::addTextDecorationProperty):
1553         (WebCore::CSSParser::parseTextDecoration):
1554         * css/CSSProperty.cpp:
1555         (WebCore::CSSProperty::isInheritedProperty):
1556         * css/CSSPropertyNames.in:
1557         * css/StyleBuilder.cpp:
1558         (WebCore::StyleBuilder::StyleBuilder):
1559         * css/StyleResolver.cpp:
1560         (WebCore::StyleResolver::collectMatchingRulesForList):
1561         Added #ifdefs to enable/disable CSS3 Text Decoration code implemented by r125205.
1562
1563 2012-08-15  Iain Merrick  <husky@chromium.org>
1564
1565         Refactoring: move EventHandler::targetNode into HitTestResult
1566         https://bugs.webkit.org/show_bug.cgi?id=94107
1567
1568         Reviewed by Dimitri Glazkov.
1569
1570         This static helper method in EventHandler was made public so that
1571         WebFrameImpl can call it. That's untidy because EventHandler isn't
1572         really involved. This patch turns it into an instance method of
1573         HitTestResult (with a wrapper in MouseEventWithHitTestResult for
1574         convenience).
1575     
1576         Pure refactoring, no behavior change, no new test needed.
1577
1578         * page/EventHandler.cpp:
1579         (WebCore::EventHandler::selectClosestWordFromMouseEvent):
1580         (WebCore::EventHandler::selectClosestWordOrLinkFromMouseEvent):
1581         (WebCore::EventHandler::handleMousePressEventTripleClick):
1582         (WebCore::EventHandler::handleMousePressEventSingleClick):
1583         (WebCore::EventHandler::handleMousePressEvent):
1584         (WebCore::EventHandler::handleMouseDraggedEvent):
1585         (WebCore::EventHandler::updateSelectionForMouseDrag):
1586         (WebCore::EventHandler::handleMouseReleaseEvent):
1587         (WebCore::EventHandler::subframeForHitTestResult):
1588         (WebCore::EventHandler::selectCursor):
1589         (WebCore::EventHandler::handleMouseDoubleClickEvent):
1590         (WebCore::EventHandler::handleMouseMoveEvent):
1591         (WebCore::EventHandler::updateDragAndDrop):
1592         (WebCore::EventHandler::handleGestureEvent):
1593         (WebCore::EventHandler::sendContextMenuEvent):
1594         * page/EventHandler.h:
1595         (EventHandler):
1596         * page/MouseEventWithHitTestResults.h:
1597         (WebCore::MouseEventWithHitTestResults::targetNode):
1598         * page/chromium/EventHandlerChromium.cpp:
1599         (WebCore::EventHandler::passMousePressEventToSubframe):
1600         (WebCore::EventHandler::passWidgetMouseDownEventToWidget):
1601         * page/efl/EventHandlerEfl.cpp:
1602         (WebCore::EventHandler::passWidgetMouseDownEventToWidget):
1603         * page/gtk/EventHandlerGtk.cpp:
1604         (WebCore::EventHandler::passWidgetMouseDownEventToWidget):
1605         * page/mac/EventHandlerMac.mm:
1606         (WebCore::EventHandler::passWidgetMouseDownEventToWidget):
1607         (WebCore::EventHandler::passSubframeEventToSubframe):
1608         * page/wx/EventHandlerWx.cpp:
1609         (WebCore::EventHandler::passWidgetMouseDownEventToWidget):
1610         * rendering/HitTestResult.cpp:
1611         (WebCore::HitTestResult::targetNode):
1612         (WebCore):
1613         * rendering/HitTestResult.h:
1614         (HitTestResult):
1615
1616 2012-08-15  David Grogan  <dgrogan@chromium.org>
1617
1618         IndexedDB: Add some ASSERTs
1619         https://bugs.webkit.org/show_bug.cgi?id=94055
1620
1621         Reviewed by Ojan Vafai.
1622
1623         These are just some additional ASSERTS and some ASSERT_WITH_MESSAGE in
1624         place of ASSERT. They are from the patch in
1625         https://bugs.webkit.org/show_bug.cgi?id=92897
1626
1627         No new tests - we should never hit this behavior.
1628
1629         * Modules/indexeddb/IDBDatabase.cpp:
1630         (WebCore::IDBDatabase::setVersion):
1631         (WebCore::IDBDatabase::registerFrontendCallbacks):
1632         * Modules/indexeddb/IDBRequest.cpp:
1633         (WebCore::IDBRequest::dispatchEvent):
1634         (WebCore::IDBRequest::enqueueEvent):
1635         * Modules/indexeddb/IDBTransaction.cpp:
1636         (WebCore::IDBTransaction::setActive):
1637
1638 2012-08-15  Sheriff Bot  <webkit.review.bot@gmail.com>
1639
1640         Unreviewed, rolling out r125687.
1641         http://trac.webkit.org/changeset/125687
1642         https://bugs.webkit.org/show_bug.cgi?id=94147
1643
1644         It broke the whole world (Requested by Ossy_night on #webkit).
1645
1646         * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
1647         (WebCore::JSSQLStatementErrorCallback::handleEvent):
1648         * bindings/js/JSDOMWindowCustom.cpp:
1649         (WebCore::JSDOMWindow::addEventListener):
1650         (WebCore::JSDOMWindow::removeEventListener):
1651         * bindings/js/JSDataViewCustom.cpp:
1652         (WebCore::getDataViewMember):
1653         * bindings/js/JSDeviceMotionEventCustom.cpp:
1654         (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
1655         * bindings/js/JSDeviceOrientationEventCustom.cpp:
1656         (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
1657         * bindings/js/JSDictionary.cpp:
1658         (WebCore::JSDictionary::convertValue):
1659         * bindings/js/JSDirectoryEntryCustom.cpp:
1660         (WebCore::JSDirectoryEntry::getFile):
1661         (WebCore::JSDirectoryEntry::getDirectory):
1662         * bindings/js/JSDirectoryEntrySyncCustom.cpp:
1663         (WebCore::getFlags):
1664         * bindings/js/JSHTMLCanvasElementCustom.cpp:
1665         (WebCore::JSHTMLCanvasElement::getContext):
1666         * bindings/js/JSInspectorFrontendHostCustom.cpp:
1667         (WebCore::populateContextMenuItems):
1668         * bindings/js/JSMessageEventCustom.cpp:
1669         (WebCore::handleInitMessageEvent):
1670         * bindings/js/JSWebGLRenderingContextCustom.cpp:
1671         (WebCore::dataFunctionMatrix):
1672         * bindings/js/JSXMLHttpRequestCustom.cpp:
1673         (WebCore::JSXMLHttpRequest::open):
1674         * bindings/js/JavaScriptCallFrame.cpp:
1675         * bindings/js/JavaScriptCallFrame.h:
1676         (JavaScriptCallFrame):
1677         * bindings/js/ScriptDebugServer.cpp:
1678         (WebCore::ScriptDebugServer::hasBreakpoint):
1679         * bindings/scripts/CodeGeneratorJS.pm:
1680         (GenerateEventListenerCall):
1681         (GenerateHeader):
1682         (JSValueToNative):
1683         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
1684         (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
1685         (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
1686         * bindings/scripts/test/JS/JSTestEventTarget.h:
1687         (WebCore::JSTestEventTarget::create):
1688         * bindings/scripts/test/JS/JSTestObj.cpp:
1689         (WebCore::setJSTestObjCreate):
1690         (WebCore::setJSTestObjReflectedBooleanAttr):
1691         (WebCore::setJSTestObjReflectedCustomBooleanAttr):
1692         (WebCore::jsTestObjPrototypeFunctionAddEventListener):
1693         (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
1694         * bridge/c/c_utility.cpp:
1695         (JSC::Bindings::convertValueToNPVariant):
1696         * bridge/jni/jni_jsobject.mm:
1697         (JavaJSObject::convertValueToJObject):
1698         * bridge/qt/qt_runtime.cpp:
1699         (JSC::Bindings::convertValueToQVariant):
1700
1701 2012-08-15  Dominic Mazzoni  <dmazzoni@google.com>
1702
1703         AX: Calls to AXObjectCache should prefer Node over Renderer
1704         https://bugs.webkit.org/show_bug.cgi?id=91794
1705
1706         Reviewed by Chris Fleizach.
1707
1708         Now that it's possible for nodes inside a canvas subtree to be focused and
1709         represent accessible content, accessibility notifications should be triggered
1710         with a Node* rather than with a RenderObject* whenever possible.
1711
1712         Every public API in AXObjectCache that took a RenderObject* before now either
1713         takes a Node* instead, or has a parallel method that takes a Node*.
1714
1715         Tests: accessibility/accessibility-node-memory-management.html
1716                accessibility/accessibility-node-reparent.html
1717                accessibility/canvas-fallback-content.html
1718
1719         * accessibility/AXObjectCache.cpp:
1720         (WebCore::AXObjectCache::focusedImageMapUIElement):
1721         (WebCore::AXObjectCache::focusedUIElementForPage):
1722         (WebCore::AXObjectCache::get):
1723         (WebCore::AXObjectCache::getOrCreate):
1724         (WebCore::AXObjectCache::contentChanged):
1725         (WebCore):
1726         (WebCore::AXObjectCache::updateCacheAfterNodeIsAttached):
1727         (WebCore::AXObjectCache::childrenChanged):
1728         (WebCore::AXObjectCache::postNotification):
1729         (WebCore::AXObjectCache::checkedStateChanged):
1730         (WebCore::AXObjectCache::selectedChildrenChanged):
1731         (WebCore::AXObjectCache::nodeTextChangeNotification):
1732         (WebCore::AXObjectCache::handleAriaExpandedChange):
1733         (WebCore::AXObjectCache::handleActiveDescendantChanged):
1734         (WebCore::AXObjectCache::handleAriaRoleChanged):
1735         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
1736         (WebCore::AXObjectCache::rootAXEditableElement):
1737         (WebCore::AXObjectCache::nodeIsTextControl):
1738         * accessibility/AXObjectCache.h:
1739         (AXObjectCache):
1740         (WebCore::AXObjectCache::setNodeInUse):
1741         (WebCore::AXObjectCache::removeNodeForUse):
1742         (WebCore::AXObjectCache::isNodeInUse):
1743         (WebCore::AXObjectCache::checkedStateChanged):
1744         (WebCore::AXObjectCache::childrenChanged):
1745         (WebCore::AXObjectCache::contentChanged):
1746         (WebCore::AXObjectCache::updateCacheAfterNodeIsAttached):
1747         (WebCore::AXObjectCache::handleActiveDescendantChanged):
1748         (WebCore::AXObjectCache::handleAriaExpandedChange):
1749         (WebCore::AXObjectCache::handleAriaRoleChanged):
1750         (WebCore::AXObjectCache::handleFocusedUIElementChanged):
1751         (WebCore::AXObjectCache::nodeTextChangeNotification):
1752         (WebCore::AXObjectCache::postNotification):
1753         (WebCore::AXObjectCache::selectedChildrenChanged):
1754         * accessibility/AccessibilityListBoxOption.cpp:
1755         (WebCore::AccessibilityListBoxOption::parentObject):
1756         * accessibility/AccessibilityObject.cpp:
1757         (WebCore::appendAccessibilityObject):
1758         (WebCore::replacedNodeNeedsCharacter):
1759         * accessibility/AccessibilityRenderObject.cpp:
1760         (WebCore::AccessibilityRenderObject::menuForMenuButton):
1761         (WebCore::AccessibilityRenderObject::menuButtonForMenu):
1762         (WebCore::AccessibilityRenderObject::checkboxOrRadioRect):
1763         (WebCore::AccessibilityRenderObject::addRadioButtonGroupMembers):
1764         (WebCore::AccessibilityRenderObject::titleUIElement):
1765         (WebCore::AccessibilityRenderObject::isTabItemSelected):
1766         (WebCore::AccessibilityRenderObject::accessibilityParentForImageMap):
1767         (WebCore::AccessibilityRenderObject::nodeIsTextControl):
1768         (WebCore::AccessibilityRenderObject::activeDescendant):
1769         (WebCore::AccessibilityRenderObject::correspondingControlForLabelElement):
1770         (WebCore::AccessibilityRenderObject::correspondingLabelForControlElement):
1771         * accessibility/AccessibilityRenderObject.h:
1772         (AccessibilityRenderObject):
1773         * accessibility/AccessibilityScrollView.cpp:
1774         (WebCore::AccessibilityScrollView::webAreaObject):
1775         (WebCore::AccessibilityScrollView::parentObject):
1776         (WebCore::AccessibilityScrollView::parentObjectIfExists):
1777         * accessibility/chromium/AXObjectCacheChromium.cpp:
1778         (WebCore::AXObjectCache::postPlatformNotification):
1779         (WebCore::AXObjectCache::handleFocusedUIElementChanged):
1780         * accessibility/gtk/AXObjectCacheAtk.cpp:
1781         (WebCore::AXObjectCache::handleFocusedUIElementChanged):
1782         * accessibility/mac/AXObjectCacheMac.mm:
1783         (WebCore::AXObjectCache::handleFocusedUIElementChanged):
1784         * accessibility/win/AXObjectCacheWin.cpp:
1785         (WebCore::AXObjectCache::handleFocusedUIElementChanged):
1786         * bindings/cpp/WebDOMCustomVoidCallback.cpp:
1787         (toWebCore):
1788         * dom/Document.cpp:
1789         (WebCore::Document::setFocusedNode):
1790         * dom/Element.cpp:
1791         (WebCore::Element::attributeChanged):
1792         * dom/Node.cpp:
1793         (WebCore::Node::~Node):
1794         (WebCore::Node::attach):
1795         * editing/AppendNodeCommand.cpp:
1796         (WebCore::sendAXTextChangedIgnoringLineBreaks):
1797         * editing/DeleteFromTextNodeCommand.cpp:
1798         (WebCore::DeleteFromTextNodeCommand::doApply):
1799         (WebCore::DeleteFromTextNodeCommand::doUnapply):
1800         * editing/Editor.cpp:
1801         (WebCore::Editor::respondToChangedContents):
1802         (WebCore::Editor::markAndReplaceFor):
1803         * editing/InsertIntoTextNodeCommand.cpp:
1804         (WebCore::InsertIntoTextNodeCommand::doApply):
1805         (WebCore::InsertIntoTextNodeCommand::doUnapply):
1806         * editing/InsertNodeBeforeCommand.cpp:
1807         (WebCore::InsertNodeBeforeCommand::doApply):
1808         (WebCore::InsertNodeBeforeCommand::doUnapply):
1809         * editing/chromium/FrameSelectionChromium.cpp:
1810         (WebCore::FrameSelection::notifyAccessibilityForSelectionChange):
1811         * html/HTMLInputElement.cpp:
1812         (WebCore::HTMLInputElement::setChecked):
1813         * html/HTMLSelectElement.cpp:
1814         (WebCore::HTMLSelectElement::childrenChanged):
1815         (WebCore::HTMLSelectElement::optionElementChildrenChanged):
1816         * html/HTMLTextFormControlElement.cpp:
1817         (WebCore::HTMLTextFormControlElement::setInnerTextValue):
1818         * html/InputType.cpp:
1819         (WebCore::InputType::applyStep):
1820         * html/RangeInputType.cpp:
1821         (WebCore::RangeInputType::handleKeydownEvent):
1822         * page/FocusController.cpp:
1823         (WebCore::FocusController::setInitialFocus):
1824
1825 2012-08-15  Andreas Kling  <kling@webkit.org>
1826
1827         NinePieceImage: Avoid unnecessary duplication of default data in assignment operator.
1828         <http://webkit.org/b/94046>
1829
1830         Reviewed by Geoffrey Garen.
1831
1832         If copying a NinePieceImage with a null m_data, don't create a copy of it's data()
1833         as that will point to the default NinePieceImageData. ~200kB progression on Membuster.
1834
1835         * rendering/style/NinePieceImage.h:
1836         (WebCore::NinePieceImage::operator=):
1837
1838 2012-08-15  Gregg Tavares  <gman@google.com>
1839
1840         Mark Skia and Compositor Contexts
1841         https://bugs.webkit.org/show_bug.cgi?id=94129
1842
1843         Reviewed by James Robinson.
1844
1845         Marks the Skia and Compositor contexts to aid in debugging.
1846
1847         No new tests as no new functionality.
1848
1849         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
1850         (WebCore::CCLayerTreeHostImpl::initializeLayerRenderer):
1851         * platform/graphics/skia/ImageBufferSkia.cpp:
1852         (WebCore::createAcceleratedCanvas):
1853
1854 2012-08-15  Ian Vollick  <vollick@chromium.org>
1855
1856         [chromium] Must account for empty transformation lists when checking for big rotations.
1857         https://bugs.webkit.org/show_bug.cgi?id=93975
1858
1859         Reviewed by James Robinson.
1860
1861         AnimationTranslationUtil.cpp is supposed to reject large rotations 
1862         (>= 180 degrees between keyframes). The current code assumes that if 
1863         the lists of transforms at two consecutive keyframes do not match 
1864         (i.e., are different types), then do not need to reject. The rationale
1865         is that we will revert to matrix blending -- we will collapse the lists
1866         of transform operations to matrices at each keyframe and blend those. 
1867         Unfortunately, this is not true if a list is empty. It can be the case 
1868         that we transition from no transform to a rotation about the z axis of 
1869         360 degrees. In this case, the first list of transform operations will 
1870         be empty and the second will have a single rotation of 360 degrees. An 
1871         empty list should be treated as a rotation of zero degrees.
1872
1873         Unit tested in: GraphicsLayerChromiumTest.createTransformAnimationWithBigRotationAndEmptyTransformOperationList
1874
1875         * platform/graphics/chromium/AnimationTranslationUtil.cpp:
1876         (WebCore::causesRotationOfAtLeast180Degrees):
1877
1878 2012-08-15  Beth Dakin  <bdakin@apple.com>
1879
1880         https://bugs.webkit.org/show_bug.cgi?id=93693
1881         [WK2] REGRESSION(125091): pixel results don't sow scrollbars 
1882         anymore
1883
1884         Reviewed by Sam Weinig.
1885
1886         This is a regression from http://trac.webkit.org/changeset/125091 
1887         in which I failed to noticed that 
1888         WKBundlePageCreateSnapshotInViewCoordinates() did actually do 
1889         something different than 
1890         WKBundlePageCreateSnapshotInDocumentCoordinates(). Specifically, 
1891         it used ScrollView::paint() to paint instead of 
1892         FrameView::paintContents(). So this patch restores that 
1893         functionality by adding a value to SnapshotOptions indicating 
1894         whether the snapshot should be taken in ViewCoordinates 
1895         (otherwise it defaults to DocumentCoordinates).
1896
1897         FrameView:: paintContentsForSnapshot() now takes a new parameter 
1898         that indicates whether to take the snapshot in document 
1899         coordinates or view coordinates.
1900         * WebCore.exp.in:
1901         * page/FrameView.cpp:
1902         (WebCore::FrameView::paintContentsForSnapshot):
1903         * page/FrameView.h:
1904
1905 2012-08-15  Benjamin Poulain  <bpoulain@apple.com>
1906
1907         Use literal initialization for CSS's pseudo types
1908         https://bugs.webkit.org/show_bug.cgi?id=94066
1909
1910         Reviewed by Kenneth Rohde Christiansen.
1911
1912         Initialize CSS pseudo type strings with the new initialization from literal.
1913
1914         The first invocation of nameToPseudoTypeMap() becomes 20% faster and we use
1915         less memory to store the strings.
1916
1917         * css/CSSSelector.cpp:
1918         (WebCore::nameToPseudoTypeMap):
1919
1920 2012-08-15  Brady Eidson  <beidson@apple.com>
1921
1922         Removing a plug-in element from a page opened in a background tab in Safari crashes
1923         <rdar://problem/12057991> and https://bugs.webkit.org/show_bug.cgi?id=93913
1924
1925         Reviewed by Beth Dakin.
1926
1927         Expose Page::setCanStartMedia to regression tests so they can pretend to be in a non-windowed WebView.
1928
1929         Test: platform/mac-wk2/plugins/asynchronous-destroy-before-initialization.html
1930
1931         * testing/InternalSettings.cpp:
1932         (WebCore::InternalSettings::Backup::Backup):
1933         (WebCore::InternalSettings::Backup::restoreTo):
1934         (WebCore::InternalSettings::setCanStartMedia):
1935         (WebCore):
1936         * testing/InternalSettings.h:
1937         (Backup):
1938         (InternalSettings):
1939         * testing/InternalSettings.idl:
1940
1941 2012-08-15  Levi Weintraub  <leviw@chromium.org>
1942
1943         AutoTableLayout truncates preferred widths for cells when it needs to ceil them to contain the contents
1944         https://bugs.webkit.org/show_bug.cgi?id=93911
1945
1946         Reviewed by Eric Seidel.
1947
1948         Avoiding truncation of sub-pixel accumulated values when determining the preferred width of a table cell
1949         in AutoTableLayout. Since we continue to layout tables using integers, we need to ceil the contents to
1950         prevent premature wrapping of the contents.
1951
1952         This only affects ports with sub-pixel layout enabled, and fixes regressions of a handful of tests that
1953         were missed when updating expectations when sub-pixel was enabled.
1954
1955         Test: fast/sub-pixel/auto-table-layout-should-avoid-text-wrapping.html
1956
1957         * rendering/AutoTableLayout.cpp:
1958         (WebCore::AutoTableLayout::recalcColumn):
1959
1960 2012-08-10  Ojan Vafai  <ojan@chromium.org>
1961
1962         z-index should work without position on flexitems
1963         https://bugs.webkit.org/show_bug.cgi?id=91405
1964
1965         Reviewed by Tony Chang.
1966
1967         Require a layer on any RenderBox that has a non-auto z-index.
1968         Statically positioned, non-flex-item's have their z-index coerced to auto,
1969         so it's safe to check z-index unconditionally.
1970
1971         Test: css3/flexbox/z-index.html
1972
1973         * css/StyleResolver.cpp:
1974         (WebCore::StyleResolver::adjustRenderStyle):
1975         -Don't coerce z-index to auto on statically positioned flex-items.
1976         -Use the parentStyle to determine if the parent is a flexbox instead of
1977         looking at the element's parentNode's renderer.
1978         * rendering/RenderBox.h:
1979         -Add having a non-auto z-index to the list of things that require a layer.
1980
1981 2012-08-15  Joanmarie Diggs  <jdiggs@igalia.com>
1982
1983         [Gtk] atk_text_set_caret_offset() fails for table cells
1984         https://bugs.webkit.org/show_bug.cgi?id=83501
1985
1986         Reviewed by Chris Fleizach.
1987
1988         Allow using text ranges in accessible table cells.
1989
1990         * accessibility/gtk/AccessibilityObjectAtk.cpp:
1991         (WebCore::AccessibilityObject::allowsTextRanges):
1992         Add table cells to the list of accessibility objects supporting text ranges.
1993
1994 2012-08-15  Scott Graham  <scottmg@chromium.org>
1995
1996         Rename window.internals.fastMallocStatistics to mallocStatistics
1997         https://bugs.webkit.org/show_bug.cgi?id=94033
1998
1999         Reviewed by Adam Barth.
2000
2001         Mechanical rename. In preparation for plumbing allocation information
2002         from allocators that aren't "fastMalloc".
2003
2004         * CMakeLists.txt:
2005         * DerivedSources.make:
2006         * DerivedSources.pri:
2007         * GNUmakefile.list.am:
2008         * Target.pri:
2009         * WebCore.gyp/WebCore.gyp:
2010         * WebCore.gypi:
2011         * WebCore.vcproj/WebCoreTestSupport.vcproj:
2012         * WebCore.xcodeproj/project.pbxproj:
2013         * loader/DocumentLoader.h:
2014         (WebCore::DocumentLoader::didTellClientAboutLoad):
2015         * loader/cache/CachedResourceLoader.cpp:
2016         (WebCore::CachedResourceLoader::loadResource):
2017         * testing/FastMallocStatistics.h: Removed.
2018         * testing/FastMallocStatistics.idl: Removed.
2019         * testing/Internals.cpp:
2020         (WebCore::Internals::mallocStatistics):
2021         * testing/Internals.h:
2022         (WebCore):
2023         (Internals):
2024         * testing/Internals.idl:
2025         * testing/MallocStatistics.h: Added.
2026         * testing/MallocStatistics.idl: Added.
2027
2028 2012-08-15  Joshua Netterfield  <jnetterfield@rim.com>
2029
2030         [BlackBerry] Upstream BlackBerry build fixes
2031         https://bugs.webkit.org/show_bug.cgi?id=94121
2032
2033         Reviewed by Rob Buis.
2034
2035         This includes several build fixes due to incorrect upstream patches.
2036         These mistakes were never present downstream.
2037
2038         No new tests, because no new functionality is added.
2039
2040         * platform/graphics/GraphicsContext3D.cpp:
2041         (WebCore::GraphicsContext3D::computeFormatAndTypeParameters):
2042         * platform/graphics/GraphicsContext3D.h:
2043         (GraphicsContext3D):
2044         (WebCore::GraphicsContext3D::ShaderSourceEntry::ShaderSourceEntry):
2045         * platform/graphics/blackberry/LayerFilterRenderer.cpp:
2046         (WebCore::LayerFilterRendererAction::LayerFilterRendererAction):
2047         * platform/graphics/blackberry/LayerFilterRenderer.h:
2048         (LayerFilterRendererAction):
2049
2050 2012-08-15  Adam Barth  <abarth@webkit.org>
2051
2052         JSDOMWrapper should ASSERT that it has an associated ScriptExecutionContext
2053         https://bugs.webkit.org/show_bug.cgi?id=94053
2054
2055         Reviewed by Sam Weinig.
2056
2057         Previously we were unable have this ASSERT because DOMWindow needed a
2058         Frame to find Document. Now that we can find the Document without a
2059         Frame, we can include the ASSERT and sanity will rein across the land.
2060
2061         * bindings/js/JSDOMWrapper.h:
2062         (WebCore::JSDOMWrapper::globalObject):
2063         (WebCore::JSDOMWrapper::scriptExecutionContext):
2064         (WebCore::JSDOMWrapper::JSDOMWrapper):
2065
2066 2012-08-14  Mark Hahnenberg  <mhahnenberg@apple.com>
2067
2068         Change behavior of MasqueradesAsUndefined to better accommodate DFG changes
2069         https://bugs.webkit.org/show_bug.cgi?id=93884
2070
2071         Reviewed by Geoffrey Garen.
2072
2073         With some upcoming changes to the DFG to remove uses of ClassInfo, we will be changing the behavior of 
2074         MasqueradesAsUndefined. In order to make this change consistent across all of our execution engines, 
2075         we will make this change to MasqueradesAsUndefined as a separate patch. After this patch, MasqueradesAsUndefined 
2076         objects will only masquerade as undefined in their original context (i.e. their original JSGlobalObject). 
2077         For example, if an object that masquerades as undefined in frame A is passed to frame B, it will not 
2078         masquerade as undefined within frame B, but it will continue to masquerade in frame A.
2079
2080         Test: fast/js/document-all-between-frames.html
2081
2082         All of the changes in WebCore are simply passing the additional ExecState argument to JSValue::toBoolean.
2083
2084         * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
2085         (WebCore::JSSQLStatementErrorCallback::handleEvent):
2086         * bindings/js/JSDOMWindowCustom.cpp:
2087         (WebCore::JSDOMWindow::addEventListener):
2088         (WebCore::JSDOMWindow::removeEventListener):
2089         * bindings/js/JSDataViewCustom.cpp:
2090         (WebCore::getDataViewMember):
2091         * bindings/js/JSDeviceMotionEventCustom.cpp:
2092         (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
2093         * bindings/js/JSDeviceOrientationEventCustom.cpp:
2094         (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
2095         * bindings/js/JSDictionary.cpp:
2096         (WebCore::JSDictionary::convertValue):
2097         * bindings/js/JSDirectoryEntryCustom.cpp:
2098         (WebCore::JSDirectoryEntry::getFile):
2099         (WebCore::JSDirectoryEntry::getDirectory):
2100         * bindings/js/JSDirectoryEntrySyncCustom.cpp:
2101         (WebCore::getFlags):
2102         * bindings/js/JSHTMLCanvasElementCustom.cpp:
2103         (WebCore::JSHTMLCanvasElement::getContext):
2104         * bindings/js/JSInspectorFrontendHostCustom.cpp:
2105         (WebCore::populateContextMenuItems):
2106         * bindings/js/JSMessageEventCustom.cpp:
2107         (WebCore::handleInitMessageEvent):
2108         * bindings/js/JSWebGLRenderingContextCustom.cpp:
2109         (WebCore::dataFunctionMatrix):
2110         * bindings/js/JSXMLHttpRequestCustom.cpp:
2111         (WebCore::JSXMLHttpRequest::open):
2112         * bindings/js/JavaScriptCallFrame.cpp:
2113         (WebCore::JavaScriptCallFrame::exec):
2114         (WebCore):
2115         * bindings/js/JavaScriptCallFrame.h:
2116         (JavaScriptCallFrame):
2117         * bindings/js/ScriptDebugServer.cpp:
2118         (WebCore::ScriptDebugServer::hasBreakpoint):
2119         * bindings/scripts/CodeGeneratorJS.pm: Also add the custom create function for MasqueradesAsUndefined JS DOM wrappers.
2120         (GenerateEventListenerCall):
2121         (GenerateHeader):
2122         (JSValueToNative):
2123         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
2124         (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
2125         (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
2126         * bindings/scripts/test/JS/JSTestEventTarget.h:
2127         (WebCore::JSTestEventTarget::create):
2128         * bindings/scripts/test/JS/JSTestObj.cpp:
2129         (WebCore::setJSTestObjCreate):
2130         (WebCore::setJSTestObjReflectedBooleanAttr):
2131         (WebCore::setJSTestObjReflectedCustomBooleanAttr):
2132         (WebCore::jsTestObjPrototypeFunctionAddEventListener):
2133         (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
2134         * bridge/c/c_utility.cpp:
2135         (JSC::Bindings::convertValueToNPVariant):
2136         * bridge/jni/jni_jsobject.mm:
2137         (JavaJSObject::convertValueToJObject):
2138         * bridge/qt/qt_runtime.cpp:
2139         (JSC::Bindings::convertValueToQVariant):
2140
2141 2012-08-15  Joanmarie Diggs  <jdiggs@igalia.com>
2142
2143         [Gtk] atk_text_get_text_at_offset() fails to provide the correct line for paragraphs in list items whose text wraps
2144         https://bugs.webkit.org/show_bug.cgi?id=83435
2145
2146         Reviewed by Chris Fleizach.
2147
2148         Fix a logic error when checking if an object is a list marker.
2149
2150         * accessibility/gtk/WebKitAccessibleInterfaceText.cpp:
2151         (textForRenderer):
2152
2153 2012-08-15  Arpita Bahuguna  <arpitabahuguna@gmail.com>
2154
2155         There is additional space not belonged to a table between the table cells
2156         https://bugs.webkit.org/show_bug.cgi?id=74864
2157
2158         Reviewed by Julien Chaffraix.
2159
2160         Hittest for a point on the edge, i.e. between two table columns, currently
2161         does not return any matching underlying element.
2162
2163         A hittest on such a point (on the edge of two table columns) should return
2164         the column that lies either on the logical right/bottom of the said point.
2165
2166         Tests: fast/table/hittest-tablecell-bottom-edge.html
2167                fast/table/hittest-tablecell-right-edge.html
2168                fast/table/hittest-tablecell-with-borders-bottom-edge.html
2169                fast/table/hittest-tablecell-with-borders-right-edge.html
2170
2171         * rendering/RenderTableSection.cpp:
2172         (WebCore::RenderTableSection::spannedRows):
2173         Removed the FIXME regarding the correctness of the usage of the upper_bound algorithm
2174         since that is now verified by the testcases in this patch. Also, the comment
2175         regarding the inconsistency between the algorithms used in spannedRows and spannedColumns
2176         is no longer valid.
2177
2178         (WebCore::RenderTableSection::spannedColumns):
2179         Changed lower_bound() algorithm to upper_bound() for obtaining the next column.
2180         This is now similar to what is used for obtaining the next row in spannedRows().
2181
2182 2012-08-15  Anna Cavender  <annacc@chromium.org>
2183
2184         Add the timestampOffset attribute to SourceBuffer.
2185         https://bugs.webkit.org/show_bug.cgi?id=93303
2186
2187         Reviewed by Dimitri Glazkov.
2188
2189         On the 30 July 2012 version of the Media Source Extensions spec, a timestampOffset 
2190         attribute was added to the SourceBuffer object:
2191         http://dvcs.w3.org/hg/html-media/raw-file/tip/media-source/media-source.html#dom-timestampoffset
2192
2193         Tests: additions to http/tests/media/media-source/video-media-source-objects.html
2194
2195         * Modules/mediasource/MediaSource.cpp:
2196         (WebCore::MediaSource::setTimestampOffset): Set the timestampOffset on MediaPlayer.
2197         (WebCore):
2198         * Modules/mediasource/MediaSource.h:
2199         (MediaSource):
2200         * Modules/mediasource/SourceBuffer.cpp:
2201         (WebCore::SourceBuffer::SourceBuffer): Let the timestampOffset be 0 initially
2202         (WebCore::SourceBuffer::timestampOffset): Return the last value set.
2203         (WebCore):
2204         (WebCore::SourceBuffer::setTimestampOffset): Forward the call onto MediaSouce.
2205         * Modules/mediasource/SourceBuffer.h:
2206         (SourceBuffer):
2207         * Modules/mediasource/SourceBuffer.idl: Create the new timestampOffset attr.
2208         * platform/graphics/MediaPlayer.cpp:
2209         (WebCore::NullMediaPlayerPrivate::sourceSetTimestampOffset): A null media player
2210             should just return false (nothing to set).
2211         (WebCore):
2212         (WebCore::MediaPlayer::sourceSetTimestampOffset):  Forward the call.
2213         * platform/graphics/MediaPlayer.h:
2214         * platform/graphics/MediaPlayerPrivate.h:
2215         (WebCore::MediaPlayerPrivateInterface::sourceSetTimestampOffset):
2216
2217 2012-08-15  Pavel Chadnov  <chadnov@google.com>
2218
2219         Web Inspector: Incorrect XHR responses when two async xhrs are sent synchronously
2220         https://bugs.webkit.org/show_bug.cgi?id=91630
2221         
2222         Reviewed by Vsevolod Vlasov.
2223
2224         CachedResource object for XHR response is now taken from ResourceLoader (if it's possible).
2225
2226         Test: http/tests/inspector/network/network-xhr-async-double.html
2227
2228         * inspector/InspectorInstrumentation.cpp:
2229         (WebCore):
2230         (WebCore::InspectorInstrumentation::didReceiveResourceResponseImpl):
2231         (WebCore::InspectorInstrumentation::didReceiveResourceResponseButCanceledImpl):
2232         * inspector/InspectorInstrumentation.h:
2233         (InspectorInstrumentation):
2234         (WebCore::InspectorInstrumentation::didReceiveResourceResponse):
2235         * inspector/InspectorResourceAgent.cpp:
2236         (WebCore::InspectorResourceAgent::willSendRequest):
2237         (WebCore::InspectorResourceAgent::didReceiveResponse):
2238         * inspector/InspectorResourceAgent.h:
2239         (WebCore):
2240         (InspectorResourceAgent):
2241         * loader/DocumentThreadableLoader.cpp:
2242         (WebCore::DocumentThreadableLoader::didReceiveResponse):
2243         * loader/ResourceLoadNotifier.cpp:
2244         (WebCore::ResourceLoadNotifier::didReceiveResponse):
2245         (WebCore::ResourceLoadNotifier::dispatchDidReceiveResponse):
2246         * loader/ResourceLoadNotifier.h:
2247         (ResourceLoadNotifier):
2248         * loader/ResourceLoader.cpp:
2249         (WebCore::ResourceLoader::isSubresourceLoader):
2250         (WebCore):
2251         * loader/ResourceLoader.h:
2252         (ResourceLoader):
2253         * loader/SubresourceLoader.cpp:
2254         (WebCore::SubresourceLoader::cachedResource):
2255         (WebCore):
2256         (WebCore::SubresourceLoader::isSubresourceLoader):
2257         * loader/SubresourceLoader.h:
2258         (SubresourceLoader):
2259         * loader/appcache/ApplicationCacheGroup.cpp:
2260         (WebCore::ApplicationCacheGroup::didReceiveResponse):
2261
2262 2012-08-15  Taiju Tsuiki  <tzik@chromium.org>
2263
2264         Web Inspector: Use default parameter on reportResult in InspectorFileSystemAgent
2265         https://bugs.webkit.org/show_bug.cgi?id=93930
2266
2267         Reviewed by Vsevolod Vlasov.
2268
2269         No functional change.
2270
2271         * inspector/InspectorFileSystemAgent.cpp:
2272         (WebCore):
2273
2274 2012-08-15  Vsevolod Vlasov  <vsevik@chromium.org>
2275
2276         Web Inspector: TabbedEditorContainer Doens't show '*' near modified file name sometimes.
2277         https://bugs.webkit.org/show_bug.cgi?id=94095
2278
2279         Reviewed by Pavel Feldman.
2280
2281         TabbedEditorContainer now correctly updates event listeners on UISourceCodeReplaced event.
2282
2283         * inspector/front-end/TabbedEditorContainer.js:
2284         (WebInspector.TabbedEditorContainer.prototype._appendFileTab):
2285         (WebInspector.TabbedEditorContainer.prototype._tabClosed):
2286         (WebInspector.TabbedEditorContainer.prototype._addUISourceCodeListeners):
2287         (WebInspector.TabbedEditorContainer.prototype._removeUISourceCodeListeners):
2288
2289 2012-08-15  Vsevolod Vlasov  <vsevik@chromium.org>
2290
2291         Web Inspector: Scroll/selection are not saved in sources panel editors sometimes.
2292         https://bugs.webkit.org/show_bug.cgi?id=94098
2293
2294         Reviewed by Pavel Feldman.
2295
2296         SourceFrame listeners and _currentFile field are now cleared only when currently open tab is closed.
2297
2298         * inspector/front-end/TabbedEditorContainer.js:
2299         (WebInspector.TabbedEditorContainer.prototype._tabClosed):
2300
2301 2012-08-15  Vsevolod Vlasov  <vsevik@chromium.org>
2302
2303         Web Inspector: [REGRESSION] "save as" of edited source in developer mode fails to update saved file
2304         https://bugs.webkit.org/show_bug.cgi?id=94074
2305
2306         Reviewed by Pavel Feldman.
2307
2308         Added dirty flag check when saving uiSourceCode to save working copy in this case.
2309
2310         * inspector/front-end/HandlerRegistry.js:
2311         (WebInspector.HandlerRegistry.prototype.appendApplicableItems.save):
2312         (WebInspector.HandlerRegistry.prototype.appendApplicableItems):
2313
2314 2012-08-15  Thiago Marcos P. Santos  <thiago.santos@intel.com>
2315
2316         Relative units are not set when the canvas has not parent
2317         https://bugs.webkit.org/show_bug.cgi?id=93840
2318
2319         Reviewed by Kenneth Rohde Christiansen.
2320
2321         Set the default font when no parent style is set. It will make
2322         possible to apply relative units when a parent is not set.
2323
2324         No new tests, unskipped the existing ones.
2325
2326         * css/StyleBuilder.cpp:
2327         (WebCore::ApplyPropertyFontSize::applyValue):
2328         Make it possible to apply relative units if a parent style exist but
2329         not a parent node. It works like this for em and ex, but not for
2330         percent units.
2331         * html/canvas/CanvasRenderingContext2D.cpp:
2332         (WebCore):
2333         (WebCore::CanvasRenderingContext2D::setFont):
2334
2335 2012-08-14  Pavel Feldman  <pfeldman@chromium.org>
2336
2337         Web Inspector: split standalone test runner, test scanner and test stub.
2338         https://bugs.webkit.org/show_bug.cgi?id=94001
2339
2340         Reviewed by Vsevolod Vlasov.
2341
2342         This change starts sending loacCompleted message to the embedder.
2343
2344         * inspector/front-end/InspectorFrontendAPI.js:
2345         (InspectorFrontendAPI.loadCompleted):
2346         * inspector/front-end/test-runner.html: Added.
2347
2348 2012-08-15  Shinya Kawanaka  <shinyak@chromium.org>
2349
2350         [Refactoring] The debug version and release version of toHTMLSelectElement can be merged without any penalty
2351         https://bugs.webkit.org/show_bug.cgi?id=94084
2352
2353         Reviewed by Kent Tamura.
2354
2355         We have two versions of toHTMLSelectElement. One has ASSERT() and the other one does not have ASSERT().
2356         We can merge them without any penalty.
2357
2358         No new tests, no change in behavior.
2359
2360         * html/HTMLSelectElement.cpp:
2361         * html/HTMLSelectElement.h:
2362         (WebCore::isHTMLSelectElement):
2363         (WebCore::toHTMLSelectElement):
2364         (WebCore):
2365
2366 2012-08-15  Shinya Kawanaka  <shinyak@chromium.org>
2367
2368         AuthorShadowDOM for meter element
2369         https://bugs.webkit.org/show_bug.cgi?id=91970
2370
2371         Reviewed by Hajime Morita.
2372
2373         We add support for AuthorShadowDOM for a meter element.
2374
2375         According to the Shadow DOM spec, a meter element should behave like having a UserAgentShadowRoot and
2376         an element in UserAgentShadowRoot draws a real 'meter' bar. In this patch, we change the inner structure
2377         of a meter element so that we can distribute an element having RenderMeter to AuthorShadowDOM.
2378
2379         Before this patch, a meter element has the following inner structure.
2380
2381             <meter>--UserAgentShadowRoot -- -- -- -- -- -- -- -- -- -- AuthorShadowRoot
2382                                |
2383                                +-- MeterBarElement
2384                                |
2385                                +-- MeterValueElement
2386
2387         After this patch, a meter element will have the following inner structure.
2388
2389             <meter>--UserAgentShadowRoot -- -- -- -- -- -- -- -- -- -- AuthorShadowRoot
2390                                |
2391                                +-- MeterInnerElement
2392                                            |
2393                                            +-- MeterBarElement
2394                                            |
2395                                            +-- MeterValueElement
2396
2397         However, if RenderTheme supports rendering meter, MeterInnerElement will not create a renderer
2398         unless an AuthorShadowDOM is attached to it so that we can keep the current rendering style.
2399
2400         Tests: fast/dom/shadow/shadowdom-for-meter-dynamic.html
2401                fast/dom/shadow/shadowdom-for-meter-multiple.html
2402                fast/dom/shadow/shadowdom-for-meter-with-style.html
2403                fast/dom/shadow/shadowdom-for-meter-without-appearance.html
2404                fast/dom/shadow/shadowdom-for-meter-without-shadow-element.html
2405                fast/dom/shadow/shadowdom-for-meter.html
2406
2407         * css/html.css:
2408         (meter): Changed the display type. inline-box is not supported WebKit. inline-block is true.
2409         (meter::-webkit-meter-inner-element):
2410         * html/HTMLMeterElement.cpp:
2411         (WebCore::HTMLMeterElement::HTMLMeterElement):
2412         (WebCore::HTMLMeterElement::createRenderer):
2413         (WebCore):
2414         (WebCore::HTMLMeterElement::attach): Added didElementStateChange.
2415         (WebCore::HTMLMeterElement::didElementStateChange):
2416         (WebCore::HTMLMeterElement::willAddAuthorShadowRoot):
2417         (WebCore::HTMLMeterElement::renderMeter):
2418         (WebCore::HTMLMeterElement::createShadowSubtree):
2419         * html/HTMLMeterElement.h:
2420         (WebCore):
2421         (WebCore::HTMLMeterElement::hasAuthorShadowRoot):
2422         (HTMLMeterElement):
2423         (WebCore::isHTMLMeterElement):
2424         (WebCore::toHTMLMeterElement):
2425         * html/shadow/MeterShadowElement.cpp:
2426         (WebCore::MeterShadowElement::meterElement):
2427         (WebCore::MeterShadowElement::rendererIsNeeded):
2428         (WebCore):
2429         (WebCore::MeterInnerElement::MeterInnerElement): We introduce a new element having RenderMeter
2430         so that we can distribute an element having RenderMeter to AuthorShadowDOM.
2431         (WebCore::MeterInnerElement::rendererIsNeeded): Different from a progress element, meter element will not be
2432         rendered using a theme. So we don't need to check the style appearance.
2433         (WebCore::MeterInnerElement::createRenderer):
2434         (WebCore::MeterInnerElement::shadowPseudoId):
2435         * html/shadow/MeterShadowElement.h:
2436         (WebCore):
2437         (MeterInnerElement):
2438         (WebCore::MeterInnerElement::create):
2439         * rendering/RenderMeter.cpp:
2440         (WebCore::RenderMeter::RenderMeter):
2441         (WebCore::RenderMeter::meterElement):
2442         (WebCore):
2443         (WebCore::RenderMeter::valueRatio):
2444         * rendering/RenderMeter.h:
2445         (RenderMeter):
2446         * rendering/RenderThemeMac.mm:
2447         (WebCore::RenderThemeMac::levelIndicatorFor):
2448
2449 2012-08-15  Adam Barth  <abarth@webkit.org>
2450
2451         [Chromium] fast/dom/Window/dom-access-from-closure-window.html is flaky on Linux
2452         https://bugs.webkit.org/show_bug.cgi?id=94060
2453
2454         Reviewed by Kentaro Hara.
2455
2456         Previously, the V8 garbage collector might have collected the Document
2457         wrapper before the DOMWindow wrapper because we overwrite the
2458         "document" property of the DOMWindow during navigation.
2459
2460         This patch adds a hidden document property on the global object to
2461         ensure that the Document wrapper lives at least as long as the
2462         DOMWindow wrapper, ensuring that DOMWindows that we obtain from V8
2463         always have non-null Document objects.
2464
2465         The JavaScriptCore bindings already have this behavior.
2466
2467         Test: fast/dom/Window/dom-access-from-closure-window-with-gc.html
2468
2469         * bindings/v8/V8DOMWindowShell.cpp:
2470         (WebCore::V8DOMWindowShell::updateDocumentWrapperCache):
2471         * bindings/v8/V8HiddenPropertyName.h:
2472         (WebCore):
2473
2474 2012-08-14  Andrey Kosyakov  <caseq@chromium.org>
2475
2476         Web Inspector: Calling getEventListeners() on element with malformed javascript event listeners crashes
2477         https://bugs.webkit.org/show_bug.cgi?id=93937
2478
2479         Reviewed by Pavel Feldman.
2480
2481         - check listener function to be non-null (happens upon an exception while compiling attribute listeners)
2482
2483         * bindings/js/JSInjectedScriptHostCustom.cpp:
2484         (WebCore::getJSListenerFunctions):
2485         * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
2486         (WebCore::getJSListenerFunctions):
2487
2488 2012-08-14  Jan Keromnes  <janx@linux.com>
2489
2490         Web Inspector: CodeMirrorTextEditor doesn't clear execution line
2491         https://bugs.webkit.org/show_bug.cgi?id=94069
2492
2493         Reviewed by Pavel Feldman.
2494
2495         Make CodeMirrorTextEditor use line handles instead of numbers, remove
2496         typeof == "number" checks.
2497
2498         * inspector/front-end/CodeMirrorTextEditor.js:
2499         (WebInspector.CodeMirrorTextEditor.prototype.clearExecutionLine):
2500         (WebInspector.CodeMirrorTextEditor.prototype.highlightLine):
2501         (WebInspector.CodeMirrorTextEditor.prototype.clearLineHighlight):
2502
2503 2012-08-14  Yuta Kitamura  <yutak@google.com>
2504
2505         Unreviewed. Fix Chromium-Android builds.
2506
2507         * html/TimeInputType.cpp:
2508         (WebCore::TimeInputType::TimeInputType):
2509         Declare the function as a constructor.
2510
2511 2012-08-14  Sukolsak Sakshuwong  <sukolsak@google.com>
2512
2513         Text selection in text area in auto scroll mode goes wrong.
2514         https://bugs.webkit.org/show_bug.cgi?id=74346
2515
2516         Reviewed by Ojan Vafai.
2517
2518         WebKit triggers autoscroll in text area when the user drags the cursor from inside
2519         the text area to the outside. When that happens, it gets the local cursor position
2520         relative to the node under the cursor from hit-testing, converts it to
2521         the absolute position, and then converts it to the local position relative to the
2522         text area. However, the hit-testing method of text area did not take scrolling
2523         offset into account. This caused it to give an incorrect value of the local cursor
2524         position. Make the hit-testing take scrolling offset into account.
2525
2526         Test: fast/events/autoscroll-in-textarea.html
2527
2528         * html/shadow/TextControlInnerElements.cpp:
2529         (WebCore::TextControlInnerTextElement::createRenderer):
2530         * rendering/RenderTextControl.cpp:
2531         (WebCore::RenderTextControl::hitInnerTextElement):
2532         * rendering/RenderTextControlSingleLine.cpp:
2533         (WebCore):
2534         * rendering/RenderTextControlSingleLine.h:
2535         (WebCore::RenderTextControlInnerBlock::RenderTextControlInnerBlock):
2536         (WebCore::RenderTextControlInnerBlock::hasLineIfEmpty):
2537
2538 2012-08-14  Shinya Kawanaka  <shinyak@chromium.org>
2539
2540         [Refactoring] RenderMenuList and RenderListBox should have a method to return HTMLSelectElement.
2541         https://bugs.webkit.org/show_bug.cgi?id=94061
2542
2543         Reviewed by Kent Tamura.
2544
2545         This is a preparation patch for Bug 91487. Since RenderMenuList::node() and RenderListBox::node()
2546         will not return HTMLSelectElement to fix Bug 91487, it would be good to have a method to HTMLSelectElement.
2547
2548         No new tests, no change in behavior.
2549
2550         * rendering/RenderListBox.cpp:
2551         (WebCore::RenderListBox::selectElement):
2552         (WebCore):
2553         (WebCore::RenderListBox::updateFromElement):
2554         (WebCore::RenderListBox::scrollToRevealSelection):
2555         (WebCore::RenderListBox::size):
2556         (WebCore::RenderListBox::numItems):
2557         (WebCore::RenderListBox::addFocusRingRects):
2558         (WebCore::RenderListBox::paintItemForeground):
2559         (WebCore::RenderListBox::paintItemBackground):
2560         (WebCore::RenderListBox::panScroll):
2561         (WebCore::RenderListBox::autoscroll):
2562         (WebCore::RenderListBox::stopAutoscroll):
2563         (WebCore::RenderListBox::valueChanged):
2564         (WebCore::RenderListBox::nodeAtPoint):
2565         * rendering/RenderListBox.h:
2566         (WebCore):
2567         (RenderListBox):
2568         * rendering/RenderMenuList.cpp:
2569         (WebCore::RenderMenuList::selectElement):
2570         (WebCore):
2571         (WebCore::RenderMenuList::updateOptionsWidth):
2572         (WebCore::RenderMenuList::updateFromElement):
2573         (WebCore::RenderMenuList::setTextFromOption):
2574         (WebCore::RenderMenuList::showPopup):
2575         (WebCore::RenderMenuList::valueChanged):
2576         (WebCore::RenderMenuList::listBoxSelectItem):
2577         (WebCore::RenderMenuList::multiple):
2578         (WebCore::RenderMenuList::didSetSelectedIndex):
2579         (WebCore::RenderMenuList::didUpdateActiveOption):
2580         (WebCore::RenderMenuList::itemText):
2581         (WebCore::RenderMenuList::itemAccessibilityText):
2582         (WebCore::RenderMenuList::itemToolTip):
2583         (WebCore::RenderMenuList::itemIsEnabled):
2584         (WebCore::RenderMenuList::itemStyle):
2585         (WebCore::RenderMenuList::itemBackgroundColor):
2586         (WebCore::RenderMenuList::listSize):
2587         (WebCore::RenderMenuList::selectedIndex):
2588         (WebCore::RenderMenuList::itemIsSeparator):
2589         (WebCore::RenderMenuList::itemIsLabel):
2590         (WebCore::RenderMenuList::itemIsSelected):
2591         (WebCore::RenderMenuList::setTextFromItem):
2592         * rendering/RenderMenuList.h:
2593         (WebCore):
2594         (RenderMenuList):
2595
2596 2012-08-10  Kinuko Yasuda  <kinuko@chromium.org>
2597
2598         FileWriter fails with assertion when trying to write empty Blob
2599         https://bugs.webkit.org/show_bug.cgi?id=93694
2600
2601         Reviewed by Kent Tamura.
2602
2603         if the given data size is zero (i.e. m_bytesToWrite is zero) the assertion 'bytes + m_bytesWritten > 0' should not be tested.
2604
2605         Tests: fast/filesystem/file-writer-empty-blob.html
2606                fast/filesystem/workers/file-writer-empty-blob.html
2607
2608         * Modules/filesystem/FileWriter.cpp:
2609         (WebCore::FileWriter::didWrite):
2610
2611 2012-08-14  Keishi Hattori  <keishi@webkit.org>
2612
2613         Share common code between calendar picker and color suggestion picker
2614         https://bugs.webkit.org/show_bug.cgi?id=93802
2615
2616         Reviewed by Kent Tamura.
2617
2618         We want to share common code like utility functions between picker page popups.
2619
2620         No new tests because no behavior change. Covered by existing tests, color-suggestion-picker-appearance.html and calendar-picker-apeparance.html.
2621
2622         * Resources/pagepopups/calendarPicker.js:
2623         (YearMonthController.prototype.attachTo):
2624         (YearMonthController.prototype._showPopup):
2625         * Resources/pagepopups/colorSuggestionPicker.js:
2626         (handleMessage):
2627         (handleArgumentsTimeout):
2628         * Resources/pagepopups/pickerCommon.css: Added.
2629         (body):
2630         * Resources/pagepopups/pickerCommon.js: Added.
2631         (createElement):
2632         (resizeWindow):
2633         (getScrollbarWidth):
2634         * WebCore.gyp/WebCore.gyp: Add actions for pickerCommon.{css,js}
2635         * html/shadow/CalendarPickerElement.cpp:
2636         (WebCore::CalendarPickerElement::writeDocument):
2637
2638 2012-08-14  Ojan Vafai  <ojan@chromium.org>
2639
2640         Fix access to m_markupBox in WebCore::EllipsisBox::paint
2641         https://bugs.webkit.org/show_bug.cgi?id=91138
2642
2643         Reviewed by Abhishek Arya.
2644
2645         EllipsisBox would hold on to m_markupBox, which would then get destroyed during
2646         the followup layoutIfNeeded in layoutVerticalBox. Instead, have EllipsisBox
2647         dynamically grab to pointer to the markup box during paint since there's no
2648         straightforward way to notify the EllipsisBox that the markupBox has been destroyed
2649         and/or point it at the new markupBox.
2650
2651         Test: fast/overflow/line-clamp-and-columns.html
2652
2653         * rendering/EllipsisBox.cpp:
2654         (WebCore::EllipsisBox::paint):
2655         (WebCore):
2656         (WebCore::EllipsisBox::paintMarkupBox):
2657         * rendering/EllipsisBox.h:
2658         (WebCore::EllipsisBox::EllipsisBox):
2659         Just store a boolean that we have a markup box that needs painting.
2660         * rendering/RenderDeprecatedFlexibleBox.cpp:
2661         (WebCore::RenderDeprecatedFlexibleBox::applyLineClamp):
2662         Clearing the override size right after setting it was incorrect because
2663         there are cases where we'll do a followup layout in layoutVerticalBox, at which
2664         point we'll still need the override size.
2665         (WebCore::RenderDeprecatedFlexibleBox::clearLineClamp):
2666         Clear the override size here to handle cases where line clamp is removed since
2667         we don't call applyLineClamp in those cases.
2668
2669 2012-08-14  Yoshifumi Inoue  <yosin@chromium.org>
2670
2671         [Forms] Make input type "time" to use multiple field time input UI
2672         https://bugs.webkit.org/show_bug.cgi?id=93929
2673
2674         Reviewed by Kent Tamura.
2675
2676         This patch changes input type "time" UI to use multiple field time
2677         input UI when build flag ENABLE_INPUT_TYPE_TIME_MULTIPLE_FIELDS
2678         enabled.
2679
2680         No new tests. This patch doesn't change behavior for users, however,
2681         this patch changes behavior on layout tests. Tests will be added
2682         in another patch with runtime enabled feature flag is enabled.
2683
2684         Test expectations for following tests are updated:
2685          - fast/forms/time/time-input-visible-string.html
2686          - fast/forms/time/time-stepup-stepdown-from-renderer.html
2687
2688         * html/BaseDateAndTimeInputType.h:
2689         (BaseDateAndTimeInputType): Exposed serialize() to derived classes.
2690         * html/TimeInputType.cpp:
2691         (WebCore::TimeInputType::DateTimeEditControlOwnerImpl::DateTimeEditControlOwnerImpl):
2692         (WebCore::TimeInputType::DateTimeEditControlOwnerImpl::~DateTimeEditControlOwnerImpl):
2693         (WebCore::TimeInputType::DateTimeEditControlOwnerImpl::editControlMouseFocus):
2694         (WebCore::TimeInputType::DateTimeEditControlOwnerImpl::editControlValueChanged):
2695         (WebCore::TimeInputType::DateTimeEditControlOwnerImpl::isEditControlOwnerDisabled):
2696         (WebCore::TimeInputType::DateTimeEditControlOwnerImpl::isEditControlOwnerReadOnly):
2697         (WebCore::TimeInputType::TimeInputType):
2698         (WebCore::TimeInputType::~TimeInputType):
2699         (WebCore::TimeInputType::createRenderer):
2700         (WebCore::TimeInputType::createShadowSubtree):
2701         (WebCore::TimeInputType::destroyShadowSubtree):
2702         (WebCore::TimeInputType::forwardEvent):
2703         (WebCore::TimeInputType::disabledAttributeChanged):
2704         (WebCore::TimeInputType::handleKeydownEvent):
2705         (WebCore::TimeInputType::handleDOMActivateEvent):
2706         (WebCore::TimeInputType::isKeyboardFocusable):
2707         (WebCore::TimeInputType::isMouseFocusable):
2708         (WebCore::TimeInputType::minOrMaxAttributeChanged):
2709         (WebCore::TimeInputType::readonlyAttributeChanged):
2710         (WebCore::TimeInputType::isTextField):
2711         (WebCore::TimeInputType::setValue):
2712         (WebCore::TimeInputType::shouldUseInputMethod):
2713         (WebCore::TimeInputType::stepAttributeChanged):
2714         (WebCore::TimeInputType::updateEditElementLayout):
2715         (WebCore::TimeInputType::updateInnerTextValue):
2716         (WebCore::TimeInputType):
2717         * html/TimeInputType.h:
2718         (TimeInputType):
2719         (DateTimeEditControlOwnerImpl):
2720
2721 2012-08-14  Dean Jackson  <dino@apple.com>
2722
2723         Initial call to webkitRequestAnimationFrame returns 0, Spec indicates the handle should always be > 0
2724         https://bugs.webkit.org/show_bug.cgi?id=85819
2725
2726         Reviewed by James Robinson.
2727
2728         The callback id returned by requestAnimationFrame was beginning at zero, when the spec
2729         says it should be above one. Use a pre-increment rather than a post-increment.
2730
2731         Test: fast/animation/request-animation-frame-callback-id.html
2732
2733         * dom/ScriptedAnimationController.cpp:
2734         (WebCore::ScriptedAnimationController::registerCallback): Pre-increment rather than post-increment.
2735
2736 2012-08-14  Levi Weintraub  <leviw@chromium.org>
2737
2738         r125591 broke tests with SUBPIXEL_LAYOUT disabled
2739         https://bugs.webkit.org/show_bug.cgi?id=94027
2740
2741         Reviewed by Eric Seidel.
2742
2743         The previous patch to fix block preferred widths for subpixel layout broke ports
2744         without the flag enabled. This patch adds a static inline function --
2745         adjustFloatForSubPixelLayout -- that truncates with sub-pixel layout disabled, and
2746         ceil's to the nearest FractionalLayoutUnit when sub-pixel layout is enabled.
2747
2748         A block's max preferred width should be enough to layout the entire line without
2749         wrapping. r125591 addressed a bug whereby converting floats to LayoutUnits with sub-
2750         pixel layout enabled lost precision in certain cases, and could result in a line
2751         being layed out to slightly over the max preferred width of the block.
2752
2753         This patch reverts the behavior when sub-pixel layout is disabled to truncating
2754         sub-pixel values (such as those that originate in Length) when assigning them to
2755         LayoutUnits, and ceiling the length of the entire line to the next largest integer.
2756
2757         Covered by existing tests.
2758
2759         * rendering/RenderBlock.cpp:
2760         (WebCore):
2761         (WebCore::adjustFloatForSubPixelLayout):
2762         (WebCore::RenderBlock::computeInlinePreferredLogicalWidths):
2763
2764 2012-08-14  Chris Evans  <cevans@google.com>
2765
2766         Handle the XPath / (root) operator correctly for nodes that aren't attached to the document.
2767         https://bugs.webkit.org/show_bug.cgi?id=36427
2768
2769         Reviewed by Abhishek Arya.
2770
2771         We now behave the same as Firefox 14.
2772         The consensus seems to be that the XPath spec is ambiguous for the case of detached nodes, and that using the fragment root is more intuitive than the document root for the case of detached nodes.
2773         For example, http://www.w3.org/TR/xpath/ section 2 "Location Paths" is only clear for attached nodes: "A / by itself selects the root node of the document containing the context node. If it is followed by a relative location path, then the location path selects the set of nodes that would be selected by the relative location path relative to the root node of the document containing the context node."
2774
2775         Test: fast/xpath/xpath-detached-nodes.html
2776
2777         * xml/XPathPath.cpp:
2778         (WebCore::XPath::LocationPath::evaluate): Jump to the root of the detached subtree instead of the parent document if the node isn't attached to the document.
2779
2780 2012-08-14  Alexandru Chiculita  <achicu@adobe.com>
2781
2782         [CSS Shaders][Chromium] Filters area applied twice when CustomFilterOperation is in the list
2783         https://bugs.webkit.org/show_bug.cgi?id=93900
2784
2785         Reviewed by James Robinson.
2786
2787         Whenever the platform cannot render a shader in hardware it will fallback to software. 
2788         In such cases, the platform should remove any old filters applied, so that the filters do not apply twice.
2789         
2790         Test: css3/filters/custom/filter-fallback-to-software.html
2791
2792         * platform/graphics/chromium/GraphicsLayerChromium.cpp:
2793         (WebCore::GraphicsLayerChromium::setFilters):
2794
2795 2012-08-14  Alec Flett  <alecflett@chromium.org>
2796
2797         IndexedDB: add tracing to IDBLevelDBBackingStore
2798         https://bugs.webkit.org/show_bug.cgi?id=93914
2799
2800         Reviewed by Tony Chang.
2801
2802         Add a bunch of trace events to the lower level
2803         database layer, to separate database slowness
2804         from core IDB slowness.
2805
2806         Also moving findKeyInIndex into IDBLevelDBBackingStore to
2807         eventually make it const.
2808
2809         No new tests, just adding debug logging.
2810
2811         * Modules/indexeddb/IDBLevelDBBackingStore.cpp:
2812         (WebCore::IDBLevelDBBackingStore::open):
2813         (WebCore::IDBLevelDBBackingStore::deleteDatabase):
2814         (WebCore::IDBLevelDBBackingStore::getObjectStores):
2815         (WebCore::IDBLevelDBBackingStore::createObjectStore):
2816         (WebCore::IDBLevelDBBackingStore::deleteObjectStore):
2817         (WebCore::IDBLevelDBBackingStore::getObjectStoreRecord):
2818         (WebCore):
2819         (WebCore::IDBLevelDBBackingStore::putObjectStoreRecord):
2820         (WebCore::IDBLevelDBBackingStore::clearObjectStore):
2821         (WebCore::IDBLevelDBBackingStore::deleteObjectStoreRecord):
2822         (WebCore::IDBLevelDBBackingStore::keyExistsInObjectStore):
2823         (WebCore::IDBLevelDBBackingStore::getIndexes):
2824         (WebCore::IDBLevelDBBackingStore::createIndex):
2825         (WebCore::IDBLevelDBBackingStore::deleteIndex):
2826         (WebCore::IDBLevelDBBackingStore::putIndexDataForRecord):
2827         (WebCore::IDBLevelDBBackingStore::findKeyInIndex):
2828         (WebCore::IDBLevelDBBackingStore::getPrimaryKeyViaIndex):
2829         (WebCore::IDBLevelDBBackingStore::keyExistsInIndex):
2830         (WebCore::IDBLevelDBBackingStore::openObjectStoreCursor):
2831         (WebCore::IDBLevelDBBackingStore::openIndexKeyCursor):
2832         (WebCore::IDBLevelDBBackingStore::openIndexCursor):
2833         (WebCore::IDBLevelDBBackingStore::Transaction::commit):
2834         (WebCore::IDBLevelDBBackingStore::Transaction::rollback):
2835         * Modules/indexeddb/IDBLevelDBBackingStore.h:
2836         (IDBLevelDBBackingStore):
2837         * Modules/indexeddb/IDBObjectStoreBackendImpl.cpp:
2838         (WebCore):
2839         * Modules/indexeddb/IDBTransaction.cpp:
2840         (WebCore::IDBTransaction::onAbort):
2841         (WebCore::IDBTransaction::onComplete):
2842
2843 2012-08-14  Hayato Ito  <hayato@chromium.org>
2844
2845         Refactor EventDispatcher, moving code to make actual changes easier to review later.
2846         https://bugs.webkit.org/show_bug.cgi?id=93959
2847
2848         Reviewed by Dimitri Glazkov.
2849
2850         No new tests - no new functionality.
2851
2852         * dom/EventDispatcher.cpp:
2853         (WebCore::EventDispatcher::dispatchScopedEvent):
2854         (WebCore):
2855         (WebCore::EventDispatcher::dispatchSimulatedClick):
2856
2857 2012-08-14  Kihong Kwon  <kihong.kwon@samsung.com>
2858
2859         Clear pattern to prevent timing problem between cancelVibration and vibrate
2860         https://bugs.webkit.org/show_bug.cgi?id=93957
2861
2862         Reviewed by Kentaro Hara.
2863
2864         There is a timing issue in the cancelVibration.
2865         Since vibrate works based on timer, cancelVibration might be called
2866         eariler than vibrate when cancelVibration is called just after vibrate call.
2867         It can be prevented from clearing m_pattern in the cancelVibration.
2868
2869         * Modules/vibration/Vibration.cpp:
2870         (WebCore::Vibration::cancelVibration):
2871
2872 2012-08-14  Alexandru Chiculita  <achicu@adobe.com>
2873
2874         Layout Test css3/filters/custom/custom-filter-animation.html is failing
2875         https://bugs.webkit.org/show_bug.cgi?id=91769
2876
2877         Reviewed by Dean Jackson.
2878
2879         Mountain Lion added support for accelerated filter animations, but CSS Shaders are still
2880         rendered in software mode. The setFilters method is using PlatformCALayer::filtersCanBeComposited to check
2881         if the filters can be handled in hardwawre, so I've reused that in the createFilterAnimationsFromKeyframes
2882         to check if the animations can also run in hardware.
2883
2884         Also the GraphicsContext3D doesn't update its own internal m_boundFBO when a framebuffer is deleted,
2885         so I've added that to the FECustomFilter. Otherwise, if the next framebuffer is created using the same
2886         identifier, bindFramebuffer will just return without calling the glBindFramebuffer because of this optimization.
2887
2888         The documentation for glDeleteFramebuffer says that the bound framebuffer is unbound before deleting it.
2889         This is not reproduceable from WebGL, because WebGLRenderingContext::deleteFramebuffer
2890         already knows to unbind the framebuffer when needed. However, I'm also adding that in GraphicsContext3DOpenGLCommon.cpp
2891         and efl/GraphicsContext3DPrivate.cpp, to make sure that m_boundFBO is not used for other purposes.
2892
2893         No new tests, this patch fixes a failing test.
2894
2895         * platform/graphics/ca/GraphicsLayerCA.cpp:
2896         (WebCore::GraphicsLayerCA::createFilterAnimationsFromKeyframes):
2897         * platform/graphics/efl/GraphicsContext3DPrivate.cpp:
2898         (WebCore::GraphicsContext3DPrivate::deleteFramebuffer):
2899         * platform/graphics/filters/FECustomFilter.cpp:
2900         (WebCore::FECustomFilter::deleteRenderBuffers):
2901         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
2902         (WebCore::GraphicsContext3D::deleteFramebuffer):
2903
2904 2012-08-14  Adam Barth  <abarth@webkit.org>
2905
2906         Delete Frame::domWindow() and Frame::existingDOMWindow()
2907         https://bugs.webkit.org/show_bug.cgi?id=93990
2908
2909         Reviewed by Eric Seidel.
2910
2911         These functions just call through to document()->domWindow(). This
2912         patch updates the callers so it's clearer what's going on.
2913
2914         * bindings/js/JSDOMBinding.cpp:
2915         (WebCore::shouldAllowAccessToFrame):
2916         (WebCore::printErrorMessageForFrame):
2917         * bindings/js/JSDocumentCustom.cpp:
2918         (WebCore::JSDocument::location):
2919         (WebCore::JSDocument::setLocation):
2920         * bindings/js/JSEventListener.cpp:
2921         (WebCore::JSEventListener::handleEvent):
2922         * bindings/js/ScriptCachedFrameData.cpp:
2923         (WebCore::ScriptCachedFrameData::restore):
2924         * bindings/js/ScriptController.cpp:
2925         (WebCore::ScriptController::createWindowShell):
2926         * bindings/objc/DOMAbstractView.mm:
2927         (core):
2928         * bindings/v8/NPV8Object.cpp:
2929         (WebCore::toV8Context):
2930         * bindings/v8/ScriptController.cpp:
2931         (WebCore::createScriptObject):
2932         (WebCore::ScriptController::createScriptObjectForPluginElement):
2933         * bindings/v8/V8DOMWindowShell.cpp:
2934         (WebCore::V8DOMWindowShell::initContextIfNeeded):
2935         * bindings/v8/V8IsolatedContext.cpp:
2936         (WebCore::V8IsolatedContext::V8IsolatedContext):
2937         * bindings/v8/V8Proxy.cpp:
2938         (WebCore::V8Proxy::retrieveFrame):
2939         * bindings/v8/custom/V8DOMWindowCustom.cpp:
2940         (WebCore::V8DOMWindow::indexedPropertyGetter):
2941         (WebCore::V8DOMWindow::namedPropertyGetter):
2942         * bindings/v8/custom/V8DocumentLocationCustom.cpp:
2943         (WebCore::V8Document::locationAccessorGetter):
2944         (WebCore::V8Document::locationAccessorSetter):
2945         * bindings/v8/custom/V8HTMLDocumentCustom.cpp:
2946         (WebCore::V8HTMLDocument::GetNamedProperty):
2947         * bindings/v8/custom/V8HTMLFrameSetElementCustom.cpp:
2948         (WebCore::V8HTMLFrameSetElement::namedPropertyGetter):
2949         * dom/Document.cpp:
2950         (WebCore::printNavigationErrorMessage):
2951         * dom/ViewportArguments.cpp:
2952         (WebCore::reportViewportWarning):
2953         * editing/AlternativeTextController.cpp:
2954         (WebCore::AlternativeTextController::insertDictatedText):
2955         * editing/Editor.cpp:
2956         (WebCore::Editor::pasteAsPlainText):
2957         (WebCore::Editor::pasteAsFragment):
2958         (WebCore::Editor::setComposition):
2959         * history/PageCache.cpp:
2960         (WebCore::logCanCacheFrameDecision):
2961         (WebCore::PageCache::canCachePageContainingThisFrame):
2962         * html/HTMLFormElement.cpp:
2963         (WebCore::HTMLFormElement::validateInteractively):
2964         * html/HTMLFrameOwnerElement.cpp:
2965         (WebCore::HTMLFrameOwnerElement::contentWindow):
2966         * html/canvas/WebGLRenderingContext.cpp:
2967         (WebCore):
2968         (WebCore::WebGLRenderingContext::printWarningToConsole):
2969         * inspector/InspectorDOMStorageAgent.cpp:
2970         (WebCore::InspectorDOMStorageAgent::storageId):
2971         * loader/DocumentLoader.cpp:
2972         (WebCore::DocumentLoader::checkLoadComplete):
2973         * loader/DocumentWriter.cpp:
2974         (WebCore::DocumentWriter::begin):
2975         * loader/FrameLoader.cpp:
2976         (WebCore::FrameLoader::stopLoading):
2977         (WebCore::FrameLoader::didOpenURL):
2978         (WebCore::FrameLoader::checkIfDisplayInsecureContent):
2979         (WebCore::FrameLoader::checkIfRunInsecureContent):
2980         (WebCore::FrameLoader::reportLocalLoadFailed):
2981         (WebCore::FrameLoader::prepareForCachedPageRestore):
2982         (WebCore::FrameLoader::open):
2983         (WebCore::FrameLoader::fireBeforeUnloadEvent):
2984         * loader/MainResourceLoader.cpp:
2985         (WebCore::MainResourceLoader::didReceiveResponse):
2986         * loader/appcache/ApplicationCacheGroup.cpp:
2987         (WebCore::ApplicationCacheGroup::abort):
2988         (WebCore::ApplicationCacheGroup::didReceiveResponse):
2989         (WebCore::ApplicationCacheGroup::didFinishLoading):
2990         (WebCore::ApplicationCacheGroup::didFail):
2991         (WebCore::ApplicationCacheGroup::didReceiveManifestResponse):
2992         (WebCore::ApplicationCacheGroup::didFinishLoadingManifest):
2993         (WebCore::ApplicationCacheGroup::checkIfLoadIsComplete):
2994         * loader/cache/CachedResourceLoader.cpp:
2995         (WebCore::CachedResourceLoader::printAccessDeniedMessage):
2996         * page/DOMWindow.cpp:
2997         (WebCore::DOMWindow::isCurrentlyDisplayedInFrame):
2998         (WebCore::DOMWindow::self):
2999         (WebCore::DOMWindow::opener):
3000         (WebCore::DOMWindow::parent):
3001         (WebCore::DOMWindow::top):
3002         (WebCore::DOMWindow::createWindow):
3003         (WebCore::DOMWindow::open):
3004         * page/DOMWindowProperty.cpp:
3005         (WebCore::DOMWindowProperty::DOMWindowProperty):
3006         (WebCore::DOMWindowProperty::reconnectFrameFromPageCache):
3007         * page/DragController.cpp:
3008         (WebCore::DragController::dispatchTextInputEventFor):
3009         * page/EventHandler.cpp:
3010         (WebCore::EventHandler::handleTextInputEvent):
3011         * page/Frame.cpp:
3012         * page/Frame.h:
3013         (Frame):
3014         * page/Location.cpp:
3015         (WebCore::Location::replace):
3016         (WebCore::Location::reload):
3017         (WebCore::Location::setLocation):
3018         * storage/StorageEventDispatcher.cpp:
3019         (WebCore::StorageEventDispatcher::dispatch):
3020         * svg/SVGDocumentExtensions.cpp:
3021         (WebCore::reportMessage):
3022         * xml/XSLStyleSheetLibxslt.cpp:
3023         (WebCore::XSLStyleSheet::parseString):
3024         * xml/XSLTProcessorLibxslt.cpp:
3025         (WebCore::docLoaderFunc):
3026         * xml/XSLTProcessorQt.cpp:
3027         (WebCore::XSLTMessageHandler::handleMessage):
3028
3029 2012-08-14  Mike West  <mkwst@chromium.org>
3030
3031         Tighten up parsing the 'script-nonce' CSP directive value.
3032         https://bugs.webkit.org/show_bug.cgi?id=93783
3033
3034         Reviewed by Adam Barth.
3035
3036         Currently we're accepting any non-whitespace character. This patch
3037         limits the valid characters to VCHAR minus ',' and ';', and pulls the
3038         validity check out into a named function for clarity.
3039
3040         Test: http/tests/security/contentSecurityPolicy/1.1/scriptnonce-separators-allowed.html
3041
3042         * page/ContentSecurityPolicy.cpp:
3043         (WebCore::CSPDirectiveList::parseScriptNonce):
3044
3045 2012-08-14  Adam Barth  <abarth@webkit.org>
3046
3047         Delete DOMWindow::m_url
3048         https://bugs.webkit.org/show_bug.cgi?id=93989
3049
3050         Reviewed by Eric Seidel.
3051
3052         There's no reason for DOMWindow to keep a separate copy of the
3053         Document's URL now that there is a predictable way to get a Document
3054         from a DOMWindow.
3055
3056         * loader/DocumentWriter.cpp:
3057         (WebCore::DocumentWriter::begin):
3058         * loader/FrameLoader.cpp:
3059         (WebCore::FrameLoader::open):
3060         * page/DOMWindow.cpp:
3061         (WebCore::DOMWindow::crossDomainAccessErrorMessage):
3062         * page/DOMWindow.h:
3063         (DOMWindow):
3064
3065 2012-08-14  Nikhil Bhargava  <nbhargava@google.com>
3066
3067         De-inline stuff from RenderStyle.h
3068         https://bugs.webkit.org/show_bug.cgi?id=94019
3069
3070         Reviewed by Eric Seidel.
3071
3072         De-inline things from RenderStyle.h in preparation of fixing a series of
3073         errant includes.
3074
3075         No new tests. Doesn't change functionality
3076
3077         * WebCore.exp.in:
3078         * rendering/style/RenderStyle.cpp:
3079         (WebCore::RenderStyle::listStyleImage):
3080         (WebCore::RenderStyle::setListStyleImage):
3081         (WebCore):
3082         (WebCore::RenderStyle::color):
3083         (WebCore::RenderStyle::visitedLinkColor):
3084         (WebCore::RenderStyle::setColor):
3085         (WebCore::RenderStyle::setVisitedLinkColor):
3086         (WebCore::RenderStyle::horizontalBorderSpacing):
3087         (WebCore::RenderStyle::verticalBorderSpacing):
3088         (WebCore::RenderStyle::setHorizontalBorderSpacing):
3089         (WebCore::RenderStyle::setVerticalBorderSpacing):
3090         (WebCore::RenderStyle::font):
3091         (WebCore::RenderStyle::fontMetrics):
3092         (WebCore::RenderStyle::fontDescription):
3093         (WebCore::RenderStyle::fontSize):
3094         (WebCore::RenderStyle::wordSpacing):
3095         (WebCore::RenderStyle::letterSpacing):
3096         (WebCore::RenderStyle::setFontDescription):
3097         (WebCore::RenderStyle::lineHeight):
3098         (WebCore::RenderStyle::setLineHeight):
3099         (WebCore::RenderStyle::computedLineHeight):
3100         (WebCore::RenderStyle::setWordSpacing):
3101         (WebCore::RenderStyle::setLetterSpacing):
3102         * rendering/style/RenderStyle.h:
3103
3104 2012-08-14  Andrei Onea  <onea@adobe.com>
3105
3106         [CSSRegions]Region overset property is incorectly computed when content has negative letter spacing and is flowed near to the edge of a region
3107         https://bugs.webkit.org/show_bug.cgi?id=92506
3108
3109         Reviewed by Eric Seidel.
3110
3111         When the content which is flowed inside a region creates visual overflow in
3112         the writing direction, the overflow rect is also extended in the other direction, and
3113         that forces regionOverset to become "fit" for all regions.
3114
3115         Tests: fast/regions/element-region-overset-state-negative-letter-spacing.html
3116                fast/regions/element-region-overset-state-vertical-rl-negative-letter-spacing.html
3117
3118         * rendering/RenderFlowThread.cpp:
3119         (WebCore::RenderFlowThread::computeOverflowStateForRegions):
3120
3121 2012-08-14  Florin Malita  <fmalita@chromium.org>
3122
3123         beginElement() does not observe updated animation attributes
3124         https://bugs.webkit.org/show_bug.cgi?id=93972
3125
3126         Reviewed by Dirk Schulze.
3127
3128         The SVG animation attributes 'from', 'to' and 'by' should be registered as supported
3129         SVGSMILElement attributes in order to trigger animationAttributeChanged() on dynamic
3130         updates.
3131
3132         Test: svg/animations/updated-attributes.html
3133
3134         * svg/SVGAnimationElement.cpp:
3135         (WebCore::SVGAnimationElement::updateAnimation):
3136         Minor optimization - avoid recalculating animationMode().
3137
3138         * svg/animation/SVGSMILElement.cpp:
3139         (WebCore::SVGSMILElement::isSupportedAttribute):
3140         Register 'from', 'to' and 'by' as supported SVGSMILElement attributes.
3141
3142 2012-08-14  Filip Spacek  <fspacek@rim.com>
3143
3144         [BlackBerry] Don't crash on OOM in AC
3145         https://bugs.webkit.org/show_bug.cgi?id=93999
3146
3147         Reviewed by George Staikos.
3148
3149         Internally reviewed by George Staikos.
3150
3151         Fail gracefully in case we fail to allocate the bitmap
3152         for the AC layer contents.
3153
3154         * platform/graphics/blackberry/InstrumentedPlatformCanvas.h:
3155         (WebCore::InstrumentedPlatformCanvas::InstrumentedPlatformCanvas):
3156         * platform/graphics/blackberry/LayerWebKitThread.cpp:
3157         (WebCore::LayerWebKitThread::paintContents):
3158
3159 2012-08-14  Lauro Neto  <lauro.neto@openbossa.org>
3160
3161         Convert signals/slots to Q_* macros.
3162
3163         [Qt] Use Q_SLOTS and Q_SIGNALS instead of slots and signals
3164         https://bugs.webkit.org/show_bug.cgi?id=93996
3165
3166         Reviewed by Kenneth Rohde Christiansen.
3167
3168         Change usage of keyword-conflicting 'signals' and 'slots' for
3169         Q_SIGNALS and Q_SLOTS macro.
3170
3171         * bridge/testqtbindings.cpp:
3172         (MyObject):
3173         * platform/graphics/gstreamer/PlatformVideoWindowPrivate.h:
3174         * platform/graphics/qt/MediaPlayerPrivateQt.h:
3175         (MediaPlayerPrivateQt):
3176         * platform/network/qt/DnsPrefetchHelper.h:
3177         (DnsPrefetchHelper):
3178         * platform/network/qt/NetworkStateNotifierPrivate.h:
3179         (NetworkStateNotifierPrivate):
3180         * platform/network/qt/QNetworkReplyHandler.h:
3181         (QNetworkReplyHandler):
3182         * platform/network/qt/QtMIMETypeSniffer.h:
3183         (QtMIMETypeSniffer):
3184         * platform/network/qt/SocketStreamHandlePrivate.h:
3185         (SocketStreamHandlePrivate):
3186         * platform/qt/GamepadsQt.cpp:
3187         (GamepadDeviceLinuxQt):
3188         (GamepadsQt):
3189         * platform/qt/SharedTimerQt.cpp:
3190         (SharedTimerQt):
3191
3192 2012-08-14  Andrei Onea  <onea@adobe.com>
3193
3194         [CSSRegions]regionOverset is computed as "overset" even though the region is not the last in the chain
3195         https://bugs.webkit.org/show_bug.cgi?id=93102
3196
3197         Reviewed by Eric Seidel.
3198
3199         Making Element.webkitRegionOverset return "overset" only for the last region in a region chain, 
3200         if the content cannot fit inside it, to reflect current spec. http://www.w3.org/TR/css3-regions/#dom-region-regionoverset
3201
3202         * rendering/RenderFlowThread.cpp:
3203         (WebCore::RenderFlowThread::computeOverflowStateForRegions):
3204
3205 2012-08-14  Jan Keromnes  <janx@linux.com>
3206
3207         Web Inspector: Render breakpoint gutter markers and execution line in CodeMirrorTextEditor
3208         https://bugs.webkit.org/show_bug.cgi?id=93686
3209
3210         Reviewed by Pavel Feldman.
3211
3212         Divided TextEditor.addDecoration into addBreakpoint, setExecutionLine
3213         and addDecoration. Same for removeDecoration. Render breakpoint
3214         markers and execution line in CodeMirrorTextEditor.
3215
3216         * inspector/front-end/CodeMirrorTextEditor.js:
3217         (WebInspector.CodeMirrorTextEditor):
3218         (WebInspector.CodeMirrorTextEditor.prototype._onGutterClick):
3219         (WebInspector.CodeMirrorTextEditor.prototype.addBreakpoint):
3220         (WebInspector.CodeMirrorTextEditor.prototype.removeBreakpoint):
3221         (WebInspector.CodeMirrorTextEditor.prototype.setExecutionLine):
3222         (WebInspector.CodeMirrorTextEditor.prototype.clearExecutionLine):
3223         (WebInspector.CodeMirrorTextEditor.prototype.addDecoration):
3224         (WebInspector.CodeMirrorTextEditor.prototype.removeDecoration):
3225         (WebInspector.CodeMirrorTextEditor.prototype.highlightLine):
3226         (WebInspector.CodeMirrorTextEditor.prototype.clearLineHighlight):
3227         (WebInspector.CodeMirrorTextEditor.prototype.removeAttribute):
3228         * inspector/front-end/DefaultTextEditor.js:
3229         (WebInspector.DefaultTextEditor.prototype._onMouseDown):
3230         (WebInspector.DefaultTextEditor.prototype.addBreakpoint):
3231         (WebInspector.DefaultTextEditor.prototype.removeBreakpoint):
3232         (WebInspector.DefaultTextEditor.prototype.setExecutionLine):
3233         (WebInspector.DefaultTextEditor.prototype.clearExecutionLine):
3234         (WebInspector.DefaultTextEditor.prototype.addDecoration):
3235         (WebInspector.DefaultTextEditor.prototype.removeDecoration):
3236         * inspector/front-end/JavaScriptSourceFrame.js:
3237         (WebInspector.JavaScriptSourceFrame):
3238         (WebInspector.JavaScriptSourceFrame.prototype._addBreakpointDecoration):
3239         (WebInspector.JavaScriptSourceFrame.prototype._removeBreakpointDecoration):
3240         (WebInspector.JavaScriptSourceFrame.prototype.setExecutionLine):
3241         (WebInspector.JavaScriptSourceFrame.prototype.clearExecutionLine):
3242         (WebInspector.JavaScriptSourceFrame.prototype._handleGutterClick):
3243         * inspector/front-end/TextEditor.js:
3244         (WebInspector.TextEditor.prototype.addBreakpoint):
3245         (WebInspector.TextEditor.prototype.removeBreakpoint):
3246         (WebInspector.TextEditor.prototype.setExecutionLine):
3247         (WebInspector.TextEditor.prototype.clearExecutionLine):
3248         (WebInspector.TextEditor.prototype.addDecoration):
3249         (WebInspector.TextEditor.prototype.removeDecoration):
3250         * inspector/front-end/cmdevtools.css:
3251         (.CodeMirror):
3252         (.cm-highlight):
3253         (@-webkit-keyframes fadeout):
3254         (to):
3255         (.cm-breakpoint):
3256         (.cm-breakpoint-disabled):
3257         (.cm-breakpoint-conditional):
3258         (.cm-execution-line):
3259         (.webkit-html-message-bubble):
3260         (.webkit-html-warning-message):
3261         (.webkit-html-error-message):
3262         (.webkit-html-message-line):
3263         (.webkit-html-message-line-hover):
3264
3265 2012-08-13  Adrienne Walker  <enne@google.com>
3266
3267         REGRESSION (r109851): Video controls do not render
3268         https://bugs.webkit.org/show_bug.cgi?id=93859
3269
3270         Reviewed by Simon Fraser.
3271
3272         Because video layers can't act as an ancestor composited layer whose
3273         backing can be shared by child layers, any child layer of a video
3274         layer needs to be put into its own composited layer. Because this is
3275         technically overlap, the "overlap" indirect compositing reason is
3276         reused for this case.
3277
3278         Test: compositing/video/video-controls-layer-creation.html
3279
3280         * rendering/RenderLayerCompositor.cpp:
3281         (WebCore::RenderLayerCompositor::computeCompositingRequirements):
3282
3283 2012-08-14  Mikhail Pozdnyakov  <mikhail.pozdnyakov@intel.com>
3284
3285         WebKitTestRunner needs layoutTestController.dumpResourceLoadCallbacks
3286         https://bugs.webkit.org/show_bug.cgi?id=42332
3287
3288         Reviewed by Kenneth Rohde Christiansen.
3289
3290         Provide build for mac.
3291
3292         * WebCore.exp.in: Added __ZNK7WebCore19ResourceRequestBase20firstPartyForCookiesEv.
3293
3294 2012-08-14  Adam Barth  <abarth@webkit.org>
3295
3296         DOMWindow::document() should not reach through Frame
3297         https://bugs.webkit.org/show_bug.cgi?id=27640
3298
3299         Reviewed by Eric Seidel.
3300
3301         Originally, the lifetime of DOMWindow was similar to that of Frame in
3302         that it was reused for each document that was displayed in the Frame.
3303         To fix some tricky security issues, all modern browsers use a "split
3304         window" architecture whereby the DOMWindow is not reused by each
3305         Document in a Frame. Instead a JavaScript "window shell" object
3306         redirects JavaScript references to the active Document's DOMWindow.
3307
3308         When we implemented split windows, we left DOMWindow attached to the
3309         Frame and attempted to keep it in sync with the Document via a lot of
3310         delicate code. One of the main problems with this approach is that
3311         finding the DOMWindow associated with a Document or the Document
3312         associated with a DOMWindow required traversing through the Frame.
3313         Because there is a many-to-one relationship between both Documents and
3314         Frames (as well as DOMWindows and Frames), this traversal is error
3315         prone and not always available (e.g., for inactive documents).
3316
3317         This patch moves the "owning" reference for DOMWindow to Document so
3318         that we can directly traverse from Document to DOMWindow. For
3319         traversing from DOMWindow to Document, each DOMWindow keeps a Document
3320         pointer via a ContextDestructionObserver base class.
3321
3322         The main sublties in this patch are related to situations in which
3323         there isn't precisely a one-to-one relationship between Documents and
3324         DOMWindows. Previously, these situations were handled implicitly by the
3325         "flex and slop" of having separate Document and DOMWindow pointers in
3326         Frame. In this patch, these sublties are made explicit via
3327         Document::takeDOMWindowFrom, which explicitly transfers the DOMWindow
3328         (as well as ASSERTs that all the relevant objects exist in a sensible
3329         constellation).
3330
3331         * WebCore.exp.in:
3332             - These functions are no longer exported because they're inline.
3333         * bindings/js/ScriptController.cpp:
3334         (WebCore::ScriptController::clearWindowShell):
3335         * bindings/js/ScriptController.h:
3336         (ScriptController):
3337             - clearWindowShell now explicitly takes the new DOMWindow that will
3338               be pointed to by the WindowShell. Previously, clearWindowShell
3339               would implicitly create the new DOMWindow by accessing
3340               Frame::domWindow (which used to lazily create the DOMWindow).
3341         * bindings/v8/BindingState.cpp:
3342         (WebCore::currentDocument):
3343         * bindings/v8/BindingState.h:
3344         (WebCore):
3345             - currentDocument provides a directly path from the current
3346               v8::Context to the Document (by way of DOMWindow). Previously,
3347               code transited via the Frame using currentFrame.
3348         * bindings/v8/ScriptController.cpp:
3349         (WebCore::ScriptController::clearWindowShell):
3350         * bindings/v8/ScriptController.h:
3351         (ScriptController):
3352             - Mirror JSC changes to clearWindowShell.
3353         * bindings/v8/V8Utilities.cpp:
3354         (WebCore::getScriptExecutionContext):
3355             - Update getScriptExecutionContext to transit directly from the
3356               DOMWindow to the Document rather than detouring via the Frame.
3357         * dom/ContextDestructionObserver.cpp:
3358         (WebCore::ContextDestructionObserver::ContextDestructionObserver):
3359         (WebCore::ContextDestructionObserver::~ContextDestructionObserver):
3360         (WebCore):
3361         (WebCore::ContextDestructionObserver::observeContext):
3362         * dom/ContextDestructionObserver.h:
3363         (ContextDestructionObserver):
3364             - When we transfer a DOMWindow from one Document to another, we
3365               need to update the Document pointer in the DOMWindow to point to
3366               the new Document. The DOMWindow holds the Document pointer via
3367               ContextDestructionObserver, so this patch teaches
3368               ContextDestructionObserver how to change which
3369               ScriptExecutionContext it is observing. This code mirrors similar
3370               code in FrameDestructionObserver.
3371         * dom/Document.cpp:
3372         (WebCore::Document::~Document):
3373         (WebCore::Document::detach):
3374         (WebCore::Document::createDOMWindow):
3375             - createDOMWindow now explicitly creates the DOMWindow. Previously,
3376               we created the DOMWindow implicitly in Frame::domWindow when it
3377               was first accessed.
3378         (WebCore::Document::takeDOMWindowFrom):
3379             - takeDOMWindowFrom explicitly transfers the DOMWindow from one
3380               Document to another. The main benefit of this function is the
3381               ASSERTs that ensure that the Document, DOMWindow, and Frame all
3382               point to each other the correct configuration.
3383         (WebCore::Document::didUpdateSecurityOrigin):
3384             - We no longer need to keep the SecurityOrigin pointer in DOMWindow
3385               in sync with the Document because DOMWindow no longer has a
3386               SecurityOrigin object.
3387         * dom/Document.h:
3388         (Document):
3389         (WebCore::Document::domWindow):
3390         * history/CachedFrame.cpp:
3391         (WebCore::CachedFrame::CachedFrame):
3392         (WebCore::CachedFrame::destroy):
3393         * history/CachedFrame.h:
3394         (CachedFrameBase):
3395             - Previously, CachedFrame held the Document and the DOMWindow with
3396               separate pointers. Now, the CachedFrame holds the DOMWnidow via
3397               the Document, which makes adding and removing Documents from the
3398               PageCache simpler because we don't need to keep the Frame's
3399               DOMWindow pointer synchronized.
3400         * loader/DocumentWriter.cpp:
3401         (WebCore::DocumentWriter::begin):
3402             - begin now explicitly creates the DOMWindow and transfers
3403               DOMWindow when performing a "secure transition." Previously, both
3404               of these processes were handled implicitly: the DOMWindow was
3405               created implicitly by Frame::domWindow, and the DOMWindow was
3406               reused during navigation by not clearing Frame::m_domWindow.
3407         * loader/FrameLoader.cpp:
3408         (WebCore::FrameLoader::cancelAndClear):
3409         (WebCore::FrameLoader::clear):
3410             - These functions now pass the new Document so that we have access
3411               to the new DOMWindow in clearDOMWindowShell.
3412         (WebCore::FrameLoader::setOpener):
3413             - We no longer need to keep the DOMWindow's SecurityOrigin in sync
3414               with the Document's SecurityOrigin because DOMWindow no longer
3415               has a duplicate SecurityOrigin pointer.
3416         (WebCore::FrameLoader::open):
3417            &nbs