Revert to dispatching the popstate event synchronously

[WebKit-https.git] / Source / WebCore / ChangeLog

2016-02-18  Andy Estes  <aestes@apple.com>

        Revert to dispatching the popstate event synchronously
        https://bugs.webkit.org/show_bug.cgi?id=153297
        rdar://problem/24092294

        Reviewed by Brent Fulgham.

        r192369 made the popstate event dispatch asynchronously, which matches what the HTML5 spec says to do. However,
        due to compatibility regressions we need to revert back to dispatching synchronously. This change reverts
        r192369's changes to Document.cpp, but retains the new tests.

        Firing popstate synchronously makes both fast/loader/remove-iframe-during-history-navigation-different.html and
        fast/loader/remove-iframe-during-history-navigation-same.html crash, because their onpopstate handlers remove
        frames from the document that will later be accessed by HistoryController::recursiveGoToItem().

        To prevent the crashes, this change does two things:
        1. Keep a reference to the current frame inside FrameLoader::loadSameDocumentItem(), since calling
           loadInSameDocument() might otherwise delete it.
        2. Handle a null frame when iterating a HistoryItem's child frames in HistoryController::recursiveGoToItem(),
           since calling goToItem() on one frame might cause another frame to be deleted.

        Covered by existing tests. fast/loader/stateobjects/popstate-is-asynchronous.html was renamed to
        fast/loader/stateobjects/popstate-is-synchronous.html and modified to expect synchronous dispatch.

        * dom/Document.cpp:
        (WebCore::Document::enqueuePopstateEvent):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadSameDocumentItem):
        * loader/HistoryController.cpp:
        (WebCore::HistoryController::recursiveGoToItem):

2016-02-19  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Fix GObject DOM bindings API break after r196769.

        * html/HTMLTextAreaElement.idl:

2016-02-18  Gwang Yoon Hwang  <yoon@igalia.com>

        [GTK] Limit the number of tiles according to the visible area
        https://bugs.webkit.org/show_bug.cgi?id=126122

        Reviewed by Carlos Garcia Campos.

        TextureMapperTiledBackingStore creates tiles for whole layer bounds, which
        means it creates the huge amount of textures if there is an excessively big
        layer.  Not only it wastes the memory and the CPU time, it even can crash GPU
        drivers.

        This patch modifies TextureMapperTiledBackingStore to take into account the
        visible area with a coverage multiplier when creating tiles.

        * platform/graphics/texmap/GraphicsLayerTextureMapper.cpp:
        (WebCore::GraphicsLayerTextureMapper::GraphicsLayerTextureMapper):
        Set a flag to recalculate the visible area of the layer when there are
        geometric changes.
        (WebCore::GraphicsLayerTextureMapper::setContentsToImage):
        (WebCore::GraphicsLayerTextureMapper::flushCompositingStateForThisLayerOnly):
        (WebCore::GraphicsLayerTextureMapper::updateBackingStoreIncludingSubLayers):
        (WebCore::GraphicsLayerTextureMapper::updateBackingStoreIfNeeded):
        (WebCore::GraphicsLayerTextureMapper::markVisibleRectAsDirty):
        (WebCore::GraphicsLayerTextureMapper::selfOrAncestorHasActiveTransformAnimation):
        (WebCore::GraphicsLayerTextureMapper::computeTransformedVisibleRect):
        Compute the inverse transform matrix to map a global visible are to
        the local visible area.
        (WebCore::clampToContentsRectIfRectIsInfinite):
        (WebCore::GraphicsLayerTextureMapper::transformedVisibleRect):
        * platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
        (WebCore::TextureMapperTiledBackingStore::paintToTextureMapper):
        In HiDPI, the directly composited image is uploaded to the unscaled
        texture to reduce memory usages. So we should apply device scale
        factor to render it correctly.
        (WebCore::TextureMapperTiledBackingStore::createOrDestroyTilesIfNeeded):
        Create tiles which covered by visible rect with a coverage multiplier.

2016-02-18  Brent Fulgham  <bfulgham@apple.com>

        Extend HashCountedSet with a method to efficiently set the count of an entry
        https://bugs.webkit.org/show_bug.cgi?id=154352

        Reviewed by Geoffrey Garen.

        Tested by new TestWebKitAPI tests.

        * loader/ResourceLoadStatistics.cpp:
        (WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.

2016-02-18  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196790.
        https://bugs.webkit.org/show_bug.cgi?id=154439

        made fast/events/wheelevent-basic-actual.txt fail in WK2
        (Requested by alexchristensen on #webkit).

        Reverted changeset:

        "Wheel event callback removing the window causes crash in
        WebCore."
        https://bugs.webkit.org/show_bug.cgi?id=150871
        http://trac.webkit.org/changeset/196790

2016-02-18  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196791.
        https://bugs.webkit.org/show_bug.cgi?id=154438

        broke windows build (Requested by alexchristensen on #webkit).

        Reverted changeset:

        "Extend HashCountedSet with a method to efficiently set the
        count of an entry"
        https://bugs.webkit.org/show_bug.cgi?id=154352
        http://trac.webkit.org/changeset/196791

2016-02-18  Chris Dumez  <cdumez@apple.com>

        window.history / window.navigator should not be replaceable
        https://bugs.webkit.org/show_bug.cgi?id=154412

        Reviewed by Ryosuke Niwa.

        window.history / window.navigator should not be replaceable as per
        the latest HTML specification:
        https://html.spec.whatwg.org/multipage/browsers.html#the-window-object

        Firefox and Chrome already match the specification. This patch aligns
        our behavior.

        No new tests, already covered by existing tests.

        * page/DOMWindow.idl:

2016-02-18  Chris Dumez  <cdumez@apple.com>

        HTMLTableHeaderCellElement.scope should only return known values
        https://bugs.webkit.org/show_bug.cgi?id=154423
        <rdar://problem/24731018>

        Reviewed by Ryosuke Niwa.

        HTMLTableHeaderCellElement.scope should only return known values as per:
        - https://html.spec.whatwg.org/multipage/tables.html#dom-th-scope

        Known values are document here:
        - https://html.spec.whatwg.org/multipage/tables.html#attr-th-scope

        No new tests, already covered by existing test.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * html/HTMLElementsAllInOne.cpp:
        * html/HTMLTableHeaderCellElement.cpp: Copied from Source/WebCore/html/HTMLTableHeaderCellElement.h.
        (WebCore::HTMLTableHeaderCellElement::scope):
        (WebCore::HTMLTableHeaderCellElement::setScope):
        * html/HTMLTableHeaderCellElement.h:
        * html/HTMLTableHeaderCellElement.idl:

2016-02-18  Brent Fulgham  <bfulgham@apple.com>

        Extend HashCountedSet with a method to efficiently set the count of an entry
        https://bugs.webkit.org/show_bug.cgi?id=154352

        Reviewed by Geoffrey Garen.

        Tested by new TestWebKitAPI tests.

        * loader/ResourceLoadStatistics.cpp:
        (WebCore::decodeHashCountedSet): Update to use new HashCountedSet::add method.

2016-02-18  Simon Fraser  <simon.fraser@apple.com>

        Wheel event callback removing the window causes crash in WebCore.
        https://bugs.webkit.org/show_bug.cgi?id=150871

        Reviewed by Brent Fulgham.
        
        Null check the FrameView before using it, since the iframe may have been removed
        from its parent document inside the event handler.

        Test: fast/events/wheel-event-destroys-frame.html

        * page/mac/EventHandlerMac.mm:
        (WebCore::EventHandler::platformCompleteWheelEvent):

2016-02-18  Brady Eidson  <beidson@apple.com>

        Modern IDB: Fix IDBGetResult encoder/decoder.
        https://bugs.webkit.org/show_bug.cgi?id=154421

        Reviewed by Alex Christensen.

        No new tests, as Modern IDB is still disabled for WK2.
        
        But if you manually enable it, "Basic IndexedDB Seems To Work"

        * Modules/indexeddb/IDBGetResult.h:
        (WebCore::IDBGetResult::encode):
        (WebCore::IDBGetResult::decode):

2016-02-18  Myles C. Maxfield  <mmaxfield@apple.com>

        Addressing post-review comments after r196747.

        Unreviewed.

        * css/CSSFontFaceSet.h:
        * css/FontFaceSet.cpp:
        (WebCore::FontFaceSet::size):
        (WebCore::FontFaceSet::clear):
        * css/FontFaceSet.h:

2016-02-18  Zalan Bujtas  <zalan@apple.com>

        Soft hyphen is not shown when it is placed at the end of an inline element
        https://bugs.webkit.org/show_bug.cgi?id=153980

        Reviewed by David Hyatt.

        This patch handles the case when the character at the breaking position does not fit the
        line and soft-hyphen, as the first breaking opportunity, is followed by this overflowing character.
        (foo&shy;bar where b overflows the line).
        In such cases we don't yet have an item in the breaking history so we need to take a look at
        the current context instead.    

        Test: fast/text/soft-hyphen-as-first-breaking-opportunity.html

        * rendering/line/BreakingContext.h:
        (WebCore::BreakingContext::InlineIteratorHistory::nextBreakablePosition):
        (WebCore::BreakingContext::handleText):

2016-02-18  Andreas Kling  <akling@apple.com>

        Fake memory pressure handler should log detailed memory breakdown.
        <https://webkit.org/b/154415>

        Reviewed by Antti Koivisto.

        Piggyback on the RESOURCE_USAGE code to implement some detailed memory footprint diffing
        and have the fake memory handler dump before/after/diff after it runs.

        * page/ResourceUsageThread.h:
        (WebCore::TagInfo::TagInfo):
        * page/cocoa/ResourceUsageThreadCocoa.mm:
        (WebCore::logFootprintComparison):
        (WebCore::displayNameForVMTag):
        (WebCore::pagesPerVMTag):
        (WebCore::TagInfo::TagInfo): Deleted.
        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::install):

2016-02-18  Brady Eidson  <beidson@apple.com>

        Modern IDB: Implement server->client operations in WK2.
        https://bugs.webkit.org/show_bug.cgi?id=154411

        Reviewed by Alex Christensen.

        No change in behavior yet; Just laying the groundwork.
    
        * Modules/indexeddb/client/IDBConnectionToServer.h:
        * Modules/indexeddb/server/IDBServer.h:
        * Modules/indexeddb/shared/IDBTransactionInfo.h:
        (WebCore::IDBTransactionInfo::encode):
        (WebCore::IDBTransactionInfo::decode):

2016-02-18  Csaba Osztrogonác  <ossy@webkit.org>

        Fix unused-const-variable warning on non Cocoa platforms
        https://bugs.webkit.org/show_bug.cgi?id=154394

        Reviewed by Michael Catanzaro.

        * html/HTMLPlugInImageElement.cpp:

2016-02-18  Brady Eidson  <beidson@apple.com>

        Modern IDB: Implement client->server operations in WK2.
        https://bugs.webkit.org/show_bug.cgi?id=154400

        Reviewed by Alex Christensen.

        No change in behavior yet; Just laying the groundwork.

        * Modules/indexeddb/server/IDBServer.h:
        * Modules/indexeddb/server/UniqueIDBDatabase.h:
        * Modules/indexeddb/shared/IDBIndexInfo.h:
        * Modules/indexeddb/shared/IDBObjectStoreInfo.h:

2016-02-18  Chris Dumez  <cdumez@apple.com>

        [Unforgeable] operations should not be writable as per Web IDL
        https://bugs.webkit.org/show_bug.cgi?id=154396
        <rdar://problem/24721063>

        Reviewed by Ryosuke Niwa.

        [Unforgeable] operations should not be writable as per the Web IDL specification:
        http://heycam.github.io/webidl/#es-operations

        They were currently non-configurable in WebKit but still writable.

        No new tests, already covered by existing test.

        * bindings/scripts/CodeGeneratorJS.pm:
        Mark [Unforgeable] operations as ReadOnly.

        * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
        * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        * bindings/scripts/test/ObjC/DOMTestObj.h:
        * bindings/scripts/test/ObjC/DOMTestObj.mm:
        * bindings/scripts/test/TestObj.idl:
        Add bindings test coverage for [Unforgeable].

2016-02-18  Chris Dumez  <cdumez@apple.com>

        Fix behavior of reflecting unsigned long IDL attributes that are limited to only non-negative numbers greater than zero
        https://bugs.webkit.org/show_bug.cgi?id=154398

        Reviewed by Ryosuke Niwa.

        Fix behavior of reflecting unsigned long IDL attributes that are limited
        to only non-negative numbers greater than zero to comply with:
        - https://html.spec.whatwg.org/#limited-to-only-non-negative-numbers-greater-than-zero

        This patch updates the following IDL attributes:
        - colgroup.span
        - col.span
        - input.size
        - textarea.cols
        - textareal.rows

        All of them now:
        - Have "unsigned long" type on IDL size and "unsigned" type on native
          side.
        - On getting, return the value if it is in the range [1; 2147483647],
          otherwise return the default value.
        - On setting, set to the input value if it is in the range
          [1; 2147483647], otherwise, set to the default value.

        Note that as per the specification, we are supposed to throw an
        IndexSizeError exception when trying to set those attributes to zero.
        However, we instead use the default value to match other browsers.
        It would be risky to be the only browser to throw in this case.

        No new tests, already covered by existing test.

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::parseAttribute):
        (WebCore::HTMLInputElement::setSize):
        * html/HTMLTableColElement.cpp:
        (WebCore::HTMLTableColElement::parseAttribute):
        (WebCore::HTMLTableColElement::setSpan):
        * html/HTMLTableColElement.h:
        * html/HTMLTableColElement.idl:
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::parseAttribute):
        (WebCore::HTMLTextAreaElement::setCols):
        (WebCore::HTMLTextAreaElement::setRows):
        (WebCore::HTMLTextAreaElement::shouldUseInputMethod): Deleted.
        * html/HTMLTextAreaElement.h:
        * html/HTMLTextAreaElement.idl:
        * html/parser/HTMLParserIdioms.h:
        (WebCore::limitToOnlyNonNegativeNumbersGreaterThanZero):

2016-02-18  David Kilzer  <ddkilzer@apple.com>

        Remove redundant ASSERT_WITH_MESSAGE_UNUSED() from SOFT_LINK_FRAMEWORK_FOR_SOURCE() macro

        Follow-up fix noted by Andy Estes for:

            [Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
            <http://webkit.org/b/154364>

        * platform/mac/SoftLinking.h:
        (SOFT_LINK_FRAMEWORK_FOR_SOURCE): Remove redundant
        ASSERT_WITH_MESSAGE_UNUSED().

2016-02-18  Andreas Kling  <akling@apple.com>

        Reduce tiling coverage immediately when memory pressure hits.
        <https://webkit.org/b/154374>

        Reviewed by Simon Fraser.

        We already had a policy that reduced tiling coverage to a minimum while the system
        is under memory pressure. However, that policy wouldn't kick in immediately after
        receiving the pressure notification, but the next time we flush compositing state.

        This change makes it happen sooner, improving our chances to escape death!

        * page/Page.h:
        * page/Page.cpp:
        (WebCore::Page::forEachPage):

            Add a little helper for visiting every Page.

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseCriticalMemory):

            When under critical memory pressure, schedule a compositing flush in all Pages.
            This ensures that the reduced tiling coverage policy takes effect, allowing us to
            immediately drop several tiles in each visible web view.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::install):

            To ensure that this behavior is testable with the fake memory pressure notification,
            make the fake handler set the "in memory pressure" state just like the real one would.
            I don't know why we were not doing this previously, it was just an oversight.
            After the simulation completes, it schedules a runloop callback that resets the
            "in memory pressure" state.

2016-02-17  Myles C. Maxfield  <mmaxfield@apple.com>

        [Font Loading] Implement FontFaceSet
        https://bugs.webkit.org/show_bug.cgi?id=153348

        Reviewed by Simon Fraser.

        The CSS Font Loading spec includes a FontFaceSet object which represents
        a collection of FontFaces. This patch implements such an object, and
        backs it with a vector of FontFaces. Similarly to the FontFace object,
        FontFaceSet is separated into a FontFaceSet frontend object and a
        CSSFontFaceSet backend object, which actually owns the FontFace objects.
        All the interaction with Promises is performed in the frontend object.

        This patch does not implement the EventTarget part of the FontFaceSet
        API, so the only way to know when a font is finished loading is by using
        the associated Promise objects.

        The CSS Font Loading spec describes how the Document should vend an
        instance of FontFaceSet which represents the font faces currently
        associated with the Document. However, that functionality is
        forthcoming. Currently, the only way to get a FontFaceSet is to create
        one yourself (using the constructor). Therefore, this patch does not
        implement the spec's notion of a "CSS-connected font face."

        Test: fast/text/font-face-set-javascript.html

        * CMakeLists.txt: Add new files.
        * DerivedSources.make: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * bindings/js/JSFontFaceSetCustom.cpp: Added.
        (WebCore::JSFontFaceSet::ready): Use the Promise member.
        (WebCore::JSFontFaceSet::entries): Use existing iterator code.
        (WebCore::JSFontFaceSet::keys):
        (WebCore::JSFontFaceSet::values):
        * css/CSSAllInOne.cpp: Add new files.
        * css/CSSFontFace.cpp: We now have a collection of clients (instead of
        just one). Also, we need to keep a pointer to our FontFace wrapper.
        (WebCore::CSSFontFace::CSSFontFace):
        (WebCore::CSSFontFace::addClient):
        (WebCore::CSSFontFace::removeClient):
        (WebCore::CSSFontFace::setStatus): Rename the delegate callback to be
        more clear.
        (WebCore::CSSFontFace::fontLoaded):
        (WebCore::CSSFontFace::addedToSegmentedFontFace): Deleted.
        (WebCore::CSSFontFace::removedFromSegmentedFontFace): Deleted.
        * css/CSSFontFace.h: Same as above.
        (WebCore::CSSFontFace::create):
        (WebCore::CSSFontFace::Client::~Client):
        (WebCore::CSSFontFace::Client::kick):
        (WebCore::CSSFontFace::Client::stateChanged):
        (WebCore::CSSFontFace::wrapper):
        (WebCore::CSSFontFaceClient::~CSSFontFaceClient): Deleted.
        * css/CSSFontFaceSet.cpp: Added. Initial imlementation.
        (WebCore::CSSFontFaceSet::CSSFontFaceSet):
        (WebCore::CSSFontFaceSet::~CSSFontFaceSet):
        (WebCore::CSSFontFaceSet::incrementActiveCount):
        (WebCore::CSSFontFaceSet::decrementActiveCount):
        (WebCore::CSSFontFaceSet::has):
        (WebCore::CSSFontFaceSet::add):
        (WebCore::CSSFontFaceSet::remove):
        (WebCore::extractFamilies):
        (WebCore::familiesIntersect): Because this is an initial imlementation,
        this function is not optimized. A subsequent patch (which implements
        Document.fonts) will optimize this.
        (WebCore::CSSFontFaceSet::matchingFaces):
        (WebCore::CSSFontFaceSet::load):
        (WebCore::CSSFontFaceSet::check):
        (WebCore::CSSFontFaceSet::stateChanged):
        * css/CSSFontFaceSet.h: Added.
        (WebCore::CSSFontFaceSetClient::~CSSFontFaceSetClient):
        (WebCore::CSSFontFaceSet::size):
        (WebCore::CSSFontFaceSet::operator[]):
        (WebCore::CSSFontFaceSet::status):
        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::familyNameFromPrimitive):
        (WebCore::CSSFontSelector::registerLocalFontFacesForFamily):
        (WebCore::CSSFontSelector::addFontFaceRule):
        (WebCore::familyNameFromPrimitive): Deleted.
        (WebCore::CSSFontSelector::kick): Deleted.
        * css/CSSFontSelector.h:
        * css/CSSSegmentedFontFace.cpp:
        (WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace):
        (WebCore::CSSSegmentedFontFace::appendFontFace):
        (WebCore::CSSSegmentedFontFace::kick):
        (WebCore::CSSSegmentedFontFace::fontLoaded): Deleted.
        * css/CSSSegmentedFontFace.h:
        * css/FontFace.cpp:
        (WebCore::FontFace::FontFace):
        (WebCore::FontFace::~FontFace):
        (WebCore::FontFace::stateChanged): Renamed to make its purpose clearer.
        (WebCore::FontFace::kick): Deleted.
        * css/FontFace.h:
        * css/FontFaceSet.cpp: Added.
        (WebCore::createPromise):
        (WebCore::FontFaceSet::FontFaceSet):
        (WebCore::FontFaceSet::~FontFaceSet):
        (WebCore::FontFaceSet::Iterator::Iterator):
        (WebCore::FontFaceSet::Iterator::next):
        (WebCore::FontFaceSet::PendingPromise::PendingPromise):
        (WebCore::FontFaceSet::PendingPromise::~PendingPromise):
        (WebCore::FontFaceSet::has):
        (WebCore::FontFaceSet::size):
        (WebCore::FontFaceSet::add):
        (WebCore::FontFaceSet::remove):
        (WebCore::FontFaceSet::clear):
        (WebCore::FontFaceSet::load): Most of the complexity of loading is
        due to the promises involved. Rather than use the Javascript function
        Promise.all(), this patch builds a data structure to represent the
        promises which need to be resolved. When fonts finish loading, we look
        at the data structure to determine which promises to resolve.
        (WebCore::FontFaceSet::check):
        (WebCore::FontFaceSet::status):
        (WebCore::FontFaceSet::canSuspendForDocumentSuspension):
        (WebCore::FontFaceSet::startedLoading):
        (WebCore::FontFaceSet::completedLoading):
        (WebCore::FontFaceSet::fulfillPromise): Keep the promise alive.
        (WebCore::FontFaceSet::faceFinished):
        * css/FontFaceSet.h: Added.
        (WebCore::FontFaceSet::create):
        (WebCore::FontFaceSet::load):
        (WebCore::FontFaceSet::check):
        (WebCore::FontFaceSet::createIterator):
        (WebCore::FontFaceSet::PendingPromise::create):
        * css/FontFaceSet.idl: Added.
        * dom/EventNames.h:
        * dom/EventTargetFactory.in:

2016-02-17  Mark Lam  <mark.lam@apple.com>

        Callers of JSString::value() should check for exceptions thereafter.
        https://bugs.webkit.org/show_bug.cgi?id=154346

        Reviewed by Geoffrey Garen.

        No new tests.  The crash that results from this issue is dependent on a race
        condition where an OutOfMemory error occurs precisely at the point where the
        JSString::value() function is called on a rope JSString.

        * bindings/js/JSHTMLAllCollectionCustom.cpp:
        (WebCore::callHTMLAllCollection):
        * bindings/js/JSStorageCustom.cpp:
        (WebCore::JSStorage::putDelegate):
        - Added a comment at the site of the exception check to clarify the meaning of
          the return value.

2016-02-17  David Kilzer  <ddkilzer@apple.com>

        [Cocoa] Always check the return value of dlopen() and dlsym() in Release builds
        <http://webkit.org/b/154364>

        Reviewed by Alexey Proskuryakov.

        * platform/mac/SoftLinking.h:
        (SOFT_LINK_LIBRARY): Change ASSERT_WITH_MESSAGE() to
        RELEASE_ASSERT_WITH_MESSAGE().
        (SOFT_LINK_FRAMEWORK): Ditto.
        (SOFT_LINK_PRIVATE_FRAMEWORK): Ditto.
        (SOFT_LINK_STAGED_FRAMEWORK): Ditto.
        (SOFT_LINK_FRAMEWORK_IN_UMBRELLA): Ditto.
        (SOFT_LINK): Ditto.
        (SOFT_LINK_POINTER): Ditto.
        (SOFT_LINK_CONSTANT): Ditto.
        (SOFT_LINK_FRAMEWORK_FOR_SOURCE): Add
        RELEASE_ASSERT_WITH_MESSAGE() when soft-link is not
        optional.

2016-02-17  Chris Dumez  <cdumez@apple.com>

        Regression(r196648): http://w3c-test.org/html/dom/interfaces.html redirects at the end of the test
        https://bugs.webkit.org/show_bug.cgi?id=154357

        Reviewed by Alexey Proskuryakov.

        Make location.assign() / location.replace()'s parameter mandatory,
        as per the specification:
        https://html.spec.whatwg.org/multipage/browsers.html#the-location-interface

        Previously, calling location.assign() / location.replace() without
        parameter would be identical to calling location.assign("undefined") /
        location.replace("undefined"), which is not useful.

        After r196648, http://w3c-test.org/html/dom/interfaces.html was able to
        test location.assign() / location.replace() further because they are now
        on the instance (where they should be) instead of the prototype. One of
        these tests calls these functions without parameter, expecting them to
        throw an exception. However, in WebKit, it would not throw and it would
        redirect us to http://w3c-test.org/html/dom/undefined.

        Firefox and Chrome both follow the specification already and throw in
        this case.

        No new tests, already covered by existing test.

        * page/Location.idl:
        Make location.assign() / location.replace()'s parameter mandatory,
        as per the specification.

2016-02-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196738.
        https://bugs.webkit.org/show_bug.cgi?id=154380

        broke css3/calc/transforms-translate.html (Requested by
        alexchristensen on #webkit).

        Reverted changeset:

        "WebKitCSSMatrix transformList with calculated relative length
        crashes Safari."
        https://bugs.webkit.org/show_bug.cgi?id=153333
        http://trac.webkit.org/changeset/196738

2016-02-17  Dean Jackson  <dino@apple.com>

        WebKitCSSMatrix transformList with calculated relative length crashes Safari.
        https://bugs.webkit.org/show_bug.cgi?id=153333
        <rdar://problem/17198383>

        Reviewed by Simon Fraser.

        WebKitCSSMatrix objects should fail to construct when not
        using absolute lengths.

        Updated existing tests:
        - transforms/cssmatrix-2d-interface.xhtml
        - transforms/cssmatrix-3d-interface.xhtml

        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertTransform): Tell transformsForValue
        that we don't require absolute lengths.
        * css/TransformFunctions.cpp:
        (WebCore::convertToFloatLength): Add an optional parameter that will
        cause the conversion to fail if the primitive value has a non-absolute
        length.
        (WebCore::transformsForValue): Pass the parameter for requiring an
        absolute length on to convertToFloatLength when necessary.
        * css/TransformFunctions.h:
        * css/WebKitCSSMatrix.cpp:
        (WebCore::WebKitCSSMatrix::setMatrixValue): In this case we do
        require all transform strings to have absolute lengths, not ones
        that depend on the font size or are calculated.

2016-02-17  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196712.
        https://bugs.webkit.org/show_bug.cgi?id=154371

        This change caused 5 API test failures on ios-simulator
        (Requested by ryanhaddad on #webkit).

        Reverted changeset:

        "[iOS] Purge GraphicsServices font cache on memory warning."
        https://bugs.webkit.org/show_bug.cgi?id=154343
        http://trac.webkit.org/changeset/196712

2016-02-17  Brady Eidson  <beidson@apple.com>

        Modern IDB: More Encoder/Decoder/Messaging scaffolding for WK2 IPC.
        https://bugs.webkit.org/show_bug.cgi?id=154356

        Reviewed by Alex Christensen.

        No change in behavior yet; Just laying the groundwork.

        * Modules/indexeddb/shared/IDBDatabaseInfo.h:
        (WebCore::IDBDatabaseInfo::encode):
        (WebCore::IDBDatabaseInfo::decode):

        * Modules/indexeddb/shared/IDBError.h:
        (WebCore::IDBError::encode):
        (WebCore::IDBError::decode):

        * Modules/indexeddb/shared/IDBRequestData.h:
        (WebCore::IDBRequestData::decode):

        * Modules/indexeddb/shared/IDBResultData.h:
        (WebCore::IDBResultData::encode):
        (WebCore::IDBResultData::decode):

2016-02-17  Saam barati  <sbarati@apple.com>

        Implement Proxy [[Get]]
        https://bugs.webkit.org/show_bug.cgi?id=154081

        Reviewed by Michael Saboff.

        Tests are in JavaScriptCore.

        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
        (WebCore::getProperty):
        (WebCore::getHashAlgorithm):
        * bindings/js/JSCryptoKeySerializationJWK.cpp:
        (WebCore::getJSArrayFromJSON):
        (WebCore::getStringFromJSON):
        (WebCore::getBooleanFromJSON):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::DialogHandler::returnValue):
        * bindings/js/JSDictionary.cpp:
        (WebCore::JSDictionary::tryGetProperty):
        * bindings/js/JSStorageCustom.cpp:
        (WebCore::JSStorage::deleteProperty):
        (WebCore::JSStorage::deletePropertyByIndex):
        (WebCore::JSStorage::putDelegate):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::getProperty):
        * testing/Internals.cpp:
        (WebCore::Internals::isReadableStreamDisturbed):

2016-02-17  Simon Fraser  <simon.fraser@apple.com>

        PDFPlugin's scrollableArea container is not properly unregistered when page is going into the PageCache
        https://bugs.webkit.org/show_bug.cgi?id=148182

        Reviewed by Brent Fulgham.

        When handling Command-arrow key while showing a scrollable PDF, the timing of PDFPlugin
        teardown and navigation could result in PDFPlugin::destroy() getting the wrong FrameView,
        so the old FrameView was left with a stale pointer in its scrollableAreaSet.

        Fix this by adding an explicit willDetatchRenderer() which is called on the plugin
        before the Frame gets a new FrameView.

        Also narrow the scope of the RefPtr<Widget> in HTMLPlugInElement::defaultEventHandler()
        so that the Widget is not kept alive over a possible navigation.

        I was unable to make an automated test, because reproducing the bug requires handling
        a Command-arrow key event in a way that the last ref to a Widget is held over the event
        handling, and this wasn't possible in an iframe.

        * html/HTMLPlugInElement.cpp:
        (WebCore::HTMLPlugInElement::defaultEventHandler):
        * html/HTMLPlugInImageElement.cpp:
        (WebCore::HTMLPlugInImageElement::willDetachRenderers):
        * plugins/PluginViewBase.h:
        (WebCore::PluginViewBase::willDetatchRenderer):
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::detachRenderTree): Drive-by nullptr.

2016-02-17  Brady Eidson  <beidson@apple.com>

        Modern IDB: Encoder/Decoder/Messaging scaffolding for WK2 IPC.
        https://bugs.webkit.org/show_bug.cgi?id=154351

        Reviewed by Alex Christensen.

        No change in behavior yet; Just laying the groundwork.

        * Modules/indexeddb/IDBDatabaseIdentifier.h:
        (WebCore::IDBDatabaseIdentifier::encode):
        (WebCore::IDBDatabaseIdentifier::decode):
        
        * Modules/indexeddb/shared/IDBCursorInfo.h:
        (WebCore::IDBCursorInfo::encode):
        (WebCore::IDBCursorInfo::decode):
        
        * Modules/indexeddb/shared/IDBIndexInfo.h:
        (WebCore::IDBIndexInfo::encode):
        (WebCore::IDBIndexInfo::decode):
        
        * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
        (WebCore::IDBObjectStoreInfo::encode):
        (WebCore::IDBObjectStoreInfo::decode):
        
        * Modules/indexeddb/shared/IDBRequestData.h:
        (WebCore::IDBRequestData::encode):
        (WebCore::IDBRequestData::decode):
        
        * Modules/indexeddb/shared/IDBResourceIdentifier.h:
        (WebCore::IDBResourceIdentifier::encode):
        (WebCore::IDBResourceIdentifier::decode):
        
        * Modules/indexeddb/shared/IDBTransactionInfo.h:
        (WebCore::IDBTransactionInfo::encode):
        (WebCore::IDBTransactionInfo::decode):

2016-02-17  Andreas Kling  <akling@apple.com>

        [iOS] Purge GraphicsServices font cache on memory warning.
        <https://webkit.org/b/154343>

        Reviewed by Antti Koivisto.

        The GS font cache was holding on to the last retain on CSS fonts after they stop being used.
        Call SPI to purge it on memory pressure.

        * platform/cocoa/MemoryPressureHandlerCocoa.mm:
        (WebCore::MemoryPressureHandler::platformReleaseMemory):
        * platform/spi/ios/GraphicsServicesSPI.h:

2016-02-17  Chris Dumez  <cdumez@apple.com>

        Regression(r196648): window.showModalDialog is no longer undefined if the client does not allow showing modal dialog
        https://bugs.webkit.org/show_bug.cgi?id=154330

        Reviewed by Gavin Barraclough.

        window.showModalDialog is no longer undefined if the client does not
        allow showing modal dialog after r196648. This patch fixes the issue
        and add test coverage for this.

        Test: fast/dom/Window/forbid-showModalDialog.html

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        - Move the DOMWindow::canShowModalDialog() check *before* checking
          for static properties as showModalDialog is now in the static
          property table after r196648.
        - Add check for Base::getOwnPropertySlot() first to support overriding
          window.showModalDialog (This behavior matches Firefox).
        - Return false if DOMWindow::canShowModalDialog() returns false as this
          seems cleaner than claiming that the property is there but undefined.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::canShowModalDialogNow): Deleted.
        This was indentical to canShowModalDialog().

        (WebCore::DOMWindow::canShowModalDialog):
        (WebCore::DOMWindow::setCanShowModalDialogOverride):
        (WebCore::DOMWindow::showModalDialog):
        * page/DOMWindow.h:
        * testing/Internals.cpp:
        (WebCore::Internals::setCanShowModalDialogOverride):
        * testing/Internals.h:
        * testing/Internals.idl:
        Add support for overriding the ChromeClient's canShowModalDialog
        decision and hook it up to Internals to add layout test coverage.

2016-02-17  Brady Eidson  <beidson@apple.com>

        Modern IDB: More WK2 IPC Scaffolding.
        https://bugs.webkit.org/show_bug.cgi?id=154317

        Reviewed by Alex Christensen.

        No change in behavior yet; Just laying the groundwork.

        * Modules/indexeddb/shared/IDBCursorInfo.cpp:
        (WebCore::IDBCursorInfo::IDBCursorInfo):
        * Modules/indexeddb/shared/IDBCursorInfo.h:
        (WebCore::IDBCursorInfo::decode):
        * Modules/indexeddb/shared/IDBError.h:
        (WebCore::IDBError::decode):
        * Modules/indexeddb/shared/IDBIndexInfo.h:
        (WebCore::IDBIndexInfo::decode):
        * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
        (WebCore::IDBObjectStoreInfo::decode):
        * Modules/indexeddb/shared/IDBRequestData.cpp:
        (WebCore::IDBRequestData::IDBRequestData):
        * Modules/indexeddb/shared/IDBRequestData.h:
        (WebCore::IDBRequestData::decode):
        * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
        (WebCore::IDBResourceIdentifier::IDBResourceIdentifier):
        * Modules/indexeddb/shared/IDBResourceIdentifier.h:
        (WebCore::IDBResourceIdentifier::decode):
        * Modules/indexeddb/shared/IDBResultData.cpp:
        (WebCore::IDBResultData::IDBResultData):
        * Modules/indexeddb/shared/IDBResultData.h:
        (WebCore::IDBResultData::decode):
        * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
        (WebCore::IDBTransactionInfo::IDBTransactionInfo):
        * Modules/indexeddb/shared/IDBTransactionInfo.h:
        (WebCore::IDBTransactionInfo::decode):
        * WebCore.xcodeproj/project.pbxproj:

2016-02-17  Eric Carlson  <eric.carlson@apple.com>

        [Win] Allow ports to disable automatic text track selection
        https://bugs.webkit.org/show_bug.cgi?id=154322
        <rdar://problem/24623986>

        Reviewed by Brent Fulgham.

        * page/CaptionUserPreferencesMediaAF.cpp:
        (MTEnableCaption2015BehaviorPtr): Implement for Windows.

2016-02-17  Gavin Barraclough  <barraclough@apple.com>

        JSDOMWindow::put should not do the same thing twice
        https://bugs.webkit.org/show_bug.cgi?id=154334

        Reviewed by Chris Dumez.

        It either calls JSGlobalObject::put or Base::put. Hint: these are basically the same thing.
        In the latter case it might call lookupPut. That's redundant; JSObject::put handles static
        table entries.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::put):
            - just call Base::put.
        (WebCore::JSDOMWindow::putByIndex):
            - just call Base::putByIndex.

2016-02-17  Nan Wang  <n_wang@apple.com>

        AX: Implement sentence related text marker functions using TextIterator
        https://bugs.webkit.org/show_bug.cgi?id=154312

        Reviewed by Chris Fleizach.

        Using CharacterOffset to implement sentence related text marker calls. Reused
        logic from VisibleUnits class. Also fixed an issue where paragraph navigation
        should skip preceding and following BR nodes.

        Test: accessibility/mac/text-marker-sentence-nav.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::resetNodeAndOffsetForReplacedNode):
        (WebCore::setRangeStartOrEndWithCharacterOffset):
        (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
        (WebCore::AXObjectCache::previousCharacterOffset):
        (WebCore::AXObjectCache::startCharacterOffsetOfWord):
        (WebCore::AXObjectCache::endCharacterOffsetOfWord):
        (WebCore::AXObjectCache::previousWordStartCharacterOffset):
        (WebCore::AXObjectCache::leftWordRange):
        (WebCore::AXObjectCache::rightWordRange):
        (WebCore::AXObjectCache::characterBefore):
        (WebCore::characterOffsetNodeIsBR):
        (WebCore::parentEditingBoundary):
        (WebCore::AXObjectCache::nextBoundary):
        (WebCore::AXObjectCache::previousBoundary):
        (WebCore::AXObjectCache::paragraphForCharacterOffset):
        (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
        (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
        (WebCore::AXObjectCache::startCharacterOffsetOfSentence):
        (WebCore::AXObjectCache::endCharacterOffsetOfSentence):
        (WebCore::AXObjectCache::sentenceForCharacterOffset):
        (WebCore::AXObjectCache::nextSentenceEndCharacterOffset):
        (WebCore::AXObjectCache::previousSentenceStartCharacterOffset):
        (WebCore::AXObjectCache::rootAXEditableElement):
        (WebCore::startWordBoundary): Deleted.
        (WebCore::endWordBoundary): Deleted.
        (WebCore::AXObjectCache::nextWordBoundary): Deleted.
        (WebCore::AXObjectCache::previousWordBoundary): Deleted.
        * accessibility/AXObjectCache.h:
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
        * editing/VisibleUnits.cpp:
        (WebCore::startWordBoundary):
        (WebCore::startOfWord):
        (WebCore::endWordBoundary):
        (WebCore::startSentenceBoundary):
        (WebCore::startOfSentence):
        (WebCore::endSentenceBoundary):
        * editing/VisibleUnits.h:

2016-02-17  Manuel Rego Casasnovas  <rego@igalia.com>

        [css-grid] GridSpan refactoring
        https://bugs.webkit.org/show_bug.cgi?id=153868

        Reviewed by Sergio Villar Senin.

        Add new enum to know if a GridSpan is definite or indefinite.
        That way we don't need GridUnresolvedSpan class (which is removed).
        We can always have two GridSpans in GridCoordinate,
        if the position is "auto" the GridSpan will be marked as indefinite.
        This will allow in a follow-up patch to avoid repeated calls
        to methods that resolve positions.

        Most operations in GridSpan are restricted to definite GridSpans (access
        to positions, iterator, etc.). For indefinite GridSpans we only need to
        know that they're indefinite, we shouldn't use the rest of the data.

        No new tests, no change of behavior.

        * css/CSSGridTemplateAreasValue.cpp:
        (WebCore::stringForPosition):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseGridTemplateAreasRow):
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::createImplicitNamedGridLinesFromGridArea):
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::GridIterator::nextEmptyGridArea):
        (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
        (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
        (WebCore::RenderGrid::insertItemIntoGrid):
        (WebCore::RenderGrid::placeItemsOnGrid):
        (WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
        (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
        (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
        (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
        (WebCore::RenderGrid::gridAreaBreadthForChildIncludingAlignmentOffsets):
        (WebCore::RenderGrid::columnAxisOffsetForChild):
        (WebCore::RenderGrid::rowAxisOffsetForChild):
        (WebCore::RenderGrid::placeAutoMajorAxisItemsOnGrid): Deleted.
        (WebCore::RenderGrid::autoPlacementMinorAxisDirection): Deleted.
        (WebCore::RenderGrid::populateGridPositions): Deleted.
        * rendering/style/GridCoordinate.h:
        (WebCore::GridSpan::definiteGridSpan):
        (WebCore::GridSpan::indefiniteGridSpan):
        (WebCore::GridSpan::operator==):
        (WebCore::GridSpan::integerSpan):
        (WebCore::GridSpan::resolvedInitialPosition):
        (WebCore::GridSpan::resolvedFinalPosition):
        (WebCore::GridSpan::begin):
        (WebCore::GridSpan::end):
        (WebCore::GridSpan::isDefinite):
        (WebCore::GridSpan::GridSpan):
        (WebCore::GridCoordinate::GridCoordinate):
        * rendering/style/GridResolvedPosition.cpp:
        (WebCore::initialPositionSide):
        (WebCore::finalPositionSide):
        (WebCore::adjustGridPositionsFromStyle):
        (WebCore::resolveRowStartColumnStartNamedGridLinePositionAgainstOppositePosition):
        (WebCore::resolveRowEndColumnEndNamedGridLinePositionAgainstOppositePosition):
        (WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
        (WebCore::resolveGridPositionAgainstOppositePosition):
        (WebCore::GridResolvedPosition::resolveGridPositionsFromAutoPlacementPosition):
        (WebCore::GridResolvedPosition::resolveGridPositionsFromStyle):
        (WebCore::implicitNamedGridLineForSide): Deleted.
        (WebCore::GridResolvedPosition::isNonExistentNamedLineOrArea): Deleted.
        (WebCore::resolveNamedGridLinePositionFromStyle): Deleted.
        (WebCore::resolveGridPositionFromStyle): Deleted.
        * rendering/style/GridResolvedPosition.h:
        (WebCore::GridResolvedPosition::GridResolvedPosition): Deleted.
        (WebCore::GridResolvedPosition::operator*): Deleted.
        (WebCore::GridResolvedPosition::operator++): Deleted.
        (WebCore::GridResolvedPosition::operator==): Deleted.

2016-02-17  Chris Dumez  <cdumez@apple.com>

        Window should have its 'constructor' property on the prototype
        https://bugs.webkit.org/show_bug.cgi?id=154037
        <rdar://problem/24689078>

        Reviewed by Gavin Barraclough.

        Window should have its 'constructor' property on the prototype as per
        the Web IDL specification:
        http://heycam.github.io/webidl/#interface-prototype-object

        Firefox and Chrome already match the specification.

        No new tests, covered by:
        - fast/dom/Window/window-constructor-settable.html
        - fast/dom/Window/window-constructor.html
        - http/tests/security/cross-origin-window-property-access.html
        - imported/w3c/web-platform-tests/html/dom/interfaces.html

        * bindings/scripts/CodeGeneratorJS.pm:
        (ConstructorShouldBeOnInstance): Deleted.
        Drop this routine as all constructors are now on the prototype.

        (InstancePropertyCount):
        Do not account for constructor properties as these can only be
        on the prototype now.

        (PrototypePropertyCount):
        Increment the property count by 1 if the interface has a constructor
        property (e.g. [NoInterfaceObject] interfaces do not have one).

        (GeneratePropertiesHashTable):
        Stop calling ConstructorShouldBeOnInstance() as it no longer exists.
        Always generated the "constructor" property if:
        1. We are generating the prototype hash table.
        and
        2. The interface needs a constructor (i.e. not marked as
           [NoInterfaceObject]).

        (GenerateImplementation):
        - Drop code handling the case where ConstructorShouldBeOnInstance()
          returns true as constructors are not always on the prototype and
          the ConstructorShouldBeOnInstance() routine has been dropped.
        - Drop code handling [CustomProxyToJSObject]. Now that the constructor
          is always on the prototype, we never need to cast thisValue to a
          JSDOMWindow (by calling toJSDOMWindow). In the Window case, thisValue
          is now casted to a JSDOMWindowPrototype*, similarly to other interfaces
          so we don't need a special casting function anymore.
        - Stop generating security checks. This only impacts Window as it is the
          only interface marked as [CheckSecurity]. The cross-origin checking code
          as it was would not work when "constructor" is on the prototype because
          thisValue is a JSDOMWindowPrototype, not a JSDOMWindow and we have no
          way of getting the wrapped window. Also, the security check is no longer
          needed because:
          1. Accessing crossOriginWindow.constructor will not work now that
             constructor is on the prototype because
             JSDOMWindow::getOwnPropertySlot() already prevents access to the
             prototype in the cross-origin case.
          2. "constructor" is a value property, not a getter/setter. Therefore,
             it is no possible to use the getter/setter from a same origin window
             instance and call it on a cross origin window.

2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        Add a way to test ScrollAnimator
        https://bugs.webkit.org/show_bug.cgi?id=153479

        Reviewed by Michael Catanzaro.

        Tests: fast/scrolling/overlay-scrollbars-scroll-corner.html
               fast/scrolling/scroll-animator-basic-events.html
               fast/scrolling/scroll-animator-overlay-scrollbars-hovered.html
               fast/scrolling/scroll-animator-select-list-events.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * page/FrameView.cpp:
        (WebCore::FrameView::usesMockScrollAnimator):
        (WebCore::FrameView::logMockScrollAnimatorMessage):
        * page/FrameView.h:
        * page/Settings.cpp:
        (WebCore::Settings::setUsesMockScrollAnimator):
        (WebCore::Settings::usesMockScrollAnimator):
        * page/Settings.h:
        * platform/ScrollableArea.cpp:
        (WebCore::ScrollableArea::scrollAnimator):
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::usesMockScrollAnimator):
        (WebCore::ScrollableArea::logMockScrollAnimatorMessage):
        * platform/mock/ScrollAnimatorMock.cpp: Added.
        (WebCore::ScrollAnimatorMock::create):
        (WebCore::ScrollAnimatorMock::ScrollAnimatorMock):
        (WebCore::ScrollAnimatorMock::~ScrollAnimatorMock):
        (WebCore::ScrollAnimatorMock::didAddVerticalScrollbar):
        (WebCore::ScrollAnimatorMock::didAddHorizontalScrollbar):
        (WebCore::ScrollAnimatorMock::willRemoveVerticalScrollbar):
        (WebCore::ScrollAnimatorMock::willRemoveHorizontalScrollbar):
        (WebCore::ScrollAnimatorMock::mouseEnteredContentArea):
        (WebCore::ScrollAnimatorMock::mouseMovedInContentArea):
        (WebCore::ScrollAnimatorMock::mouseExitedContentArea):
        (WebCore::ScrollAnimatorMock::mouseEnteredScrollbar):
        (WebCore::ScrollAnimatorMock::mouseExitedScrollbar):
        (WebCore::ScrollAnimatorMock::mouseIsDownInScrollbar):
        * platform/mock/ScrollAnimatorMock.h: Added.
        * platform/mock/ScrollbarThemeMock.cpp:
        (WebCore::ScrollbarThemeMock::usesOverlayScrollbars):
        * platform/mock/ScrollbarThemeMock.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::usesMockScrollAnimator):
        (WebCore::RenderLayer::logMockScrollAnimatorMessage):
        * rendering/RenderLayer.h:
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::usesMockScrollAnimator):
        (WebCore::RenderListBox::logMockScrollAnimatorMessage):
        * rendering/RenderListBox.h:
        * testing/Internals.cpp:
        (WebCore::Internals::resetToConsistentState):
        (WebCore::Internals::setUsesMockScrollAnimator):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        Unreviewed. Enable overlay scrollbars in GTK+ after r196641.

        This was blocked by bug #153404, but the commit that introduced
        the regression was rolled out in r196641.

        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):

2016-02-16  Gavin Barraclough  <barraclough@apple.com>

        JSDOMWindow::getOwnPropertySlot should just call getStaticPropertySlot
        https://bugs.webkit.org/show_bug.cgi?id=154257

        Reviewed by Chris Dumez.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::getOwnPropertySlot):
            - JSDOMWindow::getOwnPropertySlot should just call getStaticPropertySlot

2016-02-16  Gavin Barraclough  <barraclough@apple.com>

        JSDOMWindow::getOwnPropertySlot should not search photo chain
        https://bugs.webkit.org/show_bug.cgi?id=154102

        Reviewed by Chris Dumez.

        Should only return *own* properties.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::jsDOMWindowGetOwnPropertySlotNamedItemGetter):

2016-02-16  Alex Christensen  <achristensen@webkit.org>

        CMake build fix.

        * PlatformMac.cmake:

2016-02-16  Chris Dumez  <cdumez@apple.com>

        Navigator.geolocation should not be marked a [Replaceable] and should be on the prototype
        https://bugs.webkit.org/show_bug.cgi?id=154304
        <rdar://problem/24685092>

        Reviewed by Gavin Barraclough.

        1. Drop the [Replaceable] IDL extended attribute for navigator.geolocation
           as this does not match other browsers or the specification:
           - https://dev.w3.org/geo/api/spec-source.html#geolocation_interface
        2. Move Navigator attributes to the prototype, where they should be as
           per the Web IDL specification.

        The previous behavior was meant as a workaround for a bug in the Amazon
        iOS app (rdar://problem/16332749). However, I have confirmed that the
        latest Amazon App no longer has any issue with those changes.

        Test: js/navigator-set-geolocation.html

        * Modules/geolocation/NavigatorGeolocation.idl:
        * bindings/scripts/CodeGeneratorJS.pm:
        (InterfaceRequiresAttributesOnInstanceForCompatibility): Deleted.

2016-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>

        REGRESSION(r196268): WTFCrashWithSecurityImplication on SVG path animation tests
        https://bugs.webkit.org/show_bug.cgi?id=154221

        Reviewed by Brent Fulgham.

        In r196268, a destructor was added to SVGListPropertyTearOff that notifies
        its wrapper (the SVGAnimatedListPropertyTearoff) about its deletion. This
        allows the wrapper to nullify any references to the wrapped content.
        
        We needed to do the same thing for SVGPathSegListPropertyTearOff. Both
        SVGPathSegListPropertyTearOff and SVGListPropertyTearOff inherit from
        SVGListProperty and both hold pointers to SVGAnimatedListPropertyTearOff
        which needs to be notified.
        
        Tests: exiting svg path animation tests should not crash.

        * svg/properties/SVGPathSegListPropertyTearOff.h:
        (WebCore::SVGPathSegListPropertyTearOff::~SVGPathSegListPropertyTearOff):

2016-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>

        REGRESSION (r190430): WTFCrashWithSecurityImplication in:void SVGRootInlineBox::layoutCharactersInTextBoxes()
        https://bugs.webkit.org/show_bug.cgi?id=154185

        Reviewed by Ryosuke Niwa.

        This is a regression caused by adding support for HTMLSlotElement. The
        crash happens when adding an HTMLSlotElement to anther element which should
        not have it as a child like SVGTextElement for example. In this case, we
        were creating a RenderText which should not be happen inside an SVG document.
        The RenderText::createTextBox() was creating InlineTextBox for the slot's
        text and attach it to the SVGRootInlineBox. In layoutCharactersInTextBoxes(),
        the assumption is the inline box is either SVGInlineTextBox or SVGInlineFlowBox.
        But since we have an InlineTextBox instead, the crash happens when casting
        the InlineTextBox to SVGInlineFlowBox.

        The fix is for createRenderTreeForSlotAssignees() to not create a renderer
        when the parent element should not have a renderer for the this element.
        This is the same thing we do for createRenderer() which handles the non
        HTMLSlotElement case and which is called also from createRenderTreeRecursively().
        
        Test: fast/shadow-dom/text-slot-child-crash.svg

        * style/StyleTreeResolver.cpp:
        (WebCore::Style::moveToFlowThreadIfNeeded):
        (WebCore::Style::TreeResolver::createRenderer): Delete the check for
        shouldCreateRenderer() and handling the case when resolvedStyle is null
        since these are handled by the caller createRenderTreeRecursively().
        
        (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
        Assert shouldCreateRenderer() is true for this element.
        
        (WebCore::Style::TreeResolver::createRenderTreeRecursively): Don't create
        the renderer if shouldCreateRenderer() returns false. Also handle the case
        when resolvedStyle is null and pass the new style to createRenderer().
        
        * style/StyleTreeResolver.h:

2016-02-16  Simon Fraser  <simon.fraser@apple.com>

        Every RenderLayer should not have to remove itself from the scrollableArea set
        https://bugs.webkit.org/show_bug.cgi?id=154311

        Reviewed by Zalan Bujtas.

        A subset of RenderLayers are are scrollable, and get registered on the FrameView,
        but we pay the cost of a hash lookup for removal on every RenderLayer, which is a waste.
        
        Store a bit that tells RenderLayer that it's in the set and needs to be removed.

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::~RenderLayer):
        (WebCore::RenderLayer::calculateClipRects):
        * rendering/RenderLayer.h:

2016-02-16  Daniel Bates  <dabates@apple.com>

        CSP: Update violation report 'Content-Type' header
        https://bugs.webkit.org/show_bug.cgi?id=153166
        <rdar://problem/24383327>

        Reviewed by Brent Fulgham.

        Inspired by Blink patch:
        <https://src.chromium.org/viewvc/blink?view=rev&revision=154215>

        Post the Content Security Policy violation report with Content-Type application/csp-report as
        per section Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.

        Currently we post CSP violation reports with Content-Type application/json.

        * html/parser/XSSAuditorDelegate.cpp:
        (WebCore::XSSAuditorDelegate::didBlockScript): Use report type ViolationReportType::XSSAuditor to PingLoader.
        * loader/PingLoader.cpp:
        (WebCore::PingLoader::sendViolationReport): Modified to take argument of type ViolationReportType
        to determine the appropriate Content-Type header to use for the report. For a XSS Auditor violation report
        we use Content-Type application/json. For a Content Security Policy violation report we use Content-Type
        application/csp-report. Additionally, pass a ASCIILiteral() to ResourceRequestBase::setHTTPMethod()
        as opposed to a constant string literal to avoid a copy of a constant string literal.
        * loader/PingLoader.h: Add enum class ViolationReportType.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::reportViolation): Use report type ViolationReportType::ContentSecurityPolicy.

2016-02-16  Alex Christensen  <achristensen@webkit.org>

        Add checks before redirecting with NetworkSession
        https://bugs.webkit.org/show_bug.cgi?id=154298

        Reviewed by Andy Estes.

        This fixes http/tests/security/cors-post-redirect-307.html and 
        http/tests/navigation/post-307-response.html when using NetworkSession.

        * platform/network/ResourceRequestBase.h:
        WEBCORE_EXPORT some functions newly used in WebKit2.

2016-02-16  Daniel Bates  <dabates@apple.com>

        CSP: Fix parsing of 'host/path' source expressions
        https://bugs.webkit.org/show_bug.cgi?id=153170
        <rdar://problem/24383407>

        Reviewed by Brent Fulgham.

        Merged from Blink (patch by Mike West):
        <https://src.chromium.org/viewvc/blink?revision=154875&view=revision>

        Fixes an issue where a source of the form example.com/A/ was incorrectly considered
        invalid and hence such a requested resource would be blocked. A source of this form
        is valid by the definition of host-source in section Source List Syntax of the Content
        Security Policy 2.0 spec., <http://www.w3.org/TR/2015/CR-CSP2-20150721/>.

        * page/csp/ContentSecurityPolicySourceList.cpp:
        (WebCore::ContentSecurityPolicySourceList::parseSource):

2016-02-16  Daniel Bates  <dabates@apple.com>

        CSP: Disallow an empty host in a host-source source expression
        https://bugs.webkit.org/show_bug.cgi?id=153168
        <rdar://problem/24383366>

        Reviewed by Brent Fulgham.

        Merged from Blink (patch by rob@robwu.nl):
        <https://src.chromium.org/viewvc/blink?revision=180407&view=revision>

        * page/csp/ContentSecurityPolicySourceList.cpp:
        (WebCore::ContentSecurityPolicySourceList::parseSource):

2016-02-16  Brady Eidson  <beidson@apple.com>

        Modern IDB: WK2 IPC Scaffolding.
        https://bugs.webkit.org/show_bug.cgi?id=154296

        Reviewed by Alex Christensen.
        
        No change in behavior yet; Just laying the groundwork.

        * Modules/indexeddb/client/IDBConnectionToServer.h:
        * Modules/indexeddb/server/IDBConnectionToClient.h:
        * Modules/indexeddb/shared/IDBResourceIdentifier.h:

2016-02-16  Chris Dumez  <cdumez@apple.com>

        [Web IDL] Operations should be on the instance for global objects or if [Unforgeable]
        https://bugs.webkit.org/show_bug.cgi?id=154120
        <rdar://problem/24613231>

        Reviewed by Gavin Barraclough.

        Operations should be on the instance for global objects or if
        [Unforgeable] as per the Web IDL specification:
        - http://heycam.github.io/webidl/#es-operations
        - http://heycam.github.io/webidl/#dfn-unforgeable-on-an-interface

        This patch implements this behavior in order to align
        with the specification and other browsers.

        No new tests, already covered by existing tests.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
        Update function names now that they have "Instance" in their
        name instead of "Prototype".

        (WebCore::JSDOMWindow::getOwnPropertySlot):
        - Update function names now that they have "Instance" in their
          name instead of "Prototype".
        - Move the functions hard-coding *before* the static table check
          now that these functions are in the static table to maintain
          the previous behavior.

        * bindings/js/JSLocationCustom.cpp:
        (WebCore::JSLocation::getOwnPropertySlotDelegate):
        Update function names now that they have "Instance" in their
        name instead of "Prototype".

        * bindings/scripts/CodeGeneratorJS.pm:
        - Move functions to the instance if their interface is a global
          object or if they are marked as [Unforgeable]. Operations are
          now treated more like attributes, as they can now be either on
          the instance or the prototype. In a lot of places, I now use
          the naming "properties" instead of "attributes" as "properties"
          refer both "attributes" and "operations" / "functions".

        * bindings/scripts/test/JS/JSTestInterface.cpp:
        * bindings/scripts/test/JS/JSTestObj.cpp:
        Rebaseline bindings tests.

2016-02-16  Simon Fraser  <simon.fraser@apple.com>

        Rollout r188659. This broke scrolling of iframes and overflow when
        navigating back to a page in the page cache.
        
        The fix was overly agressive and had no layout test. I will fix the original
        issue a different way.

        * history/CachedFrame.cpp:
        (WebCore::CachedFrame::CachedFrame):
        * page/FrameView.cpp:
        (WebCore::FrameView::clearScrollableAreas): Deleted.
        * page/FrameView.h:

2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] No hover-horizontal scrolling available
        https://bugs.webkit.org/show_bug.cgi?id=122859

        Reviewed by Michael Catanzaro.

        This is a regression of WebKit2, because in WebKit1 we used native
        widgets for frame scrollbars that handled this automatically. Now
        we need to also check if the mouse is over frame scrollbars to
        adjust the wheel event.

        Test: platform/gtk/scrollbars/main-frame-scrollbar-horizontal-wheel-scroll.html

        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleWheelEvent): Pass the adjusted wheel
        event to platformCompleteWheelEvent().
        * page/gtk/EventHandlerGtk.cpp:
        (WebCore::EventHandler::shouldTurnVerticalTicksIntoHorizontal):
        Check also frame scrollbars.

2016-02-16  Antti Koivisto  <antti@apple.com>

        Factor id mutation style invalidation code into a class
        https://bugs.webkit.org/show_bug.cgi?id=154287

        Reviewed by Andreas Kling.

        Also add a cheap basic optimization that avoids descendant invalidation if they can not be affected.

        It would be easy to implement fine grained invalidation like with classes and attribute selectors.
        However dynamic id changes are not common enough (nor recommended) to pay the memory cost of
        the required data structures.

        Test: fast/css/style-invalidation-id-change-descendants.html

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
        (WebCore::RuleFeatureSet::add):
        (WebCore::RuleFeatureSet::clear):
        * css/RuleFeature.h:
        * dom/Element.cpp:
        (WebCore::makeIdForStyleResolution):
        (WebCore::Element::attributeChanged):
        (WebCore::checkNeedsStyleInvalidationForIdChange): Deleted.
        * style/IdChangeInvalidation.cpp: Added.
        (WebCore::Style::IdChangeInvalidation::invalidateStyle):
        * style/IdChangeInvalidation.h: Added.
        (WebCore::Style::IdChangeInvalidation::IdChangeInvalidation):
        (WebCore::Style::IdChangeInvalidation::~IdChangeInvalidation):

2016-02-16  Andreas Kling  <akling@apple.com>

        Drop StyleResolver and SelectorQueryCache when entering PageCache.
        <https://webkit.org/b/154238>

        Reviewed by Antti Koivisto.

        Stop keeping these around for cached pages to save lots of memory.
        We can easily rebuild them if a cached navigation occurs, and this
        way we also don't need to worry about invalidating style for cached
        pages in all the right places.

        Restoring a cached page will now lead to a forced style recalc.
        We don't try to defer this (beyond a zero-timer) since it's going
        to happen anyway, and it's nicer to front-load the cost rather than
        stuttering on the first user content interaction.

        * dom/Document.cpp:
        (WebCore::Document::setInPageCache):
        * history/CachedPage.cpp:
        (WebCore::CachedPage::restore):
        (WebCore::CachedPage::clear): Deleted.
        * history/CachedPage.h:
        (WebCore::CachedPage::markForVisitedLinkStyleRecalc): Deleted.
        (WebCore::CachedPage::markForFullStyleRecalc): Deleted.
        * history/PageCache.cpp:
        (WebCore::PageCache::markPagesForVisitedLinkStyleRecalc): Deleted.
        (WebCore::PageCache::markPagesForFullStyleRecalc): Deleted.
        * history/PageCache.h:
        * page/Frame.cpp:
        (WebCore::Frame::setPageAndTextZoomFactors): Deleted.
        * page/Page.cpp:
        (WebCore::Page::setViewScaleFactor): Deleted.
        (WebCore::Page::setDeviceScaleFactor): Deleted.
        (WebCore::Page::setPagination): Deleted.
        (WebCore::Page::setPaginationLineGridEnabled): Deleted.
        (WebCore::Page::setVisitedLinkStore): Deleted.

2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] clicking on the scrollbar trough steps rather than jumps to the clicked position
        https://bugs.webkit.org/show_bug.cgi?id=115363

        Reviewed by Michael Catanzaro.

        Allow ScrollbarTheme to decide the behavior of a button press event,
        instead of only deciding whether to center on thumb or not. This
        way we can match the current GTK+ behavior in WebKit, without
        affecting other ports.

        * platform/ScrollTypes.h: Add ScrollbarButtonPressAction enum.
        * platform/Scrollbar.cpp:
        (WebCore::Scrollbar::mouseDown): Ask ScrollbarTheme to handle the
        event for the pressed part and do the requested action.
        * platform/ScrollbarTheme.cpp:
        (WebCore::ScrollbarTheme::handleMousePressEvent): Add default
        implementation. It's equivalent to the previous default implementation.
        * platform/ScrollbarTheme.h:
        * platform/gtk/ScrollbarThemeGtk.cpp:
        (WebCore::ScrollbarThemeGtk::handleMousePressEvent): Match current
        GTK+ behavior: left click centers on thumb and right click
        scrolls. Dragging the thumb works for left and middle buttons.
        * platform/gtk/ScrollbarThemeGtk.h:
        * platform/ios/ScrollbarThemeIOS.h: Remove shouldCenterOnThumb,
        and don't override handleMousePressEvent since iOS wants the
        default behavior.
        * platform/ios/ScrollbarThemeIOS.mm:
        * platform/mac/ScrollbarThemeMac.h: Override handleMousePressEvent
        and remove shouldCenterOnThumb.
        * platform/mac/ScrollbarThemeMac.mm:
        (WebCore::shouldCenterOnThumb): Same implementation just made it
        static to be used as helper.
        (WebCore::ScrollbarThemeMac::handleMousePressEvent): Return the
        desired action keeping the same behavior.
        * platform/win/ScrollbarThemeWin.cpp:
        (WebCore::ScrollbarThemeWin::handleMousePressEvent): Ditto.
        * platform/win/ScrollbarThemeWin.h:
        * rendering/RenderScrollbarTheme.h:

2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>

        Mouse cursor doesn't change when entering scrollbars
        https://bugs.webkit.org/show_bug.cgi?id=154243

        Reviewed by Simon Fraser.

        If the scrollbar is over or very close to text or a link, when
        entering the scrollbar the cursor is not changed, keeping the beam
        or hand cursor when using the scrollbar. Same happens for image
        documents where the magnifier cursor is used and it remains when
        entering the scrollbars. We should use pointer cursor always for
        scrollbars.

        * page/EventHandler.cpp:
        (WebCore::EventHandler::updateCursor): Request also to include
        frame scrollbars in hit test result.
        (WebCore::EventHandler::selectCursor): Use always pointer cursor
        for scrollbars.

2016-02-15  Antti Koivisto  <antti@apple.com>

        Optimize style invalidations for attribute selectors
        https://bugs.webkit.org/show_bug.cgi?id=154242

        Reviewed by Andreas Kling.

        Currently we invalidate the whole element subtree if there are any attribute selectors for the changed attribute.
        This is slow as generally few if any elements are really affected. Using attribute selectors for dynamic styling
        should be performant.

        This patch implements optimization strategy for attributes similar to what we already have for classes:

        - Collect a map of all rules that contains descendant-affecting attribute selectors for a given attribute.
        - When an attribute value changes check if there are any such rules for it.
        - Check if the value change affects the results of any of the attribute selectors.
        - Only if it does invalidate the exact descendant elements affected by the rules.

        Test: fast/css/style-invalidation-attribute-change-descendants.html

        * WebCore.xcodeproj/project.pbxproj:
        * css/DocumentRuleSets.cpp:
        (WebCore::DocumentRuleSets::ancestorClassRules):
        (WebCore::DocumentRuleSets::ancestorAttributeRulesForHTML):

            Create optimization RuleSets when needed.

        * css/DocumentRuleSets.h:
        (WebCore::DocumentRuleSets::uncommonAttribute):
        (WebCore::DocumentRuleSets::features):
        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
        (WebCore::makeAttributeSelectorKey):
        (WebCore::RuleFeatureSet::collectFeatures):

            Collect rules with descendant affecting attribute selectors.

        (WebCore::RuleFeatureSet::add):
        (WebCore::RuleFeatureSet::clear):
        (WebCore::RuleFeatureSet::shrinkToFit):
        * css/RuleFeature.h:
        * css/SelectorChecker.cpp:
        (WebCore::anyAttributeMatches):
        (WebCore::SelectorChecker::attributeSelectorMatches):

            Expose function for matching single attribute selectors.

        (WebCore::canMatchHoverOrActiveInQuirksMode):
        * css/SelectorChecker.h:
        * dom/Attr.cpp:
        (WebCore::Attr::setValue):
        (WebCore::Attr::childrenChanged):
        * dom/Element.cpp:
        (WebCore::Element::setAttributeInternal):
        (WebCore::makeIdForStyleResolution):
        (WebCore::Element::attributeChanged):
        (WebCore::Element::removeAttributeInternal):
        (WebCore::Element::addAttributeInternal):
        (WebCore::Element::removeAttribute):

            Add AttributeChangeInvalidation where needed.

        (WebCore::Element::needsStyleInvalidation):

            Move to Element from ClassChangeInvalidation.

        (WebCore::Element::willModifyAttribute):

            No more full style invalidation on attribute change.

        * style/AttributeChangeInvalidation.cpp: Added.
        (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):

            Invalidate local style.
            Check if we need to invalidate descendants by looking into ancestorAttributeRules.

        (WebCore::Style::AttributeChangeInvalidation::invalidateDescendants):

            Use StyleInvalidationAnalysis to invalidate the subtree for the relevant rules.

        * style/AttributeChangeInvalidation.h: Added.
        (WebCore::Style::AttributeChangeInvalidation::needsInvalidation):
        (WebCore::Style::AttributeChangeInvalidation::AttributeChangeInvalidation):
        (WebCore::Style::AttributeChangeInvalidation::~AttributeChangeInvalidation):

            If needed, invalidate descendants before and after attribute change to catch rules that start and stop applying.

2016-02-16  Chris Dumez  <cdumez@apple.com>

        Do security checks early in JSDOMWindow::put*()
        https://bugs.webkit.org/show_bug.cgi?id=154270

        Reviewed by Gavin Barraclough.

        Do security checks early in JSDOMWindow::put() / JSDOMWindow::putByIndex()
        and return as soon as possible. This makes it less error-prone as we need
        to do the security check only once, at the top of the function.

        Also lock down the security further by calling lookupPut() only if the
        property name is "location". The "location" property is the only one that
        can be set cross-origin. Previously, trying to set a property such as
        "name" (which cannot be set cross-origin) relied on the attribute setter
        doing the security check when getting called. The new check is less error
        prone and will correctly prevent overriding window's method cross-origin
        once these move down from the prototype (Bug 154120).

        Finally, the previous code was failing to set the "location" property
        cross-origin after the window has been reified. This patch fixes the
        issue by always calling the original "location" property setter from the
        static table in the cross-origin case.

        Test: http/tests/security/cross-origin-reified-window-location-setting.html

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::JSDOMWindow::put):
        (WebCore::JSDOMWindow::putByIndex):

2016-02-15  Brent Fulgham  <bfulgham@apple.com>

        [Mac] Gather some rudimentary statistics during resource load 
        https://bugs.webkit.org/show_bug.cgi?id=153575
        <rdar://problem/24075254>

        Reviewed by Brady Eidson.

        Tested by: http/tests/navigation/statistics.html

        * CMakeLists.txt:
        * PlatformWin.cmake:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::updateLastHandledUserGestureTimestamp): Log user interaction
        with the ResourceLoadObserver.
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::willSendRequest): Track load statistics if the
        user interacted with the document.
        * loader/ResourceLoadObserver.cpp: Added.
        * loader/ResourceLoadObserver.h: Added.
        * loader/ResourceLoadStatistics.cpp: Added.
        * loader/ResourceLoadStatistics.h: Added.
        * loader/SubresourceLoader.cpp:
        (WebCore::SubresourceLoader::willSendRequestInternal): Track load statistics.
        * page/Settings.cpp:
        (WebCore::Settings::setResourceLoadStatisticsEnabled): Added.
        * page/Settings.h:
        (WebCore::Settings::resourceLoadStatisticsEnabled): Added.
        * platform/Logging.h:
        * testing/Internals.cpp:
        (WebCore::Internals::resourceLoadStatisticsForOrigin):
        (WebCore::Internals::setResourceLoadStatisticsEnabled):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-02-15  Chris Dumez  <cdumez@apple.com>

        The following properties should exist on the global object: AudioTrackList, AudioTrack, VideoTrackList, VideoTrack
        https://bugs.webkit.org/show_bug.cgi?id=154250
        <rdar://problem/24660829>

        Reviewed by Eric Carlson.

        The following properties should exist on the global object:
        - AudioTrackList, AudioTrack, VideoTrackList, VideoTrack

        These interfaces are not marked as [NoInterfaceObject] in:
        - https://html.spec.whatwg.org/#audiotracklist-and-videotracklist-objects

        No new tests, already covered by existing tests.

        * html/track/AudioTrack.idl:
        * html/track/AudioTrackList.idl:
        * html/track/VideoTrack.idl:
        * html/track/VideoTrackList.idl:

2016-02-15  Sam Weinig  <sam@webkit.org>

        Stop using NSMapTable in places where we were only using it to be GC safe
        <rdar://problem/24063723>
        https://bugs.webkit.org/show_bug.cgi?id=154264

        Reviewed by Dan Bernstein.

        Switch from NSMapTable to HashMap.

        * WebCore.xcodeproj/project.pbxproj:
        * bindings/objc/DOMInternal.h:
        * bindings/objc/DOMInternal.mm:
        * bindings/objc/WebScriptObject.mm:
        * bridge/objc/objc_instance.mm:
        * platform/spi/cocoa/NSPointerFunctionsSPI.h: Removed. No longer used.

2016-02-15  Myles C. Maxfield  <mmaxfield@apple.com>

        [Font Loading] Implement FontFace JavaScript object
        https://bugs.webkit.org/show_bug.cgi?id=153345

        Reviewed by Antti Koivisto.

        Test: fast/text/font-face-javascript.html

        This patch implements the FontFace Javascript object. This object mostly consists of
        style getters / setters, which we implement by parsing input strings and generating
        output strings similarly to getComputedStyle(). This object also has a load() function
        which returns a promise which will be fulfilled or rejected depending on the load.
        There is also a "loaded" attribute which exposes this promise directly. Also, a status
        field is exposed so script knows what the state of the load is.

        Currently, loading depends on our CachedResourceLoader which is part of the Document,
        so this API is not available in a non-document context.

        Another caveat is that immediate-mode font loading (where the content provides an
        ArrayBuffer containing the bytes of the font file) is forthcoming. This requires
        changing the relationship between CSSFontFaceSource and CachedFont.

        CSSFontFace has been modified to keep a strong reference to the CSSFontSelector. This
        is because the lifetime of the CSSFontFace can now outlive the CSSFontSelector. When
        the CSSFontSelector is removed from the Document, it explicitly clears its constituent
        CSSFontFaces, thereby breaking the reference cycle.

        Test: fast/text/font-face-javascript-expected.html

        * CMakeLists.txt: Add new files.
        * DerivedSources.cpp: Ditto.
        * DerivedSources.make: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto.
        * bindings/js/JSDOMPromise.cpp:
        (WebCore::DeferredWrapper::globalObject): Remove whitespace.
        (WebCore::DeferredWrapper::deferred): Allow access to the inner JSC object.
        * bindings/js/JSDOMPromise.h:
        (WebCore::DOMPromise::deferred): Ditto.
        * bindings/js/JSFontFaceCustom.cpp: Copied from Source/WebCore/bindings/js/JSDOMPromise.cpp.
        (WebCore::JSFontFace::loaded):
        (WebCore::JSFontFace::load):
        * css/CSSFontFace.cpp:
        (WebCore::CSSFontFace::CSSFontFace): 
        (WebCore::CSSFontFace::adoptSource):
        (WebCore::CSSFontFace::updateStatus): Enforce the state machine's transitions.
        (WebCore::CSSFontFace::fontLoaded):
        (WebCore::CSSFontFace::pump):
        (WebCore::CSSFontFace::load):
        * css/CSSFontFace.h:
        (WebCore::CSSFontFaceClient::~CSSFontFaceClient):
        (WebCore::CSSFontFace::create):
        (WebCore::CSSFontFace::status):
        * css/CSSFontSelector.cpp:
        (WebCore::CSSFontSelector::appendSources): Update for new CSSFontFace API.
        (WebCore::CSSFontSelector::registerLocalFontFacesForFamily): Ditto.
        (WebCore::CSSFontSelector::addFontFaceRule): Ditto.
        (WebCore::CSSFontSelector::kick): Ditto.
        (WebCore::appendSources): Deleted.
        (WebCore::registerLocalFontFacesForFamily): Deleted.
        * css/CSSFontSelector.h:
        * css/CSSUnicodeRangeValue.cpp: Use for serializing the "unicodeRange" property.
        * css/FontFace.cpp:
        (WebCore::createPromise): Implement the remaining Javascript API functions.
        (WebCore::valueFromDictionary):
        (WebCore::FontFace::create):
        (WebCore::FontFace::FontFace):
        (WebCore::FontFace::parseString):
        (WebCore::FontFace::status):
        (WebCore::FontFace::kick):
        (WebCore::FontFace::load):
        (WebCore::FontFace::fulfillPromise):
        (WebCore::FontFace::rejectPromise):
        (WebCore::parseString): Deleted.
        * css/FontFace.h:
        (WebCore::FontFace::promise):
        (WebCore::FontFace::backing):
        (WebCore::FontFace::create): Deleted.
        * css/FontFace.idl: Copied from Source/WebCore/bindings/js/JSDOMPromise.cpp.

2016-02-15  Jer Noble  <jer.noble@apple.com>

        Null-deref crash in DefaultAudioDestinationNode::suspend()
        https://bugs.webkit.org/show_bug.cgi?id=154248

        Reviewed by Alex Christensen.

        Drive-by fix: AudioContext should be a reference, not a pointer.

        * Modules/webaudio/AnalyserNode.cpp:
        (WebCore::AnalyserNode::AnalyserNode):
        * Modules/webaudio/AnalyserNode.h:
        (WebCore::AnalyserNode::create):
        * Modules/webaudio/AudioBasicInspectorNode.cpp:
        (WebCore::AudioBasicInspectorNode::AudioBasicInspectorNode):
        (WebCore::AudioBasicInspectorNode::connect):
        (WebCore::AudioBasicInspectorNode::disconnect):
        (WebCore::AudioBasicInspectorNode::checkNumberOfChannelsForInput):
        (WebCore::AudioBasicInspectorNode::updatePullStatus):
        * Modules/webaudio/AudioBasicInspectorNode.h:
        * Modules/webaudio/AudioBasicProcessorNode.cpp:
        (WebCore::AudioBasicProcessorNode::AudioBasicProcessorNode):
        (WebCore::AudioBasicProcessorNode::checkNumberOfChannelsForInput):
        * Modules/webaudio/AudioBasicProcessorNode.h:
        * Modules/webaudio/AudioBufferSourceNode.cpp:
        (WebCore::AudioBufferSourceNode::create):
        (WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
        (WebCore::AudioBufferSourceNode::renderFromBuffer):
        (WebCore::AudioBufferSourceNode::setBuffer):
        (WebCore::AudioBufferSourceNode::startPlaying):
        (WebCore::AudioBufferSourceNode::looping):
        (WebCore::AudioBufferSourceNode::setLooping):
        * Modules/webaudio/AudioBufferSourceNode.h:
        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::AudioContext):
        (WebCore::AudioContext::createBufferSource):
        (WebCore::AudioContext::createMediaElementSource):
        (WebCore::AudioContext::createMediaStreamDestination):
        (WebCore::AudioContext::createScriptProcessor):
        (WebCore::AudioContext::createBiquadFilter):
        (WebCore::AudioContext::createWaveShaper):
        (WebCore::AudioContext::createPanner):
        (WebCore::AudioContext::createConvolver):
        (WebCore::AudioContext::createDynamicsCompressor):
        (WebCore::AudioContext::createAnalyser):
        (WebCore::AudioContext::createGain):
        (WebCore::AudioContext::createDelay):
        (WebCore::AudioContext::createChannelSplitter):
        (WebCore::AudioContext::createChannelMerger):
        (WebCore::AudioContext::createOscillator):
        * Modules/webaudio/AudioContext.h:
        (WebCore::operator==):
        (WebCore::operator!=):
        * Modules/webaudio/AudioDestinationNode.cpp:
        (WebCore::AudioDestinationNode::AudioDestinationNode):
        (WebCore::AudioDestinationNode::render):
        (WebCore::AudioDestinationNode::updateIsEffectivelyPlayingAudio):
        * Modules/webaudio/AudioDestinationNode.h:
        * Modules/webaudio/AudioNode.cpp:
        (WebCore::AudioNode::AudioNode):
        (WebCore::AudioNode::connect):
        (WebCore::AudioNode::disconnect):
        (WebCore::AudioNode::setChannelCount):
        (WebCore::AudioNode::setChannelCountMode):
        (WebCore::AudioNode::setChannelInterpretation):
        (WebCore::AudioNode::scriptExecutionContext):
        (WebCore::AudioNode::processIfNecessary):
        (WebCore::AudioNode::checkNumberOfChannelsForInput):
        (WebCore::AudioNode::propagatesSilence):
        (WebCore::AudioNode::pullInputs):
        (WebCore::AudioNode::enableOutputsIfNecessary):
        (WebCore::AudioNode::deref):
        (WebCore::AudioNode::finishDeref):
        * Modules/webaudio/AudioNode.h:
        (WebCore::AudioNode::context):
        * Modules/webaudio/AudioNodeInput.cpp:
        (WebCore::AudioNodeInput::connect):
        (WebCore::AudioNodeInput::disconnect):
        (WebCore::AudioNodeInput::disable):
        (WebCore::AudioNodeInput::enable):
        (WebCore::AudioNodeInput::updateInternalBus):
        (WebCore::AudioNodeInput::bus):
        (WebCore::AudioNodeInput::internalSummingBus):
        (WebCore::AudioNodeInput::sumAllConnections):
        (WebCore::AudioNodeInput::pull):
        * Modules/webaudio/AudioNodeOutput.cpp:
        (WebCore::AudioNodeOutput::setNumberOfChannels):
        (WebCore::AudioNodeOutput::updateNumberOfChannels):
        (WebCore::AudioNodeOutput::propagateChannelCount):
        (WebCore::AudioNodeOutput::pull):
        (WebCore::AudioNodeOutput::bus):
        (WebCore::AudioNodeOutput::fanOutCount):
        (WebCore::AudioNodeOutput::paramFanOutCount):
        (WebCore::AudioNodeOutput::addInput):
        (WebCore::AudioNodeOutput::removeInput):
        (WebCore::AudioNodeOutput::disconnectAllInputs):
        (WebCore::AudioNodeOutput::addParam):
        (WebCore::AudioNodeOutput::removeParam):
        (WebCore::AudioNodeOutput::disconnectAllParams):
        (WebCore::AudioNodeOutput::disable):
        (WebCore::AudioNodeOutput::enable):
        * Modules/webaudio/AudioNodeOutput.h:
        (WebCore::AudioNodeOutput::context):
        * Modules/webaudio/AudioParam.cpp:
        (WebCore::AudioParam::value):
        (WebCore::AudioParam::smooth):
        (WebCore::AudioParam::calculateSampleAccurateValues):
        (WebCore::AudioParam::calculateFinalValues):
        (WebCore::AudioParam::calculateTimelineValues):
        (WebCore::AudioParam::connect):
        (WebCore::AudioParam::disconnect):
        * Modules/webaudio/AudioParam.h:
        (WebCore::AudioParam::create):
        (WebCore::AudioParam::AudioParam):
        * Modules/webaudio/AudioParamTimeline.cpp:
        (WebCore::AudioParamTimeline::valueForContextTime):
        * Modules/webaudio/AudioParamTimeline.h:
        * Modules/webaudio/AudioScheduledSourceNode.cpp:
        (WebCore::AudioScheduledSourceNode::AudioScheduledSourceNode):
        (WebCore::AudioScheduledSourceNode::updateSchedulingInfo):
        (WebCore::AudioScheduledSourceNode::start):
        (WebCore::AudioScheduledSourceNode::finish):
        * Modules/webaudio/AudioScheduledSourceNode.h:
        * Modules/webaudio/AudioSummingJunction.cpp:
        (WebCore::AudioSummingJunction::AudioSummingJunction):
        (WebCore::AudioSummingJunction::~AudioSummingJunction):
        (WebCore::AudioSummingJunction::changedOutputs):
        (WebCore::AudioSummingJunction::updateRenderingState):
        * Modules/webaudio/AudioSummingJunction.h:
        (WebCore::AudioSummingJunction::context):
        * Modules/webaudio/BiquadFilterNode.cpp:
        (WebCore::BiquadFilterNode::BiquadFilterNode):
        * Modules/webaudio/BiquadFilterNode.h:
        (WebCore::BiquadFilterNode::create):
        * Modules/webaudio/BiquadProcessor.cpp:
        (WebCore::BiquadProcessor::BiquadProcessor):
        * Modules/webaudio/BiquadProcessor.h:
        * Modules/webaudio/ChannelMergerNode.cpp:
        (WebCore::ChannelMergerNode::create):
        (WebCore::ChannelMergerNode::ChannelMergerNode):
        (WebCore::ChannelMergerNode::checkNumberOfChannelsForInput):
        * Modules/webaudio/ChannelMergerNode.h:
        * Modules/webaudio/ChannelSplitterNode.cpp:
        (WebCore::ChannelSplitterNode::create):
        (WebCore::ChannelSplitterNode::ChannelSplitterNode):
        * Modules/webaudio/ChannelSplitterNode.h:
        * Modules/webaudio/ConvolverNode.cpp:
        (WebCore::ConvolverNode::ConvolverNode):
        (WebCore::ConvolverNode::setBuffer):
        * Modules/webaudio/ConvolverNode.h:
        (WebCore::ConvolverNode::create):
        * Modules/webaudio/DefaultAudioDestinationNode.cpp:
        (WebCore::DefaultAudioDestinationNode::DefaultAudioDestinationNode):
        (WebCore::DefaultAudioDestinationNode::resume):
        (WebCore::DefaultAudioDestinationNode::suspend):
        (WebCore::DefaultAudioDestinationNode::close):
        * Modules/webaudio/DefaultAudioDestinationNode.h:
        (WebCore::DefaultAudioDestinationNode::create):
        * Modules/webaudio/DelayNode.cpp:
        (WebCore::DelayNode::DelayNode):
        * Modules/webaudio/DelayNode.h:
        (WebCore::DelayNode::create):
        * Modules/webaudio/DelayProcessor.cpp:
        (WebCore::DelayProcessor::DelayProcessor):
        * Modules/webaudio/DelayProcessor.h:
        * Modules/webaudio/DynamicsCompressorNode.cpp:
        (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
        * Modules/webaudio/DynamicsCompressorNode.h:
        (WebCore::DynamicsCompressorNode::create):
        * Modules/webaudio/GainNode.cpp:
        (WebCore::GainNode::GainNode):
        (WebCore::GainNode::checkNumberOfChannelsForInput):
        * Modules/webaudio/GainNode.h:
        (WebCore::GainNode::create):
        * Modules/webaudio/MediaElementAudioSourceNode.cpp:
        (WebCore::MediaElementAudioSourceNode::create):
        (WebCore::MediaElementAudioSourceNode::MediaElementAudioSourceNode):
        (WebCore::MediaElementAudioSourceNode::setFormat):
        * Modules/webaudio/MediaElementAudioSourceNode.h:
        * Modules/webaudio/MediaStreamAudioDestinationNode.cpp:
        (WebCore::MediaStreamAudioDestinationNode::create):
        (WebCore::MediaStreamAudioDestinationNode::MediaStreamAudioDestinationNode):
        * Modules/webaudio/MediaStreamAudioDestinationNode.h:
        * Modules/webaudio/MediaStreamAudioSourceNode.cpp:
        (WebCore::MediaStreamAudioSourceNode::MediaStreamAudioSourceNode):
        (WebCore::MediaStreamAudioSourceNode::setFormat):
        * Modules/webaudio/OfflineAudioDestinationNode.cpp:
        (WebCore::OfflineAudioDestinationNode::OfflineAudioDestinationNode):
        (WebCore::OfflineAudioDestinationNode::offlineRender):
        (WebCore::OfflineAudioDestinationNode::notifyComplete):
        * Modules/webaudio/OfflineAudioDestinationNode.h:
        (WebCore::OfflineAudioDestinationNode::create):
        * Modules/webaudio/OscillatorNode.cpp:
        (WebCore::OscillatorNode::create):
        (WebCore::OscillatorNode::OscillatorNode):
        * Modules/webaudio/OscillatorNode.h:
        * Modules/webaudio/PannerNode.cpp:
        (WebCore::PannerNode::PannerNode):
        (WebCore::PannerNode::pullInputs):
        (WebCore::PannerNode::process):
        (WebCore::PannerNode::listener):
        (WebCore::PannerNode::setPanningModel):
        * Modules/webaudio/PannerNode.h:
        (WebCore::PannerNode::create):
        * Modules/webaudio/ScriptProcessorNode.cpp:
        (WebCore::ScriptProcessorNode::create):
        (WebCore::ScriptProcessorNode::ScriptProcessorNode):
        (WebCore::ScriptProcessorNode::initialize):
        (WebCore::ScriptProcessorNode::fireProcessEvent):
        * Modules/webaudio/ScriptProcessorNode.h:
        * Modules/webaudio/WaveShaperNode.cpp:
        (WebCore::WaveShaperNode::WaveShaperNode):
        (WebCore::WaveShaperNode::setOversample):
        * Modules/webaudio/WaveShaperNode.h:
        (WebCore::WaveShaperNode::create):

2016-02-15  Jer Noble  <jer.noble@apple.com>

        Null-deref crash in DefaultAudioDestinationNode::suspend()
        https://bugs.webkit.org/show_bug.cgi?id=154248

        Reviewed by Alex Christensen.

        Null-check scriptExecutionContext() before deref.

        * Modules/webaudio/DefaultAudioDestinationNode.cpp:
        (WebCore::DefaultAudioDestinationNode::resume):
        (WebCore::DefaultAudioDestinationNode::suspend):
        (WebCore::DefaultAudioDestinationNode::close):

2016-02-15  Chris Dumez  <cdumez@apple.com>

        XMLHttpRequest / XMLHttpRequestUpload should inherit XMLHttpRequestEventTarget
        https://bugs.webkit.org/show_bug.cgi?id=154230

        Reviewed by Alex Christensen.

        MLHttpRequest / XMLHttpRequestUpload should inherit XMLHttpRequestEventTarget
        as per:
        https://xhr.spec.whatwg.org/#xmlhttprequesteventtarget

        Firefox and Chrome already match the specification.

        No new tests, already covered by existing tests.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.vcxproj/WebCore.vcxproj.filters:
        * WebCore.xcodeproj/project.pbxproj:
        * xml/XMLHttpRequest.h:
        * xml/XMLHttpRequest.idl:
        * xml/XMLHttpRequestEventTarget.h: Added.
        * xml/XMLHttpRequestEventTarget.idl: Copied from Source/WebCore/xml/XMLHttpRequestUpload.idl.
        * xml/XMLHttpRequestUpload.h:
        * xml/XMLHttpRequestUpload.idl:

2016-02-15  Jiewen Tan  <jiewen_tan@apple.com>

        Refine SimulatedMouseEvent to support Event.isTrusted
        https://bugs.webkit.org/show_bug.cgi?id=154133
        <rdar://problem/24616246>

        Reviewed by Darin Adler.

        This patch extracts everything related to create/dispatch SimulatedMouseEvent from MouseEvent.h/cpp
        and EventDispatcher.h/cpp, and produces SimulateClick.h/cpp which will handle simulated click solely.
        After that, we hide the SimulatedMouseEvent and only expose simulateClick to be called. The reason is
        that we both want to tell whether the call sites are from user agent/bindings and keep the
        SimulatedMouseEvent intact.

        Also, this patch separate Element::dispatchSimulatedClick into two: one for the user agent, and another
        for the bindings. Therefore, HTMLElement.click will be treated as untrusted.

        Some of the changes in this patch referred Blink r200401:
        https://codereview.chromium.org/1285793004

        Modified test:
        LayoutTests/imported/blink/fast/events/event-trusted.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Element.cpp:
        (WebCore::Element::dispatchSimulatedClick):
        (WebCore::Element::dispatchSimulatedClickForBindings):
        * dom/Element.h:
        * dom/EventDispatcher.cpp:
        (WebCore::EventDispatcher::dispatchSimulatedClick): Deleted.
        * dom/EventDispatcher.h:
        * dom/MouseEvent.cpp:
        (WebCore::SimulatedMouseEvent::create): Deleted.
        (WebCore::SimulatedMouseEvent::~SimulatedMouseEvent): Deleted.
        (WebCore::SimulatedMouseEvent::SimulatedMouseEvent): Deleted.
        * dom/MouseEvent.h:
        * dom/SimulatedClick.cpp: Added.
        (WebCore::simulateMouseEvent):
        (WebCore::simulateClick):
        * dom/SimulatedClick.h: Added.
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::click):

2016-02-15  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Web Workers have no access to console for debugging
        https://bugs.webkit.org/show_bug.cgi?id=26237

        Reviewed by Timothy Hatcher.

        This adds the most basic console message support to Workers.
        Messages logged from workers get surfaced through the Page's console.
        This lacks support for logging and interacting with arguments,
        which would be addressed when adding more complete Worker
        debugging tools.

        Test: inspector/console/messageAdded-from-worker.html

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:
        Add new files.

        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::~WorkerScriptController):
        (WebCore::WorkerScriptController::initScript):
        Set the ConsoleClient for the Worker's global object. We route
        the messages to the Page's console.

        * bindings/js/WorkerScriptController.h:
        * workers/WorkerConsoleClient.h: Added.
        * workers/WorkerConsoleClient.cpp: Added.
        (WebCore::WorkerConsoleClient::WorkerConsoleClient):
        (WebCore::WorkerConsoleClient::~WorkerConsoleClient):
        (WebCore::WorkerConsoleClient::profile):
        (WebCore::WorkerConsoleClient::profileEnd):
        (WebCore::WorkerConsoleClient::count):
        (WebCore::WorkerConsoleClient::time):
        (WebCore::WorkerConsoleClient::timeEnd):
        (WebCore::WorkerConsoleClient::timeStamp):
        Stub most console methods in a Worker.

        (WebCore::WorkerConsoleClient::messageWithTypeAndLevel):
        Send worker log messages to the global scope and on to the main page.

        * workers/WorkerGlobalScope.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::addConsoleMessage):
        (WebCore::WorkerGlobalScope::addMessageToWorkerConsole):
        Ideally we want to converge on simple addConsoleMessage
        APIs that just take a ConsoleMessage, without a barrage
        of parameters. Add these versions now.

2016-02-15  Alex Christensen  <achristensen@webkit.org>

        CMake build fix.

        * PlatformMac.cmake:

2016-02-15  Chris Dumez  <cdumez@apple.com>

        Regression(r196563): It is no longer possible to call window.addEventListener without an explicit 'this'
        https://bugs.webkit.org/show_bug.cgi?id=154245

        Reviewed by Ryosuke Niwa.

        This patch adds support for calling the EventListener API without an
        explicit 'this' value. If no explicit 'this' value is passed, then we
        fall back to using the global object. This matches Chrome and Firefox's
        behavior. It also fixes the Dromaeo/cssquery-dojo.html test.

        Test: fast/dom/Window/addEventListener-implicit-this.html

        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateFunctionCastedThis):

2016-02-14  Gavin Barraclough  <barraclough@apple.com>

        Organize, deduplicate & comment JSDOMWindowCustom getOwnPropertySlot
        https://bugs.webkit.org/show_bug.cgi?id=154224

        Reviewed by Chris Dumez.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
        (WebCore::jsDOMWindowGetOwnPropertySlotNamedItemGetter):
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
            - organized property access sequence into a more logical order, removed
              duplicated code & added comments.
        (WebCore::namedItemGetter): Deleted.
            - there was no need for a custom callback here; merged functionality into
              jsDOMWindowGetOwnPropertySlotNamedItemGetter.
        (WebCore::jsDOMWindowGetOwnPropertySlotCrossOrigin): Deleted.
            - renamed to jsDOMWindowGetOwnPropertySlotRestrictedAccess
              (this now also handles frameless access).

2016-02-15  Daniel Bates  <dabates@apple.com>

        CSP: 'sandbox' should be ignored in report-only mode
        https://bugs.webkit.org/show_bug.cgi?id=153167
        <rdar://problem/22708669>

        Reviewed by Brent Fulgham.

        Merged from Blink (patch by Mike West):
        <https://src.chromium.org/viewvc/blink?revision=165322&view=revision>

        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode): Added. Logs a
        console message to the console to explain that the specified directive is invalid in
        report-only mode.
        * page/csp/ContentSecurityPolicy.h:
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::ContentSecurityPolicyDirectiveList::applySandboxPolicy): Do not apply sandbox
        policy when in report-only mode and call ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode()
        to log a message to the console.

2016-02-15  Daniel Bates  <dabates@apple.com>

        CSP: Allow schemeless source expressions to match an HTTP or HTTPS resource
        https://bugs.webkit.org/show_bug.cgi?id=154177
        <rdar://problem/22708772>

        Reviewed by Brent Fulgham.

        Allow a schemeless source expression to match an HTTP or HTTPS subresource when the page is
        delivered over HTTP as per section Matching Source Expressions of the Content Security Policy
        2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/> (21 July 2015).

        Currently we have logic that implements this functionality, but it is guarded behind the compile-
        time macro ENABLE(CSP_NEXT) that is disabled by default. Instead we should always compile such
        code. In subsequent commits we will move more code out from under the ENABLE(CSP_NEXT)-guard
        towards removing the ENABLE_CSP_NEXT macro entirely.

        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::protocolMatchesSelf):

2016-02-15  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Consolidated Linux-specific file lists.
        https://bugs.webkit.org/show_bug.cgi?id=154219

        Reviewed by Gyuyoung Kim.

        No new tests needed.

        * PlatformEfl.cmake: Moved Linux files and include dir to Linux.cmake.
        * PlatformGTK.cmake: Ditto.
        * platform/Linux.cmake: Added.

2016-02-15  Csaba Osztrogonác  <ossy@webkit.org>

        Fix the !(ENABLE(SVG_FONTS) || ENABLE(SVG_OTF_CONVERTER)) build after r196322
        https://bugs.webkit.org/show_bug.cgi?id=154104

        Reviewed by Myles C. Maxfield.

        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::CSSFontFaceSource):

2016-02-14  Antti Koivisto  <antti@apple.com>

        Add test for class change style invalidation optimization
        https://bugs.webkit.org/show_bug.cgi?id=154226

        Reviewed by Myles Maxfield.

        Test for https://trac.webkit.org/r196383

        Add internals.styleChangeType function.

        Test: fast/css/style-invalidation-class-change-descendants.html

        * testing/Internals.cpp:
        (WebCore::Internals::nodeNeedsStyleRecalc):
        (WebCore::asString):
        (WebCore::Internals::styleChangeType):
        (WebCore::Internals::description):
        * testing/Internals.h:
        * testing/Internals.idl:

2016-02-14  Simon Fraser  <simon.fraser@apple.com>

        [CSS Filters] When applying an SVG filter on a composited image using CSS the image is rendered without the filter
        https://bugs.webkit.org/show_bug.cgi?id=154108

        Reviewed by Sam Weinig.
        
        When checking whether we can directly composite an image, we need to check for software-rendered
        filters.

        Test: compositing/filters/simple-image-with-svg-filter.html

        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::isDirectlyCompositedImage):

2016-02-14  Chris Dumez  <cdumez@apple.com>

        Drop the [EventTarget] WebKit-specific IDL extended attribute
        https://bugs.webkit.org/show_bug.cgi?id=154171

        Reviewed by Sam Weinig.

        Drop the [EventTarget] WebKit-specific IDL extended attribute now that
        all interfaces inherit EventTarget when they should.

        No new tests, no Web-Exposed behavior change.

        * Modules/battery/BatteryManager.idl:
        * Modules/encryptedmedia/MediaKeySession.idl:
        * Modules/indexeddb/IDBDatabase.idl:
        * Modules/indexeddb/IDBOpenDBRequest.idl:
        * Modules/indexeddb/IDBRequest.idl:
        * Modules/indexeddb/IDBTransaction.idl:
        * Modules/mediasession/MediaRemoteControls.idl:
        * Modules/mediasource/MediaSource.idl:
        * Modules/mediasource/SourceBuffer.idl:
        * Modules/mediasource/SourceBufferList.idl:
        * Modules/mediastream/MediaStream.idl:
        * Modules/mediastream/MediaStreamTrack.idl:
        * Modules/mediastream/RTCDTMFSender.idl:
        * Modules/mediastream/RTCDataChannel.idl:
        * Modules/mediastream/RTCPeerConnection.idl:
        * Modules/notifications/Notification.idl:
        * Modules/speech/SpeechSynthesisUtterance.idl:
        * Modules/webaudio/AudioContext.idl:
        * Modules/webaudio/AudioNode.idl:
        * Modules/webaudio/OfflineAudioContext.idl:
        * Modules/websockets/WebSocket.idl:
        * bindings/scripts/CodeGeneratorGObject.pm:
        (ImplementsInterface):
        (SkipFunction): Deleted.
        (GenerateCFile): Deleted.
        * bindings/scripts/CodeGeneratorJS.pm:
        (InstanceNeedsVisitChildren):
        (GenerateImplementation):
        * bindings/scripts/IDLAttributes.txt:
        * bindings/scripts/test/TestEventTarget.idl:
        * bindings/scripts/test/TestNode.idl:
        * css/FontLoader.idl:
        * dom/EventTarget.idl:
        * dom/MessagePort.idl:
        * dom/Node.idl:
        * dom/WebKitNamedFlow.idl:
        * fileapi/FileReader.idl:
        * html/MediaController.idl:
        * html/track/AudioTrackList.idl:
        * html/track/TextTrack.idl:
        * html/track/TextTrackCue.idl:
        * html/track/TextTrackList.idl:
        * html/track/VideoTrackList.idl:
        * loader/appcache/DOMApplicationCache.idl:
        * page/DOMWindow.idl:
        * page/EventSource.idl:
        * page/Performance.idl:
        * workers/WorkerGlobalScope.idl:
        * xml/XMLHttpRequest.idl:
        * xml/XMLHttpRequestUpload.idl:

2016-02-14  Chris Dumez  <cdumez@apple.com>

        Unreviewed attempt to fix the Mac CMake build after r196136

        * PlatformMac.cmake:

2016-02-14  Chris Dumez  <cdumez@apple.com>

        Unreviewed attempt to fix the Windows build.

        * Modules/webdatabase/Database.cpp:
        * bridge/c/c_utility.cpp:
        * platform/MemoryPressureHandler.cpp:

2016-02-14  Chris Dumez  <cdumez@apple.com>

        Window and WorkerGlobalScope should inherit EventTarget
        https://bugs.webkit.org/show_bug.cgi?id=154170
        <rdar://problem/24642377>

        Reviewed by Darin Adler.

        Window and WorkerGlobalScope should inherit EventTarget instead of
        duplicating the EventTarget API in their IDL. These were the last
        interfaces that needed fixing. The next step will be to get rid
        of the [EventTarget] IDL extended attribute and rely entirely
        on the EventTarget inheritance.

        Test:
        - fast/frames/detached-frame-eventListener.html
        - Covered by existing tests.

        * WebCore.xcodeproj/project.pbxproj:
        Add JSEventTargetCustom.h header to the project.

        * bindings/js/JSDOMWindowCustom.cpp:
        Drop custom bindings for Window's addEventListener() and
        removeEventListener(). The only reason these needed custom
        code was to add a check for frameless windows. The frameless
        Window checks was moved to the respective methods in the
        JSEventTarget generated bindings.

        * bindings/js/JSDOMWindowShell.cpp:
        (WebCore::JSDOMWindowShell::setWindow):
        Set WindowPrototype's prototype to EventTarget's prototype.

        * bindings/js/JSDOMWindowShell.h:
        * bindings/js/JSDictionary.cpp:
        Include "DOMWindow.h" to fix the build.

        * bindings/js/JSEventTargetCustom.cpp:
        (WebCore::JSEventTarget::toWrapped):
        Handle DOMWindow and WorkerGlobalScope explicitely in toWrapped()
        and get rid of the DOM_EVENT_TARGET_INTERFACES_FOR_EACH(TRY_TO_UNWRAP_WITH_INTERFACE)
        now that all interfaces inherit EventTarget when they should.
        The reason DOMWindow and WorkerGlobalScope still need special
        handling is because their wrappers (JSDOMWindow /
        JSWorkerGlobalScope) do not subclass JSEventTarget.

        (WebCore::JSEventTargetOrGlobalScope::create):
        * bindings/js/JSEventTargetCustom.h: Added.
        (WebCore::JSEventTargetOrGlobalScope::wrapped):
        (WebCore::JSEventTargetOrGlobalScope::operator JSC::JSObject&):
        (WebCore::JSEventTargetOrGlobalScope::JSEventTargetOrGlobalScope):
        Add a wrapper type for JSEventTarget / JSDOMWindow and
        JSWorkerGlobalScope for use in the generated bindings. This is
        needed because JSDOMWindow and JSWorkerGlobalScope do not
        subclass JSEventTarget. Subclassing JSEventTarget would be
        complicated for them because they already subclass
        JSDOMWindowBase / JSWorkerGlobalScopeBase, which subclasses
        JSDOMGlobalObject.

        * bindings/js/WorkerScriptController.cpp:
        (WebCore::WorkerScriptController::initScript):
        Set WorkerGlobalScopePrototype's prototype to EventTarget's prototype.

        * bindings/scripts/CodeGeneratorJS.pm:
        (ShouldGenerateToJSDeclaration):
        Do not generate to toJS() implementation for interfaces that use
        the [CustomProxyToJSObject] IDL extended attribute, even if they
        inherit EventTarget.

        (GetCastingHelperForThisObject):
        To initialize castedThis from thisValue JSValue, we now use the
        JSEventTargetOrGlobalScope wrapper for the EventTarget
        implementation. This is to work around the fact that JSDOMWindow
        and JSWorkerGlobalScope do not subclass JSEventTarget.

        (GenerateFunctionCastedThis):
        - Drop code handling [WorkerGlobalScope] IDL extended attribute
          as there is no such attribute.
        - Use auto instead of auto* type for castedThis because
          JSEventTargetOrGlobalScope::create() returns a unique_ptr.
        - Do not check that castedThis inherits JSEventTarget in the
          EventTarget bindings code as this no longer holds true.

        (GenerateImplementation):
        Generate frameless window() and security checks for EventTarget
        methods when thisValue is a JSDOMWindow.

        * dom/EventTarget.idl:
        Add [JSCustomHeader] IDL Extended attribute as we need a header
        to expose JSEventTargetOrGlobalScope class.

        * page/DOMWindow.idl:
        * workers/WorkerGlobalScope.idl:
        Inherit EventTarget and stop duplicating the EventTarget API.
        This matches the HTML specification.

2016-02-14  Darin Adler  <darin@apple.com>

        Small tweaks to some SimpleLineLayout code
        https://bugs.webkit.org/show_bug.cgi?id=154229

        Reviewed by Zalan Bujtas.

        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::paintFlow): Use std::ceil instead of ceilf.
        Use auto instead of const auto& for a for loop where the local object is
        copied and not a reference.
        (WebCore::SimpleLineLayout::hitTestFlow): Use modern for loop.
        (WebCore::SimpleLineLayout::collectFlowOverflow): Use std::ceil instead of
        ceilf. Use a modern for loop, and use slightly more descriptive local
        variable names.
        (WebCore::SimpleLineLayout::computeBoundingBox): Use auto instead of
        const auto& as above.
        (WebCore::SimpleLineLayout::computeFirstRunLocation): Use auto and use
        the name "range" for the range rather than the name "it", since the range
        is not an iterator.
        (WebCore::SimpleLineLayout::collectAbsoluteRects): Use auto instead of
        const auto& as above.
        (WebCore::SimpleLineLayout::collectAbsoluteQuads): Ditto.
        (WebCore::SimpleLineLayout::showLineLayoutForFlow): Use modern for loop.

        * rendering/SimpleLineLayoutResolver.cpp:
        (WebCore::SimpleLineLayout::RunResolver::Run::text): Convert from a String
        to a StringView using the StringView constructor instead of writing out
        explicit 8-bit and 16-bit cases.

2016-02-13  Antti Koivisto  <antti@apple.com>

        Factor class change style invalidation code into a class
        https://bugs.webkit.org/show_bug.cgi?id=154163

        Reviewed by Andreas Kling.

        Factor this piece of functionality out of Element and into ClassChangeInvalidation class.

        * CMakeLists.txt:
        * WebCore.vcxproj/WebCore.vcxproj:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Element.cpp:
        (WebCore::classStringHasClassName):
        (WebCore::Element::classAttributeChanged):
        (WebCore::collectClasses): Deleted.
        (WebCore::computeClassChange): Deleted.
        (WebCore::invalidateStyleForClassChange): Deleted.
        * style/ClassChangeInvalidation.cpp: Added.
        (WebCore::Style::ClassChangeInvalidation::computeClassChange):
        (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
        * style/ClassChangeInvalidation.h: Added.
        (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
        (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
        (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):

2016-02-13  Myles C. Maxfield  <mmaxfield@apple.com>

        [Win] [SVG -> OTF Converter] SVG fonts drawn into ImageBuffers are invisible
        https://bugs.webkit.org/show_bug.cgi?id=154222

        Reviewed by Antti Koivisto.

        Windows ImageBuffer code is sensitive to broken bounding box and
        descent code.

        Covered by existing tests.

        * svg/SVGToOTFFontConversion.cpp:
        (WebCore::SVGToOTFFontConverter::appendHHEATable):
        (WebCore::SVGToOTFFontConverter::appendOS2Table):
        (WebCore::SVGToOTFFontConverter::processGlyphElement):
        (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):

2016-02-13  Antti Koivisto  <antti@apple.com>

        Add version number for default stylesheet
        https://bugs.webkit.org/show_bug.cgi?id=154220

        Reviewed by Ryosuke Niwa.

        We currently fail to update RuleFeatureSets for shadow trees when the default stylesheet grows
        (for example when media controls stylesheet is initialized).

        No test since this is not causing known bugs. It is blocking optimizations in shadow trees that
        rely on rule features being up-to-date.

        * css/CSSDefaultStyleSheets.cpp:
        (WebCore::CSSDefaultStyleSheets::loadSimpleDefaultStyle):
        (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):

            Increment version number when the default stylesheet changes.

        * css/CSSDefaultStyleSheets.h:
        * css/DocumentRuleSets.cpp:
        (WebCore::DocumentRuleSets::appendAuthorStyleSheets):
        (WebCore::DocumentRuleSets::collectFeatures):

            Store the current default stylesheet version number.

        * css/DocumentRuleSets.h:
        (WebCore::DocumentRuleSets::features):

            Collect features again if the default stylesheet has changed.

        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::styleForElement):

2016-02-13  Konstantin Tokarev  <annulen@yandex.ru>

        [cmake] Consolidate building of GStreamer and OpenWebRTC code.
        https://bugs.webkit.org/show_bug.cgi?id=154116

        Reviewed by Michael Catanzaro.

        No new tests needed.

        * PlatformEfl.cmake: Migrated shared code to GStreamer.cmake.
        * PlatformGTK.cmake: Ditto.
        * platform/GStreamer.cmake: Added.

2016-02-13  Mark Lam  <mark.lam@apple.com>

        Add thread violation checks to WebView public APIs.
        https://bugs.webkit.org/show_bug.cgi?id=154183

        Reviewed by Timothy Hatcher.

        No new tests.  Just adding a new thread violation round.

        * platform/ThreadCheck.h:
        * platform/mac/ThreadCheck.mm:
        - Adding WebCoreThreadViolationCheckRoundThree().

2016-02-12  Nan Wang  <n_wang@apple.com>

        AX: Implement paragraph related text marker functions using TextIterator
        https://bugs.webkit.org/show_bug.cgi?id=154098
        <rdar://problem/24269675>

        Reviewed by Chris Fleizach.

        Using CharacterOffset to implement paragraph related text marker calls. Reused
        logic from VisibleUnits class. And refactored textMarkerForCharacterOffset method
        to get better performance. Also fixed an issue where we can't navigate through a text
        node with line breaks in it using next/previousCharacterOffset call.

        Test: accessibility/mac/text-marker-paragraph-nav.html

        * accessibility/AXObjectCache.cpp:
        (WebCore::AXObjectCache::traverseToOffsetInRange):
        (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
        (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
        (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
        (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
        (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
        (WebCore::AXObjectCache::nextNode):
        (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
        (WebCore::AXObjectCache::nextCharacterOffset):
        (WebCore::AXObjectCache::previousCharacterOffset):
        (WebCore::startWordBoundary):
        (WebCore::AXObjectCache::startCharacterOffsetOfWord):
        (WebCore::AXObjectCache::endCharacterOffsetOfWord):
        (WebCore::AXObjectCache::previousWordStartCharacterOffset):
        (WebCore::AXObjectCache::previousWordBoundary):
        (WebCore::AXObjectCache::startCharacterOffsetOfParagraph):
        (WebCore::AXObjectCache::endCharacterOffsetOfParagraph):
        (WebCore::AXObjectCache::paragraphForCharacterOffset):
        (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
        (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
        (WebCore::AXObjectCache::rootAXEditableElement):
        * accessibility/AXObjectCache.h:
        (WebCore::CharacterOffset::remaining):
        (WebCore::CharacterOffset::isNull):
        (WebCore::CharacterOffset::isEqual):
        (WebCore::AXObjectCache::isNodeInUse):
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (+[WebAccessibilityTextMarker textMarkerWithCharacterOffset:cache:]):
        (-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):
        (-[WebAccessibilityObjectWrapper previousMarkerForCharacterOffset:]):
        (-[WebAccessibilityObjectWrapper rangeForTextMarkers:]):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (startOrEndTextmarkerForRange):
        (nextTextMarkerForCharacterOffset):
        (previousTextMarkerForCharacterOffset):
        (-[WebAccessibilityObjectWrapper nextTextMarkerForCharacterOffset:]):
        (-[WebAccessibilityObjectWrapper previousTextMarkerForCharacterOffset:]):
        (-[WebAccessibilityObjectWrapper textMarkerForCharacterOffset:]):
        (textMarkerForCharacterOffset):
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
        (-[WebAccessibilityObjectWrapper nextTextMarkerForNode:offset:]): Deleted.
        (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]): Deleted.
        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]): Deleted.
        (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]): Deleted.
        * editing/VisibleUnits.cpp:
        (WebCore::nextSentencePosition):
        (WebCore::findStartOfParagraph):
        (WebCore::findEndOfParagraph):
        (WebCore::startOfParagraph):
        (WebCore::endOfParagraph):
        * editing/VisibleUnits.h:

2016-02-12  Ryan Haddad  <ryanhaddad@apple.com>

        Reset results for bindings tests after r196520

        Unreviewed test gardening.

        No new tests needed.

        * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
        (webkit_dom_test_event_target_dispatch_event):
        * bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
        (webkit_dom_test_node_dispatch_event):

2016-02-12  Saam barati  <sbarati@apple.com>

        Attempting build fix from https://bugs.webkit.org/show_bug.cgi?id=154144.

        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):

2016-02-12  Daniel Bates  <dabates@apple.com>

        CSP: 'blob:' URLs should not match 'self' in CSP source expression lists.
        https://bugs.webkit.org/show_bug.cgi?id=153158
        <rdar://problem/24383264>

        Reviewed by Brent Fulgham.

        A blob URL should not match source 'self' by section Security Considerations for GUID URL schemes
        of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/CSP2/> (21 July 2015).

        Tests: http/tests/security/contentSecurityPolicy/blob-url-does-not-match-source-self.html
               http/tests/security/contentSecurityPolicy/blob-url-matches-source-blob.html

        * page/csp/ContentSecurityPolicySourceList.cpp:
        (WebCore::ContentSecurityPolicySourceList::matches): Do not make a distinction between URLs that
        contain a nested URL (e.g. blob://http://www.example.com/...) and URLs that do not contain a nested
        URL. The URL of the requested resource should be matched against the source list source expressions.

2016-02-12  Daniel Bates  <dabates@apple.com>

        CSP: Implement child-src directive
        https://bugs.webkit.org/show_bug.cgi?id=153562
        <rdar://problem/24610087>

        Reviewed by Brent Fulgham.

        Add support for the child-src directive, <https://w3c.github.io/webappsec-csp/2/#child_src> (29 August 2015),
        which formally replaces the deprecated frame-src directive as of the Content Security Policy 2.0 spec. The
        child-src directive was first introduced in the Content Security Policy 1.1 spec, <https://www.w3.org/TR/2014/WD-CSP11-20140211/>.

        As a side effect of this change, the script URL for a Web Worker is checked against the child-src directive
        as opposed to the script-src directive. This is a backward incompatible change from the CSP 1.0 spec.

        Tests: http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-blocked.html
               http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-redirect-blocked.html
               http/tests/security/contentSecurityPolicy/1.1/child-src/frame-src-takes-precedence-over-child-src.html
               http/tests/security/contentSecurityPolicy/1.1/child-src/worker-redirect-blocked.html
               http/tests/security/isolatedWorld/bypass-main-world-csp-worker-redirect.html

        * loader/DocumentThreadableLoader.cpp:
        (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Check child-src directive (if applicable).
        * loader/ThreadableLoader.h: Add enum value EnforceChildSrcDirective to enum class ContentSecurityPolicyEnforcement to
        enforce the child-src directive on redirect.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Added.
        * page/csp/ContentSecurityPolicy.h:
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::ContentSecurityPolicyDirectiveList::checkSourceAndReportViolation): Add message prefix for a child-src violation.
        We use the same message prefix as used by Blink.
        (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Added.
        (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Modified to check the frame-src
        directive (if specified) before checking the child-src directive by <https://w3c.github.io/webappsec-csp/2/#directive-child-src-nested>.
        (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Parse the child-src directive.
        * page/csp/ContentSecurityPolicyDirectiveList.h:
        * workers/AbstractWorker.cpp:
        (WebCore::AbstractWorker::resolveURL): Check if the script URL for the worker is allowed by the child-src directive
        as opposed to the script-src directive. This is a backwards incompatible change from the CSP 1.0 spec.
        * workers/Worker.cpp:
        (WebCore::Worker::create): Enforce the child-src directive on redirects (if applicable).

2016-02-12  Saam barati  <sbarati@apple.com>

        The parser doesn't properly protect against global variable references in builtins
        https://bugs.webkit.org/show_bug.cgi?id=154144

        Reviewed by Geoffrey Garen.

        Change JS builtins to no longer reference global variables.

        No new tests because old tests cover the issues here.

        * Modules/mediastream/NavigatorUserMedia.js:
        (webkitGetUserMedia):
        * Modules/mediastream/RTCPeerConnection.js:
        (addIceCandidate):
        (getStats):
        * Modules/mediastream/RTCPeerConnectionInternals.js:
        (setLocalOrRemoteDescription):
        * Modules/plugins/QuickTimePluginReplacement.js:
        (Replacement.prototype.handleEvent):
        * Modules/streams/ByteLengthQueuingStrategy.js:
        (initializeByteLengthQueuingStrategy):
        * Modules/streams/CountQueuingStrategy.js:
        (initializeCountQueuingStrategy):
        * Modules/streams/ReadableStreamInternals.js:
        (teeReadableStream):
        * bindings/js/JSDOMGlobalObject.cpp:
        (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
        * bindings/js/WebCoreBuiltinNames.h:

2016-02-12  Jiewen Tan  <jiewen_tan@apple.com>

        WebKit should expose the DOM 4 Event.isTrusted property
        https://bugs.webkit.org/show_bug.cgi?id=76121
        <rdar://problem/22558494>

        Reviewed by Darin Adler.

        Implements Event.isTrusted. The implementation here is slitely different from and better than
        the DOM specification. Here Event.isTrusted will be initialized differently depending on the
        callers of the constructors/create methods. If the caller is from user agent, the isTrusted
        will be true. Otherwise, it will be false. Since a user agent dispatched event can be catched
        and re-initialized/redispatched by the bindings, the flag will be unset at *Event::init*Event
        and EventTarget::dispatchEventForBindings. As currently there is no way to let user agent to
        dispatch a bindings created event, therefore we ensure that the Event.isTrusted is set for
        events dispatched by user agent, and unset for those by bindings.

        EventTarget::dispatchEvent(Event*, ExceptionCode&) is renamed to EventTarget::dispatchEventForBindings
        in this patch as well. So that, together with the improved design of the API, developers in
        the future will be less likely using a wrong dispatchEvent method and setting Event.isTrusted
        incorrectly comparing to the DOM design.

        After this patch, all events that are created by user agent should be dispatched by
        EventTarget::dispatchEvent, and those are created by bindings should be dispatched by
        EventTarget::dispatchEventForBindings.

        Some of the changes in this patch referred Blink r198996:
        https://codereview.chromium.org/1241613004

        Test: imported/blink/fast/events/event-trusted.html

        * bindings/scripts/CodeGeneratorGObject.pm:
        (GenerateEventTargetIface):
        * dom/Event.cpp:
        (WebCore::Event::Event):
        (WebCore::Event::initEvent):
        * dom/Event.h:
        (WebCore::Event::isTrusted):
        (WebCore::Event::setUntrusted):
        * dom/Event.idl:
        * dom/EventTarget.cpp:
        (WebCore::EventTarget::dispatchEventForBindings):
        (WebCore::EventTarget::dispatchEvent): Deleted.
        * dom/EventTarget.h:
        * dom/EventTarget.idl:
        * page/DOMWindow.idl:
        * page/EventHandler.cpp:
        (WebCore::EventHandler::dispatchDragEvent):
        * workers/WorkerGlobalScope.idl:

2016-02-12  Brady Eidson  <beidson@apple.com>

        Modern IDB: IDBObjectStore and IDBIndex need to be ActiveDOMObjects.
        https://bugs.webkit.org/show_bug.cgi?id=154153

        Reviewed by Alex Christensen.

        No new tests (No testable change in behavior).

        This is needed so that IDBObjectStore and IDBIndex JS wrappers are not garbage collected
        while their IDBTransaction is still in progress.

        * Modules/indexeddb/client/IDBIndexImpl.cpp:
        (WebCore::IDBClient::IDBIndex::IDBIndex):
        (WebCore::IDBClient::IDBIndex::activeDOMObjectName):
        (WebCore::IDBClient::IDBIndex::canSuspendForDocumentSuspension):
        (WebCore::IDBClient::IDBIndex::hasPendingActivity):
        * Modules/indexeddb/client/IDBIndexImpl.h:
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::create):
        (WebCore::IDBClient::IDBObjectStore::IDBObjectStore):
        (WebCore::IDBClient::IDBObjectStore::activeDOMObjectName):
        (WebCore::IDBClient::IDBObjectStore::canSuspendForDocumentSuspension):
        (WebCore::IDBClient::IDBObjectStore::hasPendingActivity):
        (WebCore::IDBClient::IDBObjectStore::index):
        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::objectStore):
        (WebCore::IDBClient::IDBTransaction::createObjectStore):
        (WebCore::IDBClient::IDBTransaction::createIndex):

2016-02-12  Brady Eidson  <beidson@apple.com>

        Modern IDB: Simplify the relationship between IDBObjectStore and IDBIndex.
        https://bugs.webkit.org/show_bug.cgi?id=154187

        Reviewed by Alex Christensen.

        Tests: storage/indexeddb/modern/deleteindex-3-private.html
               storage/indexeddb/modern/deleteindex-3.html

        Instead of allowing IDBIndex to have two different lifecycle modes, it is now always
        owned by an IDBObjectStore.
        
        To support the case where an IDBIndex is deleted from its IDBObjectStore, the object
        store simply hangs on to deleted indexes until it is destroyed itself.
        
        * Modules/indexeddb/client/IDBIndexImpl.cpp:
        (WebCore::IDBClient::IDBIndex::markAsDeleted):
        (WebCore::IDBClient::IDBIndex::ref):
        (WebCore::IDBClient::IDBIndex::deref):
        * Modules/indexeddb/client/IDBIndexImpl.h:
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::deleteIndex):
        * Modules/indexeddb/client/IDBObjectStoreImpl.h:

2016-02-12  Myles C. Maxfield  <mmaxfield@apple.com>

        [CSS Font Loading] Implement CSSFontFace Boilerplate
        https://bugs.webkit.org/show_bug.cgi?id=154145

        Reviewed by Dean Jackson.

        The CSS Font Loading spec[1] dictates that the FontFace object needs to have string
        accessors and mutators for a bunch of properties. Our CSSFontFace object currently
        contains this parsed information, but it isn't accessible via string-based methods.
        This patch adds the necessary accessors and mutators, and migrates CSSFontSelector
        to use these mutators where necessary.

        There is more work to come on CSSFontFace; the next step is to create an .idl file
        and hook it up to our CSSFontFace object. In this patch I have left some
        unimplemented pieces (for example: where the spec dictates that some operation should
        throw a JavaScript exception) which will be implemented in a follow-up patch. This
        patch does not have any visible behavior change; I'm separating out the boilerplate
        into this patch in order to ease reviewing burden.

        This patch separates the externally-facing JavaScript API into a new class, FontFace.
        This class owns a CSSFontFace, which provides the backing implementation. There will
        be a system of shared ownership of these objects once FontFaceSet is implemented.

        No new tests because there is no behavior change.

        * CMakeLists.txt: Add new files to CMake builds.
        * WebCore.vcxproj/WebCore.vcxproj: Ditto for Windows.
        * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
        * WebCore.xcodeproj/project.pbxproj: Ditto for Cocoa.
        * css/CSSAllInOne.cpp: Ditto for All-In-One builds.
        * css/CSSFontFace.cpp: Move shared code from CSSFontSelector into CSSFontFace.
        (WebCore::CSSFontFace::CSSFontFace):
        (WebCore::CSSFontFace::~CSSFontFace):
        (WebCore::CSSFontFace::setFamilies):
        (WebCore::CSSFontFace::setStyle):
        (WebCore::CSSFontFace::setWeight):
        (WebCore::CSSFontFace::setUnicodeRange):
        (WebCore::CSSFontFace::setVariantLigatures):
        (WebCore::CSSFontFace::setVariantPosition):
        (WebCore::CSSFontFace::setVariantCaps):
        (WebCore::CSSFontFace::setVariantNumeric):
        (WebCore::CSSFontFace::setVariantAlternates):
        (WebCore::CSSFontFace::setVariantEastAsian):
        (WebCore::CSSFontFace::setFeatureSettings):
        * css/CSSFontFace.h: Clean up.
        (WebCore::CSSFontFace::create):
        (WebCore::CSSFontFace::families):
        (WebCore::CSSFontFace::traitsMask):
        (WebCore::CSSFontFace::featureSettings):
        (WebCore::CSSFontFace::variantSettings):
        (WebCore::CSSFontFace::setVariantSettings):
        (WebCore::CSSFontFace::setTraitsMask):
        (WebCore::CSSFontFace::isLocalFallback):
        (WebCore::CSSFontFace::addRange): Deleted.
        (WebCore::CSSFontFace::insertFeature): Deleted.
        (WebCore::CSSFontFace::setVariantCommonLigatures): Deleted.
        (WebCore::CSSFontFace::setVariantDiscretionaryLigatures): Deleted.
        (WebCore::CSSFontFace::setVariantHistoricalLigatures): Deleted.
        (WebCore::CSSFontFace::setVariantContextualAlternates): Deleted.
        (WebCore::CSSFontFace::setVariantPosition): Deleted.
        (WebCore::CSSFontFace::setVariantCaps): Deleted.
        (WebCore::CSSFontFace::setVariantNumericFigure): Deleted.
        (WebCore::CSSFontFace::setVariantNumericSpacing): Deleted.
        (WebCore::CSSFontFace::setVariantNumericFraction): Deleted.
        (WebCore::CSSFontFace::setVariantNumericOrdinal): Deleted.
        (WebCore::CSSFontFace::setVariantNumericSlashedZero): Deleted.
        (WebCore::CSSFontFace::setVariantAlternates): Deleted.
        (WebCore::CSSFontFace::setVariantEastAsianVariant): Deleted.
        (WebCore::CSSFontFace::setVariantEastAsianWidth): Deleted.
        (WebCore::CSSFontFace::setVariantEastAsianRuby): Deleted.
        (WebCore::CSSFontFace::CSSFontFace): Deleted.
        * css/CSSFontSelector.cpp: Migrate shared code into CSSFontFace, and udpate
        to use the new API.
        (WebCore::appendSources):
        (WebCore::registerLocalFontFacesForFamily):
        (WebCore::CSSFontSelector::addFontFaceRule):
        (WebCore::computeTraitsMask): Deleted.
        (WebCore::createFontFace): Deleted.
        * css/FontFace.cpp: Added. External JavaScript API. Owns a CSSFontFace.
        (WebCore::FontFace::FontFace):
        (WebCore::FontFace::~FontFace):
        (WebCore::parseString):
        (WebCore::FontFace::setFamily):
        (WebCore::FontFace::setStyle):
        (WebCore::FontFace::setWeight):
        (WebCore::FontFace::setStretch):
        (WebCore::FontFace::setUnicodeRange):
        (WebCore::FontFace::setVariant):
        (WebCore::FontFace::setFeatureSettings):
        (WebCore::FontFace::family):
        (WebCore::FontFace::style):
        (WebCore::FontFace::weight):
        (WebCore::FontFace::stretch):
        (WebCore::FontFace::unicodeRange):
        (WebCore::FontFace::variant):
        (WebCore::FontFace::featureSettings):
        * css/FontFace.h: Added. Ditto.
        (WebCore::FontFace::create):
        * css/FontVariantBuilder.cpp: Added. Moved code here from FontVariantBuilder.h.
        Refactored to support a new client (CSSFontFace).
        (WebCore::extractFontVariantLigatures):
        (WebCore::extractFontVariantNumeric):
        (WebCore::extractFontVariantEastAsian):
        (WebCore::computeFontVariant):
        * css/FontVariantBuilder.h: Moved code from here into FontVariantBuilder.cpp.
        (WebCore::applyValueFontVariantLigatures): Deleted.
        (WebCore::applyValueFontVariantNumeric): Deleted.
        (WebCore::applyValueFontVariantEastAsian): Deleted.
        * css/StyleBuilderCustom.h: Update for new FontVariantBuilder API.
        (WebCore::StyleBuilderCustom::applyValueFontVariantLigatures):
        (WebCore::StyleBuilderCustom::applyValueFontVariantNumeric):
        (WebCore::StyleBuilderCustom::applyValueFontVariantEastAsian):
        * platform/text/TextFlags.h: Provide convenience classes.
        (WebCore::FontVariantLigaturesValues::FontVariantLigaturesValues):
        (WebCore::FontVariantNumericValues::FontVariantNumericValues):
        (WebCore::FontVariantEastAsianValues::FontVariantEastAsianValues):

2016-02-12  Jer Noble  <jer.noble@apple.com>

        Build fix after r196506; publish MediaResourceLoader.h as a private header so it can be used by
        TestWebKitAPI.

        * WebCore.xcodeproj/project.pbxproj:

2016-02-11  Jer Noble  <jer.noble@apple.com>

        [Mac] Adopt MediaResourceLoader (instead of CachedResourceLoader) in WebCoreNSURLSession.
        https://bugs.webkit.org/show_bug.cgi?id=154136

        Reviewed by Alex Christensen.

        MediaResourceLoader already supports using CORS attribute to verify CORS access requirements
        when loading media resources, so use it, rather than CachedResourceLoader, as the backing for
        WebCoreNSURLSession.

        * platform/network/cocoa/WebCoreNSURLSession.h:
        * platform/network/cocoa/WebCoreNSURLSession.mm:
        (-[WebCoreNSURLSession delegateQueue]):
        (-[WebCoreNSURLSession streamTaskWithNetService:]):
        (-[WebCoreNSURLSession isKindOfClass:]):
        (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):
        (-[WebCoreNSURLSessionDataTask _restart]):
        (-[WebCoreNSURLSessionDataTask _cancel]):
        (-[WebCoreNSURLSessionDataTask resume]):
        (-[WebCoreNSURLSessionDataTask _timingData]):
        (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
        (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
        (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Deleted.
        (-[WebCoreNSURLSession loader]): Deleted.
        (WebCore::WebCoreNSURLSessionDataTaskClient::dataSent): Deleted.
        (WebCore::WebCoreNSURLSessionDataTaskClient::responseReceived): Deleted.
        (WebCore::WebCoreNSURLSessionDataTaskClient::dataReceived): Deleted.
        (WebCore::WebCoreNSURLSessionDataTaskClient::redirectReceived): Deleted.
        (WebCore::WebCoreNSURLSessionDataTaskClient::notifyFinished): Deleted.
        (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]): Deleted.
        (-[WebCoreNSURLSessionDataTask _finish]): Deleted.
        (-[WebCoreNSURLSessionDataTask _setDefersLoading:]): Deleted.
        (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]): Deleted.
        (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]): Deleted.
        (-[WebCoreNSURLSessionDataTask resourceFinished:]): Deleted.
        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):

2016-02-12  Alex Christensen  <achristensen@webkit.org>

        Fix non-internal builds when using NetworkSession
        https://bugs.webkit.org/show_bug.cgi?id=152285

        * platform/spi/cf/CFNetworkSPI.h:
        Add SPI declaration used in r194156.

2016-02-12  Andreas Kling  <akling@apple.com>

        Throw out all live resource decoded data on memory pressure / suspension.
        <https://webkit.org/b/154176>

        Reviewed by Antti Koivisto.

        When pruning live resource decoded data from the memory cache,
        we normally avoid pruning anything that's been painted in the last second.
        This is an optimization to avoid getting into image decoding loops.

        For memory pressure / process suspension scenarios this doesn't really
        make sense though:

            - In the pressure case, if we have to render again soon it'll likely
              be a new GIF frame which we have to decode anyway.

            - In the process suspension case, we might *never* render again,
              so we should be good citizens and drop all the decoded data we can.

        This patch makes us drop all the decoded data, recently painted or not.

        * platform/MemoryPressureHandler.cpp:
        (WebCore::MemoryPressureHandler::releaseCriticalMemory):

2016-02-12  Gavin Barraclough  <barraclough@apple.com>

        Separate out !allowsAccess path in JSDOMWindowCustom getOwnPropertySlot
        https://bugs.webkit.org/show_bug.cgi?id=154156

        Reviewed by Chris Dumez.

        JSDOMWindowCustom getOwnPropertySlot currently allows cross-origin access to all
        static properties, relying on the property to perform the access check. This is
        a little insecure, since it is error prone - someone could easily add a property
        to the static table without realizing it would be automatcially exposed.

        Instead, add a hard-coded filter to restrict access. As a future implementation
        we might consider autogenerating this (the properties are already tagged in IDL,
        we might be able to track this in a flag on the static table).

        By separating out the handling of the same- and cross-origin access we can
        simplify & make the policy being enforced much clearer.

        * bindings/js/JSDOMBinding.cpp:
        (WebCore::objectToStringFunctionGetter): Deleted.
            - removed objectToStringFunctionGetter - this duplicated functionality of
              nonCachingStaticFunctionGetter.
        * bindings/js/JSDOMBinding.h:
        (WebCore::objectToStringFunctionGetter): Deleted.
            - removed objectToStringFunctionGetter - this duplicated functionality of
              nonCachingStaticFunctionGetter.
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::jsDOMWindowGetOwnPropertySlotDisallowAccess):
            - explicitly handle providing access to only the things we do want to allow cross-origin.
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
            - push all !allowsAccess handling to jsDOMWindowGetOwnPropertySlotDisallowAccess
        (WebCore::childFrameGetter): Deleted.
            - this was just a deoptimiztion - moving access into a callback saved very
              little & caused more work to be duplicated.

2016-02-12  Sukolsak Sakshuwong  <sukolsak@gmail.com>

        Update ICU header files to version 52
        https://bugs.webkit.org/show_bug.cgi?id=154160

        Reviewed by Alex Christensen.

        Update ICU header files to version 52 to allow the use of newer APIs.

        No new tests because there is no behavior change.

        * icu/unicode/bytestream.h:
        * icu/unicode/chariter.h:
        * icu/unicode/localpointer.h:
        * icu/unicode/platform.h:
        * icu/unicode/ptypes.h:
        * icu/unicode/putil.h:
        * icu/unicode/rep.h:
        (Replaceable::Replaceable):
        * icu/unicode/std_string.h:
        * icu/unicode/strenum.h:
        * icu/unicode/stringpiece.h:
        * icu/unicode/ubrk.h:
        * icu/unicode/uchar.h:
        * icu/unicode/ucnv.h:
        * icu/unicode/ucol.h:
        * icu/unicode/ucoleitr.h:
        * icu/unicode/uconfig.h:
        * icu/unicode/ucsdet.h:
        * icu/unicode/uenum.h:
        * icu/unicode/uidna.h:
        * icu/unicode/uiter.h:
        * icu/unicode/uloc.h:
        * icu/unicode/umachine.h:
        * icu/unicode/unistr.h:
        (UnicodeString::UnicodeString):
        (UnicodeString::operator== ):
        (UnicodeString::startsWith):
        (UnicodeString::setTo):
        (UnicodeString::remove):
        (UnicodeString::replace): Deleted.
        (UnicodeString::extract): Deleted.
        (UnicodeString::char32At): Deleted.
        (UnicodeString::getChar32Start): Deleted.
        (UnicodeString::getChar32Limit): Deleted.
        (UnicodeString::getTerminatedBuffer): Deleted.
        (UnicodeString::append): Deleted.
        (UnicodeString::truncate): Deleted.
        * icu/unicode/unorm2.h:
        * icu/unicode/uobject.h:
        * icu/unicode/urename.h:
        * icu/unicode/uscript.h:
        * icu/unicode/usearch.h:
        * icu/unicode/uset.h:
        * icu/unicode/ushape.h:
        * icu/unicode/ustring.h:
        * icu/unicode/utext.h:
        * icu/unicode/utf.h:
        * icu/unicode/utf16.h:
        * icu/unicode/utf8.h:
        * icu/unicode/utf_old.h:
        * icu/unicode/utypes.h:
        * icu/unicode/uvernum.h:
        * icu/unicode/uversion.h:

2016-02-12  Andreas Kling  <akling@apple.com>

        [Mac] BitmapImage::decodedDataIsPurgeable() is telling lies and causing massive memory usage.
        <https://webkit.org/b/154172>

        Reviewed by Antti Koivisto.

        The underlying mechanism in CoreAnimation that made this work is no longer in place.

        Instead of keeping purgeable frames and juggling volatility bits, we were simply caching
        every single frame of large GIF animations, sometimes leading to monstrous memory usage.

        Remove the code from WebCore since it's not doing at all what it means to.

        Now iOS and Mac will behave the same again, and frame caching decisions will be
        made by WebKit, based on total pixel byte size.

        * loader/cache/CachedImage.h:
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::decodedDataIsPurgeable): Deleted.
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::pruneLiveResourcesToSize): Deleted.
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
        (WebCore::BitmapImage::destroyDecodedDataIfNecessary): Deleted.
        * platform/graphics/BitmapImage.h:
        * platform/graphics/Image.h:
        (WebCore::Image::decodedDataIsPurgeable): Deleted.
        * platform/graphics/cg/BitmapImageCG.cpp:
        (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
        * platform/graphics/cg/ImageSourceCG.cpp:
        (WebCore::ImageSource::createFrameAtIndex): Deleted.

2016-02-12  Brady Eidson  <beidson@apple.com>

        Modern IDB: Ref cycle between IDBObjectStore and IDBIndex.
        https://bugs.webkit.org/show_bug.cgi?id=154110

        Reviewed by Darin Adler.

        No new tests (Currently untestable).

        The lifetime of IDBObjectStore and IDBIndex are closely intertwined, but we have to break the ref cycle.
        
        This patch does a few semi-gnarly things:
        1 - Makes both IDBIndex and IDBObjectStore have a custom marking function so they can add each other as 
            opaque roots.
        2 - Adds a lock to protect IDBObjectStore's collection of referenced indexes to support #1, as GC marking
            can happen on any thread.
        3 - Makes IDBIndex not be traditionally RefCounted; Instead, IDBIndex::ref()/deref() simply ref()/deref()
            the owning IDBObjectStore.
        4 - ...Except when somebody deletes an IDBIndex from its IDBObjectStore. Once that happens, the object
            store no longer has a reference back to the index, but the index still needs a reference back to the
            object store. To support this, the IDBIndex becomes "traditionally RefCounted" while holding a ref to
            its IDBObjectStore.

        * CMakeLists.txt:
        * WebCore.xcodeproj/project.pbxproj:

        * Modules/indexeddb/IDBIndex.h:
        (WebCore::IDBIndex::isModern):
        * Modules/indexeddb/IDBIndex.idl:
        
        * Modules/indexeddb/IDBObjectStore.h:
        (WebCore::IDBObjectStore::isModern):
        * Modules/indexeddb/IDBObjectStore.idl:
        
        * Modules/indexeddb/client/IDBIndexImpl.cpp:
        (WebCore::IDBClient::IDBIndex::objectStore):
        (WebCore::IDBClient::IDBIndex::openCursor):
        (WebCore::IDBClient::IDBIndex::doCount):
        (WebCore::IDBClient::IDBIndex::openKeyCursor):
        (WebCore::IDBClient::IDBIndex::doGet):
        (WebCore::IDBClient::IDBIndex::doGetKey):
        (WebCore::IDBClient::IDBIndex::markAsDeleted):
        (WebCore::IDBClient::IDBIndex::ref):
        (WebCore::IDBClient::IDBIndex::deref):
        (WebCore::IDBClient::IDBIndex::create): Deleted.
        * Modules/indexeddb/client/IDBIndexImpl.h:
        (WebCore::IDBClient::IDBIndex::modernObjectStore):
        
        * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
        (WebCore::IDBClient::IDBObjectStore::createIndex):
        (WebCore::IDBClient::IDBObjectStore::index):
        (WebCore::IDBClient::IDBObjectStore::deleteIndex):
        (WebCore::IDBClient::IDBObjectStore::visitReferencedIndexes):
        * Modules/indexeddb/client/IDBObjectStoreImpl.h:
        
        * Modules/indexeddb/client/IDBTransactionImpl.cpp:
        (WebCore::IDBClient::IDBTransaction::createIndex):
        * Modules/indexeddb/client/IDBTransactionImpl.h:
        
        * Modules/indexeddb/legacy/LegacyIndex.cpp:
        (WebCore::LegacyIndex::ref):
        (WebCore::LegacyIndex::deref):
        * Modules/indexeddb/legacy/LegacyIndex.h:
        
        * bindings/js/JSIDBIndexCustom.cpp: Added.
        (WebCore::JSIDBIndex::visitAdditionalChildren):
        
        * bindings/js/JSIDBObjectStoreCustom.cpp:
        (WebCore::JSIDBObjectStore::visitAdditionalChildren):

2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>

        [EFL][GTK] Fix ENABLE(SVG_OTF_CONVERTER) build
        https://bugs.webkit.org/show_bug.cgi?id=154165

        Reviewed by Alex Christensen.

        * CMakeLists.txt:
        * css/CSSFontFaceSource.cpp:
        (WebCore::CSSFontFaceSource::font):
        * svg/SVGToOTFFontConversion.cpp:
        * svg/SVGToOTFFontConversion.h:

2016-02-12  Chris Dumez  <cdumez@apple.com>

        Unreviewed nit fixes after r196466.

        * Modules/speech/SpeechSynthesisUtterance.idl: Fix curly bracket
          placement.
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader): Use wrappableObject instead of domObject.
        * bindings/scripts/test/*: Rebaseline.
        * dom/WebKitNamedFlow.idl: Drop unnecessary #if case.

2016-02-12  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Properly handle classes inheriting from EventTarget
        https://bugs.webkit.org/show_bug.cgi?id=154158

        Reviewed by Michael Catanzaro.

        Instead of removing its parent we now handle the case of classes
        having EventTarget as parent to make them implement the interface
        instead.

        * bindings/scripts/CodeGeneratorGObject.pm:
        (ShouldBeExposedAsInterface): Whether the parent given class
        should be exposed as an interface instead of a parent class.
        (GetParentClassName): Return Object as parent for classes having
        a parent that should be exposed as an interface.
        (GetParentImplClassName): Ditto.
        (GetBaseClass): Ditto.
        (GetParentGObjType): Ditto.
        (SkipFunction): Add FIXME comment.
        (ImplementsInterface): Helper function to check if a class
        implements the given interface.
        (GenerateCFile): Check whether the class implements EventTarget to
        generate the interface implementation.
        (GenerateInterface): Do not remove the parent class when it's EventTarget.

2016-02-12  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r196470.
        https://bugs.webkit.org/show_bug.cgi?id=154167

        Broke some tests (Requested by anttik on #webkit).

        Reverted changeset:

        "Factor class change style invalidation code into a class"
        https://bugs.webkit.org/show_bug.cgi?id=154163
        http://trac.webkit.org/changeset/196470

2016-02-12  Antti Koivisto  <antti@apple.com>

        Factor class change style invalidation code into a class