Cleanup RenderTable*::createAnonymous*
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-25  Zalan Bujtas  <zalan@apple.com>
2
3         Cleanup RenderTable*::createAnonymous*
4         https://bugs.webkit.org/show_bug.cgi?id=160175
5
6         Reviewed by Simon Fraser.
7
8         This patch
9         1. tightens the type on createAnonymousBoxWithSameTypeAs, createAnonymousWithParentRendererAndDisplay and
10         createAnonymousWithParentRenderer from RenderObject to the appropriate type.
11         2. changes the return type of create* function from raw pointer to std::unique_ptr<>
12         3. decouples createAnonymousBoxWithSameTypeAs and createAnonymousWithParentRenderer.
13         createAnonymousBoxWithSameTypeAs misleadingly calls createAnonymousWithParentRenderer
14         while it is never the parent in case of table items.
15         (std::unique_ptr::release() vs. WTFMove() will be addressed in a separate patch)
16
17         No change in functionality.
18
19         * rendering/RenderBlock.cpp:
20         (WebCore::RenderBlock::createAnonymousBoxWithSameTypeAs):
21         (WebCore::RenderBlock::createAnonymousWithParentRendererAndDisplay):
22         * rendering/RenderBlock.h:
23         (WebCore::RenderBlock::createAnonymousBlock):
24         * rendering/RenderBox.cpp:
25         (WebCore::RenderBox::layoutOverflowRectForPropagation):
26         * rendering/RenderBox.h:
27         (WebCore::RenderBox::createAnonymousBoxWithSameTypeAs):
28         * rendering/RenderElement.cpp:
29         (WebCore::RenderElement::addChild):
30         * rendering/RenderInline.cpp:
31         (WebCore::RenderInline::splitFlow):
32         * rendering/RenderTable.cpp:
33         (WebCore::RenderTable::addChild):
34         (WebCore::RenderTable::createTableWithStyle):
35         (WebCore::RenderTable::createAnonymousWithParentRenderer):
36         * rendering/RenderTable.h:
37         (WebCore::RenderTable::createAnonymousBoxWithSameTypeAs):
38         * rendering/RenderTableCell.cpp:
39         (WebCore::RenderTableCell::createTableCellWithStyle):
40         (WebCore::RenderTableCell::createAnonymousWithParentRenderer):
41         * rendering/RenderTableCell.h:
42         (WebCore::RenderTableCell::createAnonymousBoxWithSameTypeAs):
43         * rendering/RenderTableRow.cpp:
44         (WebCore::RenderTableRow::addChild):
45         (WebCore::RenderTableRow::createTableRowWithStyle):
46         (WebCore::RenderTableRow::createAnonymousWithParentRenderer):
47         * rendering/RenderTableRow.h:
48         (WebCore::RenderTableRow::createAnonymousBoxWithSameTypeAs):
49         * rendering/RenderTableSection.cpp:
50         (WebCore::RenderTableSection::addChild):
51         (WebCore::RenderTableSection::createTableSectionWithStyle):
52         (WebCore::RenderTableSection::createAnonymousWithParentRenderer):
53         * rendering/RenderTableSection.h:
54         (WebCore::RenderTableSection::createAnonymousBoxWithSameTypeAs):
55
56 2016-07-25  Chris Dumez  <cdumez@apple.com>
57
58         Touch properties should be on the prototype
59         https://bugs.webkit.org/show_bug.cgi?id=160174
60
61         Reviewed by Ryosuke Niwa.
62
63         Touch properties should be on the prototype:
64         - https://w3c.github.io/touch-events/#idl-def-touch
65
66         Chrome agrees with the specification.
67
68         Test: platform/ios-simulator/ios/touch/Touch-attributes-prototype.html
69
70         * bindings/scripts/CodeGeneratorJS.pm:
71         (InterfaceRequiresAttributesOnInstanceForCompatibility): Deleted.
72
73 2016-07-25  Jeremy Jones  <jeremyj@apple.com>
74
75         Set MediaRemote playback state based on MediaSession playback state.
76         https://bugs.webkit.org/show_bug.cgi?id=160177
77
78         Reviewed by Eric Carlson.
79
80         Use playback session state to update media remote playback state instead of 
81         unconditionally setting it to playing.
82
83         * platform/audio/mac/MediaSessionManagerMac.mm:
84         (WebCore::MediaSessionManagerMac::updateNowPlayingInfo):
85
86 2016-07-25  Zalan Bujtas  <zalan@apple.com>
87
88         RenderBox::haveSameDirection is used only by table items.
89         https://bugs.webkit.org/show_bug.cgi?id=160141
90
91         Reviewed by Simon Fraser.
92
93         Remove RenderBox::haveSameDirection() since it's used only by RenderTable*
94         classes. The new stand alone function (with 2 arguments) now checks if both of
95         the objects are valid. 
96
97         No change in functionality.
98
99         * rendering/RenderBox.h:
100         (WebCore::RenderBox::hasSameDirectionAs): Deleted.
101         * rendering/RenderTable.cpp:
102         (WebCore::RenderTable::tableStartBorderAdjoiningCell):
103         (WebCore::RenderTable::tableEndBorderAdjoiningCell):
104         * rendering/RenderTable.h:
105         (WebCore::haveSameDirection):
106         * rendering/RenderTableCell.cpp:
107         (WebCore::RenderTableCell::hasStartBorderAdjoiningTable):
108         (WebCore::RenderTableCell::hasEndBorderAdjoiningTable):
109         * rendering/RenderTableCell.h:
110         (WebCore::RenderTableCell::borderAdjoiningTableStart):
111         (WebCore::RenderTableCell::borderAdjoiningTableEnd):
112         * rendering/RenderTableRow.h:
113         (WebCore::RenderTableRow::borderAdjoiningTableStart):
114         (WebCore::RenderTableRow::borderAdjoiningTableEnd):
115         * rendering/RenderTableSection.cpp:
116         (WebCore::RenderTableSection::borderAdjoiningStartCell):
117         (WebCore::RenderTableSection::borderAdjoiningEndCell):
118         (WebCore::RenderTableSection::firstRowCellAdjoiningTableStart):
119         (WebCore::RenderTableSection::firstRowCellAdjoiningTableEnd):
120         * rendering/RenderTableSection.h:
121         (WebCore::RenderTableSection::borderAdjoiningTableStart):
122         (WebCore::RenderTableSection::borderAdjoiningTableEnd):
123
124 2016-07-25  Chris Dumez  <cdumez@apple.com>
125
126         ClientRect properties should be on the prototype
127         https://bugs.webkit.org/show_bug.cgi?id=160165
128
129         Reviewed by Geoffrey Garen.
130
131         Move ClientRect properties from the instance to the prototype. This
132         matches the specification, Firefox and Chrome.
133
134         Also add a serializer to ClientRect in order to match the specification:
135         - https://drafts.fxtf.org/geometry/Overview.html#domrectreadonly
136         - https://heycam.github.io/webidl/#es-serializer
137
138         This avoids breaking content that relies on JSON.stringify() to
139         serialize ClientRect objects.
140
141         Tests: fast/css/ClientRect-attributes-prototype.html
142                fast/css/ClientRect-serialization.html
143
144         * CMakeLists.txt:
145         * WebCore.xcodeproj/project.pbxproj:
146         * bindings/js/JSBindingsAllInOne.cpp:
147         * bindings/js/JSClientRectCustom.cpp: Added.
148         (WebCore::JSClientRect::toJSON):
149         * bindings/scripts/CodeGeneratorJS.pm:
150         * dom/ClientRect.idl:
151
152 2016-07-25  Chris Dumez  <cdumez@apple.com>
153
154         Parameters to DOMImplementation.createDocumentType() should be mandatory and non-nullable
155         https://bugs.webkit.org/show_bug.cgi?id=160167
156
157         Reviewed by Ryosuke Niwa.
158
159         Parameters to DOMImplementation.createDocumentType() should be mandatory
160         and non-nullable:
161         - https://dom.spec.whatwg.org/#domimplementation
162
163         Firefox and Chrome both agree with the specification. However, those
164         parameters were nullable and optional in WebKit.
165
166         Test: fast/dom/DOMImplementation/createDocumentType-parameters.html
167
168         * dom/DOMImplementation.idl:
169
170 2016-07-25  Wenson Hsieh  <wenson_hsieh@apple.com>
171
172         Media controls should not be displayed for a video until it starts playing
173         https://bugs.webkit.org/show_bug.cgi?id=160092
174         <rdar://problem/26986673>
175
176         Reviewed by Beth Dakin.
177
178         For videos that have never played back yet, we should not show media controls. To ensure this
179         behavior, we ensure that the playback behavior restriction is set upon creating the media
180         element. This restriction is then removed when the media element begins to play.
181
182         Added two new WebKit API tests.
183
184         * html/HTMLMediaElement.cpp:
185         (WebCore::HTMLMediaElement::HTMLMediaElement):
186
187 2016-07-25  Jiewen Tan  <jiewen_tan@apple.com>
188
189         Rename SubtleCrypto to WebKitSubtleCrypto
190         https://bugs.webkit.org/show_bug.cgi?id=160067
191         <rdar://problem/27483617>
192
193         Reviewed by Brent Fulgham.
194
195         Tests: crypto/webkitSubtle/gc-2.html
196                crypto/webkitSubtle/gc-3.html
197                crypto/webkitSubtle/gc.html
198
199         Rename Class SubtleCrypto to WebKitSubtleCrypto, and Crypto.subtle to Crypto.webkitSubtle in order
200         to let the new implementation to reuse the name SubtleCrypto. This renaming should match what our
201         current JSBindings use, and therefore should not introduce any change of behavoir.
202
203         * CMakeLists.txt:
204         Revise project files for for new file names.
205         * DerivedSources.cpp:
206         * DerivedSources.make:
207         * PlatformEfl.cmake:
208         * PlatformGTK.cmake:
209         * PlatformMac.cmake:
210         * WebCore.xcodeproj/project.pbxproj:
211         Revise project files for for new file names.
212         * bindings/js/JSWebKitSubtleCryptoCustom.cpp: Renamed from Source/WebCore/bindings/js/JSSubtleCryptoCustom.cpp.
213         * crypto/WebKitSubtleCrypto.cpp: Renamed from Source/WebCore/crypto/SubtleCrypto.cpp.
214         * crypto/WebKitSubtleCrypto.h: Renamed from Source/WebCore/crypto/SubtleCrypto.h.
215         * crypto/WebKitSubtleCrypto.idl: Renamed from Source/WebCore/crypto/SubtleCrypto.idl.
216         * page/Crypto.cpp:
217         (WebCore::Crypto::webkitSubtle):
218         (WebCore::Crypto::subtle): Deleted.
219         * page/Crypto.h:
220         * page/Crypto.idl:
221
222 2016-07-25  Brady Eidson  <beidson@apple.com>
223
224         Allow LocalStorage by default for file URLs.
225         https://bugs.webkit.org/show_bug.cgi?id=160169
226
227         Reviewed by Brent Fulgham.
228
229         Test: storage/domstorage/localstorage/file-can-access.html
230
231         * page/SecurityOrigin.cpp:
232         (WebCore::SecurityOrigin::canAccessStorage): Remove the m_universalAccess check for local URLs.
233
234 2016-07-25  Nan Wang  <n_wang@apple.com>
235
236         AX: AccessibilityRenderObject is adding duplicated children when CSS first-letter is being used.
237         https://bugs.webkit.org/show_bug.cgi?id=160155
238
239         Reviewed by Chris Fleizach.
240
241         We were adding the same text node twice if CSS first-letter selector was being used. Added a
242         check for the inline continuation so that we only add it once. 
243
244         Test: accessibility/mac/css-first-letter-children.html
245
246         * accessibility/AccessibilityRenderObject.cpp:
247         (WebCore::firstChildConsideringContinuation):
248
249 2016-07-25  Wenson Hsieh  <wenson_hsieh@apple.com>
250
251         Media controls on apple.com don't disappear when movie finishes playing
252         https://bugs.webkit.org/show_bug.cgi?id=160068
253         <rdar://problem/26668526>
254
255         Reviewed by Darin Adler.
256
257         When a video ends, it should cause media controls to hide. While current logic
258         mostly accounts for this, it does not account for programmatic seeks causing
259         the video to lose its 'ended' status before querying for whether or not to
260         show media controls.
261
262         Three new API tests: large-video-seek-after-ending.html
263         large-video-hides-controls-after-seek-to-end.html
264         large-video-seek-to-beginning-and-play-after-ending.html
265
266         * html/HTMLMediaElement.cpp:
267         (WebCore::HTMLMediaElement::mediaPlayerTimeChanged):
268         (WebCore::HTMLMediaElement::setPlaying):
269         * html/MediaElementSession.cpp:
270         (WebCore::MediaElementSession::canControlControlsManager):
271         * html/MediaElementSession.h:
272
273 2016-07-25  Frederic Wang  <fwang@igalia.com>
274
275         Introduce a MathMLOperatorElement class
276         https://bugs.webkit.org/show_bug.cgi?id=160034
277
278         Reviewed by Darin Adler.
279
280         No new tests, rendering is unchaned.
281
282         * CMakeLists.txt: Add MathMLOperatorElement to the build file.
283         * WebCore.xcodeproj/project.pbxproj: Ditto.
284         * mathml/MathMLAllInOne.cpp: Ditto.
285         * mathml/MathMLOperatorElement.cpp: New DOM class for <mo> element.
286         (WebCore::MathMLOperatorElement::MathMLOperatorElement):
287         (WebCore::MathMLOperatorElement::create):
288         (WebCore::MathMLOperatorElement::parseAttribute): Handle mo attributes.
289         (WebCore::MathMLOperatorElement::createElementRenderer): Create RenderMathMLOperator.
290         * mathml/MathMLOperatorElement.h: Declare a class deriving from MathMLTextElement.
291         * mathml/MathMLTextElement.cpp: Remove all the RenderMathMLOperator parts.
292         (WebCore::MathMLTextElement::MathMLTextElement): Remove inline keyword so that the class can
293         be overriden.
294         (WebCore::MathMLTextElement::parseAttribute): Remove code handled in MathMLOperatorElement.
295         (WebCore::MathMLTextElement::createElementRenderer): Ditto.
296         * mathml/MathMLTextElement.h: Make class and members overridable.
297         * mathml/mathtags.in: Map mo to MathMLOperatorElement.
298         * rendering/mathml/RenderMathMLOperator.cpp:
299         (WebCore::RenderMathMLOperator::RenderMathMLOperator): Make the constructor take a
300         MathMLOperatorElement.
301         * rendering/mathml/RenderMathMLOperator.h: Ditto.
302
303 2016-07-25  Darin Adler  <darin@apple.com>
304
305         Speed up make process slightly by improving "list of files" idiom
306         https://bugs.webkit.org/show_bug.cgi?id=160164
307
308         Reviewed by Mark Lam.
309
310         * DerivedSources.make: Change rules that build lists of files to only run when
311         DerivedSources.make has been modified since the last time they were run. Since the
312         list of files are inside this file, this is safe, and this is faster than always
313         comparing and regenerating the file containing the list of files each time.
314
315 2016-07-24  Wenson Hsieh  <wenson_hsieh@apple.com>
316
317         The web process hangs when computing elements-based snap points for a container with large max scroll offset
318         https://bugs.webkit.org/show_bug.cgi?id=152605
319         <rdar://problem/25353661>
320
321         Reviewed by Simon Fraser.
322
323         Fixes a bug in the computation of axis snap points. The ScrollSnapPoints object, which tracks
324         snap points along a particular axis, has two flags, hasRepeat and usesElements. For elements-
325         based snapping, both flags would be turned on, since StyleBuilderConverter::convertScrollSnapPoints
326         short-circuits for elements-based snapping and does not default usesRepeat to false. To address this,
327         we make ScrollSnapPoints not repeat(100%) by default.
328
329         Test: css3/scroll-snap/scroll-snap-elements-container-larger-than-children.html
330
331         * css/StyleBuilderConverter.h:
332         (WebCore::StyleBuilderConverter::convertScrollSnapPoints): Deleted.
333         * rendering/style/StyleScrollSnapPoints.cpp:
334         (WebCore::ScrollSnapPoints::ScrollSnapPoints):
335
336 2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>
337
338         REGRESSION(r200931): Invalid cast in highestAncestorToWrapMarkup()
339         https://bugs.webkit.org/show_bug.cgi?id=160163
340
341         Reviewed by Michael Catanzaro.
342
343         Since r200931 the result of enclosingNodeOfType() in highestAncestorToWrapMarkup() is downcasted to Element, but
344         the result of enclosingNodeOfType() can be a Node that is not an Element, in this case is Text. The cast is not
345         needed at all since that node is passed to editingIgnoresContent() and selectionFromContentsOfNode() and both
346         receive a Node not an Element.
347
348         * editing/markup.cpp:
349         (WebCore::highestAncestorToWrapMarkup): Remove invalid cast.
350
351 2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>
352
353         [Coordinated Graphics] ASSERTION FAILED: m_coordinator->isFlushingLayerChanges() in fast/repaint/animation-after-layer-scroll.html
354         https://bugs.webkit.org/show_bug.cgi?id=160156
355
356         Reviewed by Michael Catanzaro.
357
358         So, we fixed an assertion in r203663, but now is hitting the next one. As explained in bug #160142, flush
359         compositing state can be triggered in tests by RenderLayerCompositor::layerTreeAsText(), without the coordinator
360         even noticing it, so the assert can be just removed.
361
362         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
363         (WebCore::CoordinatedGraphicsLayer::flushCompositingStateForThisLayerOnly): Remove incorrect assert.
364
365 2016-07-25  Zalan Bujtas  <zalan@apple.com>
366
367         EllipsisBox ctor's isVertical parameter should read isHorizontal.
368         https://bugs.webkit.org/show_bug.cgi?id=160153
369
370         Reviewed by Andreas Kling.
371
372         It indicates whether the ellipsis box is horizontal. (both the callsites
373         and the parent class use isHorizontal)
374
375         No change in functionality.
376
377         * rendering/EllipsisBox.cpp:
378         (WebCore::EllipsisBox::EllipsisBox):
379         * rendering/EllipsisBox.h:
380
381 2016-07-25  Sergio Villar Senin  <svillar@igalia.com>
382
383         [css-grid] Implement repeat(auto-fit)
384         https://bugs.webkit.org/show_bug.cgi?id=159771
385
386         Reviewed by Darin Adler.
387
388         The auto-fit keyword works exactly as the already implemented auto-fill except that all
389         empty tracks collapse (became 0px). Absolutely positioned items do not participate on the
390         layout of the grid so they are not considered (a grid with only absolutely positioned items
391         is considered an empty grid).
392
393         Whenever a track collapses the gutters on either side do also collapse. When a collapsed
394         track's gutters collapse, they coincide exactly. If one side of a collapsed track does not
395         have a gutter then collapsing its gutters results in no gutter on either "side" of the
396         collapsed track.
397
398         In practice this means that is not possible to know the gap between 2 consecutive auto
399         repeat tracks without examining some others whenever there are collapsed tracks.
400
401         Uncommented the auto-fit cases from Mozilla tests. They have to be adapted as the reftest
402         machinery requires all the content to be rendered in the original 800x600 viewport.
403
404         Tests: fast/css-grid-layout/grid-auto-fit-columns.html
405         fast/css-grid-layout/grid-auto-fit-rows.html
406         fast/css-grid-layout/mozilla/grid-repeat-auto-fill-fit-005-part-1.html
407         fast/css-grid-layout/mozilla/grid-repeat-auto-fill-fit-005-part-2.html
408
409         * css/CSSComputedStyleDeclaration.cpp:
410         (WebCore::valueForGridTrackList): Use the newly added trackSizesForComputedStyle().
411         * rendering/RenderGrid.cpp:
412         (WebCore::RenderGrid::computeTrackBasedLogicalHeight):
413         (WebCore::RenderGrid::computeTrackSizesForDirection):
414         (WebCore::RenderGrid::isEmptyAutoRepeatTrack):
415         (WebCore::RenderGrid::gridGapForDirection): Returns the gap directly from the style.
416         (WebCore::RenderGrid::guttersSize): Computes the gap between a startLine and an
417         endLine. This method may need to inspect some other surrounding tracks to compute the gap.
418         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
419         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
420         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
421         (WebCore::RenderGrid::gridTrackSize):
422         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
423         (WebCore::RenderGrid::computeAutoRepeatTracksCount):
424         (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat): Returns a Vector with the auto
425         repeat tracks that are going to be collapsed because they're empty.
426         (WebCore::RenderGrid::placeItemsOnGrid):
427         (WebCore::RenderGrid::trackSizesForComputedStyle): Used by ComputedStyle logic to print the
428         size of tracks. Added in order to hide the actual contents of m_columnPositions and
429         m_rowPositions to the outter world.
430         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
431         (WebCore::RenderGrid::gridAreaBreadthForChild):
432         (WebCore::RenderGrid::populateGridPositionsForDirection): Added some extra code to compute
433         gaps as they cannot be directly added between tracks in case of having collapsed tracks.
434         (WebCore::RenderGrid::columnAxisOffsetForChild):
435         (WebCore::RenderGrid::rowAxisOffsetForChild):
436         (WebCore::RenderGrid::offsetBetweenTracks): Deleted.
437         * rendering/RenderGrid.h: Made some API private. Added new required methods/attributes.
438
439         * css/CSSComputedStyleDeclaration.cpp:
440         (WebCore::valueForGridTrackList):
441         * rendering/RenderGrid.cpp:
442         (WebCore::RenderGrid::computeTrackBasedLogicalHeight):
443         (WebCore::RenderGrid::computeTrackSizesForDirection):
444         (WebCore::RenderGrid::hasAutoRepeatEmptyTracks):
445         (WebCore::RenderGrid::isEmptyAutoRepeatTrack):
446         (WebCore::RenderGrid::gridGapForDirection):
447         (WebCore::RenderGrid::guttersSize):
448         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
449         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
450         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
451         (WebCore::RenderGrid::gridTrackSize):
452         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
453         (WebCore::RenderGrid::computeAutoRepeatTracksCount):
454         (WebCore::RenderGrid::computeEmptyTracksForAutoRepeat):
455         (WebCore::RenderGrid::placeItemsOnGrid):
456         (WebCore::RenderGrid::trackSizesForComputedStyle):
457         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
458         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
459         (WebCore::RenderGrid::gridAreaBreadthForChild):
460         (WebCore::RenderGrid::populateGridPositionsForDirection):
461         (WebCore::RenderGrid::columnAxisOffsetForChild):
462         (WebCore::RenderGrid::rowAxisOffsetForChild):
463         (WebCore::RenderGrid::offsetBetweenTracks): Deleted.
464         * rendering/RenderGrid.h:
465
466 2016-07-24  Frederic Wang  <fwang@igalia.com>
467
468         Move parsing of display, displaystyle and mathvariant attributes into MathML element classes
469         https://bugs.webkit.org/show_bug.cgi?id=159623
470
471         Reviewed by Brent Fulgham.
472
473         No new tests, already covered by existing tests.
474
475         * mathml/MathMLElement.cpp:
476         (WebCore::MathMLElement::parseMathVariantAttribute): Move helper function to parse the
477         mathvariant attribute.
478         (WebCore::MathMLElement::getSpecifiedDisplayStyle): Helper function to set the displaystyle
479         value from the attribute specified on the MathML element.
480         (WebCore::MathMLElement::getSpecifiedMathVariant): Helper function to set the mathvariant
481         value from the attribute specified on the MathML element.
482         * mathml/MathMLElement.h: Move the enum for mathvariant values and declare new members.
483         (WebCore::MathMLElement::acceptsDisplayStyleAttribute): Indicate whether the element accepts
484         displaystyle attribute (false for most of them).
485         (WebCore::MathMLElement::acceptsMathVariantAttribute): Indicate whether the element accepts
486         mathvariant attribute (false for most of them).
487         * mathml/MathMLInlineContainerElement.cpp:
488         (WebCore::MathMLInlineContainerElement::acceptsDisplayStyleAttribute): Add mstyle and mtable
489         to the list of elements accepting the displaystyle attribute.
490         (WebCore::MathMLInlineContainerElement::acceptsMathVariantAttribute): Add mstyle to the list
491         of elements accepting the mathvariant attribute.
492         (WebCore::MathMLInlineContainerElement::parseAttribute): Mark displaystyle and mathvariant
493         dirty if necessary. Also use the new accepts*Attribute function.
494         * mathml/MathMLInlineContainerElement.h: Declare overridden accepts*Attribute members.
495         * mathml/MathMLMathElement.cpp:
496         (WebCore::MathMLMathElement::getSpecifiedDisplayStyle): Override acceptsDisplayStyleAttribute
497         so that the display attribute is also used to set the default value if the displaystyle
498         attribute is absent.
499         (WebCore::MathMLMathElement::parseAttribute): Mark displaystyle and mathvariant dirty if
500         necessary. We directly MathMLElement::parseAttribute to avoid duplicate work.
501         * mathml/MathMLMathElement.h: Add the math tag to the list of elements accepting the
502         displaystyle and mathvariant attributes. Declare overridden getSpecifiedDisplayStyle.
503         * mathml/MathMLTextElement.cpp:
504         (WebCore::MathMLTextElement::parseAttribute): Mark mathvariant as dirty.
505         * mathml/MathMLTextElement.h: Add token elements to the list of elements accepting the
506         mathvariant attribute.
507         * rendering/mathml/MathMLStyle.cpp:
508         (WebCore::MathMLStyle::updateStyleIfNeeded): Use the new MathMLElement::MathVariant enum.
509         (WebCore::MathMLStyle::resolveMathMLStyle):  We no longer parse the display value to
510         initialize the default value on the math tag, because this is handled in
511         getSpecifiedDisplayStyle. In general, we also just call getSpecifiedDisplayStyle and
512         getSpecifiedMathVariant on the MathML elements instead of parsing the displaystyle and
513         mathvariant attributes here.
514         (WebCore::MathMLStyle::parseMathVariant): Deleted. This is moved into MathMLElement.
515         * rendering/mathml/MathMLStyle.h: Use the new MathMLElement::MathVariant enum.
516         * rendering/mathml/RenderMathMLToken.cpp: Ditto.
517         (WebCore::mathVariant): Ditto.
518         (WebCore::RenderMathMLToken::updateMathVariantGlyph): Ditto.
519
520 2016-07-25  Carlos Garcia Campos  <cgarcia@igalia.com>
521
522         Unreviewed. Remove unneeded header includes from CoordinatedGraphicsLayer.
523
524         Not only thjey are not needed, they are a layer violation, CoordinatedGraphicsLayer shouldn't know anything
525         about Page, Frame and FrameView.
526
527         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
528         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
529
530 2016-07-24  Youenn Fablet  <youenn@apple.com>
531
532         [Fetch API] Request should be created with any HeadersInit data
533         https://bugs.webkit.org/show_bug.cgi?id=159672
534
535         Reviewed by Sam Weinig.
536
537         Made Request use JSBuiltinConstructor.
538         This allows initializing newly created Request with a JS built-in function, initializeFetchRequest.
539         initializeFetchRequest can call @fillFetchHeaders internal built-in to handle any HeadersInit data.
540         Future effort should be made to migrate more initialization code in initializeFetchRequest.
541
542         Made window and worker fetch function as a JS built-in.
543         This becomes more handy as these new functions can construct the Request object.
544         They can then call a single private function that takes a Request object as input.
545         Updated DOMWindowFetch and WorkerGlobalScopeFetch code accordingly.
546
547         To enable this, the binding generator is updated to support runtime-enabled JS built-in functions and
548         private functions atttached to global objects.
549
550         Covered by existing and modified tests.
551         Binding generator test covered by updated binding tests.
552
553         * CMakeLists.txt: Adding DOMWindowFetch.js, FetchRequest.js and WorkerGlobalScopeFetch.js built-in files.
554         * DerivedSources.make: Ditto.
555         * Modules/fetch/DOMWindowFetch.cpp: Removed overloaded fetch and updated according new signature.
556         (WebCore::DOMWindowFetch::fetch):
557         * Modules/fetch/DOMWindowFetch.h: Ditto.
558         * Modules/fetch/DOMWindowFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
559         * Modules/fetch/DOMWindowFetch.js: Added.
560         (fetch):
561         * Modules/fetch/FetchHeaders.h:
562         (WebCore::FetchHeaders::setGuard): Used by FetchRequest when initializing headers.
563         * Modules/fetch/FetchRequest.cpp: 
564         (WebCore::buildHeaders): Removed as implemented in JS.
565         (WebCore::FetchRequest::initializeOptions): Added to handle most of the dictionary initialization.
566         (WebCore::FetchRequest::initializeWith): Method called from built-in constructor function.
567         (WebCore::FetchRequest::setBody): Corresponding to @setBody private method.
568         (WebCore::buildBody): Deleted.
569         * Modules/fetch/FetchRequest.h:
570         * Modules/fetch/FetchRequest.idl:
571         * Modules/fetch/FetchRequest.js: Added.
572         (initializeFetchRequest): Implements fetch Request(input, init) constructor.
573         * Modules/fetch/FetchResponse.cpp:
574         (WebCore::FetchResponse::fetch): Removed the construction of FetchRequest in fetch method since it is done by JS built-in code.
575         * Modules/fetch/FetchResponse.h:
576         * Modules/fetch/WorkerGlobalScopeFetch.cpp: Removed overloaded fetch and updated according new signature.
577         (WebCore::WorkerGlobalScopeFetch::fetch):
578         * Modules/fetch/WorkerGlobalScopeFetch.h: Ditto.
579         * Modules/fetch/WorkerGlobalScopeFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
580         * Modules/fetch/WorkerGlobalScopeFetch.js: Added.
581         (fetch):
582         * bindings/js/WebCoreBuiltinNames.h: Adding fetchRequest, setBody and Request private identifiers.
583         * bindings/scripts/CodeGenerator.pm:
584         (WK_lcfirst): Replacing dOM by dom.
585         * bindings/scripts/CodeGeneratorJS.pm:
586         (GenerateImplementation): Adding support for runtime-enabled built-in methods and private methods.
587         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
588         (WebCore::JSTestGlobalObject::finishCreation):
589         (WebCore::jsTestGlobalObjectInstanceFunctionTestPrivateFunction):
590         * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
591         (-[DOMTestGlobalObject testJSBuiltinFunction]):
592         * bindings/scripts/test/TestGlobalObject.idl: Adding tests for runtime-enabled global built-in methods and private methods.
593
594 2016-07-24  Nan Wang  <n_wang@apple.com>
595
596         AX: Video Controls: Volume cannot be adjusted using VO.
597         https://bugs.webkit.org/show_bug.cgi?id=160107
598
599         Reviewed by Dean Jackson.
600
601         The volume slider in video tag had 0.01 step which caused the screen reader adjusting it slowly.
602         Changed the step to 0.05 and added the aria-valuetext attribute to the slider, so that the value
603         is spoken in percentage. 
604
605         Test: accessibility/mac/video-volume-slider-accessibility.html
606
607         * Modules/mediacontrols/mediaControlsApple.js:
608         (Controller.prototype.createControls):
609         (Controller.prototype.handleVolumeSliderInput):
610         (Controller.prototype.updateVolume):
611
612 2016-07-24  David Kilzer  <ddkilzer@apple.com>
613
614         REGRESSION (r203106): Crash in WebCore::MathMLElement::parseMathMLLength()
615         <https://webkit.org/b/160111>
616         <rdar://problem/27506489>
617
618         Reviewed by Chris Dumez.
619
620         Test: mathml/mpadded-crash.html
621
622         * mathml/MathMLElement.cpp:
623         (WebCore::skipLeadingAndTrailingWhitespace): Change to take
624         StringView parameter instead of String to avoid creating a
625         temporary String that's released on return.
626
627 2016-07-24  Carlos Garcia Campos  <cgarcia@igalia.com>
628
629         [Coordinated Graphics] ASSERTION FAILED: !m_flushingLayers in fast/repaint/animation-after-layer-scroll.html
630         https://bugs.webkit.org/show_bug.cgi?id=160142
631
632         Reviewed by Michael Catanzaro.
633
634         This only happens in layout tests, because it happens when RenderLayerCompositor::layerTreeAsText() is
635         called. The thing is that CoordinatedGraphicsLayer::flushCompositingState() calls notifyFlushRequired() that
636         checks if the coordinator is flusing layers and if not it calls RenderLayerCompositor::notifyFlushRequired() and
637         returns early. This normally works because the coodinator is the one starting the layer flush, so that when
638         RenderLayerCompositor::flushPendingLayerChanges() is called the coordinator is always flusing layers. But
639         RenderLayerCompositor::layerTreeAsText() calls RenderLayerCompositor::flushPendingLayerChanges() directly, so at
640         that moment the coordinator is not flusing layers, what causes that
641         CoordinatedGraphicsLayer::flushCompositingState() ends up calling RenderLayerCompositor::notifyFlushRequired()
642         that schedules a new flush while flusing layers causing the
643         assertion. CoordinatedGraphicsLayer::flushCompositingState() is always called from
644         CompositingCoordinator::flushPendingLayerChanges() or RenderLayerCompositor::flushPendingLayerChanges() so we
645         never need to call RenderLayerCompositor::notifyFlushRequired() from there.
646
647         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
648         (WebCore::CoordinatedGraphicsLayer::notifyFlushRequired): This is void now since the return value is not checked anywhere.
649         (WebCore::CoordinatedGraphicsLayer::flushCompositingState): Remove the call to notifyFlushRequired().
650         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
651
652 2016-07-24  Darin Adler  <darin@apple.com>
653
654         Adding a new WebCore JavaScript built-in source file does not trigger rebuild of WebCoreJSBuiltins*
655         https://bugs.webkit.org/show_bug.cgi?id=160115
656
657         Reviewed by Youenn Fablet.
658
659         * DerivedSources.make: Added a missing dependency so the rule that builds WebCore_BUILTINS_WRAPPERS
660         kicks in when the list of WebCore_BUILTINS_SOURCES is modified. Also added another missing dependency
661         so that changes to the JavaScript built-ins Python scripts will also trigger WebCore_BUILTINS_WRAPPERS.
662
663         * make-generated-sources.sh: Removed. Was unused.
664
665 2016-07-23  Zalan Bujtas  <zalan@apple.com>
666
667         Stop isEmpty() from leaking out of SVG.
668         https://bugs.webkit.org/show_bug.cgi?id=160121
669
670         Reviewed by Simon Fraser.
671
672         It's unclear what isEmpty() actually means and it doesn't bring any value to Render* classes.
673
674         No change in functionality.
675
676         * editing/CompositeEditCommand.cpp:
677         (WebCore::CompositeEditCommand::addBlockPlaceholderIfNeeded):
678         * rendering/RenderElement.h:
679         * rendering/RenderListItem.cpp:
680         (WebCore::RenderListItem::isEmpty): Deleted.
681         * rendering/RenderListItem.h:
682         * rendering/RenderObject.h:
683         (WebCore::RenderObject::isEmpty): Deleted.
684         * rendering/RenderRubyRun.cpp:
685         (WebCore::RenderRubyRun::removeChild):
686         (WebCore::RenderRubyRun::isEmpty): Deleted.
687         * rendering/RenderRubyRun.h:
688         * rendering/mathml/RenderMathMLFenced.cpp:
689         (WebCore::RenderMathMLFenced::updateFromElement):
690         (WebCore::RenderMathMLFenced::addChild):
691         * rendering/mathml/RenderMathMLRoot.cpp:
692         (WebCore::RenderMathMLRoot::paint):
693         * rendering/svg/RenderSVGShape.h:
694
695 2016-07-23  Zalan Bujtas  <zalan@apple.com>
696
697         table*BorderAdjoiningCell and borderAdjoiningCell* should take reference instead of RenderTableCell*.
698         https://bugs.webkit.org/show_bug.cgi?id=160123
699
700         Reviewed by Simon Fraser.
701
702         No change in functionality.
703
704         * rendering/RenderTable.cpp:
705         (WebCore::RenderTable::tableStartBorderAdjoiningCell):
706         (WebCore::RenderTable::tableEndBorderAdjoiningCell):
707         * rendering/RenderTable.h:
708         * rendering/RenderTableCell.cpp:
709         (WebCore::RenderTableCell::computeCollapsedStartBorder):
710         (WebCore::RenderTableCell::computeCollapsedEndBorder):
711         * rendering/RenderTableCell.h:
712         (WebCore::RenderTableCell::borderAdjoiningCellBefore):
713         (WebCore::RenderTableCell::borderAdjoiningCellAfter):
714         * rendering/RenderTableCol.cpp:
715         (WebCore::RenderTableCol::borderAdjoiningCellStartBorder):
716         (WebCore::RenderTableCol::borderAdjoiningCellEndBorder):
717         (WebCore::RenderTableCol::borderAdjoiningCellBefore):
718         (WebCore::RenderTableCol::borderAdjoiningCellAfter):
719         * rendering/RenderTableCol.h:
720         * rendering/RenderTableRow.cpp:
721         (WebCore::RenderTableRow::borderAdjoiningStartCell):
722         (WebCore::RenderTableRow::borderAdjoiningEndCell):
723         * rendering/RenderTableRow.h:
724         * rendering/RenderTableSection.cpp:
725         (WebCore::RenderTableSection::borderAdjoiningStartCell):
726         (WebCore::RenderTableSection::borderAdjoiningEndCell):
727         * rendering/RenderTableSection.h:
728
729 2016-07-23  Zalan Bujtas  <zalan@apple.com>
730
731         Remove unused enum and stale comment from RenderObject.
732         https://bugs.webkit.org/show_bug.cgi?id=160122
733
734         Reviewed by Simon Fraser.
735
736         No change in functionality.
737
738         * rendering/RenderBox.h:
739
740 2016-07-23  Carlos Garcia Campos  <cgarcia@igalia.com>
741
742         [Coordinated Graphics] Lots of flaky tests
743         https://bugs.webkit.org/show_bug.cgi?id=160118
744
745         Reviewed by Michael Catanzaro.
746
747         Since the GTK+ ported to threaded compositor (coordinated graphics) there are a lot of flaky tests in the
748         bots. In manu of the cases the diff shows a different size in the FrameView layer.
749
750         This happens for tests run in the same WTR after fast/fixed-layout/fixed-layout.html. This is what happens:
751
752          1.- Test fast/fixed-layout/fixed-layout.html runs and sets fixed layout to true and fixed layout size to 400x400
753          2.- When it finishes TestController::resetStateToConsistentValues() is called.
754          3.- Blank URL is loaded after state has been updated
755          4.- Then Reset message is handled in the web process and Internals::resetToConsistentState() resets the fixed
756              layout state and size.
757          5.- onresize happens and the handler set in fast/fixed-layout/fixed-layout.html is invoked setting the fixed
758              layout to true and size to 400x400 again.
759          6.- about_blank is then loaded with the fixed layout enabled, as well as other tests after this one.
760
761         In addition to this, coordinated graphics uses a fixedVisibleContentRect in ScrollView that is never reset.
762
763         * platform/ScrollView.cpp:
764         (WebCore::ScrollView::unscaledVisibleContentSizeIncludingObscuredArea): Only use m_fixedVisibleContentRect when
765         fixed layout is enabled.
766         (WebCore::ScrollView::unscaledUnobscuredVisibleContentSize): Ditto.
767         (WebCore::ScrollView::visibleContentRectInternal): Ditto.
768         * testing/Internals.cpp:
769         (WebCore::Internals::resetToConsistentState): Reset also the m_fixedVisibleContentRect.
770
771 2016-07-23  Carlos Garcia Campos  <cgarcia@igalia.com>
772
773         [Coordinated Graphics] Test imported/blink/svg/custom/svg-image-layers-crash.html crashes
774         https://bugs.webkit.org/show_bug.cgi?id=160078
775
776         Reviewed by Michael Catanzaro.
777
778         This is a merge of Blink r155373.
779         https://chromiumcodereview.appspot.com/20789004
780
781         Disable accelerated compositing for SVGImage content layers. SVGImageChromeClient does not support it.
782
783         Fixes imported/blink/svg/custom/svg-image-layers-crash.html.
784
785         * svg/graphics/SVGImage.cpp:
786         (WebCore::SVGImage::dataChanged):
787
788 2016-07-23  Commit Queue  <commit-queue@webkit.org>
789
790         Unreviewed, rolling out r203641.
791         https://bugs.webkit.org/show_bug.cgi?id=160116
792
793         It broke make-based builds (Requested by youenn on #webkit).
794
795         Reverted changeset:
796
797         "[Fetch API] Request should be created with any HeadersInit
798         data"
799         https://bugs.webkit.org/show_bug.cgi?id=159672
800         http://trac.webkit.org/changeset/203641
801
802 2016-07-23  Youenn Fablet  <youenn@apple.com>
803
804         [Fetch API] Request should be created with any HeadersInit data
805         https://bugs.webkit.org/show_bug.cgi?id=159672
806
807         Reviewed by Sam Weinig.
808
809         Made Request use JSBuiltinConstructor.
810         This allows initializing newly created Request with a JS built-in function, initializeFetchRequest.
811         initializeFetchRequest can call @fillFetchHeaders internal built-in to handle any HeadersInit data.
812         Future effort should be made to migrate more initialization code in initializeFetchRequest.
813
814         Made window and worker fetch function as a JS built-in.
815         This becomes more handy as these new functions can construct the Request object.
816         They can then call a single private function that takes a Request object as input.
817         Updated DOMWindowFetch and WorkerGlobalScopeFetch code accordingly.
818
819         To enable this, the binding generator is updated to support runtime-enabled JS built-in functions and
820         private functions atttached to global objects.
821
822         Covered by existing and modified tests.
823         Binding generator test covered by updated binding tests.
824
825         * CMakeLists.txt: Adding DOMWindowFetch.js, FetchRequest.js and WorkerGlobalScopeFetch.js built-in files.
826         * DerivedSources.make: Ditto.
827         * Modules/fetch/DOMWindowFetch.cpp: Removed overloaded fetch and updated according new signature.
828         (WebCore::DOMWindowFetch::fetch):
829         * Modules/fetch/DOMWindowFetch.h: Ditto.
830         * Modules/fetch/DOMWindowFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
831         * Modules/fetch/DOMWindowFetch.js: Added.
832         (fetch):
833         * Modules/fetch/FetchHeaders.h:
834         (WebCore::FetchHeaders::setGuard): Used by FetchRequest when initializing headers.
835         * Modules/fetch/FetchRequest.cpp: 
836         (WebCore::buildHeaders): Removed as implemented in JS.
837         (WebCore::FetchRequest::initializeOptions): Added to handle most of the dictionary initialization.
838         (WebCore::FetchRequest::initializeWith): Method called from built-in constructor function.
839         (WebCore::FetchRequest::setBody): Corresponding to @setBody private method.
840         (WebCore::buildBody): Deleted.
841         * Modules/fetch/FetchRequest.h:
842         * Modules/fetch/FetchRequest.idl:
843         * Modules/fetch/FetchRequest.js: Added.
844         (initializeFetchRequest): Implements fetch Request(input, init) constructor.
845         * Modules/fetch/FetchResponse.cpp:
846         (WebCore::FetchResponse::fetch): Removed the construction of FetchRequest in fetch method since it is done by JS built-in code.
847         * Modules/fetch/FetchResponse.h:
848         * Modules/fetch/WorkerGlobalScopeFetch.cpp: Removed overloaded fetch and updated according new signature.
849         (WebCore::WorkerGlobalScopeFetch::fetch):
850         * Modules/fetch/WorkerGlobalScopeFetch.h: Ditto.
851         * Modules/fetch/WorkerGlobalScopeFetch.idl: Making fetch a JS built-in and adding a @fetchRequest private function.
852         * Modules/fetch/WorkerGlobalScopeFetch.js: Added.
853         (fetch):
854         * bindings/js/WebCoreBuiltinNames.h: Adding fetchRequest, setBody and Request private identifiers.
855         * bindings/scripts/CodeGenerator.pm:
856         (WK_lcfirst): Replacing dOM by dom.
857         * bindings/scripts/CodeGeneratorJS.pm:
858         (GenerateImplementation): Adding support for runtime-enabled built-in methods and private methods.
859         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
860         (WebCore::JSTestGlobalObject::finishCreation):
861         (WebCore::jsTestGlobalObjectInstanceFunctionTestPrivateFunction):
862         * bindings/scripts/test/ObjC/DOMTestGlobalObject.mm:
863         (-[DOMTestGlobalObject testJSBuiltinFunction]):
864         * bindings/scripts/test/TestGlobalObject.idl: Adding tests for runtime-enabled global built-in methods and private methods.
865
866 2016-07-23  Frederic Wang  <fwang@igalia.com>
867
868         Reset font-style on the <math> element
869         https://bugs.webkit.org/show_bug.cgi?id=160074
870
871         Reviewed by Darin Adler.
872
873         Mathematical formulas with italic font-style render poorly (slanted operators, mathvariant
874         italic etc). We align on Gecko and make the user agent stylesheet reset the font-style to
875         'normal' by default. This addresses the concrete use case of formula inside theorem or
876         proposition statements, which are often written in italic.
877
878         Test: mathml/presentation/math-font-style.html
879
880         * css/mathml.css:
881         (math): Reset the font-style to normal.
882
883 2016-07-23  Frederic Wang  <fwang@igalia.com>
884
885         [MathML] PaintInfo state is not properly restored after applyTransform.
886         https://bugs.webkit.org/show_bug.cgi?id=160077
887
888         Reviewed by Simon Fraser.
889
890         PaintInfo::applyTransform modifies PaintInfo::rect and the original state is not properly
891         restored by GraphicsContextStateSaver. To avoid some weird rendering bugs in MathOperator
892         and RenderMathMLMenclose, we follow what is done in SVG renderers and make a copy of the
893         original PaintInfo before applying the transform.
894
895         Test: mathml/presentation/bug160077.html
896
897         * rendering/mathml/MathOperator.cpp:
898         (WebCore::MathOperator::paint):
899         * rendering/mathml/RenderMathMLMenclose.cpp:
900         (WebCore::RenderMathMLMenclose::paint):
901
902 2016-07-23  Youenn Fablet  <youenn@apple.com>
903
904         [Fetch API] Fetch response stream should enqueue Uint8Array
905         https://bugs.webkit.org/show_bug.cgi?id=160083
906
907         Reviewed by Sam Weinig.
908
909         Covered by updated tests.
910
911         Before enqueuing, ReadableStreamController::enqueue will convert ArrayBuffer as Uint8Array.
912         It also returns a boolean whether the operation is successful or not.
913
914         If returned value is false, calling code will stop loading or if everything is loaded it will refrain from closing the stream.
915         The enqueuing should be succesful except in OutOfMemory cases. This case is not yet handled in test cases.
916
917         Updated the code to remove templated enqueuing as Fetch has no use of it.
918
919         * Modules/fetch/FetchBody.cpp:
920         (WebCore::FetchBody::consumeAsStream): Do not close the stream if enqueuing failed.
921         * Modules/fetch/FetchBodyOwner.cpp:
922         (WebCore::FetchBodyOwner::blobChunk): Stop blob loading if enqueuing failed.
923         * Modules/fetch/FetchResponse.cpp:
924         (WebCore::FetchResponse::BodyLoader::didReceiveData): Stop resource loading if enqueuing failed.
925         (WebCore::FetchResponse::consumeBodyAsStream): Ditto.
926         * Modules/fetch/FetchResponseSource.h:
927         * bindings/js/ReadableStreamController.h:
928         (WebCore::ReadableStreamController::enqueue):
929         (WebCore::ReadableStreamController::enqueue<RefPtr<JSC::ArrayBuffer>>): Deleted.
930
931 2016-07-22  Youenn Fablet  <youenn@apple.com>
932
933         Use a private property to implement FetchResponse.body getter
934         https://bugs.webkit.org/show_bug.cgi?id=159808
935
936         Reviewed by Sam Weinig.
937
938         Covered by existing test sets.
939
940         Previously, body was handled as a CachedAttribute.
941         Using a private property will allow direct use of this property from JS built-ins which will allow easier
942         handling of ReadableStream cloning in Response.clone.
943         Also, this allows removing some binding custom code.
944
945         Updated redirect and error static methods to take NewObject keyword, as this removes a search into cached wrappers.
946         Ditto for createReadableStreamSource.
947
948         * CMakeLists.txt: Removing JSFetchResponseCustom.cpp.
949         * Modules/fetch/FetchResponse.idl: Adding createReadableStreamSource and isDisturbed private functions.
950         Making body getter a JSBuiltin.
951         * Modules/fetch/FetchResponse.js:
952         (body): Adding getter which will call createReadableStreamSource if needed.
953         * WebCore.xcodeproj/project.pbxproj: Removing JSFetchResponseCustom.cpp.
954         * bindings/js/JSFetchResponseCustom.cpp: Removed.
955         * bindings/js/ReadableStreamController.cpp:
956         (WebCore::createReadableStream): Deleted.
957         (WebCore::getReadableStreamReader): Deleted.
958         * bindings/js/ReadableStreamController.h: Removing unneeded ReadableStream helper routine now that they can be
959         handled within JS built-in code.
960         * bindings/js/WebCoreBuiltinNames.h: Adding @createReadableStreamSource, @isDisturbed  and @Response identifiers.
961
962 2016-07-22  Zalan Bujtas  <zalan@apple.com>
963
964         Handle cases when IOSurface initialization fails.
965         https://bugs.webkit.org/show_bug.cgi?id=160006
966         <rdar://problem/27495102>
967
968         Reviewed by Tim Horton and Simon Fraser.
969
970         This is an additional fix to r203514 to check if IOSurface initialization was successful.
971
972         Unable to test.
973
974         * platform/graphics/cg/ImageBufferCG.cpp:
975         (WebCore::ImageBuffer::ImageBuffer):
976         * platform/graphics/cocoa/IOSurface.h: Merge 2 c'tors.
977         * platform/graphics/cocoa/IOSurface.mm: Remove redundant IOSurface::create() code.  
978         (WebCore::IOSurface::create):
979         (WebCore::IOSurface::createFromImage):
980         (WebCore::IOSurface::IOSurface):
981         (WebCore::IOSurface::convertToFormat):
982
983 2016-07-22  Wenson Hsieh  <wenson_hsieh@apple.com>
984
985         Media controls should be displayed for media in media documents
986         https://bugs.webkit.org/show_bug.cgi?id=160104
987         <rdar://problem/27438936>
988
989         Reviewed by Myles C. Maxfield.
990
991         Make videos that would otherwise not have been large enough or have the right
992         aspect ratio cause media controls to appear. This is because media elements in
993         a media document are implied to be main content.
994
995         Added a new API test.
996
997         * html/MediaElementSession.cpp:
998         (WebCore::MediaElementSession::canControlControlsManager):
999
1000 2016-07-22  Myles C. Maxfield  <mmaxfield@apple.com>
1001
1002         All dancers with bunny ears are female
1003         https://bugs.webkit.org/show_bug.cgi?id=160102
1004         <rdar://problem/27453479>
1005
1006         Reviewed by Simon Fraser.
1007
1008         In r203330 I added support for new emoji group candidates. I accidentally
1009         missed one of the new emoji code points.
1010
1011         Tests: editing/deleting/delete-emoji.html:
1012                fast/text/emoji-gender-2-9.html:
1013                fast/text/emoji-gender-9.html:
1014                fast/text/emoji-gender-fe0f-9.html:
1015
1016         * platform/text/CharacterProperties.h:
1017         (WebCore::isEmojiGroupCandidate):
1018
1019 2016-07-22  Chris Dumez  <cdumez@apple.com>
1020
1021         Parameter to HTMLCollection.item() / namedItem() should be mandatory
1022         https://bugs.webkit.org/show_bug.cgi?id=160099
1023
1024         Reviewed by Sam Weinig.
1025
1026         Parameter to HTMLCollection.item() / namedItem() should be mandatory:
1027         - https://dom.spec.whatwg.org/#interface-htmlcollection
1028         - https://html.spec.whatwg.org/multipage/infrastructure.html#htmlformcontrolscollection
1029         - https://html.spec.whatwg.org/multipage/infrastructure.html#the-htmloptionscollection-interface
1030
1031         Firefox and Chrome agree with the specification.
1032
1033         No new tests, rebaselined existing tests.
1034
1035         * bindings/js/JSHTMLFormControlsCollectionCustom.cpp:
1036         (WebCore::JSHTMLFormControlsCollection::namedItem):
1037         * html/HTMLCollection.idl:
1038         * html/HTMLFormControlsCollection.idl:
1039         * html/HTMLOptionsCollection.idl:
1040
1041 2016-07-22  Chris Dumez  <cdumez@apple.com>
1042
1043         First parameter to Window.getComputedStyle() should be mandatory and non-nullable
1044         https://bugs.webkit.org/show_bug.cgi?id=160097
1045
1046         Reviewed by Ryosuke Niwa.
1047
1048         First parameter to Window.getComputedStyle() should be mandatory and
1049         non-nullable:
1050         - https://drafts.csswg.org/cssom/#extensions-to-the-window-interface
1051
1052         Firefox and Chrome agree with the specification.
1053
1054         Test: fast/dom/Window/getComputedStyle-missing-parameter.html
1055
1056         * css/CSSComputedStyleDeclaration.cpp:
1057         (WebCore::ComputedStyleExtractor::ComputedStyleExtractor):
1058         (WebCore::CSSComputedStyleDeclaration::CSSComputedStyleDeclaration):
1059         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
1060         (WebCore::CSSComputedStyleDeclaration::copyProperties):
1061         (WebCore::CSSComputedStyleDeclaration::length):
1062         (WebCore::CSSComputedStyleDeclaration::item):
1063         (WebCore::CSSComputedStyleDeclaration::getPropertyValue):
1064         * css/CSSComputedStyleDeclaration.h:
1065         * dom/Document.idl:
1066         * inspector/InspectorCSSAgent.cpp:
1067         (WebCore::InspectorCSSAgent::getComputedStyleForNode):
1068         * page/DOMWindow.cpp:
1069         (WebCore::DOMWindow::getComputedStyle):
1070         * page/DOMWindow.h:
1071         * page/DOMWindow.idl:
1072         * testing/Internals.cpp:
1073         (WebCore::Internals::computedStyleIncludingVisitedInfo):
1074         * testing/Internals.h:
1075         * testing/Internals.idl:
1076
1077 2016-07-22  Brady Eidson  <beidson@apple.com>
1078
1079         Removing IndexedDatabases that have stored blobs doesn't remove the blob files.
1080         https://bugs.webkit.org/show_bug.cgi?id=160089
1081
1082         Reviewed by Darin Adler.
1083
1084         Tested by API test IndexedDB.StoreBlobThenDelete.
1085
1086         Blob filenames exist in the IDB directory with the name "[0-9]+.blob".
1087         
1088         That is, one or more digits, followed by ".blob".
1089         
1090         So when we delete an IndexedDB.sqlite3 and related files, we should delete those blob files as well.
1091         
1092         * Modules/indexeddb/server/IDBServer.cpp:
1093         (WebCore::IDBServer::removeAllDatabasesForOriginPath):
1094
1095 2016-07-22  Chris Dumez  <cdumez@apple.com>
1096
1097         Fix default parameter values for window.alert() / prompt() / confirm()
1098         https://bugs.webkit.org/show_bug.cgi?id=160085
1099
1100         Reviewed by Ryosuke Niwa.
1101
1102         Fix default parameter values for window.alert() / prompt() / confirm() to
1103         match the specification:
1104         - https://html.spec.whatwg.org/multipage/browsers.html#the-window-object
1105
1106         They should default to the empty string, not the string "undefined".
1107
1108         Firefox and chrome agree with the specification.
1109
1110         No new tests, updated existing test.
1111
1112         * page/DOMWindow.h:
1113         * page/DOMWindow.idl:
1114
1115 2016-07-22  Daniel Bates  <dabates@apple.com>
1116
1117         CSP: object-src and plugin-types directives are not respected for plugin replacements
1118         https://bugs.webkit.org/show_bug.cgi?id=159761
1119         <rdar://problem/27365724>
1120
1121         Reviewed by Brent Fulgham.
1122
1123         Apply the Content Security Policy (CSP) object-src and plugin-types directives to content that will
1124         load with a plugin replacement.
1125
1126         Tests: security/contentSecurityPolicy/object-src-none-blocks-quicktime-plugin-replacement.html
1127                security/contentSecurityPolicy/object-src-none-blocks-youtube-plugin-replacement.html
1128                security/contentSecurityPolicy/plugins-types-allows-quicktime-plugin-replacement.html
1129                security/contentSecurityPolicy/plugins-types-allows-youtube-plugin-replacement.html
1130                security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement-without-mime-type.html
1131                security/contentSecurityPolicy/plugins-types-blocks-quicktime-plugin-replacement.html
1132                security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement-without-mime-type.html
1133                security/contentSecurityPolicy/plugins-types-blocks-youtube-plugin-replacement.html
1134
1135         * html/HTMLPlugInImageElement.cpp:
1136         (WebCore::HTMLPlugInImageElement::allowedToLoadPluginContent): Added.
1137         (WebCore::HTMLPlugInImageElement::requestObject): Only request loading plugin content if we
1138         are allowed to load such content.
1139         * html/HTMLPlugInImageElement.h:
1140         * loader/SubframeLoader.cpp:
1141         (WebCore::SubframeLoader::pluginIsLoadable): Removed code to check CSP as we will check CSP
1142         earlier in HTMLPlugInImageElement::requestObject().
1143         (WebCore::SubframeLoader::requestPlugin): Ditto.
1144         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy): Deleted; moved implementation
1145         to HTMLPlugInImageElement::allowedToLoadPluginContent().
1146         (WebCore::SubframeLoader::requestObject): Deleted.
1147         * loader/SubframeLoader.h:
1148         * page/csp/ContentSecurityPolicy.cpp:
1149         (WebCore::ContentSecurityPolicy::upgradeInsecureRequestIfNeeded): Changed signature from a non-const
1150         function to a const function since these functions do not modify |this|.
1151         * page/csp/ContentSecurityPolicy.h: 
1152
1153 2016-07-22  Chris Dumez  <cdumez@apple.com>
1154
1155         Parameters to Node.replaceChild() / insertBefore() should be mandatory
1156         https://bugs.webkit.org/show_bug.cgi?id=160091
1157
1158         Reviewed by Darin Adler.
1159
1160         Parameters to Node.replaceChild() / insertBefore() should be mandatory:
1161         - https://dom.spec.whatwg.org/#node
1162
1163         The compatibility risk should be low since Firefox and Chrome both agree
1164         with the specification and because it does not make much sense to omit
1165         parameters when using this API.
1166
1167         No new tests, rebaselined existing tests.
1168
1169         * bindings/js/JSNodeCustom.cpp:
1170         (WebCore::JSNode::insertBefore):
1171         (WebCore::JSNode::replaceChild):
1172
1173 2016-07-22  Chris Dumez  <cdumez@apple.com>
1174
1175         Parameter to Node.contains() should be mandatory
1176         https://bugs.webkit.org/show_bug.cgi?id=160084
1177
1178         Reviewed by Darin Adler.
1179
1180         Parameter to Node.contains() should be mandatory as per the
1181         specification:
1182         - https://dom.spec.whatwg.org/#node
1183
1184         The compatibility risk should be low because both Firefox and Chrome
1185         both agree with the specification. Also, it does not make much sense
1186         to call this API without parameter.
1187
1188         No new tests, rebaselined existing tests.
1189
1190         * dom/Node.idl:
1191
1192 2016-07-22  Said Abou-Hallawa  <sabouhallawa@apple.com>
1193
1194         [iOS] REGRESSION(203378): PDFDocumentImage::updateCachedImageIfNeeded() uses the unscaled size when deciding whether to cache the PDF image
1195         https://bugs.webkit.org/show_bug.cgi?id=159933
1196
1197         Reviewed by Simon Fraser.
1198
1199         We need to use the scaled size when deciding whether to cache the PDF image
1200         or not. This is because ImageBuffer takes the display resolution into account
1201         which gives higher resolution for the image when zooming.
1202
1203         * platform/graphics/cg/PDFDocumentImage.cpp:
1204         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
1205
1206 2016-07-22  Chris Dumez  <cdumez@apple.com>
1207
1208         First parameter to getElementById() should be mandatory
1209         https://bugs.webkit.org/show_bug.cgi?id=160087
1210
1211         Reviewed by Darin Adler.
1212
1213         First parameter to getElementById() should be mandatory:
1214         - https://dom.spec.whatwg.org/#nonelementparentnode
1215         - https://www.w3.org/TR/SVG/struct.html#InterfaceSVGSVGElement
1216
1217         Both Firefox and Chrome agree with the specification.
1218
1219         Test: svg/dom/SVGSVGElement-getElementById.html
1220
1221         * dom/NonElementParentNode.idl:
1222         * svg/SVGSVGElement.idl:
1223
1224 2016-07-22  Chris Dumez  <cdumez@apple.com>
1225
1226         Parameter to Node.lookupPrefix() / lookupNamespaceURI() / isDefaultNamespace() should be mandatory
1227         https://bugs.webkit.org/show_bug.cgi?id=160086
1228
1229         Reviewed by Darin Adler.
1230
1231         Parameter to Node.lookupPrefix() / lookupNamespaceURI() / isDefaultNamespace()
1232         should be mandatory:
1233         - https://dom.spec.whatwg.org/#node
1234
1235         Firefox and Chrome both agree with the specification.
1236
1237         No new tests, rebaselined existing tests.
1238
1239         * dom/Node.idl:
1240
1241 2016-07-22  Chris Dumez  <cdumez@apple.com>
1242
1243         Parameter to Node.compareDocumentPosition() should be mandatory and non-nullable
1244         https://bugs.webkit.org/show_bug.cgi?id=160071
1245
1246         Reviewed by Ryosuke Niwa.
1247
1248         
1249         Parameter to Node.compareDocumentPosition() should be mandatory and
1250         non-nullable:
1251         - https://dom.spec.whatwg.org/#interface-node
1252
1253         Firefox and Chrome agree with the specification so the compatibility
1254         risk should be low. Also, it does not make much sense to call this
1255         operation without parameter.
1256
1257         No new tests, rebaselined existing tests.
1258
1259         * accessibility/AccessibilityObject.cpp:
1260         (WebCore::rangeClosestToRange):
1261         * dom/AuthorStyleSheets.cpp:
1262         (WebCore::AuthorStyleSheets::addStyleSheetCandidateNode):
1263         * dom/Node.cpp:
1264         (WebCore::compareDetachedElementsPosition):
1265         (WebCore::Node::compareDocumentPosition):
1266         * dom/Node.h:
1267         * dom/Node.idl:
1268         * dom/Position.h:
1269         (WebCore::operator<):
1270         * html/HTMLFormElement.cpp:
1271         (WebCore::HTMLFormElement::formElementIndexWithFormAttribute):
1272         (WebCore::HTMLFormElement::formElementIndex):
1273         * rendering/RenderNamedFlowThread.cpp:
1274         (WebCore::RenderNamedFlowThread::nextRendererForElement):
1275         (WebCore::compareRenderNamedFlowFragments):
1276         (WebCore::RenderNamedFlowThread::registerNamedFlowContentElement):
1277
1278 2016-07-22  Konstantin Tokarev  <annulen@yandex.ru>
1279
1280         [cmake] Removed obsolete plugins/win directory
1281         https://bugs.webkit.org/show_bug.cgi?id=160081
1282
1283         Reviewed by Per Arne Vollan.
1284
1285         It was removed in r178219.
1286
1287         No new tests needed.
1288
1289         * PlatformWin.cmake:
1290
1291 2016-07-22  Youenn Fablet  <youenn@apple.com>
1292
1293         run-builtins-generator-tests should be able to test WebCore builtins wrapper with more than one file
1294         https://bugs.webkit.org/show_bug.cgi?id=159921
1295
1296         Reviewed by Brian Burg.
1297
1298         Covered by existing and added built-ins tests.
1299
1300         Updating built system according ---wrappers-only new meaning.
1301         builtin generator is now called for each individual built-in file plus once for WebCore wrapper files.
1302         WebCore wrapper files allow handling things like conditionally guarded features.
1303         They also remove the need to use built-ins macros outside generated code.
1304
1305         * CMakeLists.txt:
1306         * DerivedSources.make:
1307
1308 2016-07-21  Frederic Wang  <fwang@igalia.com>
1309
1310         Move parsing of accentunder and accent attributes from renderer to element classes
1311         https://bugs.webkit.org/show_bug.cgi?id=159625
1312
1313         Reviewed by Brent Fulgham.
1314
1315         We introduce a new MathMLUnderOverElement that is used for elements munder, mover and
1316         munderover in order to create RenderMathMLUnderOver and parse and expose the values of the
1317         accent and accentunder attributes. This is one more step toward moving MathML attribute
1318         parsing to the DOM (bug 156536). We also do minor clean-up for this and previous renderer
1319         classes that no longer do attribute parsing: the MathMLNames namespace is no longer necessary
1320         and constructors can take a more accurate element type.
1321
1322         No new tests, already covered by existing test.
1323
1324         * CMakeLists.txt: Add MathMLUnderOverElement files.
1325         * WebCore.xcodeproj/project.pbxproj: Ditto.
1326         * mathml/MathMLAllInOne.cpp: Ditto.
1327         * mathml/MathMLElement.cpp:
1328         (WebCore::MathMLElement::cachedBooleanAttribute): Add parsing of boolean attributes.
1329         * mathml/MathMLElement.h: New type and helper functions for boolean attributes.
1330         * mathml/MathMLInlineContainerElement.cpp:
1331         (WebCore::MathMLInlineContainerElement::createElementRenderer): Remove handling of
1332         under/over/underover elements.
1333         * mathml/MathMLScriptsElement.cpp:
1334         (WebCore::MathMLScriptsElement::MathMLScriptsElement): Remove inline keyword to avoid link
1335         errors now that MathMLUnderOverElement overrides that class.
1336         * mathml/MathMLScriptsElement.h: Allow MathMLUnderOverElement to override this class.
1337         * mathml/MathMLUnderOverElement.cpp:
1338         (WebCore::MathMLUnderOverElement::MathMLUnderOverElement):
1339         (WebCore::MathMLUnderOverElement::create):
1340         (WebCore::MathMLUnderOverElement::accent): Helper function to access the accent value.
1341         (WebCore::MathMLUnderOverElement::accentUnder): Helper function to access the accentunder value.
1342         (WebCore::MathMLUnderOverElement::parseAttribute): Make accent and accentunder dirty.
1343         (WebCore::MathMLUnderOverElement::createElementRenderer): Create RenderMathMLUnderOver
1344         * mathml/MathMLUnderOverElement.h:
1345         * mathml/mathtags.in: Map under/over/underover to MathMLUnderOverElement.
1346         * rendering/mathml/RenderMathMLFraction.cpp: Remove MathMLNames and make the constructor
1347         take a MathMLFractionElement.
1348         (WebCore::RenderMathMLFraction::RenderMathMLFraction):
1349         * rendering/mathml/RenderMathMLFraction.h:
1350         * rendering/mathml/RenderMathMLPadded.cpp: Remove MathMLNames and make the constructor
1351         take a MathMLPaddedElement.
1352         (WebCore::RenderMathMLPadded::RenderMathMLPadded):
1353         * rendering/mathml/RenderMathMLPadded.h:
1354         * rendering/mathml/RenderMathMLScripts.cpp: Remove MathMLNames and make the constructor
1355         take a MathMLScriptsElement. Also rename scriptsElement() to element().
1356         (WebCore::RenderMathMLScripts::RenderMathMLScripts):
1357         (WebCore::RenderMathMLScripts::element):
1358         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
1359         (WebCore::RenderMathMLScripts::scriptsElement): Deleted.
1360         * rendering/mathml/RenderMathMLScripts.h:
1361         * rendering/mathml/RenderMathMLUnderOver.cpp: Remove MathMLNames and make the constructor
1362         take a RenderMathMLUnderOver.
1363         (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver):
1364         (WebCore::RenderMathMLUnderOver::element):
1365         (WebCore::RenderMathMLUnderOver::hasAccent): Use the helper functions for accent and accentunder.
1366         * rendering/mathml/RenderMathMLUnderOver.h:
1367
1368 2016-07-21  Chris Dumez  <cdumez@apple.com>
1369
1370         Parameter to Node.isSameNode() / isEqualNode() should be mandatory
1371         https://bugs.webkit.org/show_bug.cgi?id=160070
1372
1373         Reviewed by Ryosuke Niwa.
1374
1375         Parameter to Node.isSameNode() / isEqualNode() should be mandatory as
1376         per the specification:
1377         - https://dom.spec.whatwg.org/#interface-node
1378
1379         Chrome and Firefox agree with the specification (although Firefox does
1380         not support isSameNode()).
1381
1382         No new tests, rebaselined existing tests.
1383
1384         * dom/Node.idl:
1385
1386 2016-07-21  Chris Dumez  <cdumez@apple.com>
1387
1388         Parameter to Document.createEvent() should be mandatory
1389         https://bugs.webkit.org/show_bug.cgi?id=160065
1390
1391         Reviewed by Darin Adler.
1392
1393         Parameter to Document.createEvent() should be mandatory as per the
1394         specification:
1395         - https://dom.spec.whatwg.org/#document
1396
1397         We already throw anyway when the parameter is omitted because we use
1398         "undefined" as event type, which is invalid. However, we throw the
1399         wrong exception.
1400
1401         Firefox and Chrome agree with the specification here.
1402
1403         No new tests, rebaselined existing tests.
1404
1405         * dom/Document.idl:
1406
1407 2016-07-21  Brian Burg  <bburg@apple.com>
1408
1409         REGRESSION(r62549): Objective-C DOM bindings sometimes fail to regenerate when CodeGenerator.pm is modified
1410         https://bugs.webkit.org/show_bug.cgi?id=160031
1411
1412         Reviewed by Darin Adler.
1413
1414         This bug was caused by a refactoring 6 years ago. Not all uses of a variable
1415         were renamed, so the ObjC bindings target pattern was not specifying any
1416         build scripts as target dependencies.
1417
1418         * DerivedSources.make: Standardize on {COMMON,JS,DOM}_BINDINGS_SCRIPTS.
1419
1420 2016-07-21  Darin Adler  <darin@apple.com>
1421
1422         Remove unneeded content attribute name "playsinline"
1423         https://bugs.webkit.org/show_bug.cgi?id=160069
1424
1425         Reviewed by Chris Dumez.
1426
1427         * html/HTMLVideoElement.idl: Removed explicit content attribute name on Reflect
1428         attribute since it is the same as the name that the code generator will generate.
1429
1430 2016-07-21  Chris Dumez  <cdumez@apple.com>
1431
1432         Make parameters to Element.getElementsBy*() operations mandatory
1433         https://bugs.webkit.org/show_bug.cgi?id=160060
1434
1435         Reviewed by Darin Adler.
1436
1437         Make parameters to Element.getElementsBy*() operations mandatory to
1438         match the specification:
1439         - https://dom.spec.whatwg.org/#interface-element
1440
1441         Firefox and Chrome agree with the specification so the compatibility
1442         risk should be low.
1443
1444         It makes very little sense to call these operations without parameter,
1445         especially considering WebKit uses the string "undefined" if the
1446         parameter is omitted.
1447
1448         No new tests, rebaselined existing tests.
1449
1450         * dom/Element.idl:
1451
1452 2016-07-21  Chris Dumez  <cdumez@apple.com>
1453
1454         Make parameters mandatory for attribute-related API on Element
1455         https://bugs.webkit.org/show_bug.cgi?id=160059
1456
1457         Reviewed by Ryosuke Niwa.
1458
1459         Make parameters mandatory for attribute-related API on Element to match
1460         the specification:
1461         - https://dom.spec.whatwg.org/#element
1462
1463         Firefox and Chrome agree with the specification. Calling this API
1464         without the parameters does not make much sense, especially considering
1465         WebKit uses the string "undefined" when the parameter is omitted.
1466
1467         No new tests, rebaselined existing tests.
1468
1469         * dom/Element.idl:
1470
1471 2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>
1472
1473         Remove support for deprecated SPI inlineMediaPlaybackRequiresPlaysInlineAttribute
1474         https://bugs.webkit.org/show_bug.cgi?id=160066
1475
1476         Reviewed by Dean Jackson.
1477
1478         r203520 deprecated inlineMediaPlaybackRequiresPlaysInlineAttribute in favor of
1479         allowsInlineMediaPlaybackWithPlaysInlineAttribute and
1480         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute. The old
1481         inlineMediaPlaybackRequiresPlaysInlineAttribute is SPI and was never released
1482         to the public. Therefore, it can be removed safely.
1483
1484         No new tests because there is no behavior change.
1485
1486         * page/Settings.cpp:
1487         * page/Settings.in:
1488         * testing/InternalSettings.cpp:
1489         (WebCore::InternalSettings::Backup::Backup): Deleted.
1490         (WebCore::InternalSettings::Backup::restoreTo): Deleted.
1491         (WebCore::InternalSettings::setInlineMediaPlaybackRequiresPlaysInlineAttribute): Deleted.
1492         * testing/InternalSettings.h:
1493         * testing/InternalSettings.idl:
1494
1495 2016-07-21  Dean Jackson  <dino@apple.com>
1496
1497         REGRESSION (r202927): The internal size of the ImageBuffer is scaled twice by the context scaleFactor
1498         https://bugs.webkit.org/show_bug.cgi?id=159981
1499         <rdar://problem/27429465>
1500
1501         Reviewed by Myles Maxfield.
1502
1503         The change to propagate color spaces through ImageBuffers created an
1504         alternate version of createCompatibleBuffer. This version accidentally
1505         attempted to take the display resolution (i.e. hidpi) into account
1506         when creating the buffer, which meant it was being applied twice.
1507
1508         The fix is simply to remove that logic. The caller of the method
1509         will take the resolution into account, the same way they did
1510         with the old createCompatibleBuffer method.
1511
1512         Test: fast/hidpi/pdf-image-scaled.html
1513
1514         * platform/graphics/cg/ImageBufferCG.cpp:
1515         (WebCore::ImageBuffer::createCompatibleBuffer): Don't calculate
1516         a resolution - just use the value of 1.0.
1517
1518 2016-07-21  John Wilander  <wilander@apple.com>
1519
1520         Block mixed content synchronous XHR
1521         https://bugs.webkit.org/show_bug.cgi?id=105462
1522         <rdar://problem/13666424>
1523
1524         Reviewed by Brent Fulgham.
1525
1526         Test: http/tests/security/mixedContent/insecure-xhr-sync-in-main-frame.html
1527
1528         * loader/DocumentThreadableLoader.cpp:
1529         (WebCore::DocumentThreadableLoader::loadRequest):
1530
1531 2016-07-21  Chris Dumez  <cdumez@apple.com>
1532
1533         Make parameters to Document.getElementsBy*() operations mandatory
1534         https://bugs.webkit.org/show_bug.cgi?id=160050
1535
1536         Reviewed by Daniel Bates.
1537
1538         Make parameters to Document.getElementsBy*() operations mandatory to
1539         match the specification:
1540         - https://dom.spec.whatwg.org/#interface-document
1541
1542         Firefox and Chrome agree with the specification so the compatibility
1543         risk should be low.
1544
1545         It makes very little sense to call these operations without parameter,
1546         especially considering WebKit uses the string "undefined" if the
1547         parameter is omitted.
1548
1549         No new tests, rebaselined existing tests.
1550
1551         * dom/Document.idl:
1552
1553 2016-07-21  Nan Wang  <n_wang@apple.com>
1554
1555         AX: aria-label not being used correctly in accessible name calculation of heading
1556         https://bugs.webkit.org/show_bug.cgi?id=160009
1557
1558         Reviewed by Chris Fleizach.
1559
1560         Actually we are exposing the correct information for heading objects. On macOS, 
1561         VoiceOver should handle the logic that picks the right information to speak.
1562         On iOS, VoiceOver is speaking the static text child instead of the heading object.
1563         So we should set the accessibilityLabel of the static text based on the parent's 
1564         alternate label.
1565
1566         Test: accessibility/ios-simulator/heading-with-aria-label.html
1567
1568         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
1569         (-[WebAccessibilityObjectWrapper _accessibilityTraitsFromAncestors]):
1570
1571 2016-07-21  Saam Barati  <sbarati@apple.com>
1572
1573         op_add/ValueAdd should be an IC in all JIT tiers
1574         https://bugs.webkit.org/show_bug.cgi?id=159649
1575
1576         Reviewed by Benjamin Poulain.
1577
1578         * ForwardingHeaders/jit/JITMathICForwards.h: Added.
1579
1580 2016-07-21  Chris Dumez  <cdumez@apple.com>
1581
1582         Make parameters mandatory for Document.create*() operations
1583         https://bugs.webkit.org/show_bug.cgi?id=160047
1584
1585         Reviewed by Ryosuke Niwa.
1586
1587         Make parameters mandatory for Document.create*() operations:
1588         createTextNode(), createComment(), createCDataSection(),
1589         createAttribute() and createProcessingInstruction().
1590
1591         This matches the specification:
1592         - https://dom.spec.whatwg.org/#interface-document
1593
1594         Firefox and Chrome both agree with the specification so the
1595         compatibility risk should be low. Also WebKit uses the string
1596         "undefined" when the parameter is omitted, which is not very
1597         helpful.
1598
1599         No new tests, rebaselined existing tests.
1600
1601         * dom/Document.idl:
1602
1603 2016-07-21  Chris Dumez  <cdumez@apple.com>
1604
1605         Fix null handling of SVGAngle/SVGLength.valueAsString attribute
1606         https://bugs.webkit.org/show_bug.cgi?id=160025
1607
1608         Reviewed by Ryosuke Niwa.
1609
1610         Fix null handling of SVGAngle/SVGLength.valueAsString attribute
1611         to match the specification:
1612         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGAngle
1613         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGLength
1614
1615         In particular, this patch drops [TreatNullAs=EmptyString] IDL
1616         extended attribute from this attribute. This is not supposed
1617         to change behavior given that both "" and "null" are invalid
1618         numbers and the specification says to throw a SYNTAX_ERR in
1619         this case.
1620
1621         However, WebKit currently ignores assignments to "" instead
1622         of throwing. As a result, assigning to null will now throw
1623         instead of being ignored. The compatibility risk should be
1624         low because both Firefox and Chrome throw when assigning
1625         null.
1626
1627         I did not change the behavior when assigning to "" because
1628         it is a bit out of scope for this patch and browsers to not
1629         seem to agree:
1630         - Firefox throws
1631         - Chrome set value to "0"
1632         - WebKit ignores the assignment
1633
1634         The specification seems to agree with Firefox as far as I
1635         can tell given that "" is not a valid number as per:
1636         - https://www.w3.org/TR/css3-values/#numbers
1637
1638         Test: svg/dom/valueAsString-null.html
1639
1640         * svg/SVGAngle.idl:
1641         * svg/SVGLength.idl:
1642
1643 2016-07-21  Chris Dumez  <cdumez@apple.com>
1644
1645         Fix null handling of HTMLFontElement.color
1646         https://bugs.webkit.org/show_bug.cgi?id=160036
1647
1648         Reviewed by Ryosuke Niwa.
1649
1650         Fix null handling of HTMLFontElement.color to match the specification:
1651         - https://html.spec.whatwg.org/#htmlfontelement
1652
1653         We are supposed to treat null as the empty string. Both Firefox and
1654         Chrome agree with the specification.
1655
1656         No new tests, rebaselined existing tests.
1657
1658         * html/HTMLFontElement.idl:
1659
1660 2016-07-21  Chris Dumez  <cdumez@apple.com>
1661
1662         Fix null handling for several HTMLTableElement attributes
1663         https://bugs.webkit.org/show_bug.cgi?id=160041
1664
1665         Reviewed by Ryosuke Niwa.
1666
1667         Fix null handling for several HTMLTableElement attributes to match the
1668         specification:
1669         - https://html.spec.whatwg.org/#HTMLTableElement-partial
1670
1671         The attributes in question are 'bicolor', 'cellSpacing' and
1672         'cellPadding'. We are supposed to treat null as the empty string for
1673         these attributes.
1674
1675         Firefox and Chrome both agree with the specification.
1676
1677         No new tests, rebaselined existing tests.
1678
1679         * html/HTMLTableElement.idl:
1680
1681 2016-07-21  Chris Dumez  <cdumez@apple.com>
1682
1683         Fix null handling for HTMLObjectElement.border
1684         https://bugs.webkit.org/show_bug.cgi?id=160040
1685
1686         Reviewed by Ryosuke Niwa.
1687
1688         Fix null handling for HTMLObjectElement.border to match the specification:
1689         - https://html.spec.whatwg.org/#HTMLObjectElement-partial
1690
1691         We are supposed to treat null as the empty string.
1692
1693         Both Firefox and Chrome agree with the specification.
1694
1695         No new tests, rebaselined existing tests.
1696
1697         * html/HTMLObjectElement.idl:
1698
1699 2016-07-21  Chris Dumez  <cdumez@apple.com>
1700
1701         Fix null handling for td.bgColor / tr.bgColor
1702         https://bugs.webkit.org/show_bug.cgi?id=160043
1703
1704         Reviewed by Ryosuke Niwa.
1705
1706         Fix null handling for td.bgColor / tr.bgColor to match the
1707         specification:
1708         - https://html.spec.whatwg.org/#HTMLTableCellElement-partial
1709         - https://html.spec.whatwg.org/#HTMLTableRowElement-partial
1710
1711         We are supposed to treat null as the empty string.
1712
1713         Firefox and Chrome both agree with the specification.
1714
1715         No new tests, rebaselined existing tests.
1716
1717         * html/HTMLTableCellElement.idl:
1718         * html/HTMLTableRowElement.idl:
1719
1720 2016-07-21  Chris Dumez  <cdumez@apple.com>
1721
1722         Fix null handling for several HTMLBodyElement attributes
1723         https://bugs.webkit.org/show_bug.cgi?id=160044
1724
1725         Reviewed by Ryosuke Niwa.
1726
1727         Fix null handling for several HTMLBodyElement attributes to match the
1728         specification:
1729         - https://html.spec.whatwg.org/#HTMLBodyElement-partial
1730
1731         The attributes in question are: 'text', 'link', 'vlink', 'alink' and
1732         'bgcolor'.
1733
1734         We are supposed to treat null as the empty string for these attributes.
1735
1736         Firefox and Chrome both agree with the specification.
1737
1738         No new tests, rebaselined existing tests.
1739
1740         * html/HTMLBodyElement.idl:
1741
1742 2016-07-21  Chris Dumez  <cdumez@apple.com>
1743
1744         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight
1745         https://bugs.webkit.org/show_bug.cgi?id=160037
1746
1747         Reviewed by Ryosuke Niwa.
1748
1749         Fix null handling for HTMLIFrameElement.marginWidth / marginHeight to
1750         match the specification:
1751         - https://html.spec.whatwg.org/#HTMLIFrameElement-partial
1752
1753         We are supposed to treat null as the empty string. Both Firefox and
1754         Chrome agree with the specification.
1755
1756         No new tests, rebaselined existing tests.
1757
1758         * html/HTMLIFrameElement.idl:
1759
1760 2016-07-21  Chris Dumez  <cdumez@apple.com>
1761
1762         Fix null handling for HTMLImageElement.border
1763         https://bugs.webkit.org/show_bug.cgi?id=160039
1764
1765         Reviewed by Ryosuke Niwa.
1766
1767         Fix null handling for HTMLImageElement.border to match the specification:
1768         - https://html.spec.whatwg.org/#HTMLImageElement-partial
1769
1770         We are supposed to treat null as the empty string.
1771
1772         Both Firefox and Chrome agree with the specification.
1773
1774         No new tests, rebaselined existing tests.
1775
1776         * html/HTMLImageElement.idl:
1777
1778 2016-07-21  Daniel Bates  <dabates@apple.com>
1779
1780         REGRESSION: Plugin replaced YouTube Flash videos always have the same width
1781         https://bugs.webkit.org/show_bug.cgi?id=159998
1782         <rdar://problem/27462285>
1783
1784         Reviewed by Simon Fraser.
1785
1786         Fixes an issue where the width of a plugin replaced YouTube video loaded via an HTML embed
1787         element would always have the same width regardless of value of the width attribute.
1788
1789         For YouTube Flash videos the YouTube plugin replacement substitutes a shadow DOM subtree
1790         for the default renderer of an HTML embed element. The root of this shadow DOM subtree
1791         is an HTML div element. Currently we set inline styles on this <div> when it is instantiated.
1792         In particular, we set inline display and position to "inline-block" and "relative", respectively,
1793         and set an invalid height and width (we specify a font weight value instead of a CSS length value
1794         - this causes an ASSERT_NOT_REACHED() assertion failure in StyleBuilderConverter::convertLengthSizing()
1795         in a debug build). These styles never worked as intended and we ultimately created an inline
1796         renderer (ignoring display "inline-block") that had auto width and height. Instead it is sufficient
1797         to remove all these inline styles and create a RenderBlockFlow renderer for this <div> so that it
1798         renders as a block, non-replaced element to achieve the intended illusion that the <embed> is a
1799         single element.
1800
1801         * html/shadow/YouTubeEmbedShadowElement.cpp: Remove unused header HTMLEmbedElement.h and include
1802         header RenderBlockFlow.h. Also update copyright in license block.
1803         (WebCore::YouTubeEmbedShadowElement::YouTubeEmbedShadowElement): Remove inline styles as these
1804         never worked as intended.
1805         (WebCore::YouTubeEmbedShadowElement::createElementRenderer): Override; create a block-flow
1806         renderer for us so that we layout as a block, non-replaced element.
1807         * html/shadow/YouTubeEmbedShadowElement.h:
1808
1809 2016-07-21  Myles C. Maxfield  <mmaxfield@apple.com>
1810
1811         [iPhone] Playing a video on tudou.com plays only sound, no video
1812         https://bugs.webkit.org/show_bug.cgi?id=159967
1813         <rdar://problem/26964090>
1814
1815         Reviewed by Jon Lee, Jeremy Jones, and Anders Carlsson.
1816
1817         WebKit recently starting honoring the playsinline and webkit-playsinline
1818         attribute on iPhones. However, because these attributes previously did
1819         nothing, some sites (such as Todou) were setting them on their content
1820         and expecting that they are not honored. In this specific case, the
1821         video is absolutely positioned to be 1 pixel x 1 pixel.
1822
1823         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
1824         property on their WKWebView, which would honor the webkit-playsinline
1825         attribute. Safari on iPhones didn't do this.
1826
1827         In order to not break these existing apps, it's important that the
1828         allowsInlineMediaPlayback preference still allows webkit-playsinline
1829         videos to play inline in apps using WKWebView. However, in Safari, these
1830         videos should play fullscreen. (Todou videos have webkit-playsinline
1831         but not playsinline.)
1832
1833         Therefore, in Safari, videos with playsinline should be inline, but
1834         videos with webkit-playsinline should be fullscreen. In apps using
1835         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
1836         playsinline should be inline, and videos with webkit-playsinline should
1837         also be inline. Videos on iPad and Mac should all be inline by default.
1838
1839         We can create some truth tables for the cases which need to be covered:
1840
1841         All apps on Mac / iPad:
1842         Presence of playsinline | Presence of webkit-playsinline | Result
1843         ========================|================================|===========
1844         Not present             | Not present                    | Inline
1845         Present                 | Not present                    | Inline
1846         Not Present             | Present                        | Inline
1847         Present                 | Present                        | Inline
1848
1849         Safari on iPhone:
1850         Presence of playsinline | Presence of webkit-playsinline | Result
1851         ========================|================================|===========
1852         Not present             | Not present                    | Fullscreen
1853         Present                 | Not present                    | Inline
1854         Not Present             | Present                        | Fullscreen
1855         Present                 | Present                        | Inline
1856
1857         App on iPhone which sets allowsInlineMediaPlayback:
1858         Presence of playsinline | Presence of webkit-playsinline | Result
1859         ========================|================================|===========
1860         Not present             | Not present                    | Fullscreen
1861         Present                 | Not present                    | Inline
1862         Not Present             | Present                        | Inline
1863         Present                 | Present                        | Inline
1864
1865         The way to distinguish Safari from another app is to create an SPI
1866         boolean preference which Safari can set. This is already how the
1867         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
1868         which Safari sets but other apps don't. However, this preference is
1869         no longer sufficient because Safari should now be discriminating
1870         between the playsinline and webkit-playsinline attributes. Therefore,
1871         this preference should be extended to two boolean preferences, which
1872         this patch adds:
1873
1874         allowsInlineMediaPlaybackWithPlaysInlineAttribute
1875         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
1876
1877         Safari on iPhone will set
1878         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
1879         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
1880         false. Other apps on iPhone will get their defaults values (because they
1881         are SPI) which means they will both be true. On iPad and Mac, apps will
1882         use the defaults values where both are false.
1883
1884         This patch adds support for these two preferences, but does not remove
1885         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
1886         I will remove the exising preference as soon as I update Safari to migrate
1887         off of it.
1888
1889         Test: media/video-playsinline.html
1890
1891         * html/MediaElementSession.cpp:
1892         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
1893         * page/Settings.cpp:
1894         * page/Settings.in:
1895         * testing/InternalSettings.cpp:
1896         (WebCore::InternalSettings::Backup::Backup):
1897         (WebCore::InternalSettings::Backup::restoreTo):
1898         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
1899         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
1900         * testing/InternalSettings.h:
1901         * testing/InternalSettings.idl:
1902
1903 2016-07-21  Ryosuke Niwa  <rniwa@webkit.org>
1904
1905         Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
1906         https://bugs.webkit.org/show_bug.cgi?id=160011
1907
1908         Reviewed by Chris Dumez.
1909
1910         Add a null pointer check for renderer() call.
1911
1912         Unfortunately no new tests since we don't have a reproduction.
1913
1914         * editing/DeleteSelectionCommand.cpp:
1915         (WebCore::DeleteSelectionCommand::doApply):
1916
1917 2016-07-21  Chris Dumez  <cdumez@apple.com>
1918
1919         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
1920         https://bugs.webkit.org/show_bug.cgi?id=160030
1921
1922         Reviewed by Sam Weinig.
1923
1924         The 2 first parameters to DOMImplementation.createDocument() should be mandatory
1925         as per the specification:
1926         - https://dom.spec.whatwg.org/#domimplementation
1927
1928         Firefox and Chrome both agree with the specification. However, those
1929         parameters were marked as optional in WebKit. Calling this function
1930         without parameters would create a document element whose tag is the
1931         string "undefined", which does not seem helpful. This patch thus
1932         aligns our behavior with the specification and other browsers.
1933
1934         No new tests, rebaselined existing tests.
1935
1936         * dom/DOMImplementation.idl:
1937
1938 2016-07-21  Chris Dumez  <cdumez@apple.com>
1939
1940         Kill legacy valueToStringWithNullCheck() utility function
1941         https://bugs.webkit.org/show_bug.cgi?id=159991
1942
1943         Reviewed by Sam Weinig.
1944
1945         Kill legacy valueToStringWithNullCheck() utility function. Treating null as
1946         a null string is legacy behavior so drop this function so that people are
1947         not tempted to use it. We should be using either:
1948         1. JSValue::toWTFString() for non-nullable DOMStrings
1949         2. valueToStringWithUndefinedOrNullCheck() for nullable DOMStrings
1950         3. valueToStringTreatingNullAsEmptyString() for strings with [TreatNullAs=EmptyString]
1951
1952         No new tests, no web-exposed behavior change.
1953
1954         * bindings/js/JSDOMBinding.cpp:
1955         (WebCore::valueToStringWithNullCheck): Deleted.
1956         * bindings/js/JSDOMBinding.h:
1957         * bindings/js/JSHTMLFrameElementCustom.cpp:
1958         (WebCore::JSHTMLFrameElement::setLocation):
1959         * html/HTMLFrameElement.idl:
1960
1961 2016-07-21  Zalan Bujtas  <zalan@apple.com>
1962
1963         Do not keep invalid IOSurface in ImageBufferData.
1964         https://bugs.webkit.org/show_bug.cgi?id=160005
1965         <rdar://problem/27208636>
1966
1967         Reviewed by Simon Fraser.
1968
1969         When we fail to initialize the IOSurface for the accelerated context, we switch over to
1970         the non-accelerated code path. Since ImageBufferData::surface is used to indicate whether
1971         the graphics context is in accelerated mode, we need to reset it when the initialization fails.
1972
1973         Unable to create a test case.
1974
1975         * platform/graphics/cg/ImageBufferCG.cpp:
1976         (WebCore::ImageBuffer::ImageBuffer):
1977
1978 2016-07-21  Chris Dumez  <cdumez@apple.com>
1979
1980         playsInline IDL attribute has the wrong casing
1981         https://bugs.webkit.org/show_bug.cgi?id=160029
1982         <rdar://problem/27474031>
1983
1984         Reviewed by Jon Lee.
1985
1986         Fix case from video.playsinline to video.playsInline in order to match
1987         the specification:
1988         - https://html.spec.whatwg.org/multipage/embedded-content.html#the-video-element:dom-video-playsinline
1989
1990         It still reflects the "playsinline" content attribute though, as per
1991         the specification:
1992         - https://html.spec.whatwg.org/multipage/embedded-content.html#dom-video-playsinline
1993
1994         No new tests, updated existing test.
1995
1996         * html/HTMLVideoElement.idl:
1997
1998 2016-07-21  Chris Dumez  <cdumez@apple.com>
1999
2000         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
2001         https://bugs.webkit.org/show_bug.cgi?id=160026
2002
2003         Reviewed by Sam Weinig.
2004
2005         Drop [TreatNullAs=EmptyString] from CanvasRenderingContext2D.globalCompositeOperation
2006         attribute as it does not match the specification:
2007         - https://html.spec.whatwg.org/multipage/scripting.html#canvascompositing
2008
2009         It does not change web-exposed behavior because assigning to "" or "null"
2010         gets ignored as those are not valid operations.
2011
2012         Test: fast/canvas/context-globalCompositeOperation-null.html
2013
2014         * html/canvas/CanvasRenderingContext2D.idl:
2015
2016 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
2017
2018         [GTK][Threaded Compositor] Overlay scrollbars shouldn't be a requirement of the threaded compositor
2019         https://bugs.webkit.org/show_bug.cgi?id=160020
2020
2021         Reviewed by Michael Catanzaro.
2022
2023         It has been a requirement only because we didn't really know why frame scrollbars were not rendered when using
2024         the threaded compositor. The reason is that RenderView doesn't use layers for FrameView scrollbars by default,
2025         unless using overlay scrollbars. When using the threaded compositor we really need layers for the FrameView
2026         scrollbars even when not using overlay scrollbars.
2027
2028         * platform/gtk/ScrollbarThemeGtk.cpp:
2029         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk): Stop enforcing overlay scrollbars when threaded compositor is enabled.
2030         * rendering/RenderLayerCompositor.cpp:
2031         (WebCore::RenderLayerCompositor::shouldCompositeOverflowControls): Always use layers for scrollbars when
2032         threaded compositor is enabled.
2033
2034 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
2035
2036         [Cairo] Fix a crash in fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
2037         https://bugs.webkit.org/show_bug.cgi?id=160014
2038
2039         Reviewed by Michael Catanzaro.
2040
2041         In r202887 some null checks were added for JSArray::createUninitialized (and related) but not for the
2042         ImageBuffer cairo implementation.
2043
2044         * platform/graphics/cairo/ImageBufferCairo.cpp:
2045         (WebCore::getImageData): Return early if Uint8ClampedArray::createUninitialized() returns nullptr.
2046
2047 2016-07-21  Miguel Gomez  <magomez@igalia.com>
2048
2049         [GTK] The GSTREAMER_GL path in MediaPlayerPrivateGStreamerBase::paintToTextureMapper() is missing a mutex lock
2050         https://bugs.webkit.org/show_bug.cgi?id=160018
2051
2052         Reviewed by Philippe Normand.
2053
2054         Lock the video sample mutex while accessing it.
2055
2056         Covered by existent tests.
2057
2058         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2059         (WebCore::MediaPlayerPrivateGStreamerBase::paintToTextureMapper):
2060
2061 2016-07-21  Miguel Gomez  <magomez@igalia.com>
2062
2063         [Threaded Compositor] Flickering when zooming in/out in maps.google.com
2064         https://bugs.webkit.org/show_bug.cgi?id=154069
2065
2066         Reviewed by Carlos Garcia Campos.
2067
2068         Add a new extra buffer to GraphicsContext3D when using the Threaded Compositor,
2069         so it doesn't have to reuse the buffers that are still waiting for composition.
2070
2071         Covered by existing tests.
2072
2073         * platform/graphics/GraphicsContext3D.h:
2074         Add a new texture to use for the rendering. Remove the compositor fbo we were using.
2075         * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
2076         (WebCore::GraphicsContext3D::GraphicsContext3D):
2077         Initialize the new texture and remove the previous fbo related code.
2078         (WebCore::GraphicsContext3D::~GraphicsContext3D):
2079         Properly destroy the new texture and remove the previous fbo related code.
2080         * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
2081         (WebCore::GraphicsContext3D::reshapeFBOs):
2082         Allocate the new texture and remove the previous fbo allocation.
2083         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
2084         (WebCore::GraphicsContext3D::prepareTexture):
2085         Use a single fbo with three textures instead of two fbos with a texture each.
2086         Rotate the three textures usage so:
2087         - m_texture becomes m_compositorTexture to be pushed to the compositor.
2088         - m_intermediateTexture becomes m_texture to receive the next rendering.
2089         - m_compositorTexture becomes m_intermediateTexture.
2090         And add a glFlush() to ensure that the gl commands are sent to the pipeline.
2091         * platform/graphics/opengl/GraphicsContext3DOpenGLES.cpp:
2092         (WebCore::GraphicsContext3D::reshapeFBOs):
2093         Allocate the new texture.
2094
2095 2016-07-21  Carlos Garcia Campos  <cgarcia@igalia.com>
2096
2097         [GTK][Threaded Compositor] Web view background colors don't work
2098         https://bugs.webkit.org/show_bug.cgi?id=159465
2099
2100         Reviewed by Michael Catanzaro.
2101
2102         * rendering/RenderLayerBacking.cpp:
2103         (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer): Initialize frame view layer opacity for platforms not
2104         using the tiled cache layer.
2105
2106 2016-07-20  Youenn Fablet  <youenn@apple.com>
2107
2108         [XHR] Cache response JS object in case of arraybuffer and blob response types
2109         https://bugs.webkit.org/show_bug.cgi?id=128903
2110
2111         Reviewed by Alex Christensen.
2112
2113         Covered by existing and modified tests.
2114
2115         Making response getter a JS builtin that caches response in @response private slot.
2116         Handling invalidation of cached response with @responseCacheIsValid new private method.
2117         Handling creation of cached response with @retrieveResponse new private method which reuses most of
2118         JSXMLHttpRequest::response previous code.
2119
2120         Caching of responses is activated whenever load ended without any error for blob and arraybuffer response types.
2121
2122         Caching of response for document is also activated in case the response getter is used but not if responseXML getter is used.
2123
2124         * CMakeLists.txt: Adding XMLHttpRequest.js.
2125         * DerivedSources.make: Ditto.
2126         * bindings/js/JSXMLHttpRequestCustom.cpp:
2127         (WebCore::JSXMLHttpRequest::retrieveResponse): Implements creation of to-be-cached response.
2128         (WebCore::JSXMLHttpRequest::response): Deleted.
2129         * bindings/js/WebCoreBuiltinNames.h: Adding new private names.
2130         * xml/XMLHttpRequest.cpp:
2131         (WebCore::XMLHttpRequest::didCacheResponse): Renamed from didCacheResponseJSON as all response types are now cached.
2132         (WebCore::XMLHttpRequest::didCacheResponseJSON): Deleted.
2133         * xml/XMLHttpRequest.h:
2134         * xml/XMLHttpRequest.idl:
2135
2136 2016-07-20  Youenn Fablet  <youenn@apple.com>
2137
2138         Remove crossOriginRequestPolicy from ThreadableLoaderOptions
2139         https://bugs.webkit.org/show_bug.cgi?id=159417
2140
2141         Reviewed by Alex Christensen.
2142
2143         No observable change.
2144
2145         * Modules/fetch/FetchLoader.cpp:
2146         (WebCore::FetchLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
2147         * fileapi/FileReaderLoader.cpp:
2148         (WebCore::FileReaderLoader::start): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
2149         * inspector/InspectorNetworkAgent.cpp:
2150         (WebCore::InspectorNetworkAgent::loadResource): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
2151         * loader/DocumentThreadableLoader.cpp:
2152         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Ditto.
2153         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest): UseAccessControl -> FetchOptions::Mode::Cors.
2154         (WebCore::DocumentThreadableLoader::redirectReceived): Ditto.
2155         (WebCore::DocumentThreadableLoader::didReceiveResponse): Ditto.
2156         (WebCore::DocumentThreadableLoader::loadRequest): Use NoCors as option passed to ResourceLoader. This allows
2157         desactivating ResourceLoader CORS checks as they are done in DocumentThreadableLoader right now. In the future,
2158         these checks should be moved to ResourceLoader and DocumentThreadableLoader should directly pass the fetch mode
2159         option.
2160         (WebCore::DocumentThreadableLoader::isAllowedRedirect): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
2161         * loader/ThreadableLoader.cpp:
2162         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Removing CrossOriginRequestPolicy.
2163         * loader/ThreadableLoader.h: Ditto.
2164         * loader/WorkerThreadableLoader.cpp:
2165         (WebCore::LoaderTaskOptions::LoaderTaskOptions): Ditto.
2166         * page/EventSource.cpp:
2167         (WebCore::EventSource::connect): UseAccessControl -> FetchOptions::Mode::Cors.
2168         * workers/Worker.cpp:
2169         (WebCore::Worker::create): DenyCrossOriginRequests -> FetchOptions::Mode::SameOrigin.
2170         * workers/WorkerGlobalScope.cpp:
2171         (WebCore::WorkerGlobalScope::importScripts): AllowCrossOriginRequests -> FetchOptions::Mode::NoCors.
2172         * workers/WorkerScriptLoader.cpp:
2173         (WebCore::WorkerScriptLoader::loadSynchronously):
2174         (WebCore::WorkerScriptLoader::loadAsynchronously):
2175         * workers/WorkerScriptLoader.h:
2176         * xml/XMLHttpRequest.cpp:
2177         (WebCore::XMLHttpRequest::createRequest):
2178
2179 2016-07-20  Chris Dumez  <cdumez@apple.com>
2180
2181         Fix null handling of several Document attributes
2182         https://bugs.webkit.org/show_bug.cgi?id=159997
2183
2184         Reviewed by Ryosuke Niwa.
2185
2186         Fix null handling of the following Document attributes: title, cookie
2187         and domain.
2188
2189         In WebKit, they were all marked as [TreatNullAs=EmptyString], which
2190         does not match the specification:
2191         - https://html.spec.whatwg.org/multipage/dom.html#document
2192
2193         Details for each attribute:
2194         - title: null is now treated as the string "null", thus setting the
2195           document title to "null". This matches Firefox and Chrome.
2196         - cookie: adds a "null" cookie instead of being a no-op. This matches
2197                   both Firefox and Chrome.
2198         - domain: Calls setDomain(String("null")) instead of
2199                   setDomain(String()). This throws an exception because "null"
2200                   is not a suffix of the effective domain name. The behavior
2201                   is the same in Firefox and Chrome. Previously, we were
2202                   already throwing an exception since setting the domain to
2203                   the empty string throws, as per the specification.
2204
2205         Test: http/tests//dom/document-attributes-null-handling.html
2206
2207         * dom/Document.idl:
2208
2209 2016-07-20  Commit Queue  <commit-queue@webkit.org>
2210
2211         Unreviewed, rolling out r203471.
2212         https://bugs.webkit.org/show_bug.cgi?id=160003
2213
2214         many iOS-simulator tests are failing (Requested by litherum on
2215         #webkit).
2216
2217         Reverted changeset:
2218
2219         "[iPhone] Playing a video on tudou.com plays only sound, no
2220         video"
2221         https://bugs.webkit.org/show_bug.cgi?id=159967
2222         http://trac.webkit.org/changeset/203471
2223
2224 2016-07-19  Ryosuke Niwa  <rniwa@webkit.org>
2225
2226         iOS: Cannot paste images in RTF content
2227         https://bugs.webkit.org/show_bug.cgi?id=159964
2228         <rdar://problem/27442806>
2229
2230         Reviewed by Enrica Casucci.
2231
2232         The bug was caused by setDefersLoading(true) not deferring image loading for the parsed fragment.
2233         Worked around this bug by disabling image loading while parsing the document fragment.
2234
2235         * editing/ios/EditorIOS.mm:
2236         (WebCore::Editor::createFragmentAndAddResources):
2237
2238 2016-07-20  Brady Eidson  <beidson@apple.com>
2239
2240         Address a small FIXME in IDB code.
2241         https://bugs.webkit.org/show_bug.cgi?id=159999
2242
2243         Reviewed by Andy Estes.
2244
2245         No new tests (No behavior change).
2246
2247         * Modules/indexeddb/IDBRequest.cpp:
2248         (WebCore::IDBRequest::IDBRequest):
2249         
2250         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
2251         (WebCore::IDBResourceIdentifier::IDBResourceIdentifier): Deleted.
2252         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
2253
2254 2016-07-20  Brady Eidson  <beidson@apple.com>
2255
2256         Remove some "modernFoo"s from IndexedDB code.
2257         https://bugs.webkit.org/show_bug.cgi?id=159985
2258
2259         Reviewed by Andy Estes.
2260
2261         No new tests (No known behavior change).
2262
2263         * Modules/indexeddb/IDBCursor.cpp:
2264         (WebCore::IDBCursor::IDBCursor):
2265         (WebCore::IDBCursor::~IDBCursor):
2266         (WebCore::IDBCursor::sourcesDeleted):
2267         (WebCore::IDBCursor::effectiveObjectStore):
2268         (WebCore::IDBCursor::transaction):
2269         (WebCore::IDBCursor::direction):
2270         (WebCore::IDBCursor::update):
2271         (WebCore::IDBCursor::advance):
2272         (WebCore::IDBCursor::continueFunction):
2273         (WebCore::IDBCursor::uncheckedIterateCursor):
2274         (WebCore::IDBCursor::deleteFunction):
2275         (WebCore::IDBCursor::setGetResult):
2276         
2277         * Modules/indexeddb/IDBIndex.cpp:
2278         (WebCore::IDBIndex::IDBIndex):
2279         (WebCore::IDBIndex::~IDBIndex):
2280         (WebCore::IDBIndex::hasPendingActivity):
2281         (WebCore::IDBIndex::name):
2282         (WebCore::IDBIndex::objectStore):
2283         (WebCore::IDBIndex::keyPath):
2284         (WebCore::IDBIndex::unique):
2285         (WebCore::IDBIndex::multiEntry):
2286         (WebCore::IDBIndex::openCursor):
2287         (WebCore::IDBIndex::doCount):
2288         (WebCore::IDBIndex::openKeyCursor):
2289         (WebCore::IDBIndex::doGet):
2290         (WebCore::IDBIndex::doGetKey):
2291         (WebCore::IDBIndex::markAsDeleted):
2292         * Modules/indexeddb/IDBIndex.h:
2293         
2294         * Modules/indexeddb/IDBObjectStore.cpp:
2295         (WebCore::IDBObjectStore::transaction):
2296         (WebCore::IDBObjectStore::deleteFunction): Deleted.
2297         (WebCore::IDBObjectStore::modernDelete): Deleted.
2298         * Modules/indexeddb/IDBObjectStore.h:
2299         
2300         * bindings/js/JSIDBIndexCustom.cpp:
2301         (WebCore::JSIDBIndex::visitAdditionalChildren):
2302
2303 2016-07-20  Chris Dumez  <cdumez@apple.com>
2304
2305         Stop using valueToStringWithNullCheck() in JSCSSStyleDeclaration::putDelegate()
2306         https://bugs.webkit.org/show_bug.cgi?id=159982
2307
2308         Reviewed by Ryosuke Niwa.
2309
2310         valueToStringWithNullCheck() treats null as the null String() which is
2311         legacy / non standard behavior. The specification says we should treat
2312         null as the empty string:
2313         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
2314
2315         Therefore, we should be using valueToStringTreatingNullAsEmptyString() instead.
2316
2317         In practice, there is no web-exposed behavior change because
2318         MutableStyleProperties::setProperty() removes the property wether the
2319         value is the null String or the empty String.
2320
2321         This behavior is correct since the specification says that we should
2322         remove the property if the value is the empty string:
2323         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty (step 4)
2324
2325         I added test coverage to make sure we behave according to specification.
2326         This test is passing in Firefox, Chrome and in WebKit (before and after
2327         my change).
2328
2329         Test: fast/css/CSSStyleDeclaration-property-setter.html
2330
2331         * bindings/js/JSCSSStyleDeclarationCustom.cpp:
2332         (WebCore::JSCSSStyleDeclaration::putDelegate):
2333
2334 2016-07-20  Chris Dumez  <cdumez@apple.com>
2335
2336         Fix null handling of HTMLFrameElement.marginWidth / marginHeight
2337         https://bugs.webkit.org/show_bug.cgi?id=159987
2338
2339         Reviewed by Ryosuke Niwa.
2340
2341         Fix null handling of HTMLFrameElement.marginWidth / marginHeight:
2342         - https://html.spec.whatwg.org/multipage/obsolete.html#htmlframeelement
2343
2344         We are supposed to treat null as the empty string but we treat it as
2345         the string "null".
2346
2347         Firefox and Chrome both match the specification.
2348
2349         No new tests, updated existing tests.
2350
2351         * html/HTMLFrameElement.idl:
2352
2353 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
2354
2355         Pausing autoplayed media should not remove all restrictions for that media element
2356         https://bugs.webkit.org/show_bug.cgi?id=159988
2357
2358         Reviewed by Jon Lee.
2359
2360         Localizes the removal of behavior restrictions introduced in r203464 upon pausing an
2361         autoplaying video to just affect the hiding or showing of the media controller. This
2362         prevents pages from using Javascript to start playing autoplaying videos that have
2363         been paused by the user.
2364
2365         * html/HTMLMediaElement.cpp:
2366         (WebCore::HTMLMediaElement::pause):
2367
2368 2016-07-20  Myles C. Maxfield  <mmaxfield@apple.com>
2369
2370         [iPhone] Playing a video on tudou.com plays only sound, no video
2371         https://bugs.webkit.org/show_bug.cgi?id=159967
2372         <rdar://problem/26964090>
2373
2374         Reviewed by Jon Lee.
2375
2376         WebKit recently starting honoring the playsinline and webkit-playsinline
2377         attribute on iPhones. However, because these attributes previously did
2378         nothing, some sites (such as Todou) were setting them on their content
2379         and expecting that they are not honored. In this specific case, the
2380         video is absolutely positioned to be 1 pixel x 1 pixel.
2381
2382         Previously, with iOS 9, apps could set the allowsInlineMediaPlayback
2383         property on their WKWebView, which would honor the webkit-playsinline
2384         attribute. Safari on iPhones didn't do this.
2385
2386         In order to not break these existing apps, it's important that the
2387         allowsInlineMediaPlayback preference still allows webkit-playsinline
2388         videos to play inline in apps using WKWebView. However, in Safari, these
2389         videos should play fullscreen. (Todou videos have webkit-playsinline
2390         but not playsinline.)
2391
2392         Therefore, in Safari, videos with playsinline should be inline, but
2393         videos with webkit-playsinline should be fullscreen. In apps using
2394         WKWebViews, if the app sets allowsInlineMediaPlayback, then videos with
2395         playsinline should be inline, and videos with webkit-playsinline should
2396         also be inline. Videos on iPad and Mac should all be inline by default.
2397
2398         We can create some truth tables for the cases which need to be covered:
2399
2400         All apps on Mac / iPad:
2401         Presence of playsinline | Presence of webkit-playsinline | Result
2402         ========================|================================|===========
2403         Not present             | Not present                    | Inline
2404         Present                 | Not present                    | Inline
2405         Not Present             | Present                        | Inline
2406         Present                 | Present                        | Inline
2407
2408         Safari on iPhone:
2409         Presence of playsinline | Presence of webkit-playsinline | Result
2410         ========================|================================|===========
2411         Not present             | Not present                    | Fullscreen
2412         Present                 | Not present                    | Inline
2413         Not Present             | Present                        | Fullscreen
2414         Present                 | Present                        | Inline
2415
2416         App on iPhone which sets allowsInlineMediaPlayback:
2417         Presence of playsinline | Presence of webkit-playsinline | Result
2418         ========================|================================|===========
2419         Not present             | Not present                    | Fullscreen
2420         Present                 | Not present                    | Inline
2421         Not Present             | Present                        | Inline
2422         Present                 | Present                        | Inline
2423
2424         The way to distinguish Safari from another app is to create an SPI
2425         boolean preference which Safari can set. This is already how the
2426         iPhone and iPad are differentiated using the requiresPlayInlineAttribute
2427         which Safari sets but other apps don't. However, this preference is
2428         no longer sufficient because Safari should now be discriminating
2429         between the playsinline and webkit-playsinline attributes. Therefore,
2430         this preference should be extended to two boolean preferences, which
2431         this patch adds:
2432
2433         allowsInlineMediaPlaybackWithPlaysInlineAttribute
2434         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute
2435
2436         Safari on iPhone will set
2437         allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to true,
2438         and allowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute to
2439         false. Other apps on iPhone will get their defaults values (because they
2440         are SPI) which means they will both be true. On iPad and Mac, apps will
2441         use the defaults values where both are false.
2442
2443         This patch adds support for these two preferences, but does not remove
2444         the existing inlineMediaPlaybackRequiresPlaysInlineAttribute preference.
2445         I will remove the exising preference as soon as I update Safari to migrate
2446         off of it.
2447
2448         Test: media/video-playsinline.html
2449
2450         * html/MediaElementSession.cpp:
2451         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
2452         * page/Settings.cpp:
2453         * page/Settings.in:
2454         * testing/InternalSettings.cpp:
2455         (WebCore::InternalSettings::Backup::Backup):
2456         (WebCore::InternalSettings::Backup::restoreTo):
2457         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithPlaysInlineAttribute):
2458         (WebCore::InternalSettings::setAllowsInlineMediaPlaybackWithWebKitPlaysInlineAttribute):
2459         * testing/InternalSettings.h:
2460         * testing/InternalSettings.idl:
2461
2462 2016-07-20  Chris Dumez  <cdumez@apple.com>
2463
2464         Get rid of custom bindings code for XMLHttpRequest.open()
2465         https://bugs.webkit.org/show_bug.cgi?id=159984
2466
2467         Reviewed by Ryosuke Niwa.
2468
2469         Get rid of custom bindings code for XMLHttpRequest.open() as the
2470         bindings generator is able to generate it.
2471
2472         Relevant specification:
2473         - https://xhr.spec.whatwg.org/#xmlhttprequest
2474
2475         The issue is that legacy content prevents treating the 'async' argument
2476         being undefined identical from it being omitted. However, this can be
2477         achieved by using overloading in IDL, like in the specification.
2478
2479         No new tests, already covered by the following tests:
2480         - http/tests/xmlhttprequest/basic-auth.html
2481         - http/tests/xmlhttprequest/open-async-overload.html
2482
2483         * bindings/js/JSXMLHttpRequestCustom.cpp:
2484         (WebCore::SendFunctor::SendFunctor): Deleted.
2485         (WebCore::SendFunctor::line): Deleted.
2486         (WebCore::SendFunctor::column): Deleted.
2487         (WebCore::SendFunctor::url): Deleted.
2488         (WebCore::SendFunctor::operator()): Deleted.
2489         * xml/XMLHttpRequest.cpp:
2490         (WebCore::XMLHttpRequest::open):
2491         * xml/XMLHttpRequest.h:
2492         * xml/XMLHttpRequest.idl:
2493
2494 2016-07-20  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
2495
2496         Mark overriden methods in WebCore/svg final classes as final
2497         https://bugs.webkit.org/show_bug.cgi?id=159966
2498
2499         Reviewed by Michael Catanzaro.
2500
2501         Update WebCore/svg classes so that overriden methods in final classes are marked final.
2502
2503         * svg/SVGAElement.h:
2504         * svg/SVGAltGlyphDefElement.h:
2505         * svg/SVGAltGlyphItemElement.h:
2506         * svg/SVGAnimateTransformElement.h:
2507         * svg/SVGAnimatedColor.h:
2508         * svg/SVGCircleElement.h:
2509         * svg/SVGClipPathElement.h:
2510         * svg/SVGCursorElement.h:
2511         * svg/SVGDefsElement.h:
2512         * svg/SVGDescElement.h:
2513         * svg/SVGEllipseElement.h:
2514         * svg/SVGFEMergeNodeElement.h:
2515         * svg/SVGFilterElement.h:
2516         * svg/SVGFontElement.h:
2517         * svg/SVGFontFaceElement.h:
2518         * svg/SVGFontFaceFormatElement.h:
2519         * svg/SVGFontFaceNameElement.h:
2520         * svg/SVGFontFaceSrcElement.h:
2521         * svg/SVGFontFaceUriElement.h:
2522         * svg/SVGForeignObjectElement.h:
2523         * svg/SVGGElement.h:
2524         * svg/SVGGlyphElement.h:
2525         * svg/SVGGlyphRefElement.h:
2526         * svg/SVGHKernElement.h:
2527         * svg/SVGImageElement.h:
2528         * svg/SVGLineElement.h:
2529         * svg/SVGMPathElement.h:
2530         * svg/SVGMaskElement.h:
2531         * svg/SVGMetadataElement.h:
2532         * svg/SVGMissingGlyphElement.h:
2533         * svg/SVGPathBuilder.h:
2534         * svg/SVGPathByteStreamBuilder.h:
2535         * svg/SVGPathByteStreamSource.h:
2536         * svg/SVGPathElement.h:
2537         * svg/SVGPathSegArcAbs.h:
2538         * svg/SVGPathSegArcRel.h:
2539         * svg/SVGPathSegClosePath.h:
2540         * svg/SVGPathSegCurvetoCubicAbs.h:
2541         * svg/SVGPathSegCurvetoCubicRel.h:
2542         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
2543         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
2544         * svg/SVGPathSegCurvetoQuadraticAbs.h:
2545         * svg/SVGPathSegCurvetoQuadraticRel.h:
2546         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
2547         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
2548         * svg/SVGPathSegLinetoAbs.h:
2549         * svg/SVGPathSegLinetoHorizontalAbs.h:
2550         * svg/SVGPathSegLinetoHorizontalRel.h:
2551         * svg/SVGPathSegLinetoRel.h:
2552         * svg/SVGPathSegLinetoVerticalAbs.h:
2553         * svg/SVGPathSegLinetoVerticalRel.h:
2554         * svg/SVGPathSegListBuilder.h:
2555         * svg/SVGPathSegListSource.h:
2556         * svg/SVGPathSegMovetoAbs.h:
2557         * svg/SVGPathSegMovetoRel.h:
2558         * svg/SVGPathStringSource.h:
2559         * svg/SVGPathTraversalStateBuilder.h:
2560         * svg/SVGPatternElement.h:
2561         * svg/SVGRectElement.h:
2562         * svg/SVGScriptElement.h:
2563         * svg/SVGStopElement.h:
2564         * svg/SVGStyleElement.h:
2565         * svg/SVGSwitchElement.h:
2566         * svg/SVGTRefElement.cpp:
2567         * svg/SVGTitleElement.h:
2568         * svg/SVGToOTFFontConversion.cpp:
2569         * svg/SVGUnknownElement.h:
2570         * svg/SVGVKernElement.h:
2571         * svg/SVGViewElement.h:
2572         * svg/SVGZoomEvent.h:
2573         * svg/animation/SVGSMILElement.cpp:
2574         * svg/graphics/SVGImage.h:
2575         * svg/graphics/SVGImageClients.h:
2576         * svg/graphics/SVGImageForContainer.h:
2577         * svg/graphics/filters/SVGFEImage.h:
2578         * svg/graphics/filters/SVGFilter.h:
2579         * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
2580         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
2581         * svg/properties/SVGAnimatedPropertyTearOff.h:
2582         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
2583         * svg/properties/SVGMatrixTearOff.h:
2584         * svg/properties/SVGPathSegListPropertyTearOff.h:
2585
2586 2016-07-20  Brady Eidson  <beidson@apple.com>
2587
2588         Transition most IDB interfaces from ScriptExecutionContext to ExecState.
2589         https://bugs.webkit.org/show_bug.cgi?id=159975
2590
2591         Reviewed by Alex Christensen.
2592
2593         No new tests (No known behavior change).
2594
2595         * Modules/indexeddb/IDBCursor.cpp:
2596         (WebCore::IDBCursor::continueFunction):
2597         (WebCore::IDBCursor::deleteFunction):
2598         * Modules/indexeddb/IDBCursor.h:
2599         * Modules/indexeddb/IDBCursor.idl:
2600
2601         * Modules/indexeddb/IDBDatabase.idl:
2602
2603         * Modules/indexeddb/IDBFactory.cpp:
2604         (WebCore::IDBFactory::cmp):
2605         * Modules/indexeddb/IDBFactory.h:
2606         * Modules/indexeddb/IDBFactory.idl:
2607
2608         * Modules/indexeddb/IDBIndex.cpp:
2609         (WebCore::IDBIndex::openCursor):
2610         (WebCore::IDBIndex::count):
2611         (WebCore::IDBIndex::doCount):
2612         (WebCore::IDBIndex::openKeyCursor):
2613         (WebCore::IDBIndex::get):
2614         (WebCore::IDBIndex::doGet):
2615         (WebCore::IDBIndex::getKey):
2616         (WebCore::IDBIndex::doGetKey):
2617         * Modules/indexeddb/IDBIndex.h:
2618         * Modules/indexeddb/IDBIndex.idl:
2619
2620         * Modules/indexeddb/IDBKeyRange.cpp:
2621         (WebCore::IDBKeyRange::only): Deleted.
2622         * Modules/indexeddb/IDBKeyRange.h:
2623
2624         * Modules/indexeddb/IDBObjectStore.cpp:
2625         (WebCore::IDBObjectStore::openCursor):
2626         (WebCore::IDBObjectStore::get):
2627         (WebCore::IDBObjectStore::putOrAdd):
2628         (WebCore::IDBObjectStore::deleteFunction):
2629         (WebCore::IDBObjectStore::doDelete):
2630         (WebCore::IDBObjectStore::modernDelete):
2631         (WebCore::IDBObjectStore::clear):
2632         (WebCore::IDBObjectStore::createIndex):
2633         (WebCore::IDBObjectStore::count):
2634         (WebCore::IDBObjectStore::doCount):
2635         * Modules/indexeddb/IDBObjectStore.h:
2636         * Modules/indexeddb/IDBObjectStore.idl:
2637
2638         * Modules/indexeddb/IDBTransaction.cpp:
2639         (WebCore::IDBTransaction::requestOpenCursor):
2640         (WebCore::IDBTransaction::doRequestOpenCursor):
2641         (WebCore::IDBTransaction::requestGetRecord):
2642         (WebCore::IDBTransaction::requestGetValue):
2643         (WebCore::IDBTransaction::requestGetKey):
2644         (WebCore::IDBTransaction::requestIndexRecord):
2645         (WebCore::IDBTransaction::requestCount):
2646         (WebCore::IDBTransaction::requestDeleteRecord):
2647         (WebCore::IDBTransaction::requestClearObjectStore):
2648         (WebCore::IDBTransaction::requestPutOrAdd):
2649         * Modules/indexeddb/IDBTransaction.h:
2650
2651         * inspector/InspectorIndexedDBAgent.cpp:
2652
2653 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
2654
2655         Media controls don't appear when pausing a small autoplaying video
2656         https://bugs.webkit.org/show_bug.cgi?id=159972
2657         <rdar://problem/27180657>
2658
2659         Reviewed by Beth Dakin.
2660
2661         When pausing an autoplaying video, remove behavior restrictions for the
2662         initial user gesture and show media controls.
2663
2664         New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.
2665
2666         * html/HTMLMediaElement.cpp:
2667         (WebCore::HTMLMediaElement::pause):
2668
2669 2016-07-20  Chris Dumez  <cdumez@apple.com>
2670
2671         Fix null handling of HTMLMediaElement.mediaGroup
2672         https://bugs.webkit.org/show_bug.cgi?id=159974
2673
2674         Reviewed by Eric Carlson.
2675
2676         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
2677         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
2678
2679         null is supposed to be treated as the String "null". This patch aligns
2680         our behavior with the specification. I tested Firefox and Chrome but both
2681         do not have this attribute on HTMLMediaElement.
2682
2683         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
2684         generator as HTMLMediaElement.mediaGroup was the last user.
2685
2686         No new tests, rebaselined existing test.
2687
2688         * bindings/scripts/CodeGeneratorJS.pm:
2689         (JSValueToNative):
2690         * bindings/scripts/IDLAttributes.txt:
2691         * html/HTMLMediaElement.idl:
2692
2693 2016-07-20  Chris Dumez  <cdumez@apple.com>
2694
2695         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
2696         https://bugs.webkit.org/show_bug.cgi?id=159959
2697
2698         Reviewed by Alexey Proskuryakov.
2699
2700         CSSStyleDeclaration.setProperty() should be able to unsert "important"
2701         on a property as per the latest specification:
2702         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
2703         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
2704
2705         Firefox and Chrome match the specification here but WebKit was ignoring calls
2706         to setProperty() if there is already an "important" property wit this name
2707         and if the new property does not have the "important" flag set.
2708
2709         This behavior was added a long time ago via Bug 60007. However, it does not
2710         match the latest specification or other browsers.
2711
2712         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
2713
2714         * css/StyleProperties.cpp:
2715         (WebCore::MutableStyleProperties::addParsedProperty):
2716         Drop code that was added via Bug 60007 as this behavior no longer matches the
2717         specification or other browsers. The layout test added in Bug 60007 fails in
2718         other browsers and was updated in this patch to match the specification.
2719
2720 2016-07-20  Commit Queue  <commit-queue@webkit.org>
2721
2722         Unreviewed, rolling out r203423.
2723         https://bugs.webkit.org/show_bug.cgi?id=159977
2724
2725         The test for this change is failing on Mac Release WK2
2726         (Requested by ryanhaddad on #webkit).
2727
2728         Reverted changeset:
2729
2730         "HTMLVideoElement frames do not update on iOS when src is a
2731         MediaStream blob"
2732         https://bugs.webkit.org/show_bug.cgi?id=159833
2733         http://trac.webkit.org/changeset/203423
2734
2735 2016-07-20  Chris Dumez  <cdumez@apple.com>
2736
2737         Fix null handling of HTMLSelectElement.value attribute
2738         https://bugs.webkit.org/show_bug.cgi?id=159925
2739
2740         Reviewed by Benjamin Poulain.
2741
2742         Fix null handling of HTMLSelectElement.value attribute:
2743         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
2744
2745         We were treating null as the null String which would end up setting
2746         selectedIndex to -1. However, we should treat null as the String "null"
2747         which would set the selectedIndex to the index of the <option> element
2748         whose value is "null".
2749
2750         Firefox and Chrome match the specification.
2751
2752         Test: fast/dom/HTMLSelectElement/value-null-handling.html
2753
2754         * html/HTMLSelectElement.cpp:
2755         (WebCore::HTMLSelectElement::setValue):
2756         * html/HTMLSelectElement.idl:
2757
2758 2016-07-20  Chris Dumez  <cdumez@apple.com>
2759
2760         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
2761         https://bugs.webkit.org/show_bug.cgi?id=159962
2762         <rdar://problem/21439264>
2763
2764         Reviewed by David Kilzer.
2765
2766         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
2767         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
2768         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
2769         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
2770         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
2771         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
2772         ResourceLoadSuspender object is alive.
2773
2774         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
2775         the style resolver.
2776
2777         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
2778         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
2779         is better because it manages a resolutionNestingDepth counter internally to make sure
2780         it only calls LoaderStrategy::resumePendingRequests() once all
2781         PostResolutionCallbackDisabler instances are destroyed.
2782
2783         No new tests, there is no easy way to reproduce the crashes.
2784
2785         * dom/Document.cpp:
2786         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
2787         * loader/LoaderStrategy.cpp:
2788         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
2789         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
2790         * loader/LoaderStrategy.h:
2791
2792 2016-07-19  Youenn Fablet  <youenn@apple.com>
2793
2794         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
2795         https://bugs.webkit.org/show_bug.cgi?id=159932
2796
2797         Reviewed by Alex Christensen.
2798
2799         Covered by existing tests.
2800
2801         Refactoring Headers initializeWith to use the new built-in internal that implements
2802         https://fetch.spec.whatwg.org/#concept-headers-fill.
2803
2804         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
2805         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
2806
2807         * CMakeLists.txt: Adding FetchHeadersInternals.js
2808         * DerivedSources.make: Ditto.
2809         * Modules/fetch/FetchHeaders.js:
2810         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
2811         * Modules/fetch/FetchInternals.js: Added.
2812         (fillFetchHeaders):
2813         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
2814         that the checks are done in the order defined by the spec.
2815         (WebCore::FetchResponse::setStatus):
2816         (WebCore::FetchResponse::initializeWith):
2817         (WebCore::isNullBodyStatus): Deleted.
2818         * Modules/fetch/FetchResponse.h:
2819         * Modules/fetch/FetchResponse.idl:
2820         * Modules/fetch/FetchResponse.js:
2821         (initializeFetchResponse): New built-in internal.
2822         * WebCore.xcodeproj/project.pbxproj:
2823         * bindings/js/WebCoreBuiltinNames.h:
2824
2825 2016-07-19  Chris Dumez  <cdumez@apple.com>
2826
2827         Fix null handling of SVGScriptElement.type attribute
2828         https://bugs.webkit.org/show_bug.cgi?id=159927
2829
2830         Reviewed by Benjamin Poulain.
2831
2832         Fix null handling of SVGScriptElement.type attribute:
2833         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
2834
2835         We were treating null as the null String which would end up removing
2836         the 'type' content attribute. However, we should treat null as the
2837         String "null".
2838
2839         Firefox and Chrome match the specification.
2840
2841         No new tests, updated existing test.
2842
2843         * svg/SVGScriptElement.idl:
2844
2845 2016-07-19  Chris Dumez  <cdumez@apple.com>
2846
2847         Fix null handling of several HTMLDocument attributes
2848         https://bugs.webkit.org/show_bug.cgi?id=159923
2849
2850         Reviewed by Benjamin Poulain.
2851
2852         Fix null handling of several HTMLDocument attributes:
2853         - https://html.spec.whatwg.org/multipage/dom.html#document
2854         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
2855
2856         In particular, null handling was incorrect in WebKit for 'dir',
2857         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
2858
2859         Firefox and Chrome match the specification.
2860
2861         Test: fast/dom/HTMLDocument/null-handling.html
2862
2863         * html/HTMLDocument.idl:
2864
2865 2016-07-19  Chris Dumez  <cdumez@apple.com>
2866
2867         Document.createElementNS() / createAttributeNS() parameters should be mandatory
2868         https://bugs.webkit.org/show_bug.cgi?id=159938
2869
2870         Reviewed by Benjamin Poulain.
2871
2872         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
2873         - https://dom.spec.whatwg.org/#document
2874
2875         They were optional in WebKit. However, Firefox and Chrome both match the
2876         specification.
2877
2878         No new tests, rebaselined existing tests.
2879
2880         * dom/Document.idl:
2881
2882 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
2883
2884         Use getElementById for attribute matching if the attribute name is html's id
2885         https://bugs.webkit.org/show_bug.cgi?id=159960
2886
2887         Reviewed by Chris Dumez.
2888
2889         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
2890         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
2891
2892         If we are not in quirks mode, IdForStyleResolution has the same value
2893         as the Id attribute. We can use the same optimization for both cases.
2894
2895         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
2896                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
2897
2898         * dom/SelectorQuery.cpp:
2899         (WebCore::canBeUsedForIdFastPath):
2900         (WebCore::findIdMatchingType):
2901         (WebCore::SelectorDataList::SelectorDataList):
2902         (WebCore::selectorForIdLookup):
2903         (WebCore::filterRootById):
2904
2905 2016-07-19  Chris Dumez  <cdumez@apple.com>
2906
2907         Drop SVGElement.xmlbase attribute
2908         https://bugs.webkit.org/show_bug.cgi?id=159926
2909
2910         Reviewed by Benjamin Poulain.
2911
2912         Drop SVGElement.xmlbase attribute as it is no longer part of the
2913         specification:
2914         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
2915
2916         Both Firefox and Chrome have already dropped support for
2917         SVGElement.xmlbase.
2918
2919         Chrome's intent to remove:
2920         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
2921
2922         Test: svg/dom/SVGElement-xmlbase.html
2923
2924         * svg/SVGElement.cpp:
2925         (WebCore::SVGElement::removedFrom): Deleted.
2926         * svg/SVGElement.h:
2927         * svg/SVGElement.idl:
2928
2929 2016-07-19  Chris Dumez  <cdumez@apple.com>
2930
2931         Align CSSStyleDeclaration.setProperty() with the specification
2932         https://bugs.webkit.org/show_bug.cgi?id=159955
2933
2934         Reviewed by Benjamin Poulain.
2935
2936         Align CSSStyleDeclaration.setProperty() with the specification:
2937         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
2938
2939         In particular, the following changes were needed:
2940         1. The 'value' parameter should not be optional
2941         2. The 'priority' parameter should treat null as the empty string
2942            rather than the string "null".
2943         3. The 'priority' parameter's default value should be the empty string,
2944            not the string "undefined".
2945         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
2946            is not the empty string and is not an ASCII case-insensitive match
2947            for the string "important".
2948
2949         Chrome matches the specification entirely.
2950         Firefox matches the specification with the exception that it does a
2951         case-sensitive match for "important".
2952
2953         Test: fast/css/CSSStyleDeclaration-setProperty.html
2954
2955         * css/CSSStyleDeclaration.idl:
2956         * css/PropertySetCSSStyleDeclaration.cpp:
2957         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
2958
2959 2016-07-19  Daniel Bates  <dabates@apple.com>
2960
2961         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
2962         https://bugs.webkit.org/show_bug.cgi?id=159841
2963         <rdar://problem/27381684>
2964
2965         Reviewed by Brent Fulgham.
2966
2967         Implement a first pass at sending multiple violation reports so as to more closely
2968         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
2969         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
2970
2971         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
2972                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
2973                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
2974                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2975                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2976                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
2977                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
2978                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
2979                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
2980                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2981                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2982                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
2983                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
2984                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
2985                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
2986                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2987                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2988                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
2989                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
2990                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
2991                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
2992                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
2993                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
2994                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
2995                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
2996                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
2997
2998         * page/csp/ContentSecurityPolicy.cpp:
2999         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
3000         is allowed by all of the policies with the specified disposition.
3001         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
3002         all of the enforced policies.
3003         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
3004         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
3005         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
3006         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
3007         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
3008         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
3009         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
3010         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
3011         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
3012         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
3013         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
3014         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
3015         report-only policies so that we only allow the resource for the former. As a side effect of this change
3016         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
3017         for more details.
3018         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
3019         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
3020         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
3021         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
3022         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
3023         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
3024         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
3025         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
3026         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
3027         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
3028         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
3029         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
3030         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
3031         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
3032         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
3033         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
3034         * page/csp/ContentSecurityPolicy.h:
3035         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
3036
3037 2016-07-19  Chris Dumez  <cdumez@apple.com>
3038
3039         Fix null handling of HTMLScriptElement.text attribute
3040         https://bugs.webkit.org/show_bug.cgi?id=159943
3041
3042         Reviewed by Benjamin Poulain.
3043
3044         Fix null handling of HTMLScriptElement.text attribute:
3045         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
3046
3047         We should treat null as the "null" String but we were treating it as
3048         the empty string.
3049
3050         Firefox and Chrome match the specification.
3051
3052         No new tests, rebaselined existing test.
3053
3054         * html/HTMLScriptElement.idl:
3055
3056 2016-07-19  Chris Dumez  <cdumez@apple.com>
3057
3058         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
3059         https://bugs.webkit.org/show_bug.cgi?id=159934
3060
3061         Reviewed by Benjamin Poulain.
3062
3063         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
3064         non-standard and we want to drop support for it from the bindings generator.
3065
3066         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
3067         given that both a missing/empty attribute result in using the default
3068         autocapitalization mode and that autocapitalize returns the empty string by
3069         default.
3070
3071         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
3072
3073         * html/HTMLFormElement.idl:
3074         * html/HTMLInputElement.idl:
3075         * html/HTMLTextAreaElement.idl:
3076
3077 2016-07-19  Zalan Bujtas  <zalan@apple.com>
3078
3079         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
3080         https://bugs.webkit.org/show_bug.cgi?id=159952
3081
3082         Reviewed by Simon Fraser.
3083
3084         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
3085         where the container (RenderView) of one of the dirty subtrees is dirty.
3086         See r203415.
3087  
3088         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
3089
3090         * page/FrameView.cpp:
3091         (WebCore::FrameView::scheduleRelayoutOfSubtree):
3092
3093 2016-07-19  Dean Jackson  <dino@apple.com>
3094
3095         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
3096         https://bugs.webkit.org/show_bug.cgi?id=159948
3097         <rdar://problem/27391012>
3098
3099         Reviewed by Simon Fraser.
3100
3101         There is an iOS bug (<rdar://problem/27416744>) that is causing us
3102         to not always get a color space on CGContextRefs. Investigation of this
3103         exposed some optimizations we can take when we are creating ImageBuffers.
3104         In particular, if we have a bitmap context or an IOSurfaceContext we
3105         can simply copy their color space using API. Otherwise we stick with
3106         the existing CGContextCopyDeviceColorSpace.
3107
3108         Lastly, if for some reason we are unable to copy the device color space,
3109         we should fall back to sRGB.
3110
3111         * platform/graphics/cg/ImageBufferCG.cpp:
3112         (WebCore::ImageBuffer::createCompatibleBuffer):
3113         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
3114
3115
3116 2016-07-19  George Ruan  <gruan@apple.com>
3117
3118         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
3119         https://bugs.webkit.org/show_bug.cgi?id=159833
3120         <rdar://problem/27379487>
3121
3122         Reviewed by Eric Carlson.
3123
3124         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
3125
3126         * WebCore.xcodeproj/project.pbxproj:
3127         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
3128         of RefPtr<T>
3129         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
3130         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
3131         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
3132         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
3133         observers and AVSampleBufferDisplayLayer
3134         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
3135         is available.
3136         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
3137         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
3138         for enqueuing sample buffers to the active video track.
3139         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
3140         exists.
3141         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
3142         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
3143         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
3144         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
3145         new SampleBuffer is available.
3146         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
3147         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
3148         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
3149         MediaPlayerPrivateMediaSourceAVFObjC.mm
3150         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
3151         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
3152         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
3153         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
3154         * platform/mediastream/MediaStreamPrivate.cpp:
3155         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
3156         * platform/mediastream/MediaStreamTrackPrivate.cpp:
3157         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
3158         is available.
3159         * platform/mediastream/MediaStreamTrackPrivate.h:
3160         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
3161         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
3162         * platform/mediastream/RealtimeMediaSource.cpp:
3163         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
3164         * platform/mediastream/RealtimeMediaSource.h:
3165         * platform/mediastream/mac/AVVideoCaptureSource.mm:
3166         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
3167
3168 2016-07-19  Anders Carlsson  <andersca@apple.com>
3169
3170         Get rid of a #define private public hack in WebCore
3171         https://bugs.webkit.org/show_bug.cgi?id=159953
3172
3173         Reviewed by Dan Bernstein.
3174
3175         Use @package instead.
3176
3177         * bindings/objc/DOMInternal.h:
3178         * bindings/objc/DOMObject.h:
3179
3180 2016-07-19  Andreas Kling  <akling@apple.com>
3181
3182         Fix SharedBuffer leak in MockContentFilter::replacementData().
3183         <https://webkit.org/b/159945>
3184
3185         Reviewed by Andy Estes.
3186
3187         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
3188         Since this is in the mock filter, it only affected layout tests.
3189
3190         * testing/MockContentFilter.cpp:
3191         (WebCore::MockContentFilter::replacementData):
3192
3193 2016-07-19  Zalan Bujtas  <zalan@apple.com>
3194
3195         theguardian.co.uk crossword puzzles are sometimes not displaying text
3196         https://bugs.webkit.org/show_bug.cgi?id=159924
3197         <rdar://problem/27409483>
3198
3199         Reviewed by Simon Fraser.
3200
3201         This patch fixes the case when
3202         - 2 disjoint subtrees are dirty
3203         - RenderView is also dirty.
3204         and we end up not laying out one of the 2 subtrees.
3205
3206         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
3207         we already have a pending full layout which means that any previous subtree layouts have already been
3208         converted to full layouts.
3209         However this assumption is incorrect. RenderView can get dirty without checking if there's
3210         already a pending subtree layout.
3211         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
3212         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
3213         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
3214         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
3215         This patch implements the second option.
3216
3217         Test: fast/misc/subtree-layouts.html
3218
3219         * page/FrameView.cpp:
3220         (WebCore::FrameView::scheduleRelayoutOfSubtree):
3221
3222 2016-07-19  Anders Carlsson  <andersca@apple.com>
3223
3224         Some payment authorization status values should keep the sheet active
3225         https://bugs.webkit.org/show_bug.cgi?id=159936
3226         rdar://problem/26756701
3227
3228         Reviewed by Tim Horton.
3229
3230         * Modules/applepay/ApplePaySession.cpp:
3231         (WebCore::ApplePaySession::completePayment):
3232         Keep the sheet active if the status isn't a final state status.
3233
3234         * Modules/applepay/PaymentAuthorizationStatus.h:
3235         (WebCore::isFinalStateStatus):
3236         Add a new helper function that returns whether a given payment authorization status is "final",
3237         meaning that once that status has been passed to completePayment, the session is finished.
3238
3239 2016-07-19  Nan Wang  <n_wang@apple.com>
3240
3241         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
3242         https://bugs.webkit.org/show_bug.cgi?id=159910
3243
3244         Reviewed by Chris Fleizach.
3245
3246         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
3247         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
3248         fixed a word navigation issue based on that.
3249
3250         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
3251
3252         * accessibility/AXObjectCache.cpp:
3253         (WebCore::AXObjectCache::traverseToOffsetInRange):
3254         (WebCore::AXObjectCache::rangeForNodeContents):
3255         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
3256         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
3257         (WebCore::AXObjectCache::rightWordRange):
3258         (WebCore::AXObjectCache::previousBoundary):
3259         * accessibility/AXObjectCache.h:
3260         (WebCore::AXObjectCache::isNodeInUse):
3261
3262 2016-07-19  Youenn Fablet  <youenn@apple.com>
3263
3264         [Streams API] ReadableStreamController methods should throw if its stream is not readable
3265         https://bugs.webkit.org/show_bug.cgi?id=159871
3266
3267         Reviewed by Xabier Rodriguez-Calvar.
3268
3269         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
3270         Covered by rebased and/or modified tests.
3271
3272         * Modules/streams/ReadableStreamController.js:
3273         (enqueue): Throwing a TypeError if controlled stream is not readable.
3274         (close): Ditto.
3275
3276 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
3277
3278         Bubbles appear split for a brief moment in Messages
3279         https://bugs.webkit.org/show_bug.cgi?id=159915
3280         rdar://problem/27182267
3281
3282         Reviewed by David Hyatt.
3283
3284         RenderView::repaintRootContents() had a long-standing bug in WebView when the
3285         view is scrolled. repaint() uses visualOverflowRect() but, for the 
3286         RenderView, the visualOverflowRect() is the initial containing block
3287         which is anchored at 0,0. When the view is scrolled it's clipped out and
3288         calls to repaintRootContents() have no effect.
3289         
3290         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
3291         will clip it to the view if necessary.
3292
3293         Test: fast/repaint/scrolled-view-full-repaint.html
3294
3295         * rendering/RenderView.cpp:
3296         (WebCore::RenderView::repaintRootContents):
3297
3298 2016-07-19  Dan Bernstein  <mitz@apple.com>
3299
3300         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
3301
3302         * bindings/js/JSDOMGlobalObject.cpp:
3303         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
3304
3305 2016-07-19  Youenn Fablet  <youenn@apple.com>
3306
3307         [Streams API] Make ReadableStream properties not enumerable
3308         https://bugs.webkit.org/show_bug.cgi?id=159868
3309
3310         Reviewed by Darin Adler.
3311
3312         Covered by rebased tests.
3313
3314         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
3315         Updating IDL constructor definitions to correctly compute constructor length.
3316         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
3317
3318         * Modules/streams/ReadableStream.idl:
3319         * Modules/streams/ReadableStream.js:
3320         * Modules/streams/ReadableStreamController.idl:
3321         * Modules/streams/ReadableStreamReader.idl:
3322
3323 2016-07-19  Chris Dumez  <cdumez@apple.com>
3324
3325         form.enctype / encoding / method should treat null as "null" string
3326         https://bugs.webkit.org/show_bug.cgi?id=159916
3327
3328         Reviewed by Ryosuke Niwa.
3329
3330         form.enctype / encoding / method should treat null as "null" string:
3331         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
3332
3333         Previously, WebKit would treat null as the null String, which would
3334         end up removing the existing attribute.
3335
3336         Firefox and Chrome match the specification.
3337
3338         Test: fast/dom/HTMLFormElement/null-handling.html
3339
3340         * html/HTMLFormElement.h:
3341         * html/HTMLFormElement.idl:
3342
3343 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
3344
3345         All-in-one buildfix after r202439
3346         https://bugs.webkit.org/show_bug.cgi?id=159877
3347
3348         Reviewed by Chris Dumez.
3349
3350         * Modules/webaudio/AudioDestinationNode.h:
3351         (WebCore::AudioDestinationNode::resume):
3352         (WebCore::AudioDestinationNode::suspend):
3353         (WebCore::AudioDestinationNode::close):
3354
3355 2016-07-18  Frederic Wang  <fwang@igalia.com>
3356
3357         Move parsing of subscriptshift and superscriptshift from rendering to element classes
3358         https://bugs.webkit.org/show_bug.cgi?id=159622
3359
3360         Reviewed by Darin Adler.
3361
3362         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
3363         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
3364         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
3365         attribute parsing to the DOM (bug 156536).
3366
3367         No new tests, rendering is unchanged.
3368
3369         * CMakeLists.txt: Add MathMLScriptsElement files.
3370         * WebCore.xcodeproj/project.pbxproj: Ditto.
3371         * mathml/MathMLAllInOne.cpp: Ditto.
3372         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
3373         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
3374         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
3375         parsing for the subscriptshift and superscriptshift MathML lengths.
3376         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
3377         (WebCore::MathMLScriptsElement::create):
3378         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
3379         parsing the attribute again if necessary.
3380         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
3381         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
3382         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
3383         * mathml/MathMLScriptsElement.h: Ditto.
3384         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
3385         * rendering/mathml/RenderMathMLScripts.cpp:
3386         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
3387         MathMLScriptsElement.
3388         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
3389         using the functions from the MathMLScriptsElement class.
3390         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
3391
3392 2016-07-18  Frederic Wang  <fwang@igalia.com>
3393
3394         Do not store gap and shift parameters on RenderMathMLFraction
3395         https://bugs.webkit.org/show_bug.cgi?id=159876
3396
3397         Reviewed by Darin Adler.
3398
3399         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
3400         do not need to store them on the class. We remove them and split updateLayoutParameters into
3401         three functions: one to update the linethickness and two others to retrieve the fraction and
3402         stack respectively.
3403
3404         No new tests, rendering is unchanged.