Set the end position on the placeholder BidiRun properly.
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-06-20  Zalan Bujtas  <zalan@apple.com>
2
3         Set the end position on the placeholder BidiRun properly.
4         https://bugs.webkit.org/show_bug.cgi?id=158958
5
6         Reviewed by Myles C. Maxfield.
7         rdar://problem/26609266
8
9         The second paramenter for BidiRun indicates the end position and not the length of the run.
10         This was regressed at r102875 where only the start position was changed from 0 to pos.
11
12         Test: fast/text/international/bidi-style-in-isolate-crash.html
13
14         * rendering/InlineIterator.h:
15         (WebCore::addPlaceholderRunForIsolatedInline):
16
17 2016-06-20  Fujii Hironori  <Hironori.Fujii@sony.com>
18
19         A composition underline is placed to wrong position in RTL
20         https://bugs.webkit.org/show_bug.cgi?id=158602
21
22         Reviewed by Myles C. Maxfield.
23
24         InlineTextBox::paintCompositionUnderline does not take RTL into
25         account.  The position of composition underline should be
26         mirrored in RTL.
27
28         Test: editing/input/composition-underline-rtl.html
29
30         * rendering/InlineTextBox.cpp:
31         (WebCore::mirrorRTLSegment): New helper function to convert RTL start position to LTR.
32         (WebCore::InlineTextBox::paintDecoration): Use mirrorRTLSegment.
33         (WebCore::InlineTextBox::paintCompositionUnderline): Ditto.
34
35 2016-06-20  Keith Miller  <keith_miller@apple.com>
36
37         It should be easy to add a private global helper function for builtins
38         https://bugs.webkit.org/show_bug.cgi?id=158893
39
40         Reviewed by Mark Lam.
41
42         Add JSCJSValueInlines.h to fix build issues.
43
44         * platform/mock/mediasource/MockBox.cpp:
45
46 2016-06-20  Benjamin Poulain  <benjamin@webkit.org>
47
48         :default CSS pseudo-class should match checkboxes+radios with a `checked` attribute
49         https://bugs.webkit.org/show_bug.cgi?id=156230
50
51         Reviewed by Alex Christensen.
52
53         This patch update the :default pseudo class matching to be closer to the spec:
54         https://html.spec.whatwg.org/multipage/scripting.html#selector-default
55
56         The main remaining difference with the spec is the definition of "default button".
57         This is an unrelated problem that should be addressed separately.
58
59         The implementation was missing support for:
60         -input elements of type "checkbox" or "radio" with the "checked" attribute defined.
61         -option elements with the "selected" attribute defined.
62
63         The existing support for default button was pretty bad, I fixed that too.
64         The owner form now has a resetDefaultButton() API. When a Form Associated Element
65         becomes a submit button or loses that property, the element calls its form
66         to update the style as needed.
67
68         Whenever the submit button changes, 2 elements needs to have their style invalidated:
69         -The former default button.
70         -The new default button.
71         To invalidate the former button, FormElement now caches the computed
72         default button. When the default button changes, the cached value is invalidated
73         in addition to the new value.
74
75         Computing the new default button takes linear time in the number of form associated element.
76         To mitigate that, resetDefaultButton() is only called when changes are related
77         to submit buttons. Since those changes are rare, I don't expect the invalidation
78         to be a problem.
79
80         Tests: fast/css/pseudo-default-basics.html
81                fast/selectors/default-style-update.html
82
83         * css/SelectorChecker.cpp:
84         (WebCore::SelectorChecker::checkOne):
85         * css/SelectorCheckerTestFunctions.h:
86         (WebCore::matchesDefaultPseudoClass):
87         (WebCore::isDefaultButtonForForm): Deleted.
88         * cssjit/SelectorCompiler.cpp:
89         (WebCore::SelectorCompiler::addPseudoClassType):
90         * dom/Element.cpp:
91         (WebCore::Element::matchesValidPseudoClass):
92         (WebCore::Element::matchesInvalidPseudoClass):
93         (WebCore::Element::matchesDefaultPseudoClass):
94         * dom/Element.h:
95         (WebCore::Element::matchesValidPseudoClass): Deleted.
96         (WebCore::Element::matchesInvalidPseudoClass): Deleted.
97         (WebCore::Element::isDefaultButtonForForm): Deleted.
98         * html/HTMLButtonElement.cpp:
99         (WebCore::HTMLButtonElement::parseAttribute):
100         (WebCore::HTMLButtonElement::matchesDefaultPseudoClass):
101         * html/HTMLButtonElement.h:
102         * html/HTMLFormControlElement.cpp:
103         (WebCore::HTMLFormControlElement::isDefaultButtonForForm): Deleted.
104         * html/HTMLFormControlElement.h:
105         * html/HTMLFormElement.cpp:
106         (WebCore::HTMLFormElement::~HTMLFormElement):
107         (WebCore::HTMLFormElement::registerFormElement):
108         (WebCore::HTMLFormElement::removeFormElement):
109         (WebCore::HTMLFormElement::defaultButton):
110         (WebCore::HTMLFormElement::resetDefaultButton):
111         * html/HTMLFormElement.h:
112         * html/HTMLInputElement.cpp:
113         (WebCore::HTMLInputElement::updateType):
114         (WebCore::HTMLInputElement::parseAttribute):
115         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
116         * html/HTMLInputElement.h:
117         * html/HTMLOptionElement.cpp:
118         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
119         (WebCore::HTMLOptionElement::parseAttribute):
120         * html/HTMLOptionElement.h:
121         * style/StyleSharingResolver.cpp:
122         (WebCore::Style::SharingResolver::canShareStyleWithElement):
123         (WebCore::Style::canShareStyleWithControl): Deleted.
124
125 2016-06-20  Simon Fraser  <simon.fraser@apple.com>
126
127         Focus event dispatched in iframe causes parent document to scroll incorrectly
128         https://bugs.webkit.org/show_bug.cgi?id=158629
129         rdar://problem/26521616
130
131         Reviewed by Tim Horton.
132
133         When focussing elements in iframes, the page could scroll to an incorrect location.
134         This happened because code in Element::focus() tried to disable scrolling on focus,
135         but did so only for the current frame, so ancestor frames got programmatically scrolled.
136         On iOS we handle the scrolling in the UI process, so never want the web process to
137         do programmatic scrolling.
138
139         Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
140         rather than manually prohibiting frame scrolling. Pass SelectionRevealMode through various callers,
141         and use RevealUpToMainFrame for iOS, allowing the UI process to do the zoomToRect: for the main frame.
142
143         Tests: fast/forms/ios/focus-input-in-iframe.html
144                fast/forms/ios/programmatic-focus-input-in-iframe.html
145
146         * dom/Document.h:
147         * dom/Element.cpp:
148         (WebCore::Element::scrollIntoView):
149         (WebCore::Element::scrollIntoViewIfNeeded):
150         (WebCore::Element::scrollIntoViewIfNotVisible):
151         (WebCore::Element::focus):
152         (WebCore::Element::updateFocusAppearance):
153         * dom/Element.h:
154         * editing/Editor.cpp:
155         (WebCore::Editor::insertTextWithoutSendingTextEvent):
156         (WebCore::Editor::revealSelectionAfterEditingOperation):
157         (WebCore::Editor::findStringAndScrollToVisible):
158         * editing/FrameSelection.cpp:
159         (WebCore::FrameSelection::updateAndRevealSelection):
160         (WebCore::FrameSelection::revealSelection):
161         (WebCore::FrameSelection::FrameSelection): Deleted.
162         * editing/FrameSelection.h:
163         * html/HTMLInputElement.cpp:
164         (WebCore::HTMLInputElement::updateFocusAppearance):
165         * html/HTMLTextAreaElement.cpp:
166         (WebCore::HTMLTextAreaElement::updateFocusAppearance):
167         * page/ContextMenuController.cpp:
168         (WebCore::ContextMenuController::contextMenuItemSelected):
169         * page/FrameView.cpp:
170         (WebCore::FrameView::scrollToAnchor):
171         * rendering/RenderLayer.cpp:
172         (WebCore::RenderLayer::scrollRectToVisible):
173         (WebCore::RenderLayer::autoscroll):
174         * rendering/RenderLayer.h:
175         * rendering/RenderObject.cpp:
176         (WebCore::RenderObject::scrollRectToVisible):
177         * rendering/RenderObject.h:
178
179 2016-06-20  Keith Rollin  <krollin@apple.com>
180
181         Remove RefPtr::release() and change calls sites to use WTFMove()
182         https://bugs.webkit.org/show_bug.cgi?id=158369
183
184         Reviewed by Chris Dumez.
185
186         RefPtr::release() releases its managed pointer awkwardly. It's more
187         direct and clearer to use WTFMove to transfer ownership of the managed
188         pointer.
189
190         As part of this cleanup, also change a lot of explicit data types to
191         'auto'.
192
193         No new tests: there's no new functionality, just a refactoring of
194         existing code.
195
196         * Modules/mediasource/SourceBuffer.cpp:
197         (WebCore::removeSamplesFromTrackBuffer):
198         (WebCore::SourceBuffer::provideMediaData):
199         * Modules/mediastream/UserMediaRequest.cpp:
200         (WebCore::UserMediaRequest::start):
201         * Modules/webdatabase/SQLCallbackWrapper.h:
202         (WebCore::SQLCallbackWrapper::clear):
203         * bindings/js/JSDOMWindowCustom.cpp:
204         (WebCore::handlePostMessage):
205         * bindings/js/JSHistoryCustom.cpp:
206         (WebCore::JSHistory::pushState):
207         (WebCore::JSHistory::replaceState):
208         * bindings/js/JSMessagePortCustom.h:
209         (WebCore::handlePostMessage):
210         * bindings/js/ScriptControllerMac.mm:
211         (WebCore::ScriptController::createScriptInstanceForWidget):
212         * bindings/js/SerializedScriptValue.cpp:
213         (WebCore::CloneDeserializer::readTerminal):
214         * css/CSSComputedStyleDeclaration.cpp:
215         (WebCore::ComputedStyleExtractor::copyPropertiesInSet):
216         * css/SVGCSSParser.cpp:
217         (WebCore::CSSParser::parseSVGValue):
218         * css/StyleBuilderConverter.h:
219         (WebCore::StyleBuilderConverter::convertShapeValue):
220         * css/StyleProperties.cpp:
221         (WebCore::StyleProperties::copyPropertiesInSet):
222         * css/StyleResolver.cpp:
223         (WebCore::StyleResolver::loadPendingImages):
224         * dom/InlineStyleSheetOwner.cpp:
225         (WebCore::InlineStyleSheetOwner::clearSheet):
226         * editing/ApplyStyleCommand.cpp:
227         (WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange):
228         * editing/CompositeEditCommand.cpp:
229         (WebCore::CompositeEditCommand::removeChildrenInRange):
230         (WebCore::CompositeEditCommand::removeNodeAndPruneAncestors):
231         (WebCore::CompositeEditCommand::prune):
232         (WebCore::CompositeEditCommand::replaceSelectedTextInNode):
233         (WebCore::CompositeEditCommand::rebalanceWhitespaceOnTextSubstring):
234         * editing/CreateLinkCommand.cpp:
235         (WebCore::CreateLinkCommand::doApply):
236         * editing/EditingStyle.cpp:
237         (WebCore::EditingStyle::mergeStyle):
238         (WebCore::EditingStyle::mergeStyleFromRulesForSerialization):
239         * editing/Editor.cpp:
240         (WebCore::ClearTextCommand::CreateAndApply):
241         (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges):
242         * editing/EditorCommand.cpp:
243         (WebCore::executeInsertNode):
244         * editing/InsertTextCommand.cpp:
245         (WebCore::InsertTextCommand::performOverwrite):
246         (WebCore::InsertTextCommand::insertTab):
247         * editing/RemoveNodePreservingChildrenCommand.cpp:
248         (WebCore::RemoveNodePreservingChildrenCommand::doApply):
249         * editing/ReplaceSelectionCommand.cpp:
250         (WebCore::ReplacementFragment::removeNodePreservingChildren):
251         (WebCore::ReplaceSelectionCommand::moveNodeOutOfAncestor):
252         * html/FTPDirectoryDocument.cpp:
253         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
254         * html/HTMLFontElement.cpp:
255         (WebCore::HTMLFontElement::collectStyleForPresentationAttribute):
256         * html/HTMLFormElement.cpp:
257         (WebCore::HTMLFormElement::prepareForSubmission):
258         * html/HTMLTableElement.cpp:
259         (WebCore::leakBorderStyle):
260         (WebCore::leakGroupBorderStyle):
261         * html/parser/HTMLDocumentParser.cpp:
262         (WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder):
263         * html/track/InbandDataTextTrack.cpp:
264         (WebCore::InbandDataTextTrack::addDataCue):
265         * html/track/InbandGenericTextTrack.cpp:
266         (WebCore::InbandGenericTextTrack::newCuesParsed):
267         * html/track/InbandWebVTTTextTrack.cpp:
268         (WebCore::InbandWebVTTTextTrack::newCuesParsed):
269         * html/track/TextTrackCueList.cpp:
270         (WebCore::TextTrackCueList::add):
271         * inspector/InspectorCSSAgent.cpp:
272         (WebCore::InspectorCSSAgent::getInlineStylesForNode):
273         * inspector/InspectorDOMAgent.cpp:
274         (WebCore::InspectorDOMAgent::pushChildNodesToFrontend):
275         * inspector/InspectorIndexedDBAgent.cpp:
276         * inspector/InspectorNetworkAgent.cpp:
277         (WebCore::InspectorNetworkAgent::loadResource):
278         * inspector/InspectorStyleSheet.cpp:
279         (WebCore::InspectorStyleSheet::buildObjectForSelectorList):
280         * loader/FormSubmission.cpp:
281         (WebCore::FormSubmission::create):
282         * loader/FrameLoader.cpp:
283         (WebCore::FrameLoader::loadURLIntoChildFrame):
284         (WebCore::FrameLoader::loadURL):
285         (WebCore::FrameLoader::loadPostRequest):
286         * loader/ProgressTracker.cpp:
287         (WebCore::ProgressTracker::finalProgressComplete):
288         * loader/appcache/ApplicationCacheGroup.cpp:
289         (WebCore::ApplicationCacheGroup::disassociateDocumentLoader):
290         (WebCore::ApplicationCacheGroup::didFinishLoading):
291         (WebCore::ApplicationCacheGroup::checkIfLoadIsComplete):
292         * loader/appcache/ApplicationCacheStorage.cpp:
293         (WebCore::ApplicationCacheStorage::loadCacheGroup):
294         (WebCore::ApplicationCacheStorage::cacheGroupForURL):
295         (WebCore::ApplicationCacheStorage::fallbackCacheGroupForURL):
296         (WebCore::ApplicationCacheStorage::loadCache):
297         * loader/archive/ArchiveResourceCollection.cpp:
298         (WebCore::ArchiveResourceCollection::popSubframeArchive):
299         * loader/archive/cf/LegacyWebArchive.cpp:
300         (WebCore::LegacyWebArchive::extract):
301         (WebCore::LegacyWebArchive::create):
302         (WebCore::LegacyWebArchive::createFromSelection):
303         * loader/cache/CachedImage.cpp:
304         (WebCore::CachedImage::createImage):
305         * loader/icon/IconDatabase.cpp:
306         (WebCore::IconDatabase::setIconDataForIconURL):
307         (WebCore::IconDatabase::getOrCreateIconRecord):
308         (WebCore::IconDatabase::readFromDatabase):
309         (WebCore::IconDatabase::getImageDataForIconURLFromSQLDatabase):
310         * page/DOMWindow.cpp:
311         (WebCore::DOMWindow::sessionStorage):
312         (WebCore::DOMWindow::localStorage):
313         * page/EventHandler.cpp:
314         (WebCore::EventHandler::updateDragAndDrop):
315         * page/animation/CompositeAnimation.cpp:
316         (WebCore::CompositeAnimation::updateTransitions):
317         * page/csp/ContentSecurityPolicy.cpp:
318         (WebCore::ContentSecurityPolicy::reportViolation):
319         * page/mac/ServicesOverlayController.mm:
320         (WebCore::ServicesOverlayController::createOverlayIfNeeded):
321         (WebCore::ServicesOverlayController::determineActiveHighlight):
322         * page/scrolling/AsyncScrollingCoordinator.h:
323         (WebCore::AsyncScrollingCoordinator::releaseScrollingTree):
324         * page/scrolling/ScrollingStateNode.cpp:
325         (WebCore::ScrollingStateNode::cloneAndReset):
326         * page/scrolling/ScrollingStateTree.cpp:
327         (WebCore::ScrollingStateTree::attachNode):
328         * platform/audio/HRTFElevation.cpp:
329         (WebCore::getConcatenatedImpulseResponsesForSubject):
330         * platform/graphics/DisplayRefreshMonitorManager.cpp:
331         (WebCore::DisplayRefreshMonitorManager::createMonitorForClient):
332         * platform/graphics/FontCascadeFonts.cpp:
333         (WebCore::FontCascadeFonts::glyphDataForSystemFallback):
334         * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
335         (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings):
336         * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.mm:
337         (WebCore::MediaSelectionGroupAVFObjC::updateOptions):
338         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
339         (WebCore::SourceBufferPrivateAVFObjC::processCodedFrame):
340         * platform/graphics/ca/GraphicsLayerCA.cpp:
341         * platform/graphics/ca/PlatformCALayer.cpp:
342         (WebCore::PlatformCALayer::createCompatibleLayerOrTakeFromPool):
343         * platform/graphics/cg/ImageBufferDataCG.cpp:
344         (WebCore::ImageBufferData::getData):
345         * platform/graphics/filters/FilterEffect.cpp:
346         (WebCore::FilterEffect::asUnmultipliedImage):
347         (WebCore::FilterEffect::asPremultipliedImage):
348         * platform/graphics/mac/ImageMac.mm:
349         (WebCore::Image::loadPlatformResource):
350         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
351         (WebCore::GraphicsContext3D::createForCurrentGLContext):
352         (WebCore::GraphicsContext3D::paintRenderingResultsToImageData):
353         * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
354         (WebCore::RealtimeMediaSourceCenterMac::createMediaStream):
355         * platform/mock/MockRealtimeMediaSourceCenter.cpp:
356         (WebCore::MockRealtimeMediaSourceCenter::validateRequestConstraints):
357         (WebCore::MockRealtimeMediaSourceCenter::createMediaStream):
358         * platform/network/BlobRegistryImpl.cpp:
359         (WebCore::BlobRegistryImpl::registerBlobURL):
360         (WebCore::BlobRegistryImpl::registerBlobURLForSlice):
361         * platform/network/ResourceHandle.cpp:
362         (WebCore::ResourceHandle::create):
363         * platform/network/cf/FormDataStreamCFNet.cpp:
364         (WebCore::formCreate):
365         * platform/text/BidiContext.cpp:
366         (WebCore::BidiContext::copyStackRemovingUnicodeEmbeddingContexts):
367         * rendering/FilterEffectRenderer.cpp:
368         (WebCore::FilterEffectRenderer::build):
369         * rendering/RenderLayer.cpp:
370         (WebCore::RenderLayer::createScrollbar):
371         * rendering/RenderListBox.cpp:
372         (WebCore::RenderListBox::createScrollbar):
373         * rendering/RenderMenuList.cpp:
374         (RenderMenuList::createScrollbar):
375         * rendering/RenderSearchField.cpp:
376         (WebCore::RenderSearchField::createScrollbar):
377         * replay/ReplayController.cpp:
378         (WebCore::ReplayController::unloadSegment):
379         * svg/SVGFEDiffuseLightingElement.cpp:
380         (WebCore::SVGFEDiffuseLightingElement::build):
381         * svg/SVGFESpecularLightingElement.cpp:
382         (WebCore::SVGFESpecularLightingElement::build):
383         * svg/properties/SVGListProperty.h:
384         (WebCore::SVGListProperty::getItemValuesAndWrappers):
385         (WebCore::SVGListProperty::insertItemBeforeValuesAndWrappers):
386         (WebCore::SVGListProperty::removeItemValuesAndWrappers):
387         * workers/WorkerThread.cpp:
388         (WebCore::WorkerThread::workerThread):
389         * xml/XMLHttpRequest.cpp:
390         (WebCore::XMLHttpRequest::internalAbort):
391         * xml/XPathStep.cpp:
392         (WebCore::XPath::Step::nodesInAxis):
393
394 2016-06-20  Eric Carlson  <eric.carlson@apple.com>
395
396         Crash in PlatformMediaSession::clientWillPausePlayback
397         https://bugs.webkit.org/show_bug.cgi?id=158953
398         <rdar://problem/26121125>
399
400         Reviewed by Jer Noble.
401
402         No new tests, I have not been able to reproduce this in a test.
403
404         * html/HTMLMediaElement.cpp:
405         (WebCore::HTMLMediaElement::stop): Ref the element before calling stopWithoutDestroyingMediaPlayer
406           because updatePlaybackControlsManager can release the last reference and cause the
407           destructor to be called.
408         (WebCore::HTMLMediaElement::suspend): Ditto.
409
410 2016-06-20  Alex Christensen  <achristensen@webkit.org>
411
412         Clean up ResourceResponseBase after r201943
413         https://bugs.webkit.org/show_bug.cgi?id=158706
414
415         Reviewed by Michael Catanzaro.
416
417         * platform/network/ResourceResponseBase.cpp:
418         (WebCore::ResourceResponseBase::ResourceResponseBase):
419         (WebCore::ResourceResponseBase::asResourceResponse): Deleted.
420         * platform/network/ResourceResponseBase.h:
421         (WebCore::ResourceResponseBase::platformCompare):
422
423 2016-06-20  Joseph Pecoraro  <pecoraro@apple.com>
424
425         Web Inspector: console.profile should use the new Sampling Profiler
426         https://bugs.webkit.org/show_bug.cgi?id=153499
427         <rdar://problem/24352431>
428
429         Reviewed by Timothy Hatcher.
430
431         Test: inspector/timeline/setInstruments-programmatic-capture.html
432
433         * inspector/InspectorTimelineAgent.cpp:
434         (WebCore::InspectorTimelineAgent::startFromConsole):
435         (WebCore::InspectorTimelineAgent::stopFromConsole):
436         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
437         (WebCore::InspectorTimelineAgent::startProgrammaticCapture):
438         (WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
439         (WebCore::InspectorTimelineAgent::toggleInstruments):
440         (WebCore::InspectorTimelineAgent::toggleScriptProfilerInstrument):
441         (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
442         (WebCore::InspectorTimelineAgent::toggleMemoryInstrument):
443         (WebCore::InspectorTimelineAgent::toggleTimelineInstrument):
444         * inspector/InspectorTimelineAgent.h:
445         Web implementation of console.profile/profileEnd.
446         Make helpers for startings / stopping instruments.
447
448 2016-06-20  Andreas Kling  <akling@apple.com>
449
450         When navigating, discard decoded image data that is only live due to page cache.
451         <https://webkit.org/b/158941>
452
453         Reviewed by Antti Koivisto.
454
455         A resource is "live" if it's currently in use by a web page, and "dead" if it's
456         only kept alive by the memory cache.
457
458         This patch adds a mechanism that looks at CachedImage resources to see if all the
459         clients that make them appear "live" are actually pages in the page cache.
460
461         If so, we let the "jettison expensive objects on top-level navigation" mechanism
462         discard the decoded data for such half-live images. This can reduce the peak
463         memory usage during navigations quite a bit.
464
465         * loader/FrameLoader.cpp:
466         (WebCore::FrameLoader::commitProvisionalLoad): Move the call to MemoryPressureHandler
467         before we add the outgoing page to the page cache. This allows the jettisoning code
468         to make decisions based on which pages were cached *before* the navigation.
469
470         * loader/cache/CachedImageClient.h:
471         (WebCore::CachedImageClient::inPageCache):
472         * loader/ImageLoader.h:
473         * loader/ImageLoader.cpp:
474         (WebCore::ImageLoader::inPageCache):
475         * rendering/RenderObject.h:
476         (WebCore::RenderObject::inPageCache): Added a CachedImageClient::inPageCache() virtual
477         to determine which clients are currently in page cache (answered by their Document.)
478
479         * loader/cache/CachedImage.h:
480         * loader/cache/CachedImage.cpp:
481         (WebCore::CachedImage::areAllClientsInPageCache): Walks all CachedImageClient clients
482         and returns true if all of them are inPageCache().
483
484         * platform/MemoryPressureHandler.cpp:
485         (WebCore::MemoryPressureHandler::jettisonExpensiveObjectsOnTopLevelNavigation):
486         Walk all the known CachedImages and nuke decoded data for those that have some but
487         are only considered live due to clients in the page cache.
488
489 2016-06-20  Chris Dumez  <cdumez@apple.com>
490
491         Unreviewed, fix post-landing review comment from Darin on r202188.
492
493         * platform/network/CacheValidation.cpp:
494         (WebCore::parseCacheHeader):
495
496 2016-06-19  Antti Koivisto  <antti@apple.com>
497
498         Updating class name of a shadow host does not update the style applied by :host()
499         https://bugs.webkit.org/show_bug.cgi?id=158900
500         <rdar://problem/26883707>
501
502         Reviewed by Simon Fraser.
503
504         Test: fast/shadow-dom/shadow-host-style-update.html
505
506         Teach style invalidation optimization code about :host.
507
508         * style/AttributeChangeInvalidation.cpp:
509         (WebCore::Style::mayBeAffectedByHostStyle):
510         (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):
511         * style/ClassChangeInvalidation.cpp:
512         (WebCore::Style::computeClassChange):
513         (WebCore::Style::mayBeAffectedByHostStyle):
514         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
515         * style/IdChangeInvalidation.cpp:
516         (WebCore::Style::mayBeAffectedByHostStyle):
517         (WebCore::Style::IdChangeInvalidation::invalidateStyle):
518
519 2016-06-19  Gavin & Ellie Barraclough  <barraclough@apple.com>
520
521         Remove hasStaticPropertyTable (part 5: done!)
522         https://bugs.webkit.org/show_bug.cgi?id=158431
523
524         Reviewed by Chris Dumez.
525
526         * bindings/scripts/CodeGeneratorJS.pm:
527         (GenerateHeader):
528             - remove hasStaticPropertyTable.
529         * bindings/scripts/test/JS/JSInterfaceName.h:
530         (WebCore::JSInterfaceName::create):
531         * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
532         (WebCore::JSTestActiveDOMObject::create):
533         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
534         (WebCore::JSTestClassWithJSBuiltinConstructor::create):
535         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
536         (WebCore::JSTestCustomConstructorWithNoInterfaceObject::create):
537         * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
538         (WebCore::JSTestCustomNamedGetter::create):
539         * bindings/scripts/test/JS/JSTestEventConstructor.h:
540         (WebCore::JSTestEventConstructor::create):
541         * bindings/scripts/test/JS/JSTestEventTarget.h:
542         (WebCore::JSTestEventTarget::create):
543         * bindings/scripts/test/JS/JSTestException.h:
544         (WebCore::JSTestException::create):
545         * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
546         (WebCore::JSTestGenerateIsReachable::create):
547         * bindings/scripts/test/JS/JSTestGlobalObject.h:
548         * bindings/scripts/test/JS/JSTestInterface.h:
549         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
550         (WebCore::JSTestJSBuiltinConstructor::create):
551         * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
552         (WebCore::JSTestMediaQueryListListener::create):
553         * bindings/scripts/test/JS/JSTestNamedConstructor.h:
554         (WebCore::JSTestNamedConstructor::create):
555         * bindings/scripts/test/JS/JSTestNode.h:
556         * bindings/scripts/test/JS/JSTestNondeterministic.h:
557         (WebCore::JSTestNondeterministic::create):
558         * bindings/scripts/test/JS/JSTestObj.h:
559         (WebCore::JSTestObj::create):
560         * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
561         (WebCore::JSTestOverloadedConstructors::create):
562         * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
563         (WebCore::JSTestOverrideBuiltins::create):
564         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
565         (WebCore::JSTestSerializedScriptValueInterface::create):
566         * bindings/scripts/test/JS/JSTestTypedefs.h:
567         (WebCore::JSTestTypedefs::create):
568         * bindings/scripts/test/JS/JSattribute.h:
569         (WebCore::JSattribute::create):
570         * bindings/scripts/test/JS/JSreadonly.h:
571         (WebCore::JSreadonly::create):
572
573 2016-06-19  Youenn Fablet  <youenn.fablet@crf.canon.fr>
574
575         The JSBuiltinConstructor feature can't handle a JS interface extending an other JS interface
576         https://bugs.webkit.org/show_bug.cgi?id=158834
577
578         Reviewed by Eric Carlson.
579
580         No change of behavior.
581
582         * bindings/scripts/CodeGeneratorJS.pm:
583         (GenerateHeader): Explicitly setting DOMWrapped type definition from
584         JSXX class deriving from another JSYY class.
585         * bindings/scripts/test/JS/JSTestEventTarget.h: Rebased.
586         * bindings/scripts/test/JS/JSTestNode.h: Ditto.
587
588 2016-06-18  Antti Koivisto  <antti@apple.com>
589
590         Use time literals in WebCore
591         https://bugs.webkit.org/show_bug.cgi?id=158905
592
593         Reviewed by Andreas Kling.
594
595         std::chrono::milliseconds(1) -> 1ms etc.
596
597         * dom/Document.cpp:
598         (WebCore::Document::minimumLayoutDelay):
599         (WebCore::Document::elapsedTime):
600         * fileapi/FileReader.cpp:
601         (WebCore::FileReader::create):
602         * inspector/InspectorOverlay.cpp:
603         (WebCore::InspectorOverlay::showPaintRect):
604         * loader/CrossOriginPreflightResultCache.cpp:
605         (WebCore::CrossOriginPreflightResultCache::CrossOriginPreflightResultCache):
606         * loader/ProgressTracker.cpp:
607         (WebCore::ProgressTracker::progressStarted):
608         * loader/cache/CachedResource.cpp:
609         (WebCore::CachedResource::freshnessLifetime):
610         * page/ChromeClient.h:
611         * page/DOMTimer.cpp:
612         (WebCore::DOMTimer::intervalClampedToMinimum):
613         (WebCore::DOMTimer::alignedFireTime):
614         * page/DOMTimer.h:
615         * page/FrameView.cpp:
616         (WebCore::FrameView::scrollPositionChanged):
617         * page/ResourceUsageThread.cpp:
618         (WebCore::ResourceUsageThread::threadBody):
619         * page/Settings.cpp:
620         (WebCore::Settings::Settings):
621         * page/mac/ServicesOverlayController.mm:
622         (WebCore::ServicesOverlayController::remainingTimeUntilHighlightShouldBeShown):
623         * platform/graphics/FontCache.cpp:
624         (WebCore::FontCache::fontForFamily):
625         * platform/network/CacheValidation.cpp:
626         (WebCore::computeCurrentAge):
627         (WebCore::computeFreshnessLifetimeForHTTPFamily):
628
629 2016-06-17  Benjamin Poulain  <benjamin@webkit.org>
630
631         :indeterminate pseudo-class should match radios whose group has no checked radio
632         https://bugs.webkit.org/show_bug.cgi?id=156270
633
634         Reviewed by Simon Fraser.
635
636         The pseudo-class ":indeterminate" is supposed to match radio buttons
637         for which the entire group has no checked button.
638         Spec: https://html.spec.whatwg.org/#pseudo-classes:selector-indeterminate
639
640         The change is straightforward with one non-obvious choice:
641         I added matchesIndeterminatePseudoClass() in addition to shouldAppearIndeterminate().
642
643         The reason is shouldAppearIndeterminate() is used for styling and AX of elements
644         with an indeterminate states (check boxes and progress element). There is no such
645         UI for radio boxes.
646         I could have extended shouldAppearIndeterminate() to radio box
647         then filter out this case in RenderTheme. The problem is doing that would also requires
648         changes to the repaint logic to match :indeterminate. It seemed overkill to me to
649         change repaint() for a case that is never used in practice.
650
651         Tests: fast/css/pseudo-indeterminate-radio-buttons-basics.html
652                fast/css/pseudo-indeterminate-with-radio-buttons-style-invalidation.html
653                fast/selectors/detached-radio-button-checked-and-indeterminate-states.html
654                fast/selectors/pseudo-indeterminate-with-radio-buttons-style-update.html
655
656         * css/SelectorCheckerTestFunctions.h:
657         (WebCore::shouldAppearIndeterminate):
658         * dom/Element.cpp:
659         (WebCore::Element::matchesIndeterminatePseudoClass):
660         * dom/Element.h:
661         * dom/RadioButtonGroups.cpp:
662         (WebCore::RadioButtonGroup::setCheckedButton):
663         (WebCore::RadioButtonGroup::updateCheckedState):
664         (WebCore::RadioButtonGroup::remove):
665         (WebCore::RadioButtonGroup::setNeedsStyleRecalcForAllButtons):
666         (WebCore::RadioButtonGroups::hasCheckedButton):
667         * dom/RadioButtonGroups.h:
668         * html/CheckboxInputType.cpp:
669         (WebCore::CheckboxInputType::matchesIndeterminatePseudoClass):
670         (WebCore::CheckboxInputType::shouldAppearIndeterminate):
671         (WebCore::CheckboxInputType::supportsIndeterminateAppearance): Deleted.
672         * html/CheckboxInputType.h:
673         * html/HTMLInputElement.cpp:
674         (WebCore::HTMLInputElement::setChecked):
675         (WebCore::HTMLInputElement::matchesIndeterminatePseudoClass):
676         (WebCore::HTMLInputElement::shouldAppearIndeterminate):
677         (WebCore::HTMLInputElement::radioButtonGroups):
678         * html/HTMLInputElement.h:
679         * html/InputType.cpp:
680         (WebCore::InputType::matchesIndeterminatePseudoClass):
681         (WebCore::InputType::shouldAppearIndeterminate):
682         (WebCore::InputType::supportsIndeterminateAppearance): Deleted.
683         * html/InputType.h:
684         * html/RadioInputType.cpp:
685         (WebCore::RadioInputType::matchesIndeterminatePseudoClass):
686         (WebCore::RadioInputType::willDispatchClick): Deleted.
687         (WebCore::RadioInputType::didDispatchClick): Deleted.
688         (WebCore::RadioInputType::supportsIndeterminateAppearance): Deleted.
689         The iOS specific code is just plain wrong.
690         It was changing the indeterminate state of the input element.
691         The spec clearly says that state is only used by checkbox:
692         https://html.spec.whatwg.org/#dom-input-indeterminate
693
694         Moreover, the style update would not change the indeterminate state
695         of other buttons in the Button Group, which is just bizarre.
696         RenderThemeIOS does not make use of any of this with the current style.
697
698         * html/RadioInputType.h:
699         * style/StyleSharingResolver.cpp:
700         (WebCore::Style::SharingResolver::canShareStyleWithElement):
701         (WebCore::Style::canShareStyleWithControl): Deleted.
702         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes): Deleted.
703         Style sharing is unified behind the selector matching which is neat.
704
705 2016-06-17  Commit Queue  <commit-queue@webkit.org>
706
707         Unreviewed, rolling out r202152.
708         https://bugs.webkit.org/show_bug.cgi?id=158897
709
710         The new test is very unstable, timing out frequently
711         (Requested by ap on #webkit).
712
713         Reverted changeset:
714
715         "Web Inspector: console.profile should use the new Sampling
716         Profiler"
717         https://bugs.webkit.org/show_bug.cgi?id=153499
718         http://trac.webkit.org/changeset/202152
719
720 2016-06-17  Commit Queue  <commit-queue@webkit.org>
721
722         Unreviewed, rolling out r202068, r202115, and r202128.
723         https://bugs.webkit.org/show_bug.cgi?id=158896
724
725         The new test is very unstable, timing out frequently
726         (Requested by ap on #webkit).
727
728         Reverted changesets:
729
730         "decompose4 return value is unchecked, leading to potentially
731         uninitialized data."
732         https://bugs.webkit.org/show_bug.cgi?id=158761
733         http://trac.webkit.org/changeset/202068
734
735         "[mac] LayoutTest transforms/undecomposable.html is a flaky
736         timeout"
737         https://bugs.webkit.org/show_bug.cgi?id=158816
738         http://trac.webkit.org/changeset/202115
739
740         "[mac] LayoutTest transforms/undecomposable.html is a flaky
741         timeout"
742         https://bugs.webkit.org/show_bug.cgi?id=158816
743         http://trac.webkit.org/changeset/202128
744
745 2016-06-17  Chris Fleizach  <cfleizach@apple.com>
746
747         AX: HTML indeterminate IDL attribute not mapped to checkbox value=2 for native checkboxes
748         https://bugs.webkit.org/show_bug.cgi?id=158876
749         <rdar://problem/26842619>
750
751         Reviewed by Joanmarie Diggs.
752
753         The indeterminate state was not being reported for native checkboxes. 
754
755         Also the isIndeterminate() method was relying on whether the appearance changed, which does not happen on Mac, so that
756         was not being reported correctly. Changed that to check the actual attribute.
757
758         Test: accessibility/checkbox-mixed-value.html
759
760         * accessibility/AccessibilityNodeObject.cpp:
761         (WebCore::AccessibilityNodeObject::isIndeterminate):
762         (WebCore::AccessibilityNodeObject::isPressed):
763         (WebCore::AccessibilityNodeObject::checkboxOrRadioValue):
764         * accessibility/AccessibilityObject.cpp:
765         (WebCore::AccessibilityObject::checkboxOrRadioValue):
766
767 2016-06-17  Dean Jackson  <dino@apple.com>
768
769         REGRESSION (r199819): CrashTracer: [GraphicsContext3D::getInternalFramebufferSize
770         https://bugs.webkit.org/show_bug.cgi?id=158895
771         <rdar://problem/26423617>
772
773         Reviewed by Zalan Bujtas.
774
775         In r199819 we started resetting contexts if the page had too
776         many. Unfortunately there were entry points in the WebGL context
777         that didn't check for the validity of the object before trying
778         to access the lower level objects.
779
780         Test: webgl/many-contexts-access-after-loss.html
781
782         * html/canvas/WebGLRenderingContextBase.cpp:
783         (WebCore::WebGLRenderingContextBase::drawingBufferWidth): Return 0 if we're lost.
784         (WebCore::WebGLRenderingContextBase::drawingBufferHeight): Ditto.
785
786 2016-06-17  Daniel Bates  <dabates@apple.com>
787
788         Unreviewed, rolling out r202186.
789
790         Broke the Apple Windows, Apple Yosemite, GTK, and WinCairo
791         builds.
792
793         Reverted changeset:
794
795         "File scheme should not allow access of a resource on a
796         different volume."
797         https://bugs.webkit.org/show_bug.cgi?id=158552
798         http://trac.webkit.org/changeset/202186
799
800 2016-06-17  Daniel Bates  <dabates@apple.com>
801
802         Unreviewed, rolling out r202187.
803
804         202186
805
806         Reverted changeset:
807
808         "Unreviewed clean-up after r202186."
809         http://trac.webkit.org/changeset/202187
810
811 2016-06-17  Chris Dumez  <cdumez@apple.com>
812
813         Optimize parseCacheHeader() by using StringView
814         https://bugs.webkit.org/show_bug.cgi?id=158891
815
816         Reviewed by Darin Adler.
817
818         Optimize parseCacheHeader() and avoid some temporary String allocations
819         by using StringView. We now strip the whitespaces in the input string
820         at the beginning of the function, at the same as as we strip the
821         control characters. We are then able to leverage StringView in the
822         rest of the function to get substrings without the need for extra
823         String allocations.
824
825         * platform/network/CacheValidation.cpp:
826         (WebCore::isControlCharacterOrSpace):
827         (WebCore::trimToNextSeparator):
828         (WebCore::parseCacheHeader):
829
830 2016-06-17  Brent Fulgham  <bfulgham@apple.com>
831
832         Unreviewed clean-up after r202186.
833
834         * platform/FileSystem.cpp:
835         (WebCore::filesHaveSameVolume): Don't use C-style formatting.
836
837 2016-06-17  Pranjal Jumde  <pjumde@apple.com>
838
839         File scheme should not allow access of a resource on a different volume.
840         https://bugs.webkit.org/show_bug.cgi?id=158552
841         <rdar://problem/15307582>
842
843         Reviewed by Brent Fulgham.
844
845         Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm
846
847         * page/SecurityOrigin.cpp:
848         (WebCore::SecurityOrigin::canDisplay):
849         * platform/FileSystem.cpp:
850         (WebCore::platformFileStat):
851         (WebCore::filesHaveSameVolume):
852         Returns true if the files are on the same volume
853         * platform/FileSystem.h:
854
855 2016-06-17  Antoine Quint  <graouts@apple.com>
856
857         Web video playback controls should have RTL volume slider
858         https://bugs.webkit.org/show_bug.cgi?id=158856
859         <rdar://problem/25971769>
860
861         Reviewed by Tim Horton.
862
863         We reproduce the system used to propagate the page scale factor from the WebPage to the media controls to
864         propagate the user interface layout direction.
865
866         The Page exposes a new setUserInterfaceLayoutDirection() method which is set by the WebPage. The Page
867         then notifies the Document of a change, which propagates down to registered media elements, and finally sets
868         the usesLTRUserInterfaceLayoutDirection property on the media controller object in the injected JavaScript.
869         Based on the value of that property we toggle a new .uses-ltr-user-interface-layout-direction CSS class on the
870         .volume-box which applies a translate to the right and flips the volume controls on the x axis.
871
872         Since we're setting a new JS property from HTMLMediaController, we refactor much of the code out of the existing
873         pageScaleFactorChanged() and setPageScaleFactorProperty() into the new setControllerJSProperty() method so that
874         can easily set a named JS property with a given JSValue.
875
876         For testing purposes, we expose the WebCore::Page::setUserInterfaceLayoutDirection() method through Internals.
877
878         Test: fullscreen/video-controls-rtl.html
879
880         * Modules/mediacontrols/mediaControlsApple.css:
881         (video:-webkit-full-screen::-webkit-media-controls-panel .volume-box:not(.uses-ltr-user-interface-layout-direction)):
882         * Modules/mediacontrols/mediaControlsApple.js:
883         (Controller.prototype.set usesLTRUserInterfaceLayoutDirection):
884         * WebCore.xcodeproj/project.pbxproj:
885         * dom/Document.cpp:
886         (WebCore::Document::registerForUserInterfaceLayoutDirectionChangedCallbacks):
887         (WebCore::Document::unregisterForUserInterfaceLayoutDirectionChangedCallbacks):
888         (WebCore::Document::userInterfaceLayoutDirectionChanged):
889         * dom/Document.h:
890         * html/HTMLMediaElement.cpp:
891         (WebCore::HTMLMediaElement::registerWithDocument):
892         (WebCore::HTMLMediaElement::unregisterWithDocument):
893         (WebCore::HTMLMediaElement::updatePageScaleFactorJSProperty):
894         (WebCore::HTMLMediaElement::updateUsesLTRUserInterfaceLayoutDirectionJSProperty):
895         (WebCore::HTMLMediaElement::setControllerJSProperty):
896         (WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
897         (WebCore::HTMLMediaElement::pageScaleFactorChanged):
898         (WebCore::HTMLMediaElement::userInterfaceLayoutDirectionChanged):
899         (WebCore::setPageScaleFactorProperty): Deleted.
900         * html/HTMLMediaElement.h:
901         * page/Page.cpp:
902         (WebCore::Page::setUserInterfaceLayoutDirection):
903         * page/Page.h:
904         (WebCore::Page::userInterfaceLayoutDirection):
905         * platform/UserInterfaceLayoutDirection.h: Renamed from Source/WebKit2/UIProcess/UserInterfaceLayoutDirection.h.
906         * testing/Internals.cpp:
907         (WebCore::Internals::setUserInterfaceLayoutDirection):
908         * testing/Internals.h:
909         * testing/Internals.idl:
910
911 2016-06-17  Chris Dumez  <cdumez@apple.com>
912
913         TouchEvent should have a constructor
914         https://bugs.webkit.org/show_bug.cgi?id=158883
915         <rdar://problem/26063585>
916
917         Reviewed by Benjamin Poulain.
918
919         TouchEvent should have a constructor:
920         - https://w3c.github.io/touch-events/#touchevent-interface
921
922         Chrome already ships this:
923         - https://bugs.chromium.org/p/chromium/issues/detail?id=508675
924
925         Test: fast/events/touch/touch-event-constructor.html
926
927         * bindings/js/JSDictionary.cpp:
928         (WebCore::JSDictionary::convertValue):
929         * bindings/js/JSDictionary.h:
930         * dom/TouchEvent.cpp:
931         (WebCore::TouchEvent::TouchEvent):
932         * dom/TouchEvent.h:
933         * dom/TouchEvent.idl:
934
935 2016-06-17  Zalan Bujtas  <zalan@apple.com>
936
937         Potential null dereferencing on a detached positioned renderer.
938         https://bugs.webkit.org/show_bug.cgi?id=158879
939
940         Reviewed by Simon Fraser.
941
942         This patch fixes the case when the while loop to search for the absolute positioned ancestor
943         returns null (it happens when positioned renderer has been detached from the render tree).
944
945         Speculative fix.
946
947         * rendering/RenderBlock.cpp:
948         (WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded):
949         * rendering/RenderBlock.h:
950
951 2016-06-17  Chris Dumez  <cdumez@apple.com>
952
953         URL hash setter does not remove fragment identifier if argument is an empty string
954         https://bugs.webkit.org/show_bug.cgi?id=158869
955         <rdar://problem/26863430>
956
957         Reviewed by Darin Adler.
958
959         URL hash setter and URLUtils hash setter should remove the fragment identifier
960         if set to "#" or "":
961         - https://url.spec.whatwg.org/#dom-url-hash
962         - https://html.spec.whatwg.org/multipage/semantics.html#dom-hyperlink-hash
963
964         This patch aligns our behavior with the specification and with other browsers
965         (tested Firefox and Chrome).
966
967         This patch also updates HTMLAnchorElement to inherit URLUtils to avoid code
968         duplication. HTMLAnchorElement already implements URLUtils in the IDL, as per
969         the specification:
970         - https://html.spec.whatwg.org/multipage/semantics.html#htmlanchorelement
971
972         No new tests, rebaselined existing tests.
973
974         * html/HTMLAnchorElement.cpp:
975         (WebCore::HTMLAnchorElement::origin): Deleted.
976         (WebCore::HTMLAnchorElement::text): Deleted.
977         (WebCore::HTMLAnchorElement::setText): Deleted.
978         (WebCore::HTMLAnchorElement::toString): Deleted.
979         (WebCore::HTMLAnchorElement::isLiveLink): Deleted.
980         (WebCore::HTMLAnchorElement::sendPings): Deleted.
981         (WebCore::HTMLAnchorElement::handleClick): Deleted.
982         (WebCore::HTMLAnchorElement::eventType): Deleted.
983         (WebCore::HTMLAnchorElement::treatLinkAsLiveForEventType): Deleted.
984         (WebCore::isEnterKeyKeydownEvent): Deleted.
985         (WebCore::shouldProhibitLinks): Deleted.
986         (WebCore::HTMLAnchorElement::willRespondToMouseClickEvents): Deleted.
987         (WebCore::rootEditableElementMap): Deleted.
988         (WebCore::HTMLAnchorElement::rootEditableElementForSelectionOnMouseDown): Deleted.
989         (WebCore::HTMLAnchorElement::clearRootEditableElementForSelectionOnMouseDown): Deleted.
990         (WebCore::HTMLAnchorElement::setRootEditableElementForSelectionOnMouseDown): Deleted.
991         * html/HTMLAnchorElement.h:
992         (WebCore::HTMLAnchorElement::invalidateCachedVisitedLinkHash): Deleted.
993         * html/URLUtils.h:
994         (WebCore::URLUtils<T>::setHash):
995
996 2016-06-17  John Wilander  <wilander@apple.com>
997
998         Ignore case in the check for security origin inheritance
999         https://bugs.webkit.org/show_bug.cgi?id=158878
1000
1001         Reviewed by Alex Christensen.
1002
1003         Darin Adler commented in https://bugs.webkit.org/show_bug.cgi?id=158855:
1004         "Are these comparisons intentionally case sensitive? Shouldn’t they ignore ASCII 
1005         case? We could use equalIgnoringASCIICase and equalLettersIgnoringASCIICase for 
1006         those two lines instead of using ==. URL::parse normalizes letters in the scheme 
1007         and host by using toASCIILower, but does not normalize letters elsewhere in the 
1008         URL, such as in the "blank" or "srcdoc" in the above URLs."
1009
1010         Test: http/tests/dom/window-open-about-uppercase-blank-and-access-document.html
1011
1012         * platform/URL.cpp:
1013         (WebCore::URL::shouldInheritSecurityOriginFromOwner):
1014
1015 2016-06-17  Hyungwook Lee  <hyungwook.lee@navercorp.com>
1016
1017         Fix compilation errors when we enable DUMP_NODE_STATISTICS in Node.h
1018         https://bugs.webkit.org/show_bug.cgi?id=158868
1019
1020         Reviewed by Alex Christensen.
1021
1022         Fix compilation errors in Node.cpp when we enable DUMP_NODE_STATISTICS
1023
1024         * dom/Node.cpp:
1025         (WebCore::Node::dumpStatistics):
1026
1027 2016-06-17  Per Arne Vollan  <pvollan@apple.com>
1028
1029         [Win] Scrolling in popup menu scrolls past last entry.
1030         https://bugs.webkit.org/show_bug.cgi?id=158870
1031
1032         Reviewed by Brent Fulgham.
1033
1034         When the popup has a scrollbar, the content size is not equal to the popup window size.
1035   
1036         * platform/win/PopupMenuWin.cpp:
1037         (WebCore::PopupMenuWin::contentsSize):
1038
1039 2016-06-17  Frederic Wang  <fwang@igalia.com>
1040
1041         Refactor RenderMathMLRoot layout function to avoid using flexbox
1042         https://bugs.webkit.org/show_bug.cgi?id=153987
1043
1044         Reviewed by Brent Fulgham.
1045
1046         No new tests, already covered by existing tests.
1047         A case for RTL root has been added to roots.xhtml.
1048
1049         We reimplement RenderMathMLRoot without any flexbox or anonymous.
1050         The anonymous RenderMathMLRadicalOperator used to draw the radical sign is replaced with
1051         the MathOperator class introduced in bug 152244.
1052         msqrt (row of children under a square root) is now implemented directly in RenderMathMLRoot,
1053         so RenderMathMLSquareRoot is removed and RenderMathMLRoot now inherits from RenderMathMLRow.
1054
1055         * CMakeLists.txt: Remove files for RenderMathMLRadicalOperator and RenderMathMLSquareRoot.
1056         * WebCore.xcodeproj/project.pbxproj: ditto.
1057         * accessibility/AccessibilityRenderObject.cpp: Update code now that we do not use any
1058         radical wrappers.
1059         (WebCore::AccessibilityRenderObject::isMathRow): Now that RenderMathMLRoot inherits from
1060         RenderMathMLRow, we must exclude MathRoot or otherwise some accessibility code may treat
1061         roots as rows.
1062         (WebCore::AccessibilityRenderObject::mathRadicandObject): Return the first child for
1063         Root/SquareRoot or nullptr.
1064         (WebCore::AccessibilityRenderObject::mathRootIndexObject): Return the second child for
1065         Root and nullptr for SquareRoot.
1066         * mathml/MathMLInlineContainerElement.cpp:
1067         (WebCore::MathMLInlineContainerElement::childrenChanged): We no longer need a special case
1068         for msqrt, it is treated as a normal RenderMathMLRow.
1069         (WebCore::MathMLInlineContainerElement::createElementRenderer): Make msqrt create a
1070         RenderMathMLRoot object.
1071         * rendering/RenderObject.h:
1072         (WebCore::RenderObject::isRenderMathMLRadicalOperator): Deleted.
1073         * rendering/mathml/RenderMathMLBlock.cpp:
1074         (WebCore::RenderMathMLBlock::mirrorIfNeeded): New function to mirror a child horizontal
1075         offset according to the parent width.
1076         (WebCore::RenderMathMLBlock::renderName):
1077         * rendering/mathml/RenderMathMLBlock.h:
1078         (WebCore::RenderMathMLBlock::mirrorIfNeeded): Moved from RenderMathMLScripts, just forward
1079         call to the other mirrorIfNeeded function.
1080         * rendering/mathml/RenderMathMLOperator.cpp: We no longer need this trailingSpaceError hack.
1081         (WebCore::RenderMathMLOperator::trailingSpaceError): Deleted.
1082         * rendering/mathml/RenderMathMLOperator.h: ditto.
1083         * rendering/mathml/RenderMathMLRadicalOperator.cpp: Removed. The radical sign is now drawn
1084         with a MathOperator.
1085         * rendering/mathml/RenderMathMLRadicalOperator.h: Removed.
1086         * rendering/mathml/RenderMathMLRoot.cpp: Complete refactoring to avoid using flexbox and
1087         anonymous wrappers.
1088         (WebCore::RenderMathMLRoot::RenderMathMLRoot): Set m_kind parameters to distinguish between
1089         square root and general root and set the MathOperator member to draw the radical sign.
1090         (WebCore::RenderMathMLRoot::isValid): Helper function to verify whether the child list is valid.
1091         (WebCore::RenderMathMLRoot::getBase): Get the base of an mroot.
1092         (WebCore::RenderMathMLRoot::getIndex): Get the index of an mroot.
1093         (WebCore::RenderMathMLRoot::styleDidChange): Be sure to keep the style of the
1094         MathOperator in sync with ours ; no need to skip empty roots.
1095         (WebCore::RenderMathMLRoot::updateFromElement): Call the function from the new parent class ;
1096         no need to skip empty roots.
1097         (WebCore::RenderMathMLRoot::updateStyle): Remove the isEmpty ASSERT as it is valid to have
1098         empty square root. Set the m_kernBeforeDegree, m_kernBeforeDegree members.
1099         No need to set style for anonymous.
1100         (WebCore::RenderMathMLRoot::computePreferredLogicalWidths): Implement this function.
1101         (WebCore::RenderMathMLRoot::layoutBlock): Implement this function.
1102         (WebCore::RenderMathMLRoot::paintChildren): Implement this function.
1103         (WebCore::RenderMathMLRoot::paint): Remove the trailingSpaceError hack ;
1104         paint the radical sign via MathOperator::paint
1105         (WebCore::RenderMathMLRoot::baseWrapper): Deleted.
1106         (WebCore::RenderMathMLRoot::radicalWrapper): Deleted.
1107         (WebCore::RenderMathMLRoot::indexWrapper): Deleted.
1108         (WebCore::RenderMathMLRoot::radicalOperator): Deleted.
1109         (WebCore::RenderMathMLRoot::restructureWrappers): Deleted.
1110         (WebCore::RenderMathMLRoot::addChild): Deleted.
1111         (WebCore::RenderMathMLRoot::firstLineBaseline): Deleted.
1112         (WebCore::RenderMathMLRoot::layout): Deleted.
1113         (WebCore::RenderMathMLRootWrapper::createAnonymousWrapper): Deleted.
1114         (WebCore::RenderMathMLRootWrapper::removeChildWithoutRestructuring): Deleted.
1115         (WebCore::RenderMathMLRootWrapper::removeChild): Deleted.
1116         * rendering/mathml/RenderMathMLRoot.h: Make RenderMathMLRoot inherit from RenderMathMLRow.
1117         Make RenderMathMLRoot support <msqrt>.
1118         Remove all the anonymous wrapper stuff and instead use a MathOperator for the radical symbol.
1119         Update function declaration to implement layout without flexbox and add some helper functions.
1120         * rendering/mathml/RenderMathMLRow.cpp: Allow to get the exact metrics of the chid row,
1121         for use in RenderMathMLRoot.
1122         (WebCore::RenderMathMLRow::computeLineVerticalStretch): rename parameters.
1123         (WebCore::RenderMathMLRow::layoutRowItems): Set parameters to the final ascent, descent and
1124         logical width of the chid row. Set the temporary logical width for RenderMathRoot before
1125         laying the children out.
1126         (WebCore::RenderMathMLRow::layoutBlock): Rename parameters ; add a dummy logicalWidth
1127         parameter.
1128         * rendering/mathml/RenderMathMLRow.h: Make some functions accessible or overridable by
1129         RenderMathMLRoot. Make layoutRowItems return the final ascent, descent and logical width
1130         after the chid row is laid out.
1131         * rendering/mathml/RenderMathMLScripts.cpp: Move mirrorIfNeeded to RenderMathMLBlock.
1132         (WebCore::RenderMathMLScripts::mirrorIfNeeded): Deleted.
1133         * rendering/mathml/RenderMathMLScripts.h: Move mirrorIfNeeded to RenderMathMLBlock.
1134         * rendering/mathml/RenderMathMLSquareRoot.cpp: Removed.
1135         * rendering/mathml/RenderMathMLSquareRoot.h: Removed.
1136         * rendering/mathml/MathOperator.cpp:
1137         (WebCore::MathOperator::paint): Apply a mirroring scale transform to radical symbol
1138         in RTL direction.
1139
1140 2016-06-17  Chris Dumez  <cdumez@apple.com>
1141
1142         Drop some unnecessary header includes
1143         https://bugs.webkit.org/show_bug.cgi?id=158864
1144
1145         Reviewed by Alexey Proskuryakov.
1146
1147         Drop some unnecessary header includes to try and reduce build times.
1148
1149         * WebCore.xcodeproj/project.pbxproj:
1150         * accessibility/AccessibilityList.cpp:
1151         * css/CSSComputedStyleDeclaration.cpp:
1152         * css/MediaQueryMatcher.cpp:
1153         * css/StyleMedia.cpp:
1154         * css/TransformFunctions.cpp:
1155         * dom/NodeRenderStyle.h:
1156         * dom/PseudoElement.h:
1157         (isType): Deleted.
1158         * html/HTMLTitleElement.cpp:
1159         * html/shadow/MediaControlElementTypes.h:
1160         * html/shadow/MediaControls.cpp:
1161         * inspector/InspectorDOMAgent.h:
1162         * inspector/InspectorLayerTreeAgent.h:
1163         * inspector/InspectorPageAgent.cpp:
1164         * page/scrolling/AsyncScrollingCoordinator.cpp:
1165         * page/scrolling/ScrollingCoordinator.h:
1166         * rendering/BidiRun.h:
1167         * rendering/BorderEdge.h:
1168         * rendering/RenderElement.h:
1169         * rendering/RenderObject.h:
1170         (WebCore::AnnotatedRegionValue::operator==): Deleted.
1171         (WebCore::AnnotatedRegionValue::operator!=): Deleted.
1172         * rendering/RenderObjectEnums.h: Added.
1173         * rendering/RenderTheme.h:
1174         * rendering/SimpleLineLayoutFlowContents.h:
1175         * rendering/SimpleLineLayoutTextFragmentIterator.h:
1176         * rendering/TextPainter.h:
1177         * rendering/style/RenderStyle.h:
1178         (WebCore::pseudoElementRendererIsNeeded):
1179         * rendering/style/ShapeValue.cpp:
1180         * rendering/style/ShapeValue.h:
1181         * style/ClassChangeInvalidation.cpp:
1182         * style/ClassChangeInvalidation.h:
1183         * style/InlineTextBoxStyle.h:
1184         * style/StyleUpdate.cpp:
1185
1186 2016-06-17  Andreas Kling  <akling@apple.com>
1187
1188         [iOS] Throw away linked code when navigating to a new page.
1189         <https://webkit.org/b/153851>
1190
1191         Reviewed by Antti Koivisto.
1192
1193         When navigating to a new page, tell JSC to throw out any linked code it has lying around.
1194         Linked code is tied to a specific global object, and as we're creating a new one for the
1195         new page, none of it is useful to us here.
1196
1197         In the event that the user navigates back, the cost of relinking some code will be far
1198         lower than the memory cost of keeping all of it around.
1199
1200         This was in-tree before but was rolled out due to regressing JSBench. It was a slowdown
1201         due to the benchmark harness using top-level navigations to drive the tests.
1202         This new version avoids that problem by only throwing out code if we haven't navigated
1203         in the last 2 seconds. This also prevents excessive work in response to redirects.
1204
1205         I've also moved this into MemoryPressureHandler so we don't make a mess in FrameLoader.
1206
1207         * loader/FrameLoader.cpp:
1208         (WebCore::FrameLoader::commitProvisionalLoad):
1209         * platform/MemoryPressureHandler.cpp:
1210         (WebCore::MemoryPressureHandler::jettisonExpensiveObjectsOnTopLevelNavigation):
1211         * platform/MemoryPressureHandler.h:
1212
1213 2016-06-17  Youenn Fablet  <youenn.fablet@crf.canon.fr>
1214
1215         CORS preflight with a non-200 response should be a preflight failure
1216         https://bugs.webkit.org/show_bug.cgi?id=111008
1217
1218         Reviewed by Darin Adler.
1219
1220         Covered by rebased tests.
1221
1222         * Modules/fetch/FetchResponse.h: Making use of ResourceResponse::isSuccessful.
1223         * loader/CrossOriginPreflightChecker.cpp:
1224         (WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Checking that response status is code is
1225         successful. If not, calling preflight failure callback.
1226         (WebCore::CrossOriginPreflightChecker::startPreflight): Putting in manual redirection mode so that redirection
1227         responses are processed as other responses.
1228         * loader/ResourceLoaderOptions.h:
1229         (WebCore::ResourceLoaderOptions::fetchOptions): Adding a non-const getter and fixing const getter to return a
1230         const reference.
1231         (WebCore::ResourceLoaderOptions::setFetchOptions): Passing options by reference.
1232         * platform/network/ResourceResponseBase.cpp:
1233         (WebCore::ResourceResponseBase::isSuccessful): Utility function.
1234         * platform/network/ResourceResponseBase.h:
1235
1236 2016-06-17  Frederic Wang  <fwang@igalia.com>
1237
1238         MathOperator: Add fallback mechanisms for stretching and mirroring radical symbols
1239         https://bugs.webkit.org/show_bug.cgi?id=156836
1240
1241         Reviewed by Sergio Villar Senin.
1242
1243         Some platforms do not have OpenType MATH fonts pre-installed and thus can not draw stretchy
1244         operators using size variants or glyph assembly. This is especially problematic for the
1245         radical symbol which is used to write roots. Currently, we have some fallback code to draw
1246         that symbol using graphical primitives but it is a bit complex and makes the style of radical
1247         inconsistent with the font used. We solve these issues by just scaling the base glyph via a
1248         scale transform. Such scale transform is also used to mirror the radical symbol so that we
1249         have some support for right-to-left roots until we can do glyph-level mirroring
1250         via the OpenType rtlm feature.
1251
1252         Test: mathml/radical-fallback.html
1253
1254         * rendering/mathml/MathOperator.cpp: Add a constant for the code point U+221A of the radical.
1255         (WebCore::MathOperator::reset): In general, we don't need any vertical scaling for radical
1256         symbols so m_radicalVerticalScale is initialized to 1.
1257         (WebCore::MathOperator::calculateStretchyData): If we don't have a font with a MATH table and we
1258         try streching a radical, then we update the vertical metrics to match the target size and
1259         set m_radicalVerticalScale to the value necessary to make the base glyph scaled to that size.
1260         (WebCore::MathOperator::paint): For a radical operator, we may apply a scale transform of
1261         parameters (radicalHorizontalScale, m_radicalVerticalScale) in order to support RTL
1262         mirroring or vertical stretching.
1263         * rendering/mathml/MathOperator.h: We add a m_radicalVerticalScale member to indicate the
1264         scaling to apply to the base radical glyph when the stretchy fallback is necessary.
1265         (WebCore::MathOperator::isStretched): The operator is also considered stretched when the
1266         m_radicalVerticalScale is applied to the base size.
1267         * rendering/mathml/RenderMathMLRadicalOperator.cpp: Remove code specific to the old fallback mechanism.
1268         * rendering/mathml/RenderMathMLRadicalOperator.h: Ditto.
1269
1270 2016-06-16  Commit Queue  <commit-queue@webkit.org>
1271
1272         Unreviewed, rolling out r202147.
1273         https://bugs.webkit.org/show_bug.cgi?id=158867
1274
1275         Broke scrolling tests on iOS Simulator (Requested by ap on
1276         #webkit).
1277
1278         Reverted changeset:
1279
1280         "Focus event dispatched in iframe causes parent document to
1281         scroll incorrectly"
1282         https://bugs.webkit.org/show_bug.cgi?id=158629
1283         http://trac.webkit.org/changeset/202147
1284
1285 2016-06-16  Benjamin Poulain  <bpoulain@apple.com>
1286
1287         :in-range & :out-of-range CSS pseudo-classes shouldn't match disabled or readonly inputs
1288         https://bugs.webkit.org/show_bug.cgi?id=156530
1289
1290         Reviewed by Simon Fraser.
1291
1292         Elements should only match :in-range and :out-of-range
1293         when they are candidate for constraint validation.
1294
1295         Tests: fast/css/pseudo-in-range-on-disabled-input-basics.html
1296                fast/css/pseudo-in-range-on-readonly-input-basics.html
1297                fast/css/pseudo-in-range-out-of-range-on-disabled-input-trivial.html
1298                fast/css/pseudo-out-of-range-on-disabled-input-basics.html
1299                fast/css/pseudo-out-of-range-on-readonly-input-basics.html
1300                fast/selectors/in-range-out-of-range-style-update.html
1301
1302         * html/BaseDateAndTimeInputType.cpp:
1303         (WebCore::BaseDateAndTimeInputType::minOrMaxAttributeChanged):
1304         * html/NumberInputType.cpp:
1305         (WebCore::NumberInputType::minOrMaxAttributeChanged):
1306         I forgot to handle style update in r202143.
1307         This is covered by the new style invalidation test.
1308
1309         * html/BaseDateAndTimeInputType.h:
1310         * html/HTMLInputElement.cpp:
1311         (WebCore::HTMLInputElement::isInRange):
1312         (WebCore::HTMLInputElement::isOutOfRange):
1313
1314 2016-06-16  Frederic Wang  <fwang@igalia.com>
1315
1316         Add separate MathOperator for selection/measuring/drawing of stretchy operators
1317         https://bugs.webkit.org/show_bug.cgi?id=152244
1318
1319         Reviewed by Brent Fulgham.
1320
1321         We complete the class to select, measure and draw stretchy operators that is independent
1322         from RenderMathMLOperator. That way, we will be able use stretchy operator without having
1323         to introduce & manage anonymous RenderMathMLOperator's
1324         (e.g for <mroot>, <msqrt> and <mfenced>).
1325
1326         No new tests, already covered by existing tests.
1327
1328         * rendering/mathml/MathOperator.cpp:
1329         (WebCore::ascentForGlyph): Add this helper function to get glyph ascent.
1330         (WebCore::descentForGlyph): Add this helper function to get glyph descent.
1331         (WebCore::MathOperator::reset): Initialize all the data and calculate ascent/descent of the
1332         base glyph.
1333         (WebCore::MathOperator::setSizeVariant): Set the width/ascent/descent.
1334         (WebCore::MathOperator::setGlyphAssembly): Ditto.
1335         (WebCore::MathOperator::calculateDisplayStyleLargeOperator): Remove the STIX Word hack and
1336         change m_maxPreferredWidth to use the actual width instead.
1337         (WebCore::MathOperator::stretchTo): New functions to execute the actual operator streching.
1338         (WebCore::MathOperator::fillWithVerticalExtensionGlyph): Add a FIXME for bug 155434.
1339         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph): Align all the glyph baselines on
1340         the same axis, given by m_ascent.
1341         Add a FIXME for bug 155434.
1342         (WebCore::MathOperator::paintHorizontalGlyphAssembly): Ditto.
1343         (WebCore::MathOperator::paint): Public function to do the painting.
1344         (WebCore::MathOperator::paintVerticalGlyphAssembly): Deleted.
1345         * rendering/mathml/MathOperator.h: Update declarations and make most of the members private.
1346         (WebCore::MathOperator::ascent): Function to expose m_ascent.
1347         (WebCore::MathOperator::descent): Function to expose m_descent.
1348         * rendering/mathml/RenderMathMLOperator.cpp:
1349         (WebCore::RenderMathMLOperator::stretchTo): Forward the stretching call to MathOperator.
1350         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Unfold advanceForGlyph
1351         since we delete RenderMathMLOperator::advanceForGlyph. Just rely on
1352         MathOperator::maxPreferredWidth to determine the preferred width of stretchy operators.
1353         For horizontal operators, we just use the width of the base glyph.
1354         Finally, we remove the dirty flag on preferred logical width.
1355         (WebCore::RenderMathMLOperator::rebuildTokenContent): Reinit the MathOperator instance.
1356         (WebCore::RenderMathMLOperator::updateFromElement): Force more updates of
1357         RenderMathMLOperator to avoid test breakage.
1358         (WebCore::RenderMathMLOperator::styleDidChange): Call MathOperator::reset to take into
1359         account style change.
1360         (WebCore::RenderMathMLOperator::updateStyle): Remove unused code.
1361         (WebCore::RenderMathMLOperator::firstLineBaseline): Use MathOperator::ascent() function.
1362         (WebCore::RenderMathMLOperator::computeLogicalHeight): Use MathOperator::ascent() and
1363         MathOperator::descent() functions to calculate the height.
1364         (WebCore::RenderMathMLOperator::paint): Only stretched operators are treated specially.
1365         We center horizontal operator and forward the paint() call to MathOperator.
1366         (WebCore::RenderMathMLOperator::trailingSpaceError): The error is now just the difference
1367         between the values returned by MathOperator::maxPreferredWidth() and
1368         MathOperator::width().
1369         (WebCore::boundsForGlyph): Deleted.
1370         (WebCore::heightForGlyph): Deleted.
1371         (WebCore::advanceWidthForGlyph): Deleted.
1372         (WebCore::RenderMathMLOperator::updateStyle): Deleted.
1373
1374 2016-06-16  Jiewen Tan  <jiewen_tan@apple.com>
1375
1376         CSP: Content Security Policy should allow '*' to match the originating page's scheme
1377         https://bugs.webkit.org/show_bug.cgi?id=158811
1378         <rdar://problem/26819568>
1379
1380         Reviewed by Daniel Bates.
1381
1382         Tests: security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star.html
1383                security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star.html
1384                security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star.html
1385                security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html
1386
1387         * page/csp/ContentSecurityPolicySourceList.cpp:
1388         (WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):
1389
1390 2016-06-16  Chris Dumez  <cdumez@apple.com>
1391
1392         Add HTTPHeaderMap::set() overload taking a NSString*
1393         https://bugs.webkit.org/show_bug.cgi?id=158857
1394
1395         Reviewed by Darin Adler.
1396
1397         Add HTTPHeaderMap::set() overloading taking a NSString* in addition to
1398         the one taking a CFStringRef. It is useful for the Cocoa implementation
1399         of ResourceRequest::doUpdateResourceRequest().
1400
1401         * platform/network/HTTPHeaderMap.h:
1402         (WebCore::HTTPHeaderMap::set):
1403
1404 2016-06-16  Joseph Pecoraro  <pecoraro@apple.com>
1405
1406         Web Inspector: console.profile should use the new Sampling Profiler
1407         https://bugs.webkit.org/show_bug.cgi?id=153499
1408         <rdar://problem/24352431>
1409
1410         Reviewed by Timothy Hatcher.
1411
1412         Test: inspector/timeline/setInstruments-programmatic-capture.html
1413
1414         * inspector/InspectorTimelineAgent.cpp:
1415         (WebCore::InspectorTimelineAgent::startFromConsole):
1416         (WebCore::InspectorTimelineAgent::stopFromConsole):
1417         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
1418         (WebCore::InspectorTimelineAgent::startProgrammaticCapture):
1419         (WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
1420         (WebCore::InspectorTimelineAgent::toggleInstruments):
1421         (WebCore::InspectorTimelineAgent::toggleScriptProfilerInstrument):
1422         (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
1423         (WebCore::InspectorTimelineAgent::toggleMemoryInstrument):
1424         (WebCore::InspectorTimelineAgent::toggleTimelineInstrument):
1425         * inspector/InspectorTimelineAgent.h:
1426         Web implementation of console.profile/profileEnd.
1427         Make helpers for startings / stopping instruments.
1428
1429 2016-06-16  John Wilander  <wilander@apple.com>
1430
1431         Restrict security origin inheritance to empty, about:blank, and about:srcdoc URLs
1432         https://bugs.webkit.org/show_bug.cgi?id=158855
1433         <rdar://problem/26142632>
1434
1435         Reviewed by Alex Christensen.
1436
1437         Tests: http/tests/dom/window-open-about-blank-and-access-document.html
1438                http/tests/dom/window-open-about-webkit-org-and-access-document.html
1439
1440         Document.cpp previously checked whether a document should inherit its owner's 
1441         security origin by checking if the URL is either empty or blank. URL.cpp in 
1442         turn only checks if the protocol is "about:" in the isBlankURL() function. 
1443         Thus all about:* URLs inherited security origin. This patch restricts 
1444         security origin inheritance to empty, about:blank, and about:srcdoc URLs.
1445
1446         Quotes and links from the WHATWG spec regarding about:srcdoc:
1447
1448         7.1 Browsing contexts
1449         A browsing context can have a creator browsing context, the browsing context 
1450         that was responsible for its creation. If a browsing context has a parent 
1451         browsing context, then that is its creator browsing context. Otherwise, if the 
1452         browsing context has an opener browsing context, then that is its creator 
1453         browsing context. Otherwise, the browsing context has no creator browsing 
1454         context.
1455         https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc
1456
1457         7.1.1 Nested browsing contexts
1458         Certain elements (for example, iframe elements) can instantiate further 
1459         browsing contexts. These are called nested browsing contexts. If a browsing 
1460         context P has a Document D with an element E that nests another browsing 
1461         context C inside it, then C is said to be nested through D, and E is said to 
1462         be the browsing context container of C. If the browsing context container 
1463         element E is in the Document D, then P is said to be the parent browsing 
1464         context of C and C is said to be a child browsing context of P. Otherwise, 
1465         the nested browsing context C has no parent browsing context.
1466         https://html.spec.whatwg.org/multipage/browsers.html#nested-browsing-context
1467
1468         4.8.5 The iframe element
1469         The iframe element represents a nested browsing context.
1470         ...
1471         If the srcdoc attribute is specified
1472             Navigate the element's child browsing context to a new response whose 
1473             url list consists of about:srcdoc ...
1474         https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-srcdoc
1475
1476         * dom/Document.cpp:
1477         (WebCore::Document::initSecurityContext):
1478             Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
1479         (WebCore::Document::initContentSecurityPolicy):
1480             Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
1481         (WebCore::shouldInheritSecurityOriginFromOwner): Deleted.
1482             Moved to URL::shouldInheritSecurityOriginFromOwner() and restricted the check.
1483         * platform/URL.cpp:
1484         (WebCore::URL::shouldInheritSecurityOriginFromOwner):
1485         * platform/URL.h:
1486             Moved the function from Document and restricted the check to only allow
1487             security origin inheritance for empty, about:blank, and about:srcdoc URLs.
1488
1489 2016-06-16  Simon Fraser  <simon.fraser@apple.com>
1490
1491         [iOS] Focus event dispatched in iframe causes parent document to scroll incorrectly
1492         https://bugs.webkit.org/show_bug.cgi?id=158629
1493         rdar://problem/26521616
1494
1495         Reviewed by Enrica Casucci.
1496
1497         When focussing elements in iframes, the page could scroll to an incorrect location.
1498         This happened because code in Element::focus() tried to disable scrolling on focus,
1499         but did so only for the current frame, so ancestor frames got programmatically scrolled.
1500         On iOS we handle the scrolling in the UI process, so never want the web process to
1501         do programmatic scrolling.
1502
1503         Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
1504         rather than manually prohibiting frame scrolling.
1505
1506         Tests: fast/forms/ios/focus-input-in-iframe.html
1507                fast/forms/ios/programmatic-focus-input-in-iframe.html
1508
1509         * dom/Element.cpp:
1510         (WebCore::Element::focus):
1511         * history/CachedPage.cpp:
1512         (WebCore::CachedPage::restore):
1513
1514 2016-06-16  Zalan Bujtas  <zalan@apple.com>
1515
1516         [New Block-Inside-Inline Model] Do not attempt to re-run margin collapsing on the block sequence.
1517         https://bugs.webkit.org/show_bug.cgi?id=158854
1518
1519         Reviewed by David Hyatt.
1520
1521         Test: fast/block/inside-inlines/crash-on-first-line-change.html
1522
1523         * rendering/RenderBlockLineLayout.cpp:
1524         (WebCore::RenderBlockFlow::marginCollapseLinesFromStart):
1525
1526 2016-06-16  Ting-Wei Lan  <lantw44@gmail.com>
1527
1528         Include cstdlib before using std::atexit
1529         https://bugs.webkit.org/show_bug.cgi?id=158681
1530
1531         Reviewed by Brent Fulgham.
1532
1533         * platform/graphics/PlatformDisplay.cpp:
1534
1535 2016-06-16  Chris Dumez  <cdumez@apple.com>
1536
1537         Use StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCandidate()
1538         https://bugs.webkit.org/show_bug.cgi?id=158853
1539
1540         Reviewed by Brent Fulgham.
1541
1542         Use StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCandidate()
1543         as m_bestFitImageURL data member is an AtomicString. This avoids constructing a String and
1544         then atomizing it.
1545
1546         * html/HTMLImageElement.cpp:
1547         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
1548
1549 2016-06-16  Benjamin Poulain  <bpoulain@apple.com>
1550
1551         :in-range & :out-of-range CSS pseudo-classes shouldn't match inputs without range limitations
1552         https://bugs.webkit.org/show_bug.cgi?id=156558
1553
1554         Reviewed by Simon Fraser.
1555
1556         The pseudo selectors :in-range and :out-of-range should only
1557         apply if:
1558         -minimum/maximum are defined for the input type
1559         -the input value is/is-not suffering from underflow/overflow.
1560
1561         Only certain types have a valid minimum and maximum:
1562         -number
1563         -range
1564         -date
1565         -month
1566         -week
1567         -time
1568         -datetime-local
1569
1570         Of those, only one has a default minimum and maximum: range.
1571         For all the others, the minimum or maximum is only defined
1572         if the min/max attribute is defined and valid.
1573
1574         This patch addresses these constraints for number and range.
1575         The date types range validation is severely broken and is
1576         left untouched. It really needs a clean rewrite.
1577
1578         Tests: fast/css/pseudo-in-range-basics.html
1579                fast/css/pseudo-in-range-out-of-range-trivial.html
1580                fast/css/pseudo-out-of-range-basics.html
1581
1582         * html/DateInputType.cpp:
1583         (WebCore::DateInputType::createStepRange):
1584         * html/DateTimeInputType.cpp:
1585         (WebCore::DateTimeInputType::createStepRange):
1586         * html/DateTimeLocalInputType.cpp:
1587         (WebCore::DateTimeLocalInputType::createStepRange):
1588         * html/InputType.cpp:
1589         (WebCore::InputType::isInRange):
1590         (WebCore::InputType::isOutOfRange):
1591         Notice the isEmpty() shortcut.
1592         A value can only overflow/underflow if it is not empty.
1593
1594         * html/MonthInputType.cpp:
1595         (WebCore::MonthInputType::createStepRange):
1596         * html/NumberInputType.cpp:
1597         (WebCore::NumberInputType::createStepRange):
1598         * html/RangeInputType.cpp:
1599         (WebCore::RangeInputType::createStepRange):
1600         * html/StepRange.cpp:
1601         (WebCore::StepRange::StepRange):
1602         * html/StepRange.h:
1603         (WebCore::StepRange::hasRangeLimitations):
1604         * html/WeekInputType.cpp:
1605         (WebCore::WeekInputType::createStepRange):
1606
1607 2016-06-16  Anders Carlsson  <andersca@apple.com>
1608
1609         Fix macOS Sierra build
1610         https://bugs.webkit.org/show_bug.cgi?id=158849
1611
1612         Reviewed by Tim Horton.
1613
1614         Add WebCore:: qualifiers for IOSurface, to avoid conflicts with the IOSurface Objective-C class.
1615         
1616         Also, add an asLayerContents() getter that will return an id that's suitable for setting 
1617         as the contents of a CALayer.
1618
1619         * platform/graphics/cocoa/IOSurface.h:
1620         * platform/graphics/cocoa/IOSurface.mm:
1621
1622 2016-06-16  Andreas Kling  <akling@apple.com>
1623
1624         REGRESSION(r196217): 3% JSBench regression on iPhone 5.
1625         <https://webkit.org/b/158848>
1626         <rdar://problem/26609622>
1627
1628         Unreviewed rollout.
1629
1630         Don't jettison linked code on every top-level navigation as that was hurting JSBench on iPhone 5.
1631
1632         * loader/FrameLoader.cpp:
1633         (WebCore::FrameLoader::commitProvisionalLoad):
1634
1635 2016-06-16  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1636
1637         WebRTC: Check type of this in RTCPeerConnection JS built-in functions
1638         https://bugs.webkit.org/show_bug.cgi?id=151303
1639
1640         Reviewed by Youenn Fablet.
1641
1642         Check type of 'this' in RTCPeerConnection JS built-in functions.
1643
1644         Test: fast/mediastream/RTCPeerConnection-js-built-ins-check-this.html
1645
1646         * Modules/mediastream/RTCPeerConnection.js:
1647         (createOffer):
1648         (createAnswer):
1649         (setLocalDescription):
1650         (setRemoteDescription):
1651         (addIceCandidate):
1652         (getStats):
1653         Reject if 'this' isn't of type RTCPeerConnection.
1654         * Modules/mediastream/RTCPeerConnectionInternals.js:
1655         (isRTCPeerConnection):
1656         Add helper function to perform type check. Needs further robustifying.
1657
1658 2016-06-16  Myles C. Maxfield  <mmaxfield@apple.com>
1659
1660         Sporadic crash in HashTableAddResult following CSSValuePool::createFontFamilyValue
1661         https://bugs.webkit.org/show_bug.cgi?id=158297
1662
1663         Reviewed by Darin Adler.
1664
1665         In an effort to reduce the flash of unstyled content, we force all elements
1666         to have display: none during an external stylesheet load. We do this by
1667         ignoring the CSS cascade and forcing all elements to have a placeholder style
1668         which hardcodes display: none. (This is necessary to make elements created by
1669         script during the stylesheet load not flash.)
1670
1671         This style is exposed to web content via getComputedStyle(), which means it
1672         needs to maintain the invariant that font-families can never be null strings.
1673         We enforce this by forcing the font-family to be the standard font name.
1674
1675         Test: fast/text/placeholder-renderstyle-null-font.html
1676
1677         * style/StyleTreeResolver.cpp:
1678         (WebCore::Style::ensurePlaceholderStyle):
1679
1680 2016-06-16  Chris Dumez  <cdumez@apple.com>
1681
1682         Avoid some temporary String allocations for common HTTP headers in ResourceResponse::platformLazyInit()
1683         https://bugs.webkit.org/show_bug.cgi?id=158827
1684
1685         Reviewed by Darin Adler.
1686
1687         Add a HTTPHeaderMap::set() overload taking in a CFStringRef. The
1688         implementation has a fast path which gets the internal characters
1689         of the CFStringRef when possible and constructs a StringView for
1690         it in order to call findHTTPHeaderName(). As a result, we avoid
1691         allocating a temporary String when findHTTPHeaderName() succeeds.
1692
1693         This new HTTPHeaderMap::set() overload is called from both the
1694         CF and Cocoa implementations of ResourceResponse::platformLazyInit().
1695
1696         I have confirmed locally on both Mac and iOS that the fast path
1697         is used ~93% of the time. CFStringGetCStringPtr() returns null in
1698         rare cases, causing the regular code path to be used.
1699
1700         * platform/network/HTTPHeaderMap.cpp:
1701         (WebCore::HTTPHeaderMap::set):
1702         * platform/network/HTTPHeaderMap.h:
1703
1704 2016-06-15  Zalan Bujtas  <zalan@apple.com>
1705
1706         Decouple the percent height and positioned descendants maps.
1707         https://bugs.webkit.org/show_bug.cgi?id=158773
1708
1709         Reviewed by David Hyatt and Chris Dumez.
1710
1711         We track renderers with percent height across multiple containers using
1712         HashMap<const RenderBox*, std::unique_ptr<HashSet<const RenderBlock*>>>.
1713         We also use the same data structure to track positioned descendants.
1714         However a positioned renderer can have only one containing block so tracking it
1715         with a 1:many type is defective.
1716         It allows multiple inserts for positioned descendants, which could lead to
1717         inconsistent layout state as the rendering logic expects these type of renderers
1718         with only one containing block.
1719         This patch decouples percent height and positioned tracking by introducing
1720         the PositionedDescendantsMap class. This class is responsible for tracking
1721         the positioned descendants inbetween layouts.
1722
1723         No change in functionality.
1724
1725         Tests: fast/block/positioning/change-containing-block-for-absolute-positioned.html
1726                fast/block/positioning/change-containing-block-for-fixed-positioned.html
1727
1728         * rendering/RenderBlock.cpp:
1729         (WebCore::insertIntoTrackedRendererMaps):
1730         (WebCore::removeFromTrackedRendererMaps):
1731         (WebCore::PositionedDescendantsMap::addDescendant): Add more defensive ASSERT_NOT_REACHED
1732         to the double insert branch when webkit.org/b/158772 gets fixed.
1733         (WebCore::PositionedDescendantsMap::removeDescendant):
1734         (WebCore::PositionedDescendantsMap::removeContainingBlock):
1735         (WebCore::PositionedDescendantsMap::positionedRenderers):
1736         (WebCore::positionedDescendantsMap):
1737         (WebCore::removeBlockFromPercentageDescendantAndContainerMaps):
1738         (WebCore::RenderBlock::~RenderBlock):
1739         (WebCore::RenderBlock::positionedObjects):
1740         (WebCore::RenderBlock::insertPositionedObject):
1741         (WebCore::RenderBlock::removePositionedObject):
1742         (WebCore::RenderBlock::addPercentHeightDescendant):
1743         (WebCore::RenderBlock::removePercentHeightDescendant):
1744         (WebCore::RenderBlock::percentHeightDescendants):
1745         (WebCore::RenderBlock::checkPositionedObjectsNeedLayout):
1746         (WebCore::removeBlockFromDescendantAndContainerMaps): Deleted.
1747         * rendering/RenderBlock.h:
1748
1749 2016-06-15  David Kilzer  <ddkilzer@apple.com>
1750
1751         Move SoftLinking.h to platform/cococa from platform/mac
1752         <https://webkit.org/b/158825>
1753
1754         Reviewed by Andy Estes.
1755
1756         * PlatformMac.cmake: Update for new directory.
1757         * WebCore.xcodeproj/project.pbxproj: Ditto.
1758         * platform/cocoa/SoftLinking.h: Renamed from Source/WebCore/platform/mac/SoftLinking.h.
1759
1760 2016-06-15  Chris Dumez  <cdumez@apple.com>
1761
1762         [Cocoa] Clean up / optimize ResourceResponse::platformLazyInit(InitLevel)
1763         https://bugs.webkit.org/show_bug.cgi?id=158809
1764
1765         Reviewed by Darin Adler.
1766
1767         Clean up / optimize ResourceResponse::platformLazyInit(InitLevel).
1768
1769         * platform/network/HTTPParsers.cpp:
1770         (WebCore::extractReasonPhraseFromHTTPStatusLine):
1771         * platform/network/HTTPParsers.h:
1772         Have extractReasonPhraseFromHTTPStatusLine() return an AtomicString as the
1773         Reason is stored as an AtomicString on ResourceResponse. Have the
1774         implementation use StringView::subString()::toAtomicString().
1775
1776         * platform/network/cocoa/ResourceResponseCocoa.mm:
1777         (WebCore::stripLeadingAndTrailingDoubleQuote):
1778         Move the stripLeadingAndTrailingDoubleQuote logic from platformLazyInit()
1779         to its own function. Have it use StringView::subString()::toAtomicString()
1780         to avoid unnecessarily atomizing the textEncodingName that has surrounding
1781         double-quotes.
1782
1783         (WebCore::initializeHTTPHeaders):
1784         Move HTTP headers initialization to its own function for clarity.
1785
1786         (WebCore::extractHTTPStatusText):
1787         Move HTTP status Text extraction to its own function for clarity.
1788
1789         (WebCore::ResourceResponse::platformLazyInit):
1790         - The function is streamlined a bit because most of the logic was moved
1791           into separate functions.
1792         - Drop unnecessary (initLevel >= CommonFieldsOnly) check in the first
1793           if case and replace with an assertion. This function is always called
1794           with CommonFieldsOnly or above (AllFields).
1795         - Drop unnecessary (m_initLevel < AllFields) check in the second if
1796           case as this is always true. If not, we would have returned early
1797           at the beginning of the function when checking
1798           m_initLevel >= initLevel.
1799         - Use AutodrainedPool instead of NSAutoreleasePool for convenience and have
1800           only 1 pool instead of 2.
1801         - Drop unnecessary copyNSURLResponseStatusLine() function and call directly
1802           CFHTTPMessageCopyResponseStatusLine() since we already have a
1803           CFHTTPMessageRef at the call site.
1804
1805 2016-06-15  Tim Horton  <timothy_horton@apple.com>
1806
1807         <attachment> elements jump around a lot around when subtitle text changes slightly
1808         https://bugs.webkit.org/show_bug.cgi?id=158818
1809         <rdar://problem/24450270>
1810
1811         Reviewed by Simon Fraser.
1812
1813         Test: fast/attachment/attachment-subtitle-resize.html
1814
1815         * rendering/RenderAttachment.cpp:
1816         (WebCore::RenderAttachment::layout):
1817         * rendering/RenderAttachment.h:
1818         * rendering/RenderThemeMac.mm:
1819         (WebCore::AttachmentLayout::AttachmentLayout):
1820         (WebCore::RenderThemeMac::paintAttachment):
1821         In order to avoid changes to the centered subtitle text causing the whole
1822         attachment to bounce around a lot, make it so that attachment width can only
1823         increase, never decrease, and round the subtitle's width up to the nearest
1824         increment of 10px when determining its affect on the whole element's width.
1825         Also, center the attachment in its element, instead of left-aligning it,
1826         so that the extra width we may have is evenly distributed between the two sides.
1827
1828 2016-06-15  Ryan Haddad  <ryanhaddad@apple.com>
1829
1830         Reset bindings test results after r202105
1831
1832         Unreviewed test gardening.
1833
1834         * bindings/scripts/test/JS/JSTestObj.cpp:
1835
1836 2016-06-15  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1837
1838         WebRTC: (Refactor) Align the structure of RTCPeerConnection.idl with the header file
1839         https://bugs.webkit.org/show_bug.cgi?id=158779
1840
1841         Reviewed by Eric Carlson.
1842
1843         Restructure RTCPeerConnection.idl to make it easer to read and extend in the future.
1844
1845         No change in behavior.
1846
1847         * Modules/mediastream/RTCPeerConnection.idl:
1848
1849 2016-06-15  Chris Dumez  <cdumez@apple.com>
1850
1851         Drop some unnecessary header includes
1852         https://bugs.webkit.org/show_bug.cgi?id=158788
1853
1854         Reviewed by Alexey Proskuryakov.
1855
1856         Drop some unnecessary header includes in headers to speed up build time.
1857
1858         * Modules/encryptedmedia/MediaKeySession.cpp:
1859         * Modules/gamepad/GamepadManager.cpp:
1860         * Modules/indexeddb/IDBDatabase.cpp:
1861         * Modules/indexeddb/IDBOpenDBRequest.cpp:
1862         * Modules/indexeddb/IDBRequest.cpp:
1863         * Modules/indexeddb/IDBTransaction.cpp:
1864         * Modules/mediasource/MediaSource.cpp:
1865         * Modules/mediasource/SourceBuffer.cpp:
1866         * Modules/mediasource/SourceBufferList.cpp:
1867         * Modules/mediastream/MediaStream.cpp:
1868         * Modules/mediastream/MediaStreamTrack.cpp:
1869         * Modules/speech/SpeechSynthesis.cpp:
1870         * Modules/webaudio/AudioScheduledSourceNode.cpp:
1871         * Modules/webaudio/ScriptProcessorNode.cpp:
1872         * bindings/scripts/CodeGeneratorJS.pm:
1873         (GenerateImplementation):
1874         * dom/CharacterData.cpp:
1875         * dom/ContainerNode.cpp:
1876         * dom/DOMNamedFlowCollection.cpp:
1877         * dom/DeviceMotionController.cpp:
1878         * dom/DeviceOrientationController.cpp:
1879         * dom/Document.cpp:
1880         * dom/Document.h:
1881         * dom/DocumentEventQueue.cpp:
1882         * dom/DocumentOrderedMap.h:
1883         * dom/Element.cpp:
1884         * dom/Event.cpp:
1885         * dom/EventDispatcher.cpp:
1886         * dom/EventTarget.cpp:
1887         * dom/EventTarget.h:
1888         * dom/KeyboardEvent.cpp:
1889         * dom/MessageEvent.cpp:
1890         * dom/MessagePort.cpp:
1891         * dom/ScriptElement.cpp:
1892         * dom/ScriptExecutionContext.cpp:
1893         * dom/ScriptExecutionContext.h:
1894         * dom/SecurityContext.h:
1895         * dom/SimulatedClick.cpp:
1896         * dom/TextEvent.cpp:
1897         * dom/WebKitNamedFlow.cpp:
1898         * editing/FrameSelection.cpp:
1899         * fileapi/FileReader.cpp:
1900         * html/HTMLLinkElement.cpp:
1901         * html/HTMLPlugInImageElement.cpp:
1902         * html/HTMLStyleElement.cpp:
1903         * html/HTMLSummaryElement.cpp:
1904         * html/HTMLTrackElement.cpp:
1905         * html/HTMLVideoElement.cpp:
1906         * html/InputType.cpp:
1907         * html/MediaController.cpp:
1908         * html/TextFieldInputType.cpp:
1909         * html/canvas/WebGLRenderingContextBase.cpp:
1910         * html/parser/HTMLScriptRunner.cpp:
1911         * html/shadow/MediaControlElementTypes.cpp:
1912         * html/shadow/MediaControls.cpp:
1913         * html/shadow/MediaControlsApple.cpp:
1914         * html/shadow/SliderThumbElement.cpp:
1915         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
1916         * inspector/InspectorIndexedDBAgent.cpp:
1917         * loader/DocumentLoader.cpp:
1918         * loader/ImageLoader.cpp:
1919         * loader/PolicyChecker.cpp:
1920         * mathml/MathMLSelectElement.cpp:
1921         * page/DOMWindow.h:
1922         * page/EventSource.cpp:
1923         * page/FrameView.cpp:
1924         * page/Performance.cpp:
1925         * page/csp/ContentSecurityPolicy.cpp:
1926         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
1927         * platform/network/HTTPHeaderMap.h:
1928         * platform/network/ResourceHandle.cpp:
1929         * rendering/RenderEmbeddedObject.cpp:
1930         * rendering/RenderSnapshottedPlugIn.cpp:
1931         * svg/SVGSVGElement.cpp:
1932         * svg/SVGUseElement.cpp:
1933         * svg/animation/SVGSMILElement.cpp:
1934         * workers/WorkerGlobalScope.h:
1935         * xml/XMLHttpRequest.cpp:
1936         * xml/XMLHttpRequestProgressEventThrottle.cpp:
1937         * xml/XMLHttpRequestUpload.cpp:
1938
1939 2016-06-15  Antti Koivisto  <antti@apple.com>
1940
1941         GoogleMaps transit schedule explorer comes up blank initially
1942         https://bugs.webkit.org/show_bug.cgi?id=158803
1943         rdar://problem/25818080
1944
1945         Reviewed by Andreas Kling.
1946
1947         In case we had something like
1948
1949         .foo bar { ... }
1950
1951         and later a new stylesheet was added dynamically that contained
1952
1953         .foo baz { ... }
1954
1955         we would fail to add the new rules to the descendant invalidation rule sets for ".foo". This could
1956         cause some style invalidations to be missed.
1957
1958         * css/DocumentRuleSets.cpp:
1959         (WebCore::DocumentRuleSets::collectFeatures):
1960
1961         Reset the ancestorClassRules and ancestorAttributeRulesForHTML rule set caches when new style sheets
1962         are added (==collectFeatures is called).
1963
1964 2016-06-15  Javier Fernandez  <jfernandez@igalia.com>
1965
1966         [css-sizing] Item borders are missing with 'min-width:-webkit-fill-available' and zero available width
1967         https://bugs.webkit.org/show_bug.cgi?id=158258
1968
1969         Reviewed by Darin Adler.
1970
1971         The "fill-available" size is defined as the containing block's size less
1972         the box's border and padding size. However, when used for min-width we
1973         should ensure we don't get negative values as result of logical width
1974         computation.
1975
1976         http://www.w3.org/TR/css-sizing-3/#fill-available-sizing
1977
1978         This patch ensure fill-available value computed value will be always
1979         greater than box's boder and padding width.
1980
1981         Test: fast/css-intrinsic-dimensions/fill-available-with-zero-width.html
1982
1983         * rendering/RenderBox.cpp:
1984         (WebCore::RenderBox::computeIntrinsicLogicalWidthUsing):
1985
1986 2016-06-15  Alex Christensen  <achristensen@webkit.org>
1987
1988         Fix 2d canvas transform after r192900
1989         https://bugs.webkit.org/show_bug.cgi?id=158725
1990         rdar://problem/26774230
1991
1992         Reviewed by Dean Jackson.
1993
1994         Test: fast/canvas/canvas-transform-inverse.html
1995
1996         * html/canvas/CanvasRenderingContext2D.cpp:
1997         (WebCore::CanvasRenderingContext2D::transform):
1998         r192900 was intended to have no change in behavior, but I made a typo.
1999         We need to apply the inverse of the original transform to the path to be correct.
2000         This affects transforms applied to the canvas during the creation of a path.
2001
2002 2016-06-15  Eric Carlson  <eric.carlson@apple.com>
2003
2004         [iOS] Make HTMLMediaElement.muted mutable
2005         https://bugs.webkit.org/show_bug.cgi?id=158787
2006         <rdar://problem/24452567>
2007
2008         Reviewed by Dean Jackson.
2009
2010         Tests: media/audio-playback-restriction-removed-muted.html
2011                media/audio-playback-restriction-removed-track-enabled.html
2012
2013         * html/HTMLMediaElement.cpp:
2014         (WebCore::HTMLMediaElement::audioTrackEnabledChanged): Remove most behavior restrictions if
2015           the track state was changed as a result of a user gesture.
2016         (WebCore::HTMLMediaElement::setMuted): Ditto.
2017         (WebCore::HTMLMediaElement::removeBehaviorsRestrictionsAfterFirstUserGesture): Add mask 
2018           parameter so caller can choose which restrictions are removed.
2019         * html/HTMLMediaElement.h:
2020
2021         * html/MediaElementSession.cpp:
2022         (WebCore::restrictionName): Drive-by fix: remove duplicate label.
2023         * html/MediaElementSession.h:
2024
2025         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
2026         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
2027         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer): Set muted on AVPlayer if setMuted
2028           was called before the player was created.
2029         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVolume): Drive-by fix: return early if there
2030           is no AVPlayer, not if we won't have metadata yet.
2031         (WebCore::MediaPlayerPrivateAVFoundationObjC::setMuted): New.
2032
2033 2016-06-15  Romain Bellessort  <romain.bellessort@crf.canon.fr>
2034
2035         Enabling Shadow DOM for all platforms
2036         https://bugs.webkit.org/show_bug.cgi?id=158738
2037
2038         Reviewed by Ryosuke Niwa.
2039
2040         No new tests (no new behavior to be tested).
2041
2042         Removed Shadow DOM from options (enabled by default)
2043         (comprises removal of corresponding preprocessor directives)
2044
2045         * Configurations/FeatureDefines.xcconfig:
2046         * DerivedSources.make:
2047         * bindings/generic/RuntimeEnabledFeatures.h:
2048         * bindings/js/JSDocumentFragmentCustom.cpp:
2049         * bindings/js/JSNodeCustom.cpp:
2050         * css/CSSGrammar.y.in:
2051         * css/CSSParser.cpp:
2052         * css/CSSParserValues.cpp:
2053         * css/CSSParserValues.h:
2054         * css/CSSSelector.cpp:
2055         * css/CSSSelector.h:
2056         * css/ElementRuleCollector.cpp:
2057         * css/ElementRuleCollector.h:
2058         * css/RuleSet.cpp:
2059         * css/RuleSet.h:
2060         * css/SelectorChecker.cpp:
2061         * css/SelectorChecker.h:
2062         * css/SelectorPseudoClassAndCompatibilityElementMap.in:
2063         * css/StyleResolver.cpp:
2064         * cssjit/SelectorCompiler.cpp:
2065         * dom/ComposedTreeAncestorIterator.h:
2066         * dom/ComposedTreeIterator.cpp:
2067         * dom/ComposedTreeIterator.h:
2068         * dom/ContainerNode.cpp:
2069         * dom/Document.cpp:
2070         * dom/Document.h:
2071         * dom/Element.cpp:
2072         * dom/Element.h:
2073         * dom/Element.idl:
2074         * dom/Event.idl:
2075         * dom/EventPath.cpp:
2076         * dom/Node.cpp:
2077         * dom/Node.h:
2078         * dom/NonDocumentTypeChildNode.idl:
2079         * dom/ShadowRoot.cpp:
2080         * dom/ShadowRoot.h:
2081         * dom/ShadowRoot.idl:
2082         * dom/SlotAssignment.cpp:
2083         * dom/SlotAssignment.h:
2084         * html/HTMLSlotElement.cpp:
2085         * html/HTMLSlotElement.h:
2086         * html/HTMLSlotElement.idl:
2087         * html/HTMLTagNames.in:
2088         * page/FocusController.cpp:
2089         * style/StyleSharingResolver.cpp:
2090         * style/StyleTreeResolver.cpp:
2091
2092 2016-06-15  Andreas Kling  <akling@apple.com>
2093
2094         [Cocoa] Add two notify listeners for poking the garbage collector.
2095         <https://webkit.org/b/158783>
2096
2097         Reviewed by Antti Koivisto.
2098
2099         Add two new notify listeners:
2100
2101         - com.apple.WebKit.fullGC
2102
2103             Trigger a full garbage collection in the main WebCore VM immediately.
2104
2105         - com.apple.WebKit.deleteAllCode
2106
2107             Throw away all of JSC's linked and unlinked code, and do a full GC.
2108
2109         These will make it easier to diagnose memory growth issues by having a lever that
2110         eliminates many of the large object graphs without going after behavior-changing things
2111         like the memory cache.
2112
2113         * platform/MemoryPressureHandler.cpp:
2114         (WebCore::MemoryPressureHandler::platformInitialize):
2115         * platform/MemoryPressureHandler.h:
2116         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
2117         (WebCore::MemoryPressureHandler::platformInitialize):
2118
2119 2016-06-15  Antti Koivisto  <antti@apple.com>
2120
2121         Vary:Cookie validation doesn't work in private browsing
2122         https://bugs.webkit.org/show_bug.cgi?id=158616
2123         <rdar://problem/26755067>
2124
2125         Reviewed by Andreas Kling.
2126
2127         There wasn't a way to get cookie based on SessionID from WebCore.
2128
2129         * platform/CookiesStrategy.h:
2130
2131             Add a cookie retrival function that takes SessionID instead of NetworkStorageSession.
2132
2133         * platform/network/CacheValidation.cpp:
2134         (WebCore::headerValueForVary):
2135
2136             Use it.
2137
2138         (WebCore::verifyVaryingRequestHeaders):
2139
2140 2016-06-15  Per Arne Vollan  <pvollan@apple.com>
2141
2142         [Win] The test accessibility/selected-text-range-aria-elements.html is failing.
2143         https://bugs.webkit.org/show_bug.cgi?id=158732
2144
2145         Reviewed by Brent Fulgham.
2146
2147         Implement support for getting selected text range.
2148
2149         * accessibility/win/AccessibilityObjectWrapperWin.cpp:
2150         (WebCore::AccessibilityObjectWrapper::accessibilityAttributeValue):
2151
2152 2016-06-14  Myles C. Maxfield  <mmaxfield@apple.com>
2153
2154         Addressing post-review comments after r201971
2155         https://bugs.webkit.org/show_bug.cgi?id=158450
2156
2157         Unreviewed.
2158
2159         * css/CSSFontFaceSet.cpp:
2160         (WebCore::CSSFontFaceSet::add):
2161         (WebCore::CSSFontFaceSet::remove):
2162
2163 2016-06-14  Myles C. Maxfield  <mmaxfield@apple.com>
2164
2165         Honor bidi unicode codepoints
2166         https://bugs.webkit.org/show_bug.cgi?id=149170
2167         <rdar://problem/26527378>
2168
2169         Reviewed by Simon Fraser.
2170
2171         BidiResolver doesn't have any concept of isolate Unicode code points, so produces
2172         unexpected output when they are present. Fix by considering such code points as
2173         whitespace in the bidi algorithm. This is a stop-gap measure until we can support
2174         the codepoints fully in our Bidi algorithm.
2175
2176         Test: fast/text/isolate-ignore.html
2177
2178         * platform/graphics/Font.cpp:
2179         (WebCore::createAndFillGlyphPage):
2180         * platform/text/BidiResolver.h:
2181         (WebCore::Subclass>::createBidiRunsForLine):
2182
2183 2016-06-14  Antoine Quint  <graouts@apple.com>
2184
2185         [iOS] Play glyph is pixelated when the page zoom is large
2186         https://bugs.webkit.org/show_bug.cgi?id=158770
2187         <rdar://problem/26092124>
2188
2189         Reviewed by Dean Jackson.
2190
2191         Use the same technique that we use to scale the video controls by using a combination
2192         of CSS "zoom" and "transform" properties to have the video play glyph scaled at its
2193         native size regardless of page zoom.
2194
2195         * Modules/mediacontrols/mediaControlsiOS.js:
2196         (ControllerIOS.prototype.set pageScaleFactor):
2197
2198 2016-06-14  Chris Dumez  <cdumez@apple.com>
2199
2200         Regression(r201534): Compile time greatly regressed
2201         https://bugs.webkit.org/show_bug.cgi?id=158765
2202         <rdar://problem/26587342>
2203
2204         Reviewed by Darin Adler.
2205
2206         Compile time greatly regressed by r201534 due to Document.h now including
2207         TextAutoSizing.h. Move the TextAutoSizingTraits back to Document.h to
2208         restore pre-r201534 behavior.
2209
2210         * WebCore.xcodeproj/project.pbxproj:
2211         * dom/Document.cpp:
2212         (WebCore::TextAutoSizingTraits::constructDeletedValue):
2213         (WebCore::TextAutoSizingTraits::isDeletedValue):
2214         * dom/Document.h:
2215         * rendering/TextAutoSizing.h:
2216         (WebCore::TextAutoSizingTraits::constructDeletedValue): Deleted.
2217         (WebCore::TextAutoSizingTraits::isDeletedValue): Deleted.
2218
2219 2016-06-14  Antoine Quint  <graouts@apple.com>
2220
2221         Inline media controls cut off PiP and fullscreen buttons on cnn.com
2222         https://bugs.webkit.org/show_bug.cgi?id=158766
2223         <rdar://problem/24175161>
2224
2225         Reviewed by Dean Jackson.
2226
2227         The display of the picture-in-picture and fullscreen buttons are dependent on the availability
2228         of video tracks through a call to hasVideo(). We need to ensure that the display properties of
2229         both those buttons are updated when the number of video tracks has changed since the controls
2230         may be populated prior to the availability of video tracks.
2231
2232         * Modules/mediacontrols/mediaControlsApple.js:
2233         (Controller.prototype.updateHasVideo):
2234
2235 2016-06-14  Joseph Pecoraro  <pecoraro@apple.com>
2236
2237         Web Inspector: Rename Timeline.setAutoCaptureInstruments to Timeline.setInstruments
2238         https://bugs.webkit.org/show_bug.cgi?id=158762
2239
2240         Reviewed by Timothy Hatcher.
2241
2242         Test: inspector/timeline/setInstruments-errors.html
2243
2244         * inspector/InspectorTimelineAgent.cpp:
2245         (WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
2246         (WebCore::InspectorTimelineAgent::setInstruments):
2247         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
2248         (WebCore::InspectorTimelineAgent::setAutoCaptureInstruments): Deleted.
2249         * inspector/InspectorTimelineAgent.h:
2250
2251 2016-06-14  Dean Jackson  <dino@apple.com>
2252
2253         decompose4 return value is unchecked, leading to potentially uninitialized data.
2254         https://bugs.webkit.org/show_bug.cgi?id=158761
2255         <rdar://problem/17526268>
2256
2257         Reviewed by Simon Fraser.
2258
2259         WebCore::decompose4 could return early without initializing data.
2260         I now initialize it, but I also started checking the return
2261         value at all the call sites to make sure everything is sensible.
2262
2263         Test: transforms/undecomposable.html
2264
2265         * platform/graphics/transforms/PerspectiveTransformOperation.cpp:
2266         (WebCore::PerspectiveTransformOperation::blend):
2267         * platform/graphics/transforms/RotateTransformOperation.cpp:
2268         (WebCore::RotateTransformOperation::blend):
2269         * platform/graphics/transforms/TransformationMatrix.cpp:
2270         (WebCore::decompose4):
2271         (WebCore::TransformationMatrix::blend4):
2272         * platform/graphics/transforms/TransformationMatrix.h:
2273
2274 2016-06-14  Benjamin Poulain  <bpoulain@apple.com>
2275
2276         Add the unprefixed version of the pseudo element ::placeholder
2277         https://bugs.webkit.org/show_bug.cgi?id=158653
2278
2279         Reviewed by Dean Jackson.
2280
2281         Test: fast/forms/placeholder-pseudo-element-with-webkit-prefix.html
2282
2283         The pseudo element ::-webkit-input-placeholder is stupidly popular
2284         which forces other engines to support this exact name.
2285
2286         The pseudo-element spec provides a new standard name we can adopt
2287         to drop the prefix: https://drafts.csswg.org/css-pseudo-4/#placeholder-pseudo
2288
2289         This patch does just that, make ::placeholder the standard name to select
2290         the placeholder element in the shadow dom of input elements.
2291
2292         Unlike pseudo classes, we did not have any support for prefixes and aliasing.
2293         I want to keep the absurdly efficient matching we currently use for styling
2294         because style updates are more common than stylesheet updates.
2295         With that constraint in mind, the value of CSSSelector has to be the unprefixed
2296         version for both forms of input.
2297
2298         This leaves us with the problem of displaying the CSSSelector for CSSOM.
2299         To differentiate the legacy form from the standard form, I added
2300         a new type of PseudoElement: PseudoElementWebKitCustomLegacyPrefixed.
2301         When parsing, PseudoElementWebKitCustomLegacyPrefixed let us replace
2302         the original value "-webkit-input-placeholder" by the standard value.
2303         When creating the selectorText for CSSOM, PseudoElementWebKitCustomLegacyPrefixed
2304         let us replace the standard for by the legacy form.
2305
2306         * css/CSSParserValues.cpp:
2307         (WebCore::CSSParserSelector::parsePseudoElementSelector):
2308         * css/CSSSelector.cpp:
2309         (WebCore::CSSSelector::pseudoId):
2310         (WebCore::CSSSelector::selectorText):
2311         * css/CSSSelector.h:
2312         (WebCore::CSSSelector::isCustomPseudoElement):
2313         (WebCore::CSSSelector::isWebKitCustomPseudoElement):
2314         * css/SelectorChecker.cpp:
2315         (WebCore::SelectorChecker::matchRecursively):
2316         * css/SelectorPseudoElementTypeMap.in:
2317         * css/html.css:
2318         (::placeholder):
2319         (input::placeholder, isindex::placeholder):
2320         (textarea::placeholder):
2321         (::-webkit-input-placeholder): Deleted.
2322         (input::-webkit-input-placeholder, isindex::-webkit-input-placeholder): Deleted.
2323         (textarea::-webkit-input-placeholder): Deleted.
2324         * features.json:
2325         * html/shadow/TextControlInnerElements.cpp:
2326         (WebCore::TextControlPlaceholderElement::TextControlPlaceholderElement):
2327
2328 2016-06-14  Doug Russell  <d_russell@apple.com>
2329
2330         AX: Form label text should be exposed as static text if it contains only static text
2331         https://bugs.webkit.org/show_bug.cgi?id=158634
2332
2333         Reviewed by Chris Fleizach.
2334
2335         Use AccessibilityLabel to represent HTMLLabelElement to assistive technology.
2336         AccessibilityLabel::containsOnlyStaticText() searches label subtree to evaluate 
2337         if all children are static text.
2338         AccessibilityLabel::stringValue() consults containsOnlyStaticText() and returns
2339         textUnderElement() if true.
2340         WebAccessibilityObjectWrapperMac consults containsOnlyStaticText() and substitutes
2341         StaticTextRole for LabelRole if true.
2342         Cache containsOnlyStaticText() in the common case when updating children.
2343
2344         Tests: accessibility/mac/label-element-all-text-string-value.html
2345                accessibility/mac/label-element-with-link-string-value.html
2346
2347         * CMakeLists.txt:
2348         * WebCore.xcodeproj/project.pbxproj:
2349         * accessibility/AXObjectCache.cpp:
2350         (WebCore::createFromRenderer):
2351         * accessibility/AccessibilityAllInOne.cpp:
2352         * accessibility/AccessibilityLabel.cpp: Added.
2353         (WebCore::AccessibilityLabel::AccessibilityLabel):
2354         (WebCore::AccessibilityLabel::~AccessibilityLabel):
2355         (WebCore::AccessibilityLabel::create):
2356         (WebCore::AccessibilityLabel::computeAccessibilityIsIgnored):
2357         (WebCore::AccessibilityLabel::stringValue):
2358         (WebCore::childrenContainOnlyStaticText):
2359         (WebCore::AccessibilityLabel::containsOnlyStaticText):
2360         (WebCore::AccessibilityLabel::updateChildrenIfNecessary):
2361         (WebCore::AccessibilityLabel::clearChildren):
2362         (WebCore::AccessibilityLabel::insertChild):
2363         * accessibility/AccessibilityLabel.h: Added.
2364         * accessibility/AccessibilityObject.h:
2365         (WebCore::AccessibilityObject::isLabel):
2366         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
2367         (-[WebAccessibilityObjectWrapper role]):
2368
2369 2016-06-14  Commit Queue  <commit-queue@webkit.org>
2370
2371         Unreviewed, rolling out r202057.
2372         https://bugs.webkit.org/show_bug.cgi?id=158749
2373
2374         This change broke the Windows build. (Requested by ryanhaddad
2375         on #webkit).
2376
2377         Reverted changeset:
2378
2379         "Honor bidi unicode codepoints"
2380         https://bugs.webkit.org/show_bug.cgi?id=149170
2381         http://trac.webkit.org/changeset/202057
2382
2383 2016-06-14  Myles C. Maxfield  <mmaxfield@apple.com>
2384
2385         Honor bidi unicode codepoints
2386         https://bugs.webkit.org/show_bug.cgi?id=149170
2387         <rdar://problem/26527378>
2388
2389         Reviewed by Simon Fraser.
2390
2391         BidiResolver doesn't have any concept of isolate Unicode code points, so produces
2392         unexpected output when they are present. Fix by considering such code points as
2393         whitespace in the bidi algorithm. This is a stop-gap measure until we can support
2394         the codepoints fully in our Bidi algorithm.
2395
2396         Test: fast/text/isolate-ignore.html
2397
2398         * platform/graphics/Font.cpp:
2399         (WebCore::createAndFillGlyphPage):
2400         * platform/text/BidiResolver.h:
2401         (WebCore::Subclass>::createBidiRunsForLine):
2402
2403 2016-06-14  Commit Queue  <commit-queue@webkit.org>
2404
2405         Unreviewed, rolling out r200455.
2406         https://bugs.webkit.org/show_bug.cgi?id=158740
2407
2408         hangs twitter/facebook (Requested by mcatanzaro on #webkit).
2409
2410         Reverted changeset:
2411
2412         "[GStreamer] Adaptive streaming issues"
2413         https://bugs.webkit.org/show_bug.cgi?id=144040
2414         http://trac.webkit.org/changeset/200455
2415
2416 2016-06-14  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2417
2418         WebRTC: RTCPeerConnection::addTrack() should throw InvalidAccessError instead of InvalidModificationError.
2419         https://bugs.webkit.org/show_bug.cgi?id=158735
2420
2421         Reviewed by Eric Carlson.
2422
2423         Throw InvalidAccessError instead of InvalidModificationError when track already exists in connection's
2424         set of senders as per specification (https://w3c.github.io/webrtc-pc/#dom-rtcpeerconnection-addtrack).
2425
2426         Updated existing test results: fast/mediastream/RTCPeerConnection-add-removeTrack-expected.txt
2427
2428         * Modules/mediastream/RTCPeerConnection.cpp:
2429         (WebCore::RTCPeerConnection::addTrack):
2430
2431 2016-06-14  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2432
2433         WebRTC: Imlement MediaEndpointPeerConnection::addIceCandidate()
2434         https://bugs.webkit.org/show_bug.cgi?id=158690
2435
2436         Reviewed by Eric Carlson.
2437
2438         Implement MediaEndpointPeerConnection::addIceCandidate() that is the MediaEndpoint
2439         implementation of RTCPeerConnection.addIceCandidate() [1].
2440
2441         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#dom-peerconnection-addicecandidate
2442
2443         Test: fast/mediastream/RTCPeerConnection-addIceCandidate.html
2444
2445         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
2446         (WebCore::MediaEndpointPeerConnection::addIceCandidate):
2447         (WebCore::MediaEndpointPeerConnection::addIceCandidateTask):
2448         Implemented.
2449         * Modules/mediastream/MediaEndpointPeerConnection.h:
2450         * platform/mediastream/MediaEndpoint.h:
2451         Use mid instead of mdescIndex to identify the target media description in the backend.
2452         * platform/mock/MockMediaEndpoint.cpp:
2453         Update mock method signature accordingly.
2454         (WebCore::MockMediaEndpoint::addRemoteCandidate):
2455         * platform/mock/MockMediaEndpoint.h:
2456
2457 2016-06-14  Zalan Bujtas  <zalan@apple.com>
2458
2459         Make RenderBlock::insertInto/RemoveFromTrackedRendererMaps functions static.
2460         https://bugs.webkit.org/show_bug.cgi?id=158722
2461
2462         Reviewed by Simon Fraser.
2463
2464         These functions manipulate static tracker hashmaps. They don't need to be on RenderBlock.
2465         This is also in preparation for decoupling positioned descendant tracking from descendent percentage height handling.
2466         (gPositionedDescendantsMap and gPercentHeightDescendantsMap) 
2467
2468         No change in functionality.
2469
2470         * rendering/RenderBlock.cpp:
2471         (WebCore::insertIntoTrackedRendererMaps):
2472         (WebCore::removeFromTrackedRendererMaps):
2473         (WebCore::removeBlockFromDescendantAndContainerMaps):
2474         (WebCore::RenderBlock::insertPositionedObject):
2475         (WebCore::RenderBlock::addPercentHeightDescendant):
2476         (WebCore::RenderBlock::insertIntoTrackedRendererMaps): Deleted.
2477         (WebCore::RenderBlock::removeFromTrackedRendererMaps): Deleted.
2478         * rendering/RenderBlock.h:
2479
2480 2016-06-14  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2481
2482         WebRTC: Add media setup test where media is set up in one direction at a time
2483         https://bugs.webkit.org/show_bug.cgi?id=158691
2484
2485         Reviewed by Eric Carlson.
2486
2487         Add test for setting up media in one direction at a time. This requires a change in sdp.js
2488         to allow an SDP that doesn't contain a stream id or track id (representing
2489         a track being sent). In this test, the first answer doesn't contain any sending media.
2490
2491         Test: fast/mediastream/RTCPeerConnection-media-setup-two-dialogs.html
2492
2493         * Modules/mediastream/sdp.js:
2494
2495 2016-06-14  Chris Dumez  <cdumez@apple.com>
2496
2497         [Cocoa] Avoid extra copy of headers dictionary in ResourceResponse::platformLazyInit()
2498         https://bugs.webkit.org/show_bug.cgi?id=158717
2499
2500         Reviewed by Alex Christensen.
2501
2502         Avoid extra copy of headers dictionary in ResourceResponse::platformLazyInit() by
2503         calling CFHTTPMessageCopyAllHeaderFields() instead of [NSURLResponse allHeaderFields].
2504
2505         CFHTTPMessageCopyAllHeaderFields() creates only 1 copy while
2506         [NSURLResponse allHeaderFields] creates 2 (see <rdar://problem/26778863>).
2507
2508         * platform/network/cocoa/ResourceResponseCocoa.mm:
2509         (WebCore::addToHTTPHeaderMap):
2510         (WebCore::ResourceResponse::platformLazyInit):
2511
2512 2016-06-14  David Kilzer  <ddkilzer@apple.com>
2513
2514         REGRESSION (r151608): Leak of QTMovieLayer or AVPlayerLayer in -[WebVideoFullscreenController setVideoElement:]
2515         <https://webkit.org/b/158729>
2516
2517         Reviewed by Eric Carlson.
2518
2519         * platform/mac/WebVideoFullscreenController.mm:
2520         (-[WebVideoFullscreenController setVideoElement:]): Use
2521         RetainPtr<> to prevent leaks.
2522         * platform/mac/WebVideoFullscreenHUDWindowController.mm:
2523         Drive-by fix to remove unused <wtf/RetainPtr.h> import.
2524
2525 2016-06-14  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2526
2527         The vector of mediastreams should be passed via a reference to RTCPeerConnection::addTrack()
2528         https://bugs.webkit.org/show_bug.cgi?id=158701
2529
2530         Pass vector of mediastreams by reference.
2531
2532         Reviewed by Youenn Fablet.
2533
2534         * Modules/mediastream/RTCPeerConnection.cpp:
2535         (WebCore::RTCPeerConnection::addTrack):
2536         * Modules/mediastream/RTCPeerConnection.h:
2537
2538 2016-06-14  Ryosuke Niwa  <rniwa@webkit.org>
2539
2540         Crash inside firstPositionInNode in checkLoadCompleteForThisFrame
2541         https://bugs.webkit.org/show_bug.cgi?id=158724
2542
2543         Reviewed by Alex Christensen.
2544
2545         Added null checks for document and document element since they could be nullptr here.
2546
2547         * loader/FrameLoader.cpp:
2548         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
2549
2550 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2551
2552         Remove hasStaticPropertyTable (part 3: JSLocation::putDelegate)
2553         https://bugs.webkit.org/show_bug.cgi?id=158431
2554
2555         Unreviewed build fix.
2556
2557         * bindings/js/JSLocationCustom.cpp:
2558         (WebCore::JSLocation::putDelegate):
2559
2560 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2561
2562         Remove hasStaticPropertyTable (part 4: JSHTMLDocument & JSStorage)
2563         https://bugs.webkit.org/show_bug.cgi?id=158431
2564
2565         Reviewed by Chris Dumez.
2566
2567         All uses of hasStaticPropertyTable flag generated by bindings are wrong.
2568
2569         JSHTMLDocument & JSStorage contain a number of static_asserts claiming that
2570         various methods do not support static properties. These asserts were likely
2571         correct at the time they were added, as JSObject::getOwnPropertySlot and
2572         JSObject::deleteProperty did not support getting / deleting static value.
2573         This is no longer the case, and these asserts are now incorrect.
2574
2575         * bindings/js/JSHTMLDocumentCustom.cpp:
2576         (WebCore::JSHTMLDocument::getOwnPropertySlot):
2577         * bindings/js/JSStorageCustom.cpp:
2578         (WebCore::JSStorage::deleteProperty):
2579         (WebCore::JSStorage::deletePropertyByIndex):
2580         (WebCore::JSStorage::putDelegate):
2581             - remove incorrect static_asserts.
2582
2583 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2584
2585         Remove hasStaticPropertyTable (part 3: JSLocation::putDelegate)
2586         https://bugs.webkit.org/show_bug.cgi?id=158431
2587
2588         Reviewed by Geoff Garen.
2589
2590         All uses of hasStaticPropertyTable flag generated by bindings are wrong.
2591
2592         JSLocation::putDelegate checks the static property table redundantly.
2593
2594         In the case of same origin access, if the property is not in the static
2595         table the method will call JSObject::put and return true (indicating the
2596         delegate handled the put). If the property is in the static table, the
2597         method will return false (indicating the the delegate did not handle the
2598         access) - in which case the calling function will call JSObject::put.
2599         Checking for the property in the static table is redundant - same origin
2600         access does not require any special handling, and should just always
2601         return false & let the caller handle the put.
2602
2603         In the case of cross origin access, if the property is not in the static
2604         table we return true (indicating the access was handled, and silently
2605         blocking it). If it is a static property, we check the name, and if the
2606         name is not 'href' we also return true, silently blocking. In the case
2607         that the name is 'href' we'll return false, indicating to the caller
2608         that the access was not handled by the delegate, resulting in it taking
2609         place. The additional check of the static table is redundant, since we
2610         only have special behaviour in the case of 'href'. (Moreover it is
2611         unnecesszarily fragile, since if we made a change such that 'href' was no
2612         longer implemented as a static property with would fail.)
2613
2614         - for same origin, always return false.
2615         - for cross origin, return false for 'href', otherwise return true.
2616
2617         * bindings/js/JSLocationCustom.cpp:
2618         (WebCore::JSLocation::putDelegate):
2619             - restructure & remove static table check.
2620
2621 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2622
2623         Remove hasStaticPropertyTable (part 2: JSPluginElement)
2624         https://bugs.webkit.org/show_bug.cgi?id=158431
2625
2626         Reviewed by Chris Dumez.
2627
2628         All uses of hasStaticPropertyTable flag generated by bindings are wrong.
2629
2630         The check in pluginElementCustomGetOwnPropertySlot was somewhat dubious in the
2631         first place (for types with static properties it would give precedence to both
2632         static and also property storage properties; for types without static properties
2633         it would check neither - an odd asymetry in the case of values in the storage
2634         array, and was depending on an implementation detail that could change).
2635
2636         This is all now redundant anyway. None of these types have static properties.
2637         All properties are now corretcly on the prototype (which is handled appropriately
2638         below). This is just dead code.
2639
2640         * bindings/js/JSPluginElementFunctions.h:
2641         (WebCore::pluginElementCustomGetOwnPropertySlot):
2642             - remove dead code.
2643
2644 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2645
2646         Remove hasStaticPropertyTable (part 1: DOM bindings)
2647         https://bugs.webkit.org/show_bug.cgi?id=158431
2648
2649         Reviewed by Chris Dumez.
2650
2651         All uses of hasStaticPropertyTable flag generated by bindings are wrong.
2652
2653         * bindings/js/JSDOMBinding.h:
2654         (WebCore::getStaticValueSlotEntryWithoutCaching): Deleted.
2655         (WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMObject>): Deleted.
2656             - this method is not used anywhere.
2657
2658 2016-06-13  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2659
2660         WebRTC: Imlement MediaEndpointPeerConnection::replaceTrack()
2661         https://bugs.webkit.org/show_bug.cgi?id=158688
2662
2663         Reviewed by Eric Carlson.
2664
2665         Implement MediaEndpointPeerConnection::replaceTrack() that is the MediaEndpoint implementation
2666         of RTCRtpSender.replaceTrack() [1].
2667
2668         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#dom-rtcrtpsender-replacetrack
2669
2670         Updated fast/mediastream/RTCRtpSender-replaceTrack.html
2671
2672         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
2673         (WebCore::MediaEndpointPeerConnection::replaceTrack):
2674         (WebCore::MediaEndpointPeerConnection::replaceTrackTask):
2675         Implemented.
2676         * Modules/mediastream/MediaEndpointPeerConnection.h:
2677         * Modules/mediastream/PeerConnectionBackend.h:
2678         * Modules/mediastream/RTCPeerConnection.cpp:
2679         (WebCore::RTCPeerConnection::replaceTrack):
2680         * Modules/mediastream/RTCPeerConnection.h:
2681         Move the MediaStreamTrack instance of sending a reference to it. This change is the main
2682         reason many files are touched by this change.
2683         * Modules/mediastream/RTCRtpSender.h:
2684         * Modules/mediastream/RTCRtpSender.idl:
2685         * platform/mediastream/MediaEndpoint.h:
2686         Use mid instead of mdescIndex to identify the media description in the backend.
2687         * platform/mock/MockMediaEndpoint.cpp:
2688         (WebCore::MockMediaEndpoint::replaceSendSource):
2689         * platform/mock/MockMediaEndpoint.h:
2690
2691 2016-06-13  Joseph Pecoraro  <pecoraro@apple.com>
2692
2693         window.onerror should pass the ErrorEvent's 'error' property as the 5th argument to the event handler
2694         https://bugs.webkit.org/show_bug.cgi?id=55092
2695         <rdar://problem/25731279>
2696
2697         Reviewed by Dean Jackson.
2698
2699         This includes the actual Error in window.error / ErrorEvent:
2700         https://html.spec.whatwg.org/multipage/webappapis.html#the-errorevent-interface
2701
2702         This is useful for scripts to be able to get an error stack
2703         from uncaught exceptions, by checking the error itself.
2704
2705         Tests: fast/events/window-onerror17.html
2706                http/tests/security/cross-origin-script-error-event-redirected.html
2707                http/tests/security/cross-origin-script-error-event.html
2708                http/tests/security/script-crossorigin-error-event-information.html
2709                http/tests/security/script-no-crossorigin-error-event-should-be-sanitized.html
2710                userscripts/window-onerror-for-isolated-world-3.html
2711
2712         * CMakeLists.txt:
2713         * WebCore.xcodeproj/project.pbxproj:
2714         * bindings/js/JSBindingsAllInOne.cpp:
2715         Add new custom error event file.
2716
2717         * bindings/js/JSDOMBinding.cpp:
2718         (WebCore::reportException):
2719         Include the JSC::Exception when reporting exceptions, so the error value is available.
2720         
2721         * bindings/js/JSErrorEventCustom.cpp:
2722         (WebCore::JSErrorEvent::error):
2723         Sanitized access to the ErrorEvent's error property to prevent leaking objects
2724         across isolated world boundaries. This is like CustomEvent's data property.
2725
2726         * bindings/js/JSErrorHandler.cpp:
2727         (WebCore::JSErrorHandler::handleEvent):
2728         * bindings/js/JSErrorHandler.h:
2729         Include the error object as the 4th argument to the window.onerror event handler.
2730
2731         * dom/ScriptExecutionContext.cpp:
2732         (WebCore::ScriptExecutionContext::sanitizeScriptError):
2733         (WebCore::ScriptExecutionContext::reportException):
2734         (WebCore::ScriptExecutionContext::dispatchErrorEvent):
2735         * dom/ScriptExecutionContext.h:
2736         Include the error object in the ErrorEvent constructed when dispatching error events.
2737
2738         * dom/ErrorEvent.cpp:
2739         (WebCore::ErrorEvent::ErrorEvent):
2740         (WebCore::ErrorEvent::sanitizedErrorValue):
2741         (WebCore::ErrorEvent::trySerializeError):
2742         * dom/ErrorEvent.h:
2743         * dom/ErrorEvent.idl:
2744         Include an any "error" property on the ErrorEvent, and allow it in initialization.
2745
2746         * bindings/js/WorkerScriptController.cpp:
2747         (WebCore::WorkerScriptController::evaluate):
2748         * workers/WorkerMessagingProxy.cpp:
2749         (WebCore::WorkerMessagingProxy::postExceptionToWorkerObject):
2750         Within the Worker world, the error is included in the event.
2751         When re-dispatching the error on the world object in the world that spawned the
2752         Worker the event does not include an error object. This matches other browsers
2753         right now, but could be improved to have the same cross world serialization
2754         as isolated worlds have with the error data.
2755
2756         * dom/CustomEvent.h:
2757         Remove unimplemented stale method.
2758
2759 2016-06-13  Dean Jackson  <dino@apple.com>
2760
2761         SVG elements don't blend correctly into HTML
2762         https://bugs.webkit.org/show_bug.cgi?id=158718
2763         <rdar://problem/26782004>
2764
2765         Reviewed by Antoine Quint.
2766
2767         We were not creating any transparency layers for the root SVG nodes.
2768         This is ok if the SVG is the root document, because it is the backdrop.
2769         However, if it is inline SVG, it needs to apply the operation in
2770         order to composite into the document.
2771
2772         Test: svg/css/mix-blend-mode-with-inline-svg.html
2773
2774         * rendering/RenderLayer.cpp:
2775         (WebCore::RenderLayer::beginTransparencyLayers):
2776
2777 2016-06-13  Brady Eidson  <beidson@apple.com>
2778
2779         storage/indexeddb/modern/leaks-1.html leaks the database connection handle.
2780         https://bugs.webkit.org/show_bug.cgi?id=158643
2781
2782         Reviewed by Alex Christensen.
2783
2784         Tested by changes to existing test.
2785
2786         * Modules/indexeddb/IDBDatabase.cpp:
2787         (WebCore::IDBDatabase::hasPendingActivity):
2788         
2789         * dom/EventTarget.h:
2790         (WebCore::EventTarget::eventTargetData):
2791         (WebCore::EventTarget::hasEventListeners):
2792
2793
2794 2016-06-13  Enrica Casucci  <enrica@apple.com>
2795
2796         REGRESSION(r201956): Failure to initialize new internal settings produced random test failures in release.
2797         https://bugs.webkit.org/show_bug.cgi?id=158713
2798         rdar://26769957
2799
2800         Reviewed by Simon Fraser.
2801
2802         Failed to initialize the new member variable in both Settings and InternalSettings classes.
2803
2804         * page/Settings.cpp:
2805         (WebCore::Settings::Settings):
2806         * testing/InternalSettings.cpp:
2807         (WebCore::InternalSettings::Backup::Backup):
2808
2809 2016-06-13  Chris Dumez  <cdumez@apple.com>
2810
2811         Drop HipChat hack introduced in r197548
2812         https://bugs.webkit.org/show_bug.cgi?id=158711
2813
2814         Reviewed by Geoffrey Garen.
2815
2816         Drop HipChat hack introduced in r197548. This hack is no longer needed
2817         as the bug was fixed in HipChat since then:
2818         https://support.atlassian.com/servicedesk/customer/portal/32/HCP-7532
2819
2820         I have confirmed locally that the latest version (4.0.12.665) is able
2821         to connect without the hack.
2822
2823         * bindings/js/JSLocationCustom.cpp:
2824         (WebCore::JSLocation::putDelegate): Deleted.
2825         * platform/RuntimeApplicationChecks.h:
2826         * platform/RuntimeApplicationChecks.mm:
2827         (WebCore::MacApplication::isHipChat): Deleted.
2828
2829 2016-06-13  Chris Fleizach  <cfleizach@apple.com>
2830
2831         AX: CrashTracer: com.apple.WebKit.WebContent at WebCore::AccessibilityRenderObject::remoteSVGRootElement const + 227
2832         https://bugs.webkit.org/show_bug.cgi?id=158685
2833
2834         Reviewed by David Kilzer.
2835
2836         Crash reports show a null access at a line that tries to dereference a pointer. 
2837         I still don't have a way to layout test this, as it seems tied to tear down of the main document.
2838
2839         * accessibility/AccessibilityRenderObject.cpp:
2840         (WebCore::AccessibilityRenderObject::remoteSVGRootElement):
2841
2842 2016-06-13  Jeremy Jones  <jeremyj@apple.com>
2843
2844         Use two video layer solution only on mac.
2845         https://bugs.webkit.org/show_bug.cgi?id=158705
2846         rdar://problem/26776360
2847
2848         Reviewed by Jer Noble.
2849
2850         Two video layer solution is only useful on the mac to prevent flicker, so don't do it elsewhere.
2851
2852         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
2853         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):
2854
2855 2016-06-13  Jeremy Jones  <jeremyj@apple.com>
2856
2857         Decrease PiP flicker by not removing window prematurely.
2858         https://bugs.webkit.org/show_bug.cgi?id=158436
2859         <rdar://problem/19052639>
2860
2861         Reviewed by Darin Adler.
2862
2863         UIWindow shouldn't be removed until cleanupFullscreen, so the video layer has a chance
2864         to be reparented in the DOM first.
2865
2866         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
2867         (WebVideoFullscreenInterfaceAVKit::didStopPictureInPicture):
2868
2869 2016-06-13  Alex Christensen  <achristensen@webkit.org>
2870
2871         Add WebSocketProvider stub
2872         https://bugs.webkit.org/show_bug.cgi?id=158702
2873
2874         Reviewed by Brady Eidson.
2875
2876         No new tests.  No change in behavior.
2877
2878         * WebCore.xcodeproj/project.pbxproj:
2879         * dom/DocumentMarkerController.cpp:
2880         * dom/ScriptedAnimationController.cpp:
2881         * html/HTMLMediaElement.cpp:
2882         * html/MediaDocument.cpp:
2883         * html/shadow/MediaControlElements.cpp:
2884         * html/shadow/MediaControls.cpp:
2885         * html/shadow/MediaControls.h:
2886         * html/shadow/MediaControlsApple.cpp:
2887         * inspector/InspectorInstrumentation.cpp:
2888         * inspector/InspectorInstrumentation.h:
2889         * inspector/InspectorOverlay.cpp:
2890         (WebCore::InspectorOverlay::overlayPage):
2891         * loader/EmptyClients.h:
2892         * loader/FrameLoader.cpp:
2893         * loader/FrameLoader.h:
2894         * loader/appcache/ApplicationCacheHost.cpp:
2895         * loader/cache/CachedResource.cpp:
2896         * page/FrameView.cpp:
2897         * page/Page.cpp:
2898         (WebCore::Page::Page):
2899         * page/Page.h:
2900         (WebCore::Page::applicationCacheStorage):
2901         (WebCore::Page::databaseProvider):
2902         (WebCore::Page::socketProvider):
2903         (WebCore::Page::storageNamespaceProvider):
2904         * page/PageConfiguration.cpp:
2905         (WebCore::PageConfiguration::PageConfiguration):
2906         * page/PageConfiguration.h:
2907         * page/ResourceUsageOverlay.cpp:
2908         * page/SocketProvider.h: Added.
2909         (WebCore::SocketProvider::~SocketProvider):
2910         * page/cocoa/ResourceUsageOverlayCocoa.mm:
2911         * rendering/RenderElement.cpp:
2912         * rendering/RenderLayerBacking.cpp:
2913         * style/StyleResolveForDocument.cpp:
2914         * style/StyleTreeResolver.cpp:
2915         * svg/graphics/SVGImage.cpp:
2916         (WebCore::SVGImage::dataChanged):
2917         * testing/MockPageOverlayClient.cpp:
2918
2919 2016-06-13  Brady Eidson  <beidson@apple.com>
2920
2921         Crashes in WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask.
2922         <rdar://problem/26768449> and https://bugs.webkit.org/show_bug.cgi?id=158696
2923
2924         Reviewed by David Kilzer.
2925
2926         No new tests (Covered by all existing tests in Gmalloc/ASAN configs).
2927
2928         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2929         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask):
2930         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
2931
2932 2016-06-13  Brady Eidson  <beidson@apple.com>
2933
2934         Modern IDB: IDBOpenDBRequest objects leak.
2935         https://bugs.webkit.org/show_bug.cgi?id=158694
2936
2937         Reviewed by Alex Christensen.
2938
2939         No new tests (Currently have no testing strategy for guaranteeing lifetime of WebCore DOM objects)
2940
2941         * Modules/indexeddb/client/IDBConnectionProxy.cpp:
2942         (WebCore::IDBClient::IDBConnectionProxy::completeOpenDBRequest): At this point we never need the
2943             request again, so remove it from the map.
2944
2945 2016-06-13  Chris Dumez  <cdumez@apple.com>
2946
2947         Make sure HTTPHeaderMap gets a move constructor / assignment operator
2948         https://bugs.webkit.org/show_bug.cgi?id=158695
2949         <rdar://problem/26729511>
2950
2951         Reviewed by Alex Christensen.
2952
2953         Make sure HTTPHeaderMap gets a move constructor / assignment operator.
2954         It was not getting an implicit one because of its user-declared
2955         destructor. This patch drops the user-declared destructor so that
2956         HTTPHeaderMap now gets an implicit move constructor / assignment
2957         operator.
2958
2959         Not having a move constructor / assignment operator is an issue because
2960         we rely on HTTPHeaderMap::isolatedCopy() / WTFMove() since r201623 to
2961         pass HTTPHeaderMap across thread.
2962
2963         * platform/network/HTTPHeaderMap.cpp:
2964         (WebCore::HTTPHeaderMap::~HTTPHeaderMap): Deleted.
2965         * platform/network/HTTPHeaderMap.h:
2966
2967 2016-06-13  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2968
2969         Remove useless parameter from GenerateParametersCheck signature
2970         https://bugs.webkit.org/show_bug.cgi?id=158692
2971
2972         Reviewed by Chris Dumez.
2973
2974         Remove one parameter which is passed to GenerateParametersCheck
2975         but never used in the caller code.
2976
2977         * bindings/scripts/CodeGeneratorJS.pm:
2978         (GenerateImplementation):
2979         (GenerateParametersCheck):
2980         (GenerateConstructorDefinition):
2981
2982 2016-06-13  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2983
2984         Improve code generator for functions with variadic parameters
2985         https://bugs.webkit.org/show_bug.cgi?id=158529
2986
2987         Reviewed by Darin Adler.
2988
2989         JS bindings code of functions with variadic parameters is improved.
2990
2991         Functions with variadic parameters are skipped for ObjC and GObject code generators.
2992
2993         * bindings/scripts/CodeGeneratorGObject.pm:
2994         (SkipFunction): Skip functions with variadic parameters.
2995         * bindings/scripts/CodeGeneratorJS.pm:
2996         (GenerateParametersCheck):
2997         * bindings/scripts/CodeGeneratorObjC.pm:
2998         (SkipFunction): Skip functions with variadic parameters.
2999         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
3000         (webkit_dom_test_obj_any): Deleted.
3001         (webkit_dom_test_obj_attach_shadow_root): Deleted.
3002         (webkit_dom_test_obj_get_read_only_long_attr): Deleted.
3003         (webkit_dom_test_obj_get_read_only_string_attr): Deleted.
3004         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
3005         * bindings/scripts/test/JS/JSTestObj.cpp:
3006         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod12):
3007         (WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
3008         (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
3009         (WebCore::jsTestObjPrototypeFunctionVariadicNodeMethod):
3010         * bindings/scripts/test/ObjC/DOMTestObj.h:
3011         * bindings/scripts/test/ObjC/DOMTestObj.mm:
3012
3013 2016-06-12  Zalan Bujtas  <zalan@apple.com>
3014
3015         Cleanup RenderBlock::removePositionedObjects
3016         https://bugs.webkit.org/show_bug.cgi?id=158670
3017
3018         Reviewed by Simon Fraser.
3019
3020         No change in functionality.
3021
3022         * rendering/RenderBlock.cpp:
3023         (WebCore::RenderBlock::insertPositionedObject):
3024         (WebCore::RenderBlock::removePositionedObject):
3025         (WebCore::RenderBlock::removePositionedObjects):
3026         * rendering/RenderBlock.h:
3027
3028 2016-06-12  Zalan Bujtas  <zalan@apple.com>
3029
3030         Remove positioned descendants when RenderBlock is no longer a containing block.
3031         https://bugs.webkit.org/show_bug.cgi?id=158655
3032         <rdar://problem/26510032>
3033
3034         Reviewed by Simon Fraser.
3035
3036         Normally the RenderView is the containing block for fixed positioned renderers.
3037         However when a renderer acquires some transform related properties, it becomes the containing
3038         block for all the fixed positioned renderers in its descendant tree.
3039         When the last transform related property is removed, the renderer is no longer a containing block
3040         and we need to remove all these positioned renderers from the descendant tracker map (gPositionedDescendantsMap).
3041         They will be inserted back into the tracker map during the next layout (either under the RenderView or
3042         under the next transformed renderer in the ancestor chain).
3043
3044         Test: fast/block/fixed-position-reparent-when-transition-is-removed.html
3045
3046         * rendering/RenderBlock.cpp:
3047         (WebCore::RenderBlock::removePositionedObjectsIfNeeded):
3048
3049 2016-06-11  Myles C. Maxfield  <mmaxfield@apple.com>
3050
3051         Addressing post-review comments after r201978.
3052         https://bugs.webkit.org/show_bug.cgi?id=158649
3053         <rdar://problem/13258122>
3054
3055         Unreviewed.
3056
3057         * platform/graphics/FontCache.cpp:
3058         (WebCore::FontCache::alternateFamilyName):
3059         * platform/graphics/cocoa/FontCacheCoreText.cpp:
3060         (WebCore::FontCache::platformAlternateFamilyName):
3061
3062 2016-06-11  Darin Adler  <darin@apple.com>
3063
3064         Tighten code to build set of tag names
3065         https://bugs.webkit.org/show_bug.cgi?id=158662
3066
3067         Reviewed by Alexey Proskuryakov.
3068
3069         * dom/Element.cpp:
3070         (WebCore::canAttachAuthorShadowRoot): Use an array of pointers that the loader
3071         can initialize as part of loading the library, rather than an array that needs
3072         to be initialized with code at runtime.
3073
3074 2016-06-11  Myles C. Maxfield  <mmaxfield@apple.com>
3075
3076         [Win] [EFL] Build fix after r201978.
3077         https://bugs.webkit.org/show_bug.cgi?id=158649
3078         <rdar://problem/13258122>
3079
3080         Unreviewed
3081
3082         * platform/graphics/freetype/FontCacheFreeType.cpp:
3083         (WebCore::FontCache::platformAlternateFamilyName):
3084         * platform/graphics/win/FontCacheWin.cpp:
3085
3086 2016-06-11  Myles C. Maxfield  <mmaxfield@apple.com>
3087
3088         [Cocoa] Map commonly used Chinese Windows font names to names present on Cocoa operating systems
3089         https://bugs.webkit.org/show_bug.cgi?id=158649
3090         <rdar://problem/13258122>
3091
3092         Reviewed by Darin Adler.
3093
3094         There are many Chinese websites which hardcode Windows font names.
3095         We should map these to fonts which best match them on Cocoa operating
3096         systems. We can do this by using our existing fallback font name
3097         infrastructure.
3098
3099         Tests: fast/text/chinese-font-name-aliases-2.html
3100                fast/text/chinese-font-name-aliases.html
3101
3102         * platform/graphics/FontCache.cpp:
3103         (WebCore::FontCache::alternateFamilyName):
3104         (WebCore::alternateFamilyName): Deleted.
3105         * platform/graphics/FontCache.h:
3106         * platform/graphics/cocoa/FontCacheCoreText.cpp:
3107         (WebCore::FontCache::platformAlternateFamilyName):
3108         * platform/graphics/freetype/FontCacheFreeType.cpp:
3109         (WebCore::FontCache::platformAlternateFamilyName):
3110         * platform/graphics/win/FontCacheWin.cpp:
3111         (WebCore::FontCache::platformAlternateFamilyName):
3112
3113 2016-06-11  Commit Queue  <commit-queue@webkit.org>
3114
3115         Unreviewed, rolling out r201967, r201968, and r201972.
3116         https://bugs.webkit.org/show_bug.cgi?id=158665
3117
3118         Caused flaky failures on IndexedDB tests (Requested by ap on
3119         #webkit).
3120
3121         Reverted changesets:
3122
3123         "Vary:Cookie validation doesn't work in private browsing"
3124         https://bugs.webkit.org/show_bug.cgi?id=158616
3125         http://trac.webkit.org/changeset/201967
3126
3127         "Build fix."
3128         http://trac.webkit.org/changeset/201968
3129
3130         "WinCairo build fix attempt."
3131         http://trac.webkit.org/changeset/201972
3132
3133 2016-06-11  Konstantin Tokarev  <annulen@yandex.ru>
3134
3135         Fixed compilation of LocaleICU with ENABLE(DATE_AND_TIME_INPUT_TYPES)
3136         https://bugs.webkit.org/show_bug.cgi?id=158659
3137
3138         Reviewed by Darin Adler.
3139
3140         No new tests needed.
3141
3142         * platform/text/LocaleICU.cpp:
3143         (WebCore::getFormatForSkeleton):
3144         (WebCore::LocaleICU::monthFormat):
3145         (WebCore::LocaleICU::shortMonthFormat):
3146
3147 2016-06-11  Antti Koivisto  <antti@apple.com>
3148
3149         WinCairo build fix attempt.
3150
3151         * platform/network/NetworkStorageSession.cpp:
3152         * platform/network/NetworkStorageSession.h:
3153         * platform/network/NetworkStorageSessionStub.cpp:
3154         (WebCore::NetworkStorageSession::NetworkStorageSession):
3155         (WebCore::NetworkStorageSession::context):
3156         (WebCore::NetworkStorageSession::createPrivateBrowsingSession):
3157         (WebCore::NetworkStorageSession::switchToNewTestingSession):
3158         (WebCore::NetworkStorageSession::~NetworkStorageSession): Deleted.
3159         (WebCore::defaultSession): Deleted.
3160         (WebCore::NetworkStorageSession::defaultStorageSession): Deleted.
3161
3162 2016-06-11  Myles C. Maxfield  <mmaxfield@apple.com>
3163
3164         Deleting a CSSOM style rule invalidates any previously-added FontFaces
3165         https://bugs.webkit.org/show_bug.cgi?id=158450
3166
3167         Reviewed by Darin Adler.
3168
3169         This patch has two pieces: updating the CSSOM when the FontFace changes, and
3170         updating the FontFace when the CSSOM changes.
3171
3172         1: Updating the CSSOM when the FontFace changes: CSSFontFaces already have a RefPtr
3173         to their StyleRuleFontFace which represents their CSS-connection. When changing a
3174         property of the CSSFontFace, we simply reach into the StyleRule and update it to
3175         match. Our existing infrastructure of invalidation due to the attribute changes
3176         makes sure that all the necessary updates occur.
3177
3178         2. Updating the FontFace when the CSSOM changes: If the CSSOM changes in a trivial
3179         way (for example, a new @font-face is appended to the end of the last <style>
3180         element), we can handle it directly. However, when something more invasive occurs,
3181         we end up clearing the entire CSSFontSelector, and then adding all the style rules
3182         from scratch. This involves three steps:
3183             a) CSSFontSelector::buildStarted() is run, which means "we're about to start
3184                building up all the @font-face rules from scratch." We take this opportunity
3185                to purge as many fonts as possible. This is valuable because, for example,
3186                this function gets run when the page gets put into the page cache, so we
3187                want to destroy as much as possible. Not everything can be purged, however -
3188                only CSS-connected fonts which have never been inspected by script are
3189                purgeable. We don't allow fonts inspected by script to be purged because
3190                purging might result in a font appearing from JavaScript to transition from
3191                a success -> failure state, which we don't allow.
3192             b) Upon style recalc (possibly asynchronously) CSSFontSelector::addFontFaceRule()
3193                is called for each @font-face rule. We actually detect that we're in the
3194                middle of a style rebuild, and defer this step.
3195             c) When we're done adding all the font face rules, we call
3196                CSSFontSelector::buildCompleted(). This is where we compare the newly built-
3197                up list of font faces with what existed previously (as remembered in
3198                CSSFontSelector::buildStarted()) in order to detect font faces which were
3199                deleted from the document. Fonts which were newly added to the document
3200                are handled naturally.
3201                Fonts which have a property modified on them are created as if they were new.
3202                However, instead of simply adding the CSSFontFace, we search for the existing
3203                CSSFontFace (by CSS connection pointer) and tell the existing FontFace to
3204                adopt this new CSSFontFace. This means that the JavaScript object will just
3205                pick up any newly-written values in the CSSOM. It also means that the
3206                "status" attribute of the JavaScript object is reset, but this is expected
3207                and allowed by the spec. (For example, if you change the "src" attribute of
3208                an @font-face block via the CSSOM, all bets are off when you inspect the
3209                FontFace JS object representing that block.)
3210
3211         Test: fast/text/font-face-set-cssom.html
3212
3213         * css/CSSFontFace.cpp:
3214         (WebCore::CSSFontFace::CSSFontFace):
3215         (WebCore::CSSFontFace::setFamilies):
3216         (WebCore::CSSFontFace::setStyle):
3217         (WebCore::CSSFontFace::setWeight):
3218         (WebCore::CSSFontFace::setUnicodeRange):
3219         (WebCore::CSSFontFace::setVariantLigatures):
3220         (WebCore::CSSFontFace::setVariantPosition):
3221         (WebCore::CSSFontFace::setVariantCaps):
3222         (WebCore::CSSFontFace::setVariantNumeric):
3223         (WebCore::CSSFontFace::setVariantAlternates):
3224         (WebCore::CSSFontFace::setVariantEastAsian):
3225         (WebCore::CSSFontFace::setFeatureSettings):
3226         (WebCore::CSSFontFace::initializeWrapper):
3227         (WebCore::CSSFontFace::wrapper):
3228         (WebCore::CSSFontFace::setWrapper):
3229         (WebCore::CSSFontFace::purgeable):
3230         (WebCore::CSSFontFace::updateStyleIfNeeded):
3231         * css/CSSFontFace.h:
3232         * css/CSSFontFaceSet.cpp:
3233         (WebCore::CSSFontFaceSet::remove):
3234         (WebCore::CSSFontFaceSet::containsCSSConnection):
3235         (WebCore::CSSFontFaceSet::purge):
3236         * css/CSSFontFaceSet.h:
3237         * css/CSSFontSelector.cpp:
3238         (WebCore::CSSFontSelector::buildStarted):
3239         (WebCore::CSSFontSelector::buildCompleted):
3240         (WebCore::CSSFontSelector::addFontFaceRule):
3241         * css/CSSFontSelector.h:
3242         * css/FontFace.cpp:
3243         (WebCore::FontFace::family):
3244         (WebCore::FontFace::style):
3245         (WebCore::FontFace::weight):
3246         (WebCore::FontFace::unicodeRange):
3247         (WebCore::FontFace::variant):
3248         (WebCore::FontFace::featureSettings):
3249         (WebCore::FontFace::adopt):
3250         * css/FontFace.h:
3251
3252 2016-06-11  Chris Dumez  <cdumez@apple.com>
3253
3254         WorkerNavigator is missing some attributes
3255         https://bugs.webkit.org/show_bug.cgi?id=158593
3256         <rdar://problem/26731334>
3257
3258         Reviewed by Darin Adler.
3259
3260         Add attributes that are missing on WorkerNavigator:
3261         - appCodeName
3262         - hardwareConcurrency
3263         - language
3264         - product
3265         - productSub
3266         - vendor
3267         - vendorSub
3268
3269         Firefox and Chrome already expose those attributes.
3270
3271         Relevant specification:
3272         https://html.spec.whatwg.org/multipage/workers.html#the-workernavigator-object
3273
3274         This patch also refactors the IDL to match the specification more
3275         closely and promote sharing between Navigator and WorkerNavigator.
3276
3277         No new tests, updated existing test.
3278
3279         * CMakeLists.txt:
3280         * DerivedSources.make:
3281         Add new supplemental IDL files.
3282
3283         * page/Navigator.cpp:
3284         * page/Navigator.h:
3285         Moved language() / hardwareConcurrency() from Navigator to NavigatorBase
3286         so that it can be used by NavigatorWorker as well.
3287
3288         * page/NavigatorBase.h:
3289         * page/NavigatorBase.cpp:
3290         (WebCore::NavigatorBase::language):
3291         The implementation still calls defaultLanguage() but I updated it to be
3292         thread safe on all platforms.
3293
3294         (WebCore::NavigatorBase::hardwareConcurrency):
3295         Use std::call_once() for thread safety.
3296
3297         * page/Navigator.idl:
3298         * page/NavigatorConcurrentHardware.idl: Copied from Source/WebCore/page/WorkerNavigator.idl.
3299         * page/NavigatorID.idl: Copied from Source/WebCore/page/WorkerNavigator.idl.
3300         * page/NavigatorLanguage.idl: Copied from Source/WebCore/page/WorkerNavigator.idl.
3301         * page/NavigatorOnLine.idl: Copied from Source/WebCore/page/WorkerNavigator.idl.
3302         * page/WorkerNavigator.idl:
3303         Move several attributes to their own supplemental interfaces to match
3304         the specification and promote sharing with WorkerNavigator.
3305
3306         * platform/Language.cpp:
3307         (WebCore::userPreferredLanguages):
3308         * platform/Language.h:
3309         Made thread-safe on all platforms.
3310
3311 2016-06-11  Antti Koivisto  <antti@apple.com>
3312
3313         Build fix.
3314
3315         * platform/network/cf/NetworkStorageSessionCFNet.cpp:
3316         (WebCore::NetworkStorageSession::switchToNewTestingSession):
3317
3318 2016-06-10  Antti Koivisto  <antti@apple.com>
3319
3320         Vary:Cookie validation doesn't work in private browsing
3321         https://bugs.webkit.org/show_bug.cgi?id=158616
3322         rdar://problem/26755067
3323
3324         Reviewed by Darin Adler.
3325
3326         This wasn't implemented because there was no way to get NetworkStorageSession from
3327         a SessionID on WebCore side.
3328
3329         The patch adds a simple WebCore level weak map that allows getting NetworkStorageSessions
3330         from SessionID. This seemed like the cleanest way to do this without a big refactoring
3331         around the currently WebKit2 level SessionTracker.
3332
3333         * CMakeLists.txt:
3334         * WebCore.xcodeproj/project.pbxproj:
3335         * platform/network/CacheValidation.cpp:
3336         (WebCore::headerValueForVary):
3337
3338             Get NetworkStorageSession from SessionID for cookies
3339
3340         (WebCore::verifyVaryingRequestHeaders):
3341         * platform/network/NetworkStorageSession.cpp: Added.
3342
3343             Add platform independent .cpp for NetworkStorageSession.
3344             Implement a weak map for SessionID -> NetworkStorageSession.
3345
3346         (WebCore::sessionsMap):
3347         (WebCore::NetworkStorageSession::NetworkStorageSession):
3348         (WebCore::NetworkStorageSession::~NetworkStorageSession):
3349         (WebCore::NetworkStorageSession::forSessionID):
3350
3351             Get NetworkStorageSession for sessionID.
3352
3353         * platform/network/NetworkStorageSession.h:
3354         (WebCore::NetworkStorageSession::sessionID):
3355         (WebCore::NetworkStorageSession::credentialStorage):
3356         * platform/network/cf/NetworkStorageSessionCFNet.cpp:
3357         (WebCore::NetworkStorageSession::NetworkStorageSession):
3358
3359             Call to common constructor.
3360
3361         (WebCore::defaultNetworkStorageSession):
3362         * platform/network/soup/NetworkStorageSessionSoup.cpp:
3363         (WebCore::NetworkStorageSession::NetworkStorageSession):
3364
3365             Call to common constructor.
3366
3367         (WebCore::defaultSession):
3368         (WebCore::NetworkStorageSession::~NetworkStorageSession): Deleted.
3369
3370 2016-06-10  Ada Chan  <adachan@apple.com>
3371
3372         Use the video element's video box when getting the inline video rect in WebVideoFullscreenManager
3373         https://bugs.webkit.org/show_bug.cgi?id=158351
3374         <rdar://problem/26567938>
3375
3376         Reviewed by Darin Adler.
3377
3378         * WebCore.xcodeproj/project.pbxproj:
3379         Change the visibility of RenderVideo.h and RenderMedia.h since we'll be importing RenderVideo.h from WebKit2.
3380         * rendering/RenderVideo.h:
3381
3382 2016-06-10  Benjamin Poulain  <bpoulain@apple.com>
3383
3384         Add support for passive event listeners on touch events
3385         https://bugs.webkit.org/show_bug.cgi?id=158601
3386
3387         Reviewed by Simon Fraser.
3388
3389         This patch wires "passive" state of EventTarget to the delivery of touch
3390         events in WebKit2.
3391
3392         Instead of having a NonFastScrollableRegion, we have a pair of regions
3393         in EventTrackingRegions.
3394         The "asynchronousDispatchRegion" tracks the area for which all event
3395         listeners are passive. For those, events should be dispatched asynchronously.
3396         The "synchronousDispatchRegion" tracks the area for which there is at
3397         least one active event listener. Events have to be dispatched synchronously
3398         for correctness.
3399
3400         Tests: fast/events/touch/ios/tap-with-active-listener-on-elements.html
3401                fast/events/touch/ios/tap-with-active-listener-on-window.html
3402                fast/events/touch/ios/tap-with-passive-listener-on-elements.html
3403                fast/events/touch/ios/tap-with-passive-listener-on-window.html
3404
3405         * WebCore.xcodeproj/project.pbxproj:
3406         * dom/Document.cpp:
3407         (WebCore::Document::wheelEventHandlersChanged):
3408         (WebCore::Document::Document): Deleted.
3409         * dom/Document.h:
3410
3411         * dom/EventListenerMap.cpp:
3412         (WebCore::EventListenerMap::containsActive):
3413         If a Target has multiple listener for an event type, we want to know
3414         if any of them is active.
3415
3416         * dom/EventListenerMap.h:
3417         * dom/EventTarget.cpp:
3418         (WebCore::EventTarget::hasActiveEventListeners):
3419         (WebCore::EventTarget::hasActiveTouchEventListeners):
3420         * dom/EventTarget.h:
3421
3422         * page/DebugPageOverlays.cpp:
3423         (WebCore::NonFastScrollableRegionOverlay::updateRegion):
3424         I did not change the debug overlays.
3425         The NonFastScrollable area is the region for which events needs
3426         synchronous dispatch. Everything else should scroll without delay.
3427
3428         * page/FrameView.cpp:
3429         (WebCore::FrameView::scrollableAreaSetChanged):
3430         * page/Page.cpp:
3431         (WebCore::Page::nonFastScrollableRects):
3432         * page/scrolling/AsyncScrollingCoordinator.cpp:
3433         (WebCore::AsyncScrollingCoordinator::setEventTrackingRegionsDirty):
3434         (WebCore::AsyncScrollingCoordinator::willCommitTree):
3435         (WebCore::AsyncScrollingCoordinator::updateEventTrackingRegions):
3436         (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):