REGRESSION (r230574): Interrupted hardware transitions don't behave correctly

[WebKit-https.git] / Source / WebCore / ChangeLog

2018-05-16  Antoine Quint  <graouts@apple.com>

        REGRESSION (r230574): Interrupted hardware transitions don't behave correctly
        https://bugs.webkit.org/show_bug.cgi?id=185299
        <rdar://problem/39630230>

        Reviewed by Simon Fraser.

        In r230574, the fix for webkit.org/b/184518, we changed the processing order in GraphicsLayerCA::updateAnimations() to first
        process m_uncomittedAnimations and then m_animationsToProcess, so we are guaranteed animations exist before we attempt to pause
        or seek them. This broke interrupting and resuming hardware animations (such as an interrupted CSS Transition or an animation
        running in a non-visible tab) since a pause operation recorded _before_ an animation was added would be paused anyway since
        the animation was now first added, and then paused. The fix is simply to clear any pending AnimationProcessingAction for a
        newly-uncommitted animation.

        Test: transitions/interrupted-transition-hardware.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::createAnimationFromKeyframes):
        (WebCore::GraphicsLayerCA::appendToUncommittedAnimations):
        (WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes):
        * platform/graphics/ca/GraphicsLayerCA.h:
        (WebCore::GraphicsLayerCA::LayerPropertyAnimation::LayerPropertyAnimation):

2018-05-15  Yusuke Suzuki  <utatane.tea@gmail.com>

        [JSC] Check TypeInfo first before calling getCallData when we would like to check whether given object is a function
        https://bugs.webkit.org/show_bug.cgi?id=185601

        Reviewed by Saam Barati.

        No behavior change.

        * Modules/plugins/QuickTimePluginReplacement.mm:
        (WebCore::QuickTimePluginReplacement::ensureReplacementScriptInjected):
        * bindings/js/JSCustomElementRegistryCustom.cpp:
        (WebCore::getCustomElementCallback):
        * bindings/js/JSDOMConstructorBase.h:
        * bindings/js/JSDOMConvertCallbacks.h:
        (WebCore::Converter<IDLCallbackFunction<T>>::convert):
        * bindings/js/JSDOMPromise.cpp:
        (WebCore::DOMPromise::whenSettled):
        * bindings/js/ReadableStream.cpp:
        (WebCore::ReadableStream::pipeTo):
        (WebCore::ReadableStream::tee):
        * bindings/js/ReadableStreamDefaultController.cpp:
        (WebCore::ReadableStreamDefaultController::invoke):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateHeader):
        (GenerateOverloadDispatcher):
        * bindings/scripts/test/JS/JSTestObj.h:
        * bindings/scripts/test/JS/JSTestPluginInterface.h:
        * bridge/objc/objc_runtime.h:
        * bridge/runtime_method.h:
        * bridge/runtime_object.h:
        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
        * testing/Internals.cpp:
        (WebCore::Internals::parserMetaData):
        (WebCore::Internals::cloneArrayBuffer):

2018-05-15  Matt Baker  <mattbaker@apple.com>

        Web Inspector: element details hanger in inspector overlay should have better placement logic
        https://bugs.webkit.org/show_bug.cgi?id=128482
        <rdar://problem/16020709>

        Reviewed by Timothy Hatcher.

        When determining the best position for the hovered element details "tooltip",
        perform placement tests in view space, not canvas space, and account for the
        top content inset.

        * inspector/InspectorOverlayPage.js:
        (reset): Drive by fix: added missing `.height`.
        (_drawElementTitle):

2018-05-15  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r231765.
        https://bugs.webkit.org/show_bug.cgi?id=185668

        the layout test added with this change is very flaky
        (Requested by realdawei on #webkit).

        Reverted changeset:

        "REGRESSION (r230574): Interrupted hardware transitions don't
        behave correctly"
        https://bugs.webkit.org/show_bug.cgi?id=185299
        https://trac.webkit.org/changeset/231765

2018-05-15  Devin Rousso  <webkit@devinrousso.com>

        Web Inspector: Add rulers and guides
        https://bugs.webkit.org/show_bug.cgi?id=32263
        <rdar://problem/19281564>

        Reviewed by Matt Baker.

        This patch is purely a visual change for WebInspector, and doesn't affect anything else.

        * inspector/InspectorOverlay.h:
        * inspector/InspectorOverlay.cpp:
        (WebCore::InspectorOverlay::update):
        (WebCore::InspectorOverlay::reset):
        (WebCore::InspectorOverlay::drawGutter): Deleted.

        * inspector/InspectorOverlayPage.html:
        * inspector/InspectorOverlayPage.js:
        (Bounds): Added.
        (Bounds.prototype.get minX): Added.
        (Bounds.prototype.get minY): Added.
        (Bounds.prototype.get maxX): Added.
        (Bounds.prototype.get maxY): Added.
        (Bounds.prototype.update): Added.
        (drawNodeHighlight):
        (drawQuadHighlight):
        (reset):
        (_isolateActions): Added.
        (_quadToPath): Added.
        (_quadToPath.parseQuadPoint): Added.
        (_drawOutlinedQuad): Added.
        (_drawPath): Added.
        (_drawPath.parsePoints): Added.
        (_drawOutlinedQuadWithClip): Added.
        (_drawElementTitle):
        (_drawShapeHighlight):
        (_drawFragmentHighlight):
        (_drawRulers): Added.
        (quadToPath): Deleted.
        (drawOutlinedQuad): Deleted.
        (pathCommand): Deleted.
        (drawPath): Deleted.
        (drawOutlinedQuadWithClip): Deleted.
        (drawGutter): Deleted.
        * inspector/InspectorOverlayPage.css:
        (#log): Added.
        (#right-gutter): Deleted.
        (#bottom-gutter): Deleted.

2018-05-15  Jer Noble  <jer.noble@apple.com>

        Media continues loading after rendered invisible (removed from DOM; scrolled off screen)
        https://bugs.webkit.org/show_bug.cgi?id=185487

        Reviewed by Eric Carlson.

        Test: media/video-buffering-allowed.html

        When a media element is removed from the dom (e.g. through innerHTML=""), it doesn't
        necessarily stop loading media data; it will continue to do so until its destructor is
        called through garbage collection. Similarly, when a media element is rendered not-visible
        by being scrolled off-screen or being made display:none, media loading continues. There
        are legitimate use cases for out-of-DOM media loading, so only temporarily block loading
        when the element transitions out of the document. Similarly, only block loading for non-visible
        media elements when returning from the "page is hidden" state, and only until the media
        element is asked to play or is otherwise made visible.

        Note: this refactors a lot of code out of PlatformMediaSession and into MediaElementSession,
        since this code is specific to "media elements".

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::HTMLMediaElement):
        (WebCore::HTMLMediaElement::insertedIntoAncestor):
        (WebCore::HTMLMediaElement::removedFromAncestor):
        (WebCore::HTMLMediaElement::playInternal):
        (WebCore::HTMLMediaElement::stopWithoutDestroyingMediaPlayer):
        (WebCore::HTMLMediaElement::resume):
        (WebCore::HTMLMediaElement::visibilityStateChanged):
        (WebCore::HTMLMediaElement::createMediaPlayer):
        (WebCore::HTMLMediaElement::setShouldBufferData):
        (WebCore::HTMLMediaElement::purgeBufferedDataIfPossible):
        (WebCore::HTMLMediaElement::isVisibleInViewportChanged):
        (WebCore::HTMLMediaElement::fullscreenModeChanged):
        (WebCore::HTMLMediaElement::setInActiveDocument):
        * html/HTMLMediaElement.h:
        (WebCore::HTMLMediaElement::shouldBufferData const):
        (WebCore::HTMLMediaElement::elementIsHidden const):
        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::MediaElementSession):
        (WebCore::MediaElementSession::clientWillBeginAutoplaying):
        (WebCore::MediaElementSession::clientWillBeginPlayback):
        (WebCore::MediaElementSession::clientWillPausePlayback):
        (WebCore::MediaElementSession::visibilityChanged):
        (WebCore::MediaElementSession::isVisibleInViewportChanged):
        (WebCore::MediaElementSession::inActiveDocumentChanged):
        (WebCore::MediaElementSession::scheduleClientDataBufferingCheck):
        (WebCore::MediaElementSession::clientDataBufferingTimerFired):
        (WebCore::MediaElementSession::updateClientDataBuffering):
        (WebCore::MediaElementSession::dataBufferingPermitted const):
        (WebCore::MediaElementSession::wantsToObserveViewportVisibilityForAutoplay const):
        * html/MediaElementSession.h:
        * platform/audio/PlatformMediaSession.cpp:
        (WebCore::PlatformMediaSession::PlatformMediaSession):
        (WebCore::PlatformMediaSession::clientWillBeginAutoplaying):
        (WebCore::PlatformMediaSession::clientWillBeginPlayback):
        (WebCore::PlatformMediaSession::clientWillPausePlayback):
        (): Deleted.
        (WebCore::PlatformMediaSession::visibilityChanged): Deleted.
        (WebCore::PlatformMediaSession::scheduleClientDataBufferingCheck): Deleted.
        (WebCore::PlatformMediaSession::clientDataBufferingTimerFired): Deleted.
        (WebCore::PlatformMediaSession::updateClientDataBuffering): Deleted.
        (WebCore::PlatformMediaSession::isHidden const): Deleted.
        * platform/audio/PlatformMediaSession.h:
        (WebCore::PlatformMediaSessionClient::setShouldBufferData): Deleted.
        (WebCore::PlatformMediaSessionClient::elementIsHidden const): Deleted.
        * platform/audio/PlatformMediaSessionManager.cpp:
        (WebCore::PlatformMediaSessionManager::sessionCanLoadMedia const): Deleted.
        * platform/audio/PlatformMediaSessionManager.h:
        * platform/audio/ios/MediaSessionManagerIOS.h:
        * platform/audio/ios/MediaSessionManagerIOS.mm:
        (WebCore::MediaSessionManageriOS::sessionCanLoadMedia const): Deleted.
        * rendering/RenderVideo.cpp:
        (WebCore::RenderVideo::willBeDestroyed):
        * testing/Internals.cpp:
        (WebCore::Internals::elementShouldBufferData):
        * testing/Internals.h:
        * testing/Internals.idl:

2018-05-15  Charles Vazac  <cvazac@gmail.com>

        Add the PerformanceServerTiming Interface which makes Server-Timing header timing values available to JavaScript running in the browser.
        https://bugs.webkit.org/show_bug.cgi?id=175569

        Reviewed by Youenn Fablet.

        Tests were imported from web-platform-tests: WebKit/LayoutTests/imported/w3c/web-platform-tests/server-timing/*

        * Sources.txt: Added references to HeaderFieldTokenizer.cpp, ServerTiming.cpp, and ServerTimingParser.cpp.
        * WebCore.xcodeproj/project.pbxproj: Added various files.
        * loader/HeaderFieldTokenizer.cpp: Added.
        (WebCore::HeaderFieldTokenizer::HeaderFieldTokenizer): Added class for tokenizing header values.
        (WebCore::HeaderFieldTokenizer::consume): Added method to consume a specified character.
        (WebCore::HeaderFieldTokenizer::consumeQuotedString): Added method to consume a quote-string.
        (WebCore::HeaderFieldTokenizer::consumeToken): Added a method to consume a token.
        (WebCore::HeaderFieldTokenizer::consumeTokenOrQuotedString): Added method to consume a quote-string or quote-string, depending on net character.
        (WebCore::HeaderFieldTokenizer::skipSpaces): Added method to skip whitespace.
        (WebCore::HeaderFieldTokenizer::consumeBeforeAnyCharMatch): Added method to advance the cursor up until any of a list of characters.
        * loader/HeaderFieldTokenizer.h: Added.
        * loader/HTTPHeaderField.cpp: Expose isTokenCharacter and isWhitespace.
        * loader/HTTPHeaderField.h: Expose isTokenCharacter and isWhitespace.
        * loader/PolicyChecker.cpp: Added #include so source compiled on my machine.
        * loader/ResourceTiming.cpp:
        (WebCore::ResourceTiming::ResourceTiming): Added call to initServerTiming to parse the header.
        (WebCore::ResourceTiming::initServerTiming): Added method to parse the header.
        (WebCore::ResourceTiming::populateServerTiming): Added method to populate the server timing entries on a PerformanceResourceTiming object.
        (WebCore::ResourceTiming::isolatedCopy const): Added code to copy over the server timing entries.
        * loader/ResourceTiming.h:
        (WebCore::ResourceTiming::ResourceTiming): Accept collection of server timing entries in c'tor.
        * loader/ServerTiming.cpp: Added.
        (WebCore::ServerTiming::setParameter): Set named parameters, ignoring unrecognized or duplicates.
        (WebCore::ServerTiming::isolatedCopy const): Return a new pointer to the object.
        * loader/ServerTiming.h: Added.
        (WebCore::ServerTiming::ServerTiming): Added struct for the data needed by a server timing entry.
        (WebCore::ServerTiming::name const): Added name field of a server timing entry.
        (WebCore::ServerTiming::duration const): Added duration field of a server timing entry.
        (WebCore::ServerTiming::description const): Added description field of a server timing entry.
        * loader/ServerTimingParser.cpp: Added.
        (WebCore::ServerTimingParser::parseServerTiming): Parses the header generating a collection of server timing structs.
        * loader/ServerTimingParser.h: Added.
        * loader/WorkerThreadableLoader.h: Fix build.
        * page/Performance.cpp:
        (WebCore::Performance::addResourceTiming): Fixed a typo.
        * page/PerformanceResourceTiming.cpp:
        (WebCore::PerformanceResourceTiming::PerformanceResourceTiming): Given a ResourceTiming object, populate our collection of PerformanceServerTiming objects.
        * page/PerformanceResourceTiming.h: Added serverTiming member and getter.
        * page/PerformanceResourceTiming.idl: Added serverTiming member to interface.
        * platform/network/HTTPHeaderNames.in: Added "Server-Timing" to the header enum.
        * platform/network/ResourceResponseBase.cpp: Added "Server-Timing" to isSafeCrossOriginResponseHeader whitelist.

2018-05-15  Brady Eidson  <beidson@apple.com>

        Fix crash after a Worker terminates but there are still IDB transactions the server is trying to open for it.
        <rdar://problem/33744241> and https://bugs.webkit.org/show_bug.cgi?id=185653

        Reviewed by Andy Estes.

        Test: storage/indexeddb/modern/worker-transaction-open-after-worker-stop.html

        * Modules/indexeddb/client/IDBConnectionProxy.cpp:
        (WebCore::IDBClient::IDBConnectionProxy::didStartTransaction): It's okay to not be able to find a pending TX
          that the server has started. e.g. When it was a WebWorker that asked for the TX but it has since terminated.

2018-05-15  Thomas Klausner  <tk@giga.or.at>

        Add missing header to fix build.
        https://bugs.webkit.org/show_bug.cgi?id=185378

        Reviewed by Michael Catanzaro.

        * platform/network/soup/SoupNetworkSession.h:

2018-05-15  Carlos Alberto Lopez Perez  <clopez@igalia.com>

        [WPE] Build failure with RPi userland drivers and gstreamer-gl
        https://bugs.webkit.org/show_bug.cgi?id=185639

        Reviewed by Philippe Normand.

        When building for the RPi with userland drivers (dispmanx) override the
        value of GST_GL_HAVE_GLSYNC to 1 to avoid that the gstreamer-gl headers
        try to redefine the GLsync type that is already defined in libepoxy.

        Defining __gl2_h_ is also needed to avoid other conflicting type
        definitions that happen between libepoxy and RPi GLES2 userland
        headers when the gstreamer-gl headers are included.

        The issue doesn't happen with 1.14.0, so a check for that is added
        as well.

        No new tests, no behavior change. It is a build fix.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:

2018-05-15  Michael Catanzaro  <mcatanzaro@igalia.com>

        Unreviewed, rolling out r230749

        This did not work as desired.

        * platform/UserAgentQuirks.cpp:
        (WebCore::urlRequiresMacintoshPlatform):

2018-05-15  Dirk Schulze  <krit@webkit.org>

        Add new SVGDOM SVGFEBLEND constants
        https://bugs.webkit.org/show_bug.cgi?id=185581

        Reviewed by Simon Fraser.

        Provide new SVG DOM constants for the new blend modes added to feBlend.

        https://drafts.fxtf.org/filter-effects-1/#InterfaceSVGFEBlendElement

        * platform/graphics/GraphicsTypes.cpp:
        (WebCore::blendModeName):
        * platform/graphics/GraphicsTypes.h:
        * svg/SVGFEBlendElement.h:
        (WebCore::SVGPropertyTraits<BlendMode>::highestEnumValue):
        (WebCore::SVGPropertyTraits<BlendMode>::toString):
        * svg/SVGFEBlendElement.idl:

2018-05-15  Antoine Quint  <graouts@apple.com>

        [Web Animations] Expose Web Animations CSS integration as an experimental feature
        https://bugs.webkit.org/show_bug.cgi?id=185647

        Reviewed by Dean Jackson.

        Make the Web Animations CSS integration flag an experimental feature, and only indicate that it is on if the Web Animations
        experimental feature is also enabled.

        * dom/Document.cpp:
        (WebCore::Document::didBecomeCurrentDocumentInFrame):
        (WebCore::Document::resume):
        * dom/Element.cpp:
        (WebCore::Element::removedFromAncestor):
        * dom/PseudoElement.cpp:
        (WebCore::PseudoElement::clearHostElement):
        * history/CachedFrame.cpp:
        (WebCore::CachedFrameBase::restore):
        * page/Frame.cpp:
        (WebCore::Frame::clearTimers):
        * page/FrameView.cpp:
        (WebCore::FrameView::didDestroyRenderTree):
        * page/Page.cpp:
        (WebCore::Page::handleLowModePowerChange):
        (WebCore::Page::setIsVisibleInternal):
        (WebCore::Page::hiddenPageCSSAnimationSuspensionStateChanged):
        * page/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setWebAnimationsCSSIntegrationEnabled):
        (WebCore::RuntimeEnabledFeatures::webAnimationsCSSIntegrationEnabled const):
        (WebCore::RuntimeEnabledFeatures::setCSSAnimationsAndCSSTransitionsBackedByWebAnimationsEnabled): Deleted.
        (WebCore::RuntimeEnabledFeatures::cssAnimationsAndCSSTransitionsBackedByWebAnimationsEnabled const): Deleted.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::currentTransform const):
        (WebCore::RenderLayer::calculateClipRects const):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::updateGeometry):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::requiresCompositingForAnimation const):
        (WebCore::RenderLayerCompositor::isRunningTransformAnimation const):
        * rendering/updating/RenderTreeUpdater.cpp:
        (WebCore::RenderTreeUpdater::tearDownRenderers):
        * style/StyleTreeResolver.cpp:
        (WebCore::Style::TreeResolver::createAnimatedElementUpdate):
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::webAnimationsCSSIntegrationEnabled):
        (WebCore::InternalSettings::cssAnimationsAndCSSTransitionsBackedByWebAnimationsEnabled): Deleted.
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:
        * testing/Internals.cpp:
        (WebCore::Internals::numberOfActiveAnimations const):
        (WebCore::Internals::animationsAreSuspended const):
        (WebCore::Internals::animationsInterval const):
        (WebCore::Internals::suspendAnimations const):
        (WebCore::Internals::resumeAnimations const):

2018-05-15  David Kilzer  <ddkilzer@apple.com>

        Fix -Wreturn-std-move warnings in WebKit found by new clang compiler
        <https://webkit.org/b/185621>

        Reviewed by Youenn Fablet.

        Fix warnings like the following:

            In file included from DerivedSources/WebCore/unified-sources/UnifiedSource139.cpp:5:
            ./Modules/mediastream/PeerConnectionBackend.cpp:412:16: error: local variable 'sdp' will be copied despite being returned by name [-Werror,-Wreturn-std-move]
                    return sdp;
                           ^~~
            ./Modules/mediastream/PeerConnectionBackend.cpp:412:16: note: call 'std::move' explicitly to avoid copying
                    return sdp;
                           ^~~
                           std::move(sdp)
            1 error generated.

        * Modules/mediastream/PeerConnectionBackend.cpp:
        (WebCore::PeerConnectionBackend::filterSDP const):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::rangeClosestToRange):
        * bindings/js/JSDOMConvertSequences.h:
        (WebCore::Detail::GenericSequenceConverter::convert):
        (WebCore::Detail::NumericSequenceConverter::convertArray):
        * bindings/js/JSDOMConvertStrings.cpp:
        (WebCore::stringToByteString):
        (WebCore::stringToUSVString):
        - Use WTFMove() in return statements to fix the warnings.

2018-05-14  Dean Jackson  <dino@apple.com>

        Download and present System Preview
        https://bugs.webkit.org/show_bug.cgi?id=185459
        <rdar://problem/40079228>

        Reviewed by Tim Horton.

        If an <a> is a system preview, tell the resource request about it.

        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::handleClick):

2018-05-15  Antti Koivisto  <antti@apple.com>

        animation-play-state: paused causes very high cpu load because of style invalidation loop
        https://bugs.webkit.org/show_bug.cgi?id=182436
        <rdar://problem/37182562>

        Reviewed by Dean Jackson.

        Test: animations/animation-playstate-paused-style-resolution.html

        If the style of an element with 'animation-play-state: paused' is recomputed so it stays
        paused we would enter zero-duration animation timer loop.

        * page/animation/AnimationBase.cpp:
        (WebCore::AnimationBase::updateStateMachine):

        Don't move to AnimationState::PausedWaitResponse unless we get AnimationStateInput::StyleAvailable
        (matching the comments). Otherwise just stay in the existing paused state.

        Remove AnimationStateInput::StartAnimation from assertion as the case can't happen.

2018-05-14  Youenn Fablet  <youenn@apple.com>

        readableStreamDefaultControllerError should return early if stream is not readable
        https://bugs.webkit.org/show_bug.cgi?id=185602

        Reviewed by Chris Dumez.

        Return early if stream is not readable in @readableStreamDefaultControllerError.
        Update call sites to no longer check for ReadableStream state.
        Covered by unflaked and rebased tests.

        * Modules/streams/ReadableStreamDefaultController.js:
        (error):
        * Modules/streams/ReadableStreamInternals.js:
        (readableStreamDefaultControllerError):
        (readableStreamDefaultControllerCallPullIfNeeded):

2018-05-14  Zalan Bujtas  <zalan@apple.com>

        [LFC] Implement width computation for non-replaced block level inflow elements.
        https://bugs.webkit.org/show_bug.cgi?id=185641

        Reviewed by Sam Weinig.

        Block level inflow elements participate in block formatting context.

        * layout/FormattingContext.cpp:
        (WebCore::Layout::FormattingContext::computeWidth const):
        * layout/FormattingContext.h:
        * layout/blockformatting/BlockFormattingContext.cpp:
        (WebCore::Layout::BlockFormattingContext::computeInFlowWidth const):
        * layout/blockformatting/BlockFormattingContext.h:
        * layout/inlineformatting/InlineFormattingContext.cpp:
        (WebCore::Layout::InlineFormattingContext::computeInFlowWidth const):
        * layout/inlineformatting/InlineFormattingContext.h:

2018-05-14  Wenson Hsieh  <wenson_hsieh@apple.com>

        Unreviewed, fix the iOS build after r231779

        Also address a minor in-person review comment by returning "extrazoom" instead of the empty string.

        * page/DisabledAdaptations.cpp:
        (WebCore::extraZoomModeAdaptationName):

2018-05-14  Zalan Bujtas  <zalan@apple.com>

        [LFC] FormattingContext:computeOutOfFlowNonReplacedHeight/Width should use the computed margins/paddings/borders
        https://bugs.webkit.org/show_bug.cgi?id=185633

        Reviewed by Sam Weinig.

        By the time we start computing height and width, DisplayBox should already have the computed values for margin/padding/border.

        * layout/FormattingContext.cpp:
        (WebCore::Layout::FormattingContext::computeOutOfFlowNonReplacedHeight const):
        (WebCore::Layout::FormattingContext::computeOutOfFlowNonReplacedWidth const):
        * layout/displaytree/DisplayBox.h:
        (WebCore::Display::Box::paddingTop const):
        (WebCore::Display::Box::paddingLeft const):
        (WebCore::Display::Box::paddingBottom const):
        (WebCore::Display::Box::paddingRight const):
        (WebCore::Display::Box::borderTop const):
        (WebCore::Display::Box::borderLeft const):
        (WebCore::Display::Box::borderBottom const):
        (WebCore::Display::Box::borderRight const):

2018-05-14  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Extra zoom mode] Google search results are excessively zoomed in
        https://bugs.webkit.org/show_bug.cgi?id=185347
        <rdar://problem/39999778>

        Reviewed by Tim Horton.

        It turns out that basing minimum layout size and shrink-to-fit behaviors off of the `shrink-to-fit` viewport
        argument poses compatibility risks with web pages that already specify `shrink-to-fit` to opt out of default
        viewport shrinking behaviors in 1/3 multitasking mode on iPad.

        One way to resolve this is to introduce a new viewport meta content attribute to disable viewport heuristics in
        extra zoom mode. However, combined shrink-to-fit and minimum device width behaviors are difficult to describe
        using a single backwards-compatible viewport meta content attribute, and the need to suppress the default
        behavior of `shrink-to-fit=no` if such an attribute is not disabled further muddles our viewport story.

        After some internal deliberation, we’ve decided to experiment with a new meta tag named "disabled-adaptations".
        The content of this meta tag is a comma-separated list of adaptation names; if an adaptation name matches a
        known adaptation type (for instance, extra zoom mode), we disable the class of behaviors used to adapt web
        content. The first and only known adaptation type is extra zoom mode, which affects `shrink-to-fit` and layout
        size adjustments.

        See per-method changes below for more details.

        Test: fast/viewport/extrazoom/viewport-disable-extra-zoom-adaptations.html

        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/Document.cpp:
        (WebCore::Document::processDisabledAdaptations):
        * dom/Document.h:
        (WebCore::Document::disabledAdaptations const):

        Add disabled adaptations to Document. Changes to disabled adaptations are not propagated if the parsed disabled
        adaptation types don't change; upon changing adaptation types, notify the client to adjust for the new disabled
        adaptations (currently, this only affects the viewport configuration).

        * dom/ViewportArguments.h:
        * html/HTMLMetaElement.cpp:
        (WebCore::HTMLMetaElement::process):
        * html/parser/HTMLPreloadScanner.cpp:
        (WebCore::TokenPreloadScanner::StartTagScanner::StartTagScanner):
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttributes):
        (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::commitProvisionalLoad):

        Restore the set of disabled adaptations when restoring a page from the cache.

        * page/Chrome.cpp:
        (WebCore::Chrome::dispatchDisabledAdaptationsDidChange const):
        * page/Chrome.h:
        * page/ChromeClient.h:

        Add plumbing for changes to the set of disabled adaptations.

        * page/DisabledAdaptations.cpp: Added.
        (WebCore::extraZoomModeAdaptationName):
        * page/DisabledAdaptations.h: Added.

        Introduce a header containing a new enum for the extra zoom mode adaptation, as well as a helper function to
        return the extra zoom mode adaptation name.

        * page/Page.cpp:
        (WebCore::Page::disabledAdaptations const):

        Returns the mainframe's set of adaptations to disable.

        * page/Page.h:
        * page/RemoteFrame.h:
        * page/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setDisabledAdaptationsMetaTagEnabled):
        (WebCore::RuntimeEnabledFeatures::disabledAdaptationsMetaTagEnabled const):

        Add a new runtime feature to gate handling the "disabled-adaptations" meta tag.

        * page/ViewportConfiguration.cpp:
        (WebCore::shouldOverrideShrinkToFitArgument):
        (WebCore::needsUpdateAfterChangingDisabledAdaptations):
        (WebCore::ViewportConfiguration::setDisabledAdaptations):
        (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthAndShrinkToFit const):

        Consult whether or not extra zoom mode adaptations are disabled, instead of the shrink-to-fit attribute value.

        (WebCore::ViewportConfiguration::updateConfiguration):
        * page/ViewportConfiguration.h:

        Add an OptionSet of disabled adaptation types to ViewportConfiguration. Updates to the adaptation type are
        propagated to the ViewportConfiguration from Document, through the ChromeClient and the client layer (refer to
        changes in WebKit). Once the OptionSet is changed, we recompute the viewport configuration only if needed by the
        platform.

        (WebCore::ViewportConfiguration::viewLayoutSize const):
        (WebCore::ViewportConfiguration::disabledAdaptations const):
        * page/WindowFeatures.cpp:
        (WebCore::parseDisabledAdaptations):
        * page/WindowFeatures.h:

        Add a new helper to parse the meta content of a "disabled-adaptations" tag as an OptionSet of disabled
        adaptation types. The string is parsed by first splitting on the comma character, and then iterating over lower
        case, whitespace-stripped tokens to look for known adaptation names. So far, only extra zoom mode is supported.

        * testing/Internals.cpp:
        (WebCore::Internals::extraZoomModeAdaptationName const):
        * testing/Internals.h:
        * testing/Internals.idl:

        Expose the extra zoom mode adaptation name to the DOM, only when running layout tests.

2018-05-14  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: Listbox and Combobox roles embedded in labels should participate in name calculation
        https://bugs.webkit.org/show_bug.cgi?id=185521

        Reviewed by Chris Fleizach.

        Take selected children into account when computing the name in accessibleNameForNode.
        Add ListBox to the roles for which accessibleNameDerivesFromContent returns false so
        that native select elements with size > 1 are treated the same way as ARIA listbox.
        Also add ListBox to the roles which are treated as controls when used in ARIA. Finally,
        prevent labels which contain unrelated controls from being used as an AXTitleUIElement.
        This causes us to build a string from the label and its descendants, ensuring the latter
        participate in the name calculation.

        Test: accessibility/text-alternative-calculation-from-listbox.html

        * accessibility/AccessibilityLabel.cpp:
        (WebCore::childrenContainUnrelatedControls):
        (WebCore::AccessibilityLabel::containsUnrelatedControls const):
        * accessibility/AccessibilityLabel.h:
        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::accessibleNameForNode):
        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::accessibleNameDerivesFromContent const):
        (WebCore::AccessibilityObject::isARIAControl):
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::exposesTitleUIElement const):
        (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const):

2018-05-14  Antoine Quint  <graouts@apple.com>

        [Web Animations] Tests using the new animation engine may crash under WebCore::FrameView::didDestroyRenderTree when using internals methods
        https://bugs.webkit.org/show_bug.cgi?id=185612
        <rdar://problem/39579344>

        Reviewed by Dean Jackson.

        Add a new internals.pseudoElement() method to obtain a pseudo element matching a given pseudo-id. This is necessary to be able to move off
        internals.pauseTransitionAtTimeOnPseudoElement() and internals.pauseAnimationAtTimeOnPseudoElement() for Web Animations testing.

        * testing/Internals.cpp:
        (WebCore::Internals::pseudoElement):
        * testing/Internals.h:
        * testing/Internals.idl:

2018-05-14  Antoine Quint  <graouts@apple.com>

        REGRESSION (r230574): Interrupted hardware transitions don't behave correctly
        https://bugs.webkit.org/show_bug.cgi?id=185299
        <rdar://problem/39630230>

        Reviewed by Simon Fraser.

        In r230574, the fix for webkit.org/b/184518, we changed the processing order in GraphicsLayerCA::updateAnimations() to first
        process m_uncomittedAnimations and then m_animationsToProcess, so we are guaranteed animations exist before we attempt to pause
        or seek them. This broke interrupting and resuming hardware animations (such as an interrupted CSS Transition or an animation
        running in a non-visible tab) since a pause operation recorded _before_ an animation was added would be paused anyway since
        the animation was now first added, and then paused. The fix is simply to clear any pending AnimationProcessingAction for a
        newly-uncommitted animation.

        Test: transitions/interrupted-transition-hardware.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::createAnimationFromKeyframes):
        (WebCore::GraphicsLayerCA::appendToUncommittedAnimations):
        (WebCore::GraphicsLayerCA::createTransformAnimationsFromKeyframes):
        * platform/graphics/ca/GraphicsLayerCA.h:
        (WebCore::GraphicsLayerCA::LayerPropertyAnimation::LayerPropertyAnimation):

2018-05-14  Thibault Saunier  <tsaunier@igalia.com>

        [GStreamer] Fix style issue in MediaPlayerPrivateGStreamerBase
        https://bugs.webkit.org/show_bug.cgi?id=185510

        Reviewed by Philippe Normand.

        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:629:  More than one command on the same line  [whitespace/newline] [4]
        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:684:  More than one command on the same line  [whitespace/newline] [4]
        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:807:  More than one command on the same line  [whitespace/newline] [4]

        Indentation and style issue fixed only.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::volumeChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamerBase::muteChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):

2018-05-14  Zalan Bujtas  <zalan@apple.com>

        [LFC] Implement height computation for non-replaced out of flow elements.
        https://bugs.webkit.org/show_bug.cgi?id=185585

        Reviewed by Antti Koivisto.

        * layout/FormattingContext.cpp:
        (WebCore::Layout::FormattingContext::computeHeight const):
        (WebCore::Layout::FormattingContext::computeOutOfFlowHeight const):
        (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
        (WebCore::Layout::FormattingContext::computeOutOfFlowNonReplacedHeight const):
        (WebCore::Layout::FormattingContext::computeHeightForBlockFormattingContextRootWithAutoHeight const):
        * layout/FormattingContext.h:
        * layout/blockformatting/BlockFormattingContext.h:
        * layout/displaytree/DisplayBox.h:

2018-05-14  Manuel Rego Casasnovas  <rego@igalia.com>

        Renaming of overrides in LayoutBox
        https://bugs.webkit.org/show_bug.cgi?id=185609

        Reviewed by Javier Fernandez.

        The names of the methods for the overrides were not consistent,
        this patch fixes it by using the same structure in all the cases.

        No new tests, no change of behavior.

        * rendering/GridLayoutFunctions.cpp:
        (WebCore::GridLayoutFunctions::hasOverrideContainingBlockContentSizeForChild):
        * rendering/GridTrackSizingAlgorithm.cpp:
        (WebCore::GridTrackSizingAlgorithmStrategy::logicalHeightForChild const):
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::computeChildPreferredLogicalWidths const):
        (WebCore::RenderBlock::availableLogicalHeightForPercentageComputation const):
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::fitBorderToLinesIfNeeded):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlockFlow::updateRubyForJustifiedText):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::willBeDestroyed):
        (WebCore::RenderBox::hasOverrideContentLogicalHeight const):
        (WebCore::RenderBox::hasOverrideContentLogicalWidth const):
        (WebCore::RenderBox::setOverrideContentLogicalHeight):
        (WebCore::RenderBox::setOverrideContentLogicalWidth):
        (WebCore::RenderBox::clearOverrideContentLogicalHeight):
        (WebCore::RenderBox::clearOverrideContentLogicalWidth):
        (WebCore::RenderBox::clearOverrideContentSize):
        (WebCore::RenderBox::overrideContentLogicalWidth const):
        (WebCore::RenderBox::overrideContentLogicalHeight const):
        (WebCore::RenderBox::overrideContainingBlockContentLogicalWidth const):
        (WebCore::RenderBox::overrideContainingBlockContentLogicalHeight const):
        (WebCore::RenderBox::hasOverrideContainingBlockContentLogicalWidth const):
        (WebCore::RenderBox::hasOverrideContainingBlockContentLogicalHeight const):
        (WebCore::RenderBox::setOverrideContainingBlockContentLogicalWidth):
        (WebCore::RenderBox::setOverrideContainingBlockContentLogicalHeight):
        (WebCore::RenderBox::clearOverrideContainingBlockContentSize):
        (WebCore::RenderBox::clearOverrideContainingBlockContentLogicalHeight):
        (WebCore::RenderBox::containingBlockLogicalWidthForContent const):
        (WebCore::RenderBox::containingBlockLogicalHeightForContent const):
        (WebCore::RenderBox::perpendicularContainingBlockLogicalHeight const):
        (WebCore::RenderBox::computeLogicalWidthInFragment const):
        (WebCore::RenderBox::computeLogicalHeight const):
        (WebCore::RenderBox::computePercentageLogicalHeight const):
        (WebCore::RenderBox::computeReplacedLogicalHeightUsing const):
        (WebCore::RenderBox::availableLogicalHeightUsing const):
        (WebCore::RenderBox::containingBlockLogicalWidthForPositioned const):
        (WebCore::RenderBox::containingBlockLogicalHeightForPositioned const):
        * rendering/RenderBox.h:
        * rendering/RenderBoxModelObject.cpp:
        (WebCore::RenderBoxModelObject::hasAutoHeightOrContainingBlockWithAutoHeight const):
        * rendering/RenderDeprecatedFlexibleBox.cpp:
        (WebCore::contentWidthForChild):
        (WebCore::contentHeightForChild):
        (WebCore::gatherFlexChildrenInfo):
        (WebCore::RenderDeprecatedFlexibleBox::layoutHorizontalBox):
        (WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox):
        (WebCore::RenderDeprecatedFlexibleBox::applyLineClamp):
        (WebCore::RenderDeprecatedFlexibleBox::clearLineClamp):
        * rendering/RenderFlexibleBox.cpp:
        (WebCore::RenderFlexibleBox::computeInnerFlexBaseSizeForChild):
        (WebCore::RenderFlexibleBox::crossSizeForPercentageResolution):
        (WebCore::RenderFlexibleBox::mainSizeForPercentageResolution):
        (WebCore::RenderFlexibleBox::constructFlexItem):
        (WebCore::RenderFlexibleBox::setOverrideMainAxisContentSizeForChild):
        (WebCore::RenderFlexibleBox::applyStretchAlignmentToChild):
        * rendering/RenderFullScreen.cpp:
        (WebCore::RenderFullScreen::unwrapRenderer):
        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::layoutBlock):
        (WebCore::RenderGrid::layoutGridItems):
        (WebCore::RenderGrid::applyStretchAlignmentToChildIfNeeded):
        * rendering/RenderRubyBase.cpp:
        (WebCore::RenderRubyBase::adjustInlineDirectionLineBounds const):
        * rendering/RenderTableCell.cpp:
        (WebCore::RenderTableCell::setOverrideContentLogicalHeightFromRowHeight):
        * rendering/RenderTableCell.h:
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::calcRowLogicalHeight):
        (WebCore::RenderTableSection::relayoutCellIfFlexed):

2018-05-14  Zalan Bujtas  <zalan@apple.com>

        [LFC] Implement width computation for non-replaced out of flow elements.
        https://bugs.webkit.org/show_bug.cgi?id=185598

        Reviewed by Antti Koivisto.

        * layout/FormattingContext.cpp:
        (WebCore::Layout::FormattingContext::computeWidth const):
        (WebCore::Layout::FormattingContext::computeOutOfFlowWidth const):
        (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
        (WebCore::Layout::FormattingContext::computeOutOfFlowNonReplacedWidth const):
        (WebCore::Layout::FormattingContext::shrinkToFitWidth const):
        * layout/FormattingContext.h:
        * layout/blockformatting/BlockFormattingContext.cpp:
        (WebCore::Layout::BlockFormattingContext::layout const):
        * layout/displaytree/DisplayBox.h:

2018-05-14  Zan Dobersek  <zdobersek@igalia.com>

        Drop the m_compositorTexture member variable in TextureMapperGC3DPlatformLayer.
        It's not used at all inside the class or outside it.

        Rubber-stamped by Michael Catanzaro.

        * platform/graphics/texmap/TextureMapperGC3DPlatformLayer.h:

2018-05-14  Zan Dobersek  <zdobersek@igalia.com>

        [GTK] REGRESSION(r231170) Build broken with Clang 5.0
        https://bugs.webkit.org/show_bug.cgi?id=185198

        Reviewed by Michael Catanzaro.

        Avoid gperf files using the register keyword which has been made
        reserved and as such unusable in C++17.

        * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
        * css/makeSelectorPseudoElementsMap.py:
        * css/makeprop.pl:
        * css/makevalues.pl:
        * platform/ColorData.gperf:
        * platform/ReferrerPolicy.h: With std::optional forward declaration
        gone, explicitly include the WTF Optional.h header.
        * platform/Theme.h: Ditto.
        * platform/network/create-http-header-name-table:

2018-05-14  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r219515.
        https://bugs.webkit.org/show_bug.cgi?id=185603

        It sometimes makes AudioUnitInitialize call to fail in
        CoreAudioCaptureSource (Requested by youenn on #webkit).

        Reverted changeset:

        "Remove CoreAudioCaptureSource speaker configuration"
        https://bugs.webkit.org/show_bug.cgi?id=174512
        https://trac.webkit.org/changeset/219515

2018-05-13  Dirk Schulze  <krit@webkit.org>

        Implement SVGGeometryElement's isPointInFill and isPointInStroke
        https://bugs.webkit.org/show_bug.cgi?id=185580

        Reviewed by Antti Koivisto.

        Implement isPointInFill and isPointInStroke methods for
        SVGGeometryElement interface from SVG2.

        https://svgwg.org/svg2-draft/types.html#InterfaceSVGGeometryElement

        Tests: svg/dom/SVGGeometry-isPointInFill.xhtml
               svg/dom/SVGGeometry-isPointInStroke.xhtml

        * rendering/svg/RenderSVGEllipse.cpp:
        (WebCore::RenderSVGEllipse::shapeDependentStrokeContains): Flag
                to switch between local and "global" coordinate space for hit testing.
        * rendering/svg/RenderSVGEllipse.h:
        * rendering/svg/RenderSVGPath.cpp:
        (WebCore::RenderSVGPath::shapeDependentStrokeContains): Flag
                to switch between local and "global" coordinate space for hit testing.
        * rendering/svg/RenderSVGPath.h:
        * rendering/svg/RenderSVGRect.cpp:
        (WebCore::RenderSVGRect::shapeDependentStrokeContains): Flag
                to switch between local and "global" coordinate space for hit testing.
        * rendering/svg/RenderSVGRect.h:
        * rendering/svg/RenderSVGShape.cpp:
        (WebCore::RenderSVGShape::shapeDependentStrokeContains): Flag
                to switch between local and "global" coordinate space for hit testing.
        (WebCore::RenderSVGShape::isPointInFill): Take the winding rule given by
                `fill-rule` to test if a given point is in the fill area of a path.
        (WebCore::RenderSVGShape::isPointInStroke): Take stroke properties into
                account to check if a point is on top of the stroke area.
        * rendering/svg/RenderSVGShape.h:
        * svg/SVGGeometryElement.cpp:
        (WebCore::SVGGeometryElement::isPointInFill):
        (WebCore::SVGGeometryElement::isPointInStroke):
        (WebCore::SVGGeometryElement::createElementRenderer): Deleted. This is getting implemented
                by inheriting classes. No need to create RenderSVGPath here.
        * svg/SVGGeometryElement.h:
        * svg/SVGGeometryElement.idl:

2018-05-12  Zalan Bujtas  <zalan@apple.com>

        Use WeakPtr for m_enclosingPaginationLayer in RenderLayer
        https://bugs.webkit.org/show_bug.cgi?id=185566
        <rdar://problem/36486052>

        Reviewed by Simon Fraser.

        Since RenderLayer does not own the enclosing pagination layout, it should
        construct a weak pointer instead of holding on to a raw pointer.

        Unable to create a reliably reproducible test case.

        * page/mac/EventHandlerMac.mm:
        (WebCore::scrollableAreaForEventTarget):
        (WebCore::scrollableAreaForContainerNode):
        (WebCore::EventHandler::platformPrepareForWheelEvents):
        * platform/ScrollableArea.h:
        (WebCore::ScrollableArea::weakPtrFactory const):
        (WebCore::ScrollableArea::createWeakPtr): Deleted.
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::RenderLayer):
        (WebCore::RenderLayer::updatePagination):
        * rendering/RenderLayer.h:

2018-05-11  Daniel Bates  <dabates@apple.com>

        X-Frame-Options: SAMEORIGIN needs to check all ancestor frames
        https://bugs.webkit.org/show_bug.cgi?id=185567
        <rdar://problem/40175008>

        Reviewed by Brent Fulgham.

        Change the behavior of "X-Frame-Options: SAMEORIGIN" to ensure that all ancestors frames
        are same-origin with the document that delivered this header. This prevents an intermediary
        malicious frame from clickjacking a child frame whose document is same-origin with the top-
        level frame. It also makes the behavior of X-Frame-Options in WebKit more closely match
        the behavior of X-Frame-Options in other browsers, including Chrome and Firefox.
        
        Currently a document delivered with "X-Frame-Options: SAMEORIGIN" must only be same-origin
        with the top-level frame's document in order to be displayed. This prevents clickjacking by
        a malicious page that embeds a page delivered with "X-Frame-Options: SAMEORIGIN". However,
        it does not protect against clickjacking of the "X-Frame-Options: SAMEORIGIN" page (victim)
        if embedded by an intermediate malicious iframe, say a "rogue ad", that was embedded in a
        document same origin with the victim page. We should protect against such attacks. 

        Tests: http/tests/security/XFrameOptions/x-frame-options-ancestors-same-origin-allow.html
               http/tests/security/XFrameOptions/x-frame-options-ancestors-same-origin-deny.html

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::shouldInterruptLoadForXFrameOptions):

2018-05-11  Daniel Bates  <dabates@apple.com>

        [iOS] Text decoration of dragged content does not paint with opacity
        https://bugs.webkit.org/show_bug.cgi?id=185551
        <rdar://problem/40166867>

        Reviewed by Wenson Hsieh.

        Respect alpha when painting the text decoration for dragged content.

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::MarkedTextStyle::areDecorationMarkedTextStylesEqual): Consider alpha when
        comparing decoration styles for equality so that we do not coalesce styles with differing alpha.
        (WebCore::InlineTextBox::paintMarkedTextDecoration): Respect alpha when painting dragged content.

2018-05-11  Nan Wang  <n_wang@apple.com>

        AX: In role=dialog elements with aria-modal=true VoiceOver iOS/macOS can't manually focus or read dialog paragraph description text inside the modal.
        https://bugs.webkit.org/show_bug.cgi?id=185219
        <rdar://problem/39920009>

        Reviewed by Chris Fleizach.

        The text node descendants of a modal dialog are ignored. Fixed it by using AccessibilityObject's 
        node() to determine if it's the descendant of the modal dialog node.

        Test: accessibility/aria-modal-text-descendants.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::isModalDescendant const):

2018-05-11  Ryosuke Niwa  <rniwa@webkit.org>

        Tapping after CSS-based table casues an infinite loop in wordRangeFromPosition
        https://bugs.webkit.org/show_bug.cgi?id=185465
        <rdar://problem/35263057>

        Reviewed by Antti Koivisto.

        The bug was caused by TextIterator not emitting a line break when exiting a CSS-based table when an element
        with `display: table-row` has an invisible text node. Specifically, TextIterator::exitNode is never called on
        an element with `table-cell: row` when m_node is a text node with whitespaces which appears after an element
        with `display: table-cell`.

        For example, for a tree structure like:
        table-row (R)
          table-cell (C)
            "text" (1)
          " " (2)
        Getting out of (C) would result in moving onto (2) without generating a line break for (R).

        When this happens in nextBoundary as it tries to find the end of the last word in the table cell, we end up
        finding the end of the document as the end of the word. As a result, nextWordBoundaryInDirection, the caller
        of nextBoundary, ends up infinite looping between the positon at the end of the document and the position
        immediately before the last word in the last table cell when it traverses words backwards.

        This patch fixes the hang by addressing this root cause in TextIterator. Namely, TextIterator now generates
        a line break when exiting a block while walking up ancestors in TextIterator::advance().

        Tests: editing/selection/tapping-in-table-at-end-of-document.html
               editing/text-iterator/table-at-end-of-document.html

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::advance): Fixed the bug.
        (WebCore::shouldEmitNewlineAfterNode): Do generate a new line at the end of a document when we're trying to
        generate every visible poitions even there are no renderers beyond this point. e.g. a position inside the
        last cell of a table at the end of a document hits this condition.
        (WebCore::shouldEmitExtraNewlineForNode): Don't emit a line break when the render box's height is 0px
        to avoid generating many empty lines for empty paragraph and header elements (this function is used to generate
        a blank line between p's and h1/h2/...'s).
        (WebCore::TextIterator::exitNode):

2018-05-11  Dean Jackson  <dino@apple.com>

        System preview badge doesn't show on <picture> elements
        https://bugs.webkit.org/show_bug.cgi?id=185559
        <rdar://problem/40150066>

        Reviewed by Tim Horton.

        We should also identify <img>s that are the child of a <picture>
        contained inside the appropriate <a> element.

        Tested internally, since the badge is platform specific.

        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::isSystemPreviewImage const): Add logic
        to look for <picture> parents.

2018-05-11  Chris Dumez  <cdumez@apple.com>

        REGRESSION (async policy delegate): Revoking an object URL immediately after triggering download breaks file download
        https://bugs.webkit.org/show_bug.cgi?id=185531
        <rdar://problem/39909589>

        Reviewed by Geoffrey Garen.

        Whenever we start an asynchronous navigation policy decision for a blob URL, create a temporary
        blob URL pointing to the same data, and update the request's URL. This way, if the page's JS revokes
        the URL during the policy decision, the load will still succeed.

        Test: fast/dom/HTMLAnchorElement/anchor-file-blob-download-then-revoke.html

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::willSendRequest):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::loadPostRequest):
        * loader/PolicyChecker.cpp:
        (WebCore::PolicyChecker::extendBlobURLLifetimeIfNecessary const):
        (WebCore::PolicyChecker::checkNavigationPolicy):
        (WebCore::PolicyChecker::checkNewWindowPolicy):
        * loader/PolicyChecker.h:

2018-05-11  Antti Koivisto  <antti@apple.com>

        LinkLoader fails to remove CachedResourceClient in some cases
        https://bugs.webkit.org/show_bug.cgi?id=185553
        <rdar://problem/36879656>

        Reviewed by Geoffrey Garen.

        Test: http/tests/preload/link-preload-client-remove.html

        * loader/LinkLoader.cpp:
        (WebCore::LinkLoader::loadLink):

        If there is a link preload already in progress, we fail to clear the client for the ongoing load.
        This may leave the CachedResource client map in a bad state.

2018-05-11  Charles Vazac  <cvazac@gmail.com>

        Runtime feature flag for Server-Timing
        https://bugs.webkit.org/show_bug.cgi?id=184758

        Reviewed by Youenn Fablet.

        * Source/WebCore/CMakeLists.txt: Added reference to PerformanceServerTiming.idl.
        * Source/WebCore/DerivedSources.make: Added reference to PerformanceServerTiming.idl.
        * Source/WebCore/Sources.txt: Added reference to PerformanceServerTiming.cpp and JSPerformanceServerTiming.cpp.
        * Source/WebCore/WebCore.xcodeproj/project.pbxproj: Added references to PerformanceServerTiming.cpp, PerformanceServerTiming.h, and PerformanceServerTiming.idl.
        * Source/WebCore/bindings/js/WebCoreBuiltinNames.h: Added PerformanceServerTiming.
        * Source/WebCore/page/PerformanceResourceTiming.h: Added serverTiming member.
        * Source/WebCore/page/PerformanceResourceTiming.idl: Added serverTiming attribute.
        * Source/WebCore/page/PerformanceServerTiming.cpp: Added.
        * Source/WebCore/page/PerformanceServerTiming.h: Added.
        * Source/WebCore/page/PerformanceServerTiming.idl: Added.

2018-05-11  Brady Eidson  <beidson@apple.com>

        Make sure history navigations reuse the existing process when necessary.
        <rdar://problem/39746516> and https://bugs.webkit.org/show_bug.cgi?id=185532

        Reviewed by Ryosuke Niwa.

        Covered by new API tests.

        In WebCore-land, make sure *all* NavigationActions to a back/forward item are tagged with
        the item identifier.

        * history/HistoryItem.cpp:
        (WebCore::HistoryItem::HistoryItem):
        (WebCore::HistoryItem::logString const):
        * history/HistoryItem.h:

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadDifferentDocumentItem):

        * loader/NavigationAction.cpp:
        (WebCore::NavigationAction::setTargetBackForwardItem):

        * loader/NavigationAction.h:
        (WebCore::NavigationAction::targetBackForwardItemIdentifier const):

2018-05-11  Yacine Bandou  <yacine.bandou_ext@softathome.com>

        [EME][GStreamer] Handle the protection event in MediaPlayerPrivate
        https://bugs.webkit.org/show_bug.cgi?id=185535

        Reviewed by Xabier Rodriguez-Calvar.

        This patch is based on this calvaris's commit
        https://github.com/WebPlatformForEmbedded/WPEWebKit/commit/d966168b0d2b65f9ca9415426e26d3752c78b03e

        It adds a handler for the protection event in MediaPalyerPrivateGStreamerBase, it extracts the InitData from the event
        and sends the encrypted event to JS via HTMLMediaElement.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::initializationDataEncountered):
        (WebCore::MediaPlayerPrivateGStreamerBase::handleProtectionEvent):
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
        * platform/graphics/gstreamer/eme/GStreamerEMEUtilities.h: Add a new type InitData.

2018-05-11  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Make the cipher suites, the signing algorithms and the curve lists configurable.
        https://bugs.webkit.org/show_bug.cgi?id=185139

        Add interface to configure the cipher suites, the signing algorithms and the curve lists 
        used by OpenSSL and libcurl to exchange, to sign or to verify keys.

        Reviewed by Youenn Fablet.

        No new tests in public. Have tested internally.

        * platform/network/curl/CurlContext.cpp:
        (WebCore::CurlHandle::setSslCipherList):
        * platform/network/curl/CurlContext.h:
        * platform/network/curl/CurlRequest.cpp:
        (WebCore::CurlRequest::setupTransfer):
        (WebCore::CurlRequest::willSetupSslCtx):
        * platform/network/curl/CurlSSLHandle.cpp:
        (WebCore::CurlSSLHandle::getCACertPathEnv):
        * platform/network/curl/CurlSSLHandle.h:
        (WebCore::CurlSSLHandle::getCipherList const):
        (WebCore::CurlSSLHandle::getSignatureAlgorithmsList const):
        (WebCore::CurlSSLHandle::getCurvesList const):
        (WebCore::CurlSSLHandle::setCipherList):
        (WebCore::CurlSSLHandle::setSignatureAlgorithmsList):
        (WebCore::CurlSSLHandle::setCurvesList):
        (WebCore::CurlSSLHandle::getCACertPath const):
        (WebCore::CurlSSLHandle::setCACertPath):
        * platform/network/curl/CurlSSLVerifier.cpp:
        (WebCore::CurlSSLVerifier::CurlSSLVerifier):

2018-05-10  Daniel Bates  <dabates@apple.com>

        Use PlatformStrategies to switch between WebKit and WebKitLegacy checking of CSP frame-ancestors and X-Frame-Options
        https://bugs.webkit.org/show_bug.cgi?id=185412

        Reviewed by Ryosuke Niwa.

        Consolidate the knowledge on how to determine whether security checks were performed on a ResourceResponse
        into LoaderStrategy::havePerformedSecurityChecks() (default implementation returns false) and query it
        to determine whether CSP frame-ancestors and X-Frame-Options need to be checked for a ResourceResponse.

        Additionally, rename LoaderStrategy::isDoingLoadingSecurityChecks() to shouldPerformSecurityChecks()
        for consistency with havePerformedSecurityChecks(). Querying shouldPerformSecurityChecks() answers the
        question of whether the loader strategy is responsible for performing security checks when building up
        a ResourceRequest to have the loader strategy load. And LoaderStrategy::havePerformedSecurityChecks()
        is used to determine whether the loader strategy performed these security checks for a given ResourceResponse.

        * inspector/agents/InspectorNetworkAgent.cpp:
        (WebCore::InspectorNetworkAgent::didReceiveResponse):
        (WebCore::InspectorNetworkAgent::didFinishLoading):
        (WebCore::isResponseProbablyComingFromNetworkProcess): Deleted.
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::responseReceived):
        * loader/DocumentThreadableLoader.cpp:
        (WebCore::shouldPerformSecurityChecks):
        (WebCore::DocumentThreadableLoader::shouldSetHTTPHeadersToKeep const):
        (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
        (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
        (WebCore::DocumentThreadableLoader::redirectReceived):
        (WebCore::DocumentThreadableLoader::didFail):
        (WebCore::DocumentThreadableLoader::loadRequest):
        (WebCore::isDoingSecurityChecksInNetworkProcess): Deleted.
        (WebCore::isResponseComingFromNetworkProcess): Deleted.
        * loader/LoaderStrategy.cpp:
        * loader/LoaderStrategy.h:
        * page/Settings.yaml: Remove setting networkProcessCSPFrameAncestorsCheckingEnabled as we now make
        use of the loader strategy to determine whether to perform CSP frame-ancestors and X-Frame-Options
        checking in DocumentLoader.
        * platform/network/ResourceResponseBase.h:
        (WebCore::ResourceResponseBase::setSource): Added an ASSERT to catch the programming error of setting
        source to ResourceResponse::Source::Unknown. This source type represents an uninitialized ResourceResponse.

2018-05-10  Tim Horton  <timothy_horton@apple.com>

        Lookup sometimes shows a second yellow highlight on top of WebKit's TextIndicator
        https://bugs.webkit.org/show_bug.cgi?id=185538
        <rdar://problem/38817825>

        Reviewed by Sam Weinig.

        * editing/mac/DictionaryLookup.mm:
        (WebCore::showPopupOrCreateAnimationController):
        Options can be nil, in which case we can't mutableCopy it and add
        LUTermOptionDisableSearchTermIndicator. Instead, create a new dictionary,
        and add the items from options, if it's not nil.

2018-05-10  Matt Baker  <mattbaker@apple.com>

        Web Inspector: ASSERT_NOT_REACHED in PageDebuggerAgent::didAddEventListener when page adds attribute event listener
        https://bugs.webkit.org/show_bug.cgi?id=181580
        <rdar://problem/36461309>

        Reviewed by Brian Burg.

        EventTarget should pass newly added EventListeners to InspectorInstrumentation,
        instead of PageDebuggerAgent assuming the last item in the EventListenerVector
        is the most recently added listener. This assumption does not hold when
        the new listener replaces an existing listener.

        * dom/EventTarget.cpp:
        (WebCore::EventTarget::addEventListener):
        (WebCore::EventTarget::setAttributeEventListener):

        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::didAddEventListenerImpl):

        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didAddEventListener):

        * inspector/agents/page/PageDebuggerAgent.cpp:
        (WebCore::PageDebuggerAgent::didAddEventListener):
        * inspector/agents/page/PageDebuggerAgent.h:

2018-05-10  Chris Dumez  <cdumez@apple.com>

        'Cross-Origin-Options header implementation follow-up
        https://bugs.webkit.org/show_bug.cgi?id=185520

        Reviewed by Ryosuke Niwa.

        * dom/Document.cpp:
        * dom/Document.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::didBeginDocument):
        Using isNull() check is sufficient here as the header parsing
        function will do the right thing when passed the empty string.
        Also set the options directly on the window instead of the
        document. The window is guaranteed to have been constructed
        by then because didBeginDocument() is called DocumentWriter::begin()
        which calls Document::createDOMWindow() or Document::takeDOMWindowFrom().

        * page/AbstractDOMWindow.cpp:
        (WebCore::AbstractDOMWindow::AbstractDOMWindow):
        * page/AbstractDOMWindow.h:
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::DOMWindow):
        (WebCore::DOMWindow::didSecureTransitionTo):
        * page/RemoteDOMWindow.cpp:
        (WebCore::RemoteDOMWindow::RemoteDOMWindow):
        * page/RemoteDOMWindow.h:
        CrossOriginOptions are now stored only on the Window, not the Document.

        * platform/network/HTTPParsers.cpp:
        (WebCore::parseCrossOriginOptionsHeader):
        Drop strippedHeader local variable as it is not strictly needed.

2018-05-10  Tim Horton  <timothy_horton@apple.com>

        Fix the build after r231393
        https://bugs.webkit.org/show_bug.cgi?id=185519
        <rdar://problem/40131741>

        Reviewed by Simon Fraser.

        * Configurations/WebCore.xcconfig:

2018-05-10  Eric Carlson  <eric.carlson@apple.com>

        Log missing cues correctly
        https://bugs.webkit.org/show_bug.cgi?id=185499
        <rdar://problem/40113821>

        Reviewed by Daniel Bates.

        No new tests, tested manually.

        * html/track/InbandGenericTextTrack.cpp:
        (WebCore::InbandGenericTextTrack::removeGenericCue): Log the cue we searched for, not
        the NULL cue.

2018-05-10  Zalan Bujtas  <zalan@apple.com>

        [LFC] Implement height computation for non-replaced inflow elements.
        https://bugs.webkit.org/show_bug.cgi?id=185474

        Reviewed by Antti Koivisto.

        Initial implementation. Does not cover all the cases.

        * layout/FormattingContext.cpp:
        (WebCore::Layout::FormattingContext::computeHeight const):
        * layout/FormattingContext.h:
        * layout/blockformatting/BlockFormattingContext.cpp:
        (WebCore::Layout::BlockFormattingContext::layout const):
        (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
        (WebCore::Layout::BlockFormattingContext::computeInFlowNonReplacedHeight const):
        * layout/blockformatting/BlockFormattingContext.h:
        * layout/blockformatting/BlockMarginCollapse.cpp:
        (WebCore::Layout::collapsedMarginBottomFromLastChild):
        (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithParent):
        (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithParentMarginBottom):
        (WebCore::Layout::isMarginBottomCollapsedWithParent): Deleted.
        * layout/blockformatting/BlockMarginCollapse.h:
        * layout/inlineformatting/InlineFormattingContext.cpp:
        (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
        * layout/inlineformatting/InlineFormattingContext.h:
        * layout/layouttree/LayoutBox.cpp:
        (WebCore::Layout::Box::isReplaced const):
        * layout/layouttree/LayoutBox.h:

2018-05-10  Thibault Saunier  <tsaunier@igalia.com>

        [GTK] Implement ImageBuffer::toBGRAData
        https://bugs.webkit.org/show_bug.cgi?id=185511

        Reviewed by Michael Catanzaro.

        This was never implemented but will be required for the MediaStream API
        tests.

        * platform/graphics/ImageBuffer.cpp:
        (WebCore::ImageBuffer::toBGRAData const):
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::toBGRAData const):
        * platform/graphics/gtk/ImageBufferGtk.cpp:
        (WebCore::ImageBuffer::toBGRAData const):

2018-05-10  Yacine Bandou  <yacine.bandou_ext@softathome.com>

        [EME][GStreamer] Add a handler for GStreamer protection event
        https://bugs.webkit.org/show_bug.cgi?id=185245

        Reviewed by Xabier Rodriguez-Calvar.

        Qtdemux sends the protection event when encountered a new PSSH box (encrypted content).

        The Decryptor is moved from AppendPipeline to PlaybackPipeline (see https://bugs.webkit.org/show_bug.cgi?id=181855),
        thus the protection event is no longer handled because the Decryptor is not in the same pipeline as qtdemux.

        AppendPipeline: httpsrc-->qtdemux-->appsink
        PlaybackPipeline: appsrc-->parser--> decryptor-->decoder-->sink

        This patch attaches a probe to the sink pad of the appsink in the appendPipeline in order to
        catch and manage the protection event.

        * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
        (WebCore::AppendPipeline::AppendPipeline):
        (WebCore::AppendPipeline::~AppendPipeline):
        (WebCore::appendPipelineAppsinkPadEventProbe):
        * platform/graphics/gstreamer/mse/AppendPipeline.h:
        (WebCore::AppendPipeline::playerPrivate):

2018-05-10  Yacine Bandou  <yacine.bandou_ext@softathome.com>

        [EME][GStreamer] Move the decryptor from AppendPipeline to PlaybackPipeline.
        https://bugs.webkit.org/show_bug.cgi?id=181855

        Reviewed by Xabier Rodriguez-Calvar.

        The goal of this move is to handle the limitation of SVP (Secure Video Path) memory size.

        When the decryptor is in the AppendPipeline and we use SVP, we buffer in MediaSource queue
        the decrypted GstBuffers that are in SVP memory.
        This behavior cause an out-of-memory error, because we are limited in SVP memory size.

        By moving the decryptor in PlaybackPipeline, we avoid to buffer the decrypted GstBuffers
        which use the SVP memory and we buffer the encrypted GstBuffers that are in system memory.

        This new architecture also allows to start the buffering before obtaining the DRM license
        and it makes easier to manage dynamic change of the license or Key.

        The decryptor is auto plugged by GStreamer playbin in PlaybackPipeline.

        SVP: Secure Video Path also named trusted or protected video path, it is a memory which is
        protected by a hardware access control engine, it is not accessible to other unauthorised
        software or hardware components.

        Tests:
            media/encrypted-media/clearKey/clearKey-cenc-audio-playback-mse.html
            media/encrypted-media/clearKey/clearKey-cenc-video-playback-mse.html

        * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:
        (webkitMediaCommonEncryptionDecryptSinkEventHandler):
        * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
        (WebCore::dumpAppendState):
        (WebCore::AppendPipeline::AppendPipeline):
        (WebCore::AppendPipeline::handleNeedContextSyncMessage):
        (WebCore::AppendPipeline::handleAppsrcNeedDataReceived):
        (WebCore::AppendPipeline::setAppendState):
        (WebCore::AppendPipeline::parseDemuxerSrcPadCaps):
        (WebCore::AppendPipeline::appsinkNewSample):
        (WebCore::AppendPipeline::connectDemuxerSrcPadToAppsinkFromAnyThread):
        (WebCore::AppendPipeline::disconnectDemuxerSrcPadFromAppsinkFromAnyThread):
        (WebCore::appendPipelineElementMessageCallback): Deleted.
        (WebCore::AppendPipeline::handleElementMessage): Deleted.
        (WebCore::AppendPipeline::dispatchPendingDecryptionStructure): Deleted.
        (WebCore::AppendPipeline::dispatchDecryptionStructure): Deleted.
        * platform/graphics/gstreamer/mse/AppendPipeline.h:
        * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
        (WebCore::MediaPlayerPrivateGStreamerMSE::attemptToDecryptWithInstance):
        * platform/graphics/gstreamer/mse/PlaybackPipeline.cpp:

2018-05-09  Nan Wang  <n_wang@apple.com>

        AX: VoiceOver iframe scrolling focus jumping bug
        https://bugs.webkit.org/show_bug.cgi?id=176615
        <rdar://problem/34333067>

        Reviewed by Chris Fleizach.

        Scrolling to make elements visible is not working correctly for elements inside an
        offscreen iframe. Fixed it by using RenderLayer::scrollRectToVisible() to handle
        scrolling more properly.

        Test: accessibility/scroll-to-make-visible-iframe-offscreen.html

        * accessibility/AccessibilityObject.cpp:
        (WebCore::AccessibilityObject::scrollToMakeVisible const):

2018-05-09  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: accessibleNameForNode should simplify whitespace when using innerText
        https://bugs.webkit.org/show_bug.cgi?id=185498

        Reviewed by Chris Fleizach.

        Test: accessibility/text-alternative-calculation-from-unrendered-table.html

        Call simplifyWhiteSpace() before returning the innerText value.

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::accessibleNameForNode):

2018-05-09  Chris Dumez  <cdumez@apple.com>

        Add initial support for 'Cross-Origin-Options' HTTP response header
        https://bugs.webkit.org/show_bug.cgi?id=184996
        <rdar://problem/39664620>

        Reviewed by Geoff Garen.

        Add initial support for 'Cross-Origin-Options' HTTP response header behind an experimental
        feature flag, on by default. When the HTTP server services this HTTP response header for a
        main resource, we'll set these options on the corresponding Document. This will impact the
        behavior of the Document's associated Window API when cross-origin.

        The HTTP header has 3 possible values:
        - allow: This is the default. Regular cross-origin Window API is available.
        - allow-postmessage: Only postMessage() is available on a cross-origin window, trying to
          access anything else will throw a SecurityError.
        - deny: Trying to do anything with a cross-origin window will throw a SecurityError.

        The header has no effect when accessing same origin windows.

        Note that on cross-origin access from Window A to Window B, we check the cross-origin
        options for both Window A and Window B and use the lowest common denominator as effective
        cross-origin options for the access. So if Window A has 'Cross-Origin-Options: deny' and
        tries to call postMessage() on Window B which has 'Cross-Origin-Options: allow-postmessage',
        we will throw a SecurityError. This is because Window A's more restrictive options (deny)
        apply.

        Tests: http/wpt/cross-origin-options/allow-postmessage-from-deny.html
               http/wpt/cross-origin-options/allow-postmessage.html
               http/wpt/cross-origin-options/cross-origin-options-header.html

        * bindings/js/JSDOMBindingSecurity.cpp:
        (WebCore::BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions):
        * bindings/js/JSDOMBindingSecurity.h:
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::effectiveCrossOriginOptionsForAccess):
        (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
        (WebCore::addCrossOriginWindowPropertyNames):
        (WebCore::addScopedChildrenIndexes):
        (WebCore::addCrossOriginWindowOwnPropertyNames):
        (WebCore::JSDOMWindow::getOwnPropertyNames):
        * bindings/js/JSDOMWindowCustom.h:
        * bindings/js/JSRemoteDOMWindowCustom.cpp:
        (WebCore::JSRemoteDOMWindow::getOwnPropertySlot):
        (WebCore::JSRemoteDOMWindow::getOwnPropertySlotByIndex):
        (WebCore::JSRemoteDOMWindow::getOwnPropertyNames):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateAttributeGetterBodyDefinition):
        (GetCrossOriginsOptionsFromExtendedAttributeValue):
        (GenerateAttributeSetterBodyDefinition):
        (GenerateOperationBodyDefinition):
        * bindings/scripts/IDLAttributes.json:
        * dom/Document.cpp:
        (WebCore::Document::setCrossOriginOptions):
        * dom/Document.h:
        (WebCore::Document::crossOriginOptions const):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::didBeginDocument):
        * page/AbstractDOMWindow.cpp:
        (WebCore::AbstractDOMWindow::AbstractDOMWindow):
        * page/AbstractDOMWindow.h:
        (WebCore::AbstractDOMWindow::crossOriginOptions):
        (WebCore::AbstractDOMWindow::setCrossOriginOptions):
        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::DOMWindow):
        (WebCore::DOMWindow::didSecureTransitionTo):
        * page/DOMWindow.idl:
        * page/Frame.h:
        * page/RemoteDOMWindow.cpp:
        (WebCore::RemoteDOMWindow::RemoteDOMWindow):
        * page/RemoteDOMWindow.h:
        * page/Settings.yaml:
        * platform/network/HTTPHeaderNames.in:
        * platform/network/HTTPParsers.cpp:
        (WebCore::parseCrossOriginOptionsHeader):
        * platform/network/HTTPParsers.h:

2018-05-09  Ryosuke Niwa  <rniwa@webkit.org>

        Release assert in TreeScopeOrderedMap::remove via HTMLImageElement::removedFromAncestor
        https://bugs.webkit.org/show_bug.cgi?id=185493

        Reviewed by Brent Fulgham.

        Fixed the bug that HTMLImageElement::removedFromAncestor and HTMLMapElement::removedFromAncestor
        were calling removeImageElementByUsemap on the document instead of the shadow tree from which it was removed.

        Test: fast/images/imagemap-in-shadow-tree-removed.html

        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::removedFromAncestor):
        * html/HTMLMapElement.cpp:
        (WebCore::HTMLMapElement::removedFromAncestor):

2018-05-09  Joanmarie Diggs  <jdiggs@igalia.com>

        AX: Hidden nodes which are not directly referenced should not participate name/description from content
        https://bugs.webkit.org/show_bug.cgi?id=185478

        Reviewed by Chris Fleizach.

        Add a check to AccessibilityNodeObject::textUnderElement() and return early
        if the node is hidden, not referenced by aria-labelledby or aria-describedby,
        not an HTMLLabelElement, and not fallback content for an HTMLCanvasElement.

        Test: accessibility/text-alternative-calculation-hidden-nodes.html

        * accessibility/AccessibilityNodeObject.cpp:
        (WebCore::AccessibilityNodeObject::textUnderElement const):

2018-05-09  Eric Carlson  <eric.carlson@apple.com>

        Update MediaSession to use release logging
        https://bugs.webkit.org/show_bug.cgi?id=185376
        <rdar://problem/40022203>

        Reviewed by Youenn Fablet.

        No new tests, tested manually.

        * Modules/mediastream/MediaStream.h: hostingDocument() doesn't need to return a const Document.
        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::hostingDocument const): Ditto.
        * Modules/webaudio/AudioContext.h:

        * html/HTMLMediaElement.h: Ditto.

        * html/MediaElementSession.cpp:
        (WebCore::MediaElementSession::MediaElementSession):
        (WebCore::MediaElementSession::addBehaviorRestriction):
        (WebCore::MediaElementSession::removeBehaviorRestriction):
        (WebCore::MediaElementSession::dataLoadingPermitted const):
        (WebCore::MediaElementSession::fullscreenPermitted const):
        (WebCore::MediaElementSession::pageAllowsDataLoading const):
        (WebCore::MediaElementSession::pageAllowsPlaybackAfterResuming const):
        (WebCore::MediaElementSession::canShowControlsManager const):
        (WebCore::MediaElementSession::showPlaybackTargetPicker):
        (WebCore::MediaElementSession::hasWirelessPlaybackTargets const):
        (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled const):
        (WebCore::MediaElementSession::setWirelessVideoPlaybackDisabled):
        (WebCore::MediaElementSession::setHasPlaybackTargetAvailabilityListeners):
        (WebCore::MediaElementSession::externalOutputDeviceAvailableDidChange):
        (WebCore::MediaElementSession::setShouldPlayToPlaybackTarget):
        (WebCore::MediaElementSession::mediaEngineUpdated):
        (WebCore::MediaElementSession::willLog const): Deleted.
        (WebCore::MediaElementSession::logger const): Deleted.
        (WebCore::MediaElementSession::logIdentifier const): Deleted.
        (WebCore::MediaElementSession::logChannel const): Deleted.
        * html/MediaElementSession.h:

        * platform/audio/PlatformMediaSession.cpp:
        (WebCore::nextLogIdentifier):
        (WebCore::convertEnumerationToString):
        (WebCore::PlatformMediaSession::PlatformMediaSession):
        (WebCore::PlatformMediaSession::setState):
        (WebCore::PlatformMediaSession::beginInterruption):
        (WebCore::PlatformMediaSession::endInterruption):
        (WebCore::PlatformMediaSession::clientWillBeginAutoplaying):
        (WebCore::PlatformMediaSession::clientWillPausePlayback):
        (WebCore::PlatformMediaSession::pauseSession):
        (WebCore::PlatformMediaSession::stopSession):
        (WebCore::PlatformMediaSession::clientDataBufferingTimerFired):
        (WebCore::PlatformMediaSession::logChannel const):
        (WebCore::stateName): Deleted.
        (WebCore::interruptionName): Deleted.
        * platform/audio/PlatformMediaSession.h:
        (WTF::LogArgument<WebCore::PlatformMediaSession::State>::toString):
        (WTF::LogArgument<WebCore::PlatformMediaSession::InterruptionType>::toString):

2018-05-09  Thibault Saunier  <tsaunier@igalia.com>

        [GStreamer] Never call updateTracks if running on legacy pipeline
        https://bugs.webkit.org/show_bug.cgi?id=184581

        This makes sure failling code path is never reached in the conditions where it should not have been reached.

        Reviewed by Philippe Normand.

        Re enables all tests that were disabled after fixing.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage):

2018-05-09  Daniel Bates  <dabates@apple.com>

        REGRESSION (r231479): http/tests/appcache/x-frame-options-prevents-framing.php is timing out
        https://bugs.webkit.org/show_bug.cgi?id=185443
        <rdar://problem/40100660>

        Reviewed by Andy Estes.

        Following r231479 when using WebKit2 and Restricted HTTP Response Access is enabled (enabled in
        WebKitTestRunner) we only check the CSP frame-ancestors directive and X-Frame-Options in
        NetworkProcess. We need to check these security requirements in WebContent process whenever
        we are performing a substitute data load, such as for app cache, as these loads do not go
        through NetworkProcess.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::responseReceived):

2018-05-09  Justin Fan  <justin_fan@apple.com>

        Hooked up ASTC support in WebGL; requires OpenGL ES 3 context to work. 
        https://bugs.webkit.org/show_bug.cgi?id=185272
        <rdar://problem/15745737>

        Reviewed by Dean Jackson.

        Also added in Khronos' ASTC test from version 1.0.4 beta of their conformance test suite,
        although again, this requires OpenGL ES 3 context for WebKit to detect proper support.

        Test: fast/canvas/webgl/webgl-compressed-texture-astc.html

        * DerivedSources.make:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/JSDOMConvertWebGL.cpp:
        (WebCore::convertToJSValue):
        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::getExtension):
        (WebCore::WebGL2RenderingContext::getSupportedExtensions):
        * html/canvas/WebGLCompressedTextureASTC.cpp: Added.
        (WebCore::WebGLCompressedTextureASTC::WebGLCompressedTextureASTC):
        (WebCore::WebGLCompressedTextureASTC::getName const):
        (WebCore::WebGLCompressedTextureASTC::supported):
        (WebCore::WebGLCompressedTextureASTC::getSupportedProfiles):
        * html/canvas/WebGLCompressedTextureASTC.h: Added.
        * html/canvas/WebGLCompressedTextureASTC.idl: Added.
        * html/canvas/WebGLExtension.h:
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::getExtension):
        (WebCore::WebGLRenderingContext::getSupportedExtensions):
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::validateCompressedTexFuncData):
        (WebCore::WebGLRenderingContextBase::validateCompressedTexDimensions):
        * html/canvas/WebGLRenderingContextBase.h:
        * platform/graphics/Extensions3D.h:

2018-05-09  Youenn Fablet  <youenn@apple.com>

        Allow WebResourceLoader to cancel a load served from a service worker
        https://bugs.webkit.org/show_bug.cgi?id=185274

        Reviewed by Chris Dumez.

        Add support for cancelling a fetch from WebProcess to service worker process.
        Use FetchIdentifier instead of uint64_t.

        * Modules/fetch/FetchIdentifier.h: Added.
        * WebCore.xcodeproj/project.pbxproj:
        * workers/service/context/ServiceWorkerFetch.h:
        * workers/service/context/ServiceWorkerThreadProxy.cpp:
        (WebCore::ServiceWorkerThreadProxy::startFetch):
        (WebCore::ServiceWorkerThreadProxy::cancelFetch):
        * workers/service/context/ServiceWorkerThreadProxy.h:

2018-05-09  Thibault Saunier  <tsaunier@igalia.com>

        [GStreamer] Fix style issue in MediaPlayerPrivateGStreamer
        https://bugs.webkit.org/show_bug.cgi?id=185479

        Reviewed by Philippe Normand.

        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:114:  Multi line control clauses should use braces.  [whitespace/braces] [4]
        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:194:  Multi line control clauses should use braces.  [whitespace/braces] [4]
        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:398:  One line control clauses should not use braces.  [whitespace/braces] [4]
        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:440:  One line control clauses should not use braces.  [whitespace/braces] [4]
        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:806:  More than one command on the same line  [whitespace/newline] [4]
        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:869:  More than one command on the same line  [whitespace/newline] [4]
        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:880:  More than one command on the same line  [whitespace/newline] [4]
        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:940:  More than one command on the same line  [whitespace/newline] [4]
        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:1102:  Multi line control clauses should use braces.  [whitespace/braces] [4]
        ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:1109:  Multi line control clauses should use braces.  [whitespace/braces] [4]

        Indentation and style issue fixed only.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::registerMediaEngine):
        (WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer):
        (WebCore::MediaPlayerPrivateGStreamer::changePipelineState):
        (WebCore::MediaPlayerPrivateGStreamer::play):
        (WebCore::MediaPlayerPrivateGStreamer::videoChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamer::videoSinkCapsChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamer::audioChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamer::textChangedCallback):
        (WebCore::MediaPlayerPrivateGStreamer::buffered const):
        (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation):

2018-05-09  Daniel Bates  <dabates@apple.com>

        REGRESSION (r231479): com.apple.WebCore crash in WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied()
        https://bugs.webkit.org/show_bug.cgi?id=185475
        <rdar://problem/40093853>

        Reviewed by Andy Estes.

        DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() must extends its lifetime
        until completion as dispatching a DOM load event at the associated frame can cause JavaScript execution
        that can do anything, including destroying the loader that dispatched the event.

        Following r231479 DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() is now
        invoked by both DocumentLoader::responseReceived() and WebResourceLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().
        The latter only can happen when using WebKit2 and the experimental feature Restricted HTTP Response Access
        is enabled (RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()). Unlike DocumentLoader::responseReceived()
        WebResourceLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() does not take out a ref
        on the DocumentLoader before invoking DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().
        Therefore, DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() can cause its
        own destruction as a result of dispatching a DOM load event at the frame. We should take out a ref on
        the DocumentLoader when executing DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied):

2018-05-09  Tim Horton  <timothy_horton@apple.com>

        Fix the build by ignoring some deprecation warnings

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
        (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldDisableSleep):

2018-05-09  Michael Catanzaro  <mcatanzaro@igalia.com>

        [WPE] Build cleanly with GCC 8 and ICU 60
        https://bugs.webkit.org/show_bug.cgi?id=185462

        Reviewed by Carlos Alberto Lopez Perez.

        * PlatformGTK.cmake: Include directories are in the wrong place.
        * accessibility/AXObjectCache.cpp: Silence -Wclass-memaccess problems and leave warnings.
        (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
        (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
        (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
        (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):
        * css/CSSFontFace.cpp: Silence -Wfallthrough
        (WebCore::CSSFontFace::fontLoadTiming const):
        * css/CSSSelectorList.cpp: Silence -Wclass-memaccess, this one is intentional.
        (WebCore::CSSSelectorList::adoptSelectorVector):
        * editing/TextIterator.cpp: Silence ICU deprecation warnings.
        * platform/Length.h:
        (WebCore::Length::operator=): More -Wclass-memaccess, looks benign.
        * platform/graphics/Gradient.cpp:
        (WebCore::Gradient::hash const): -Wclass-memaccess again. Leave a warning.
        * platform/graphics/SurrogatePairAwareTextIterator.cpp: Silence ICU deprecation warnings.
        * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
        (WebCore::FontCascade::fontForCombiningCharacterSequence const): Silence ICU deprecation.
        * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
        (WebCore::FontCustomPlatformData::FontCustomPlatformData): Silence -Wcast-function-type.
        * platform/graphics/freetype/SimpleFontDataFreeType.cpp:
        (WebCore::Font::canRenderCombiningCharacterSequence const): Silence ICU deprecation.
        * platform/graphics/gstreamer/GstAllocatorFastMalloc.cpp:
        (gstAllocatorFastMallocMemUnmap): Fix -Wcast-function-type.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::updateTracks): Fix bad printf.
        (WebCore::MediaPlayerPrivateGStreamer::enableTrack): Another bad printf.
        (WebCore::findHLSQueue): Fix -Wcast-function-type.
        * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
        (webKitMediaClearKeyDecryptorDecrypt): Fix another bad printf.
        * platform/network/soup/SocketStreamHandleImplSoup.cpp: Silence -Wcast-function-type.
        (WebCore::SocketStreamHandleImpl::beginWaitingForSocketWritability):
        * platform/text/TextEncoding.cpp: Silence ICU deprecration.

2018-05-08  Simon Fraser  <simon.fraser@apple.com>

        SVG lighting colors need to be converted into linearSRGB
        https://bugs.webkit.org/show_bug.cgi?id=181196

        Reviewed by Darin Adler.

        Address post-commit comments. Don't make a Color that contains linearRGB components,
        but use FloatComponents instead. Since these FloatComponents are in the 0-1 range,
        FELighting::setPixelInternal() needs to multiply by 255 since the output pixels are
        8-bit 0-255.
        
        Change linearToSRGBColorComponent() and sRGBToLinearColorComponent() to do math in
        floats without promoting to doubles.

        * platform/graphics/ColorUtilities.cpp:
        (WebCore::FloatComponents::FloatComponents):
        (WebCore::linearToSRGBColorComponent):
        (WebCore::sRGBToLinearColorComponent):
        (WebCore::sRGBColorToLinearComponents):
        (WebCore::linearToSRGBColor): Deleted.
        (WebCore::sRGBToLinearColor): Deleted.
        * platform/graphics/ColorUtilities.h:
        * platform/graphics/filters/FELighting.cpp:
        (WebCore::FELighting::setPixelInternal):
        (WebCore::FELighting::drawLighting):

2018-05-09  Timothy Hatcher  <timothy@apple.com>

        Use StyleColor::Options in more places.

        https://bugs.webkit.org/show_bug.cgi?id=185458
        rdar://problem/39853798

        Add UseDefaultAppearance to StyleColor::Options, to avoid passing yet another
        boolean on some of these functions.

        Reviewed by Tim Horton.

        * css/MediaQueryEvaluator.cpp:
        * css/StyleColor.h:
        * dom/Document.cpp:
        (WebCore::Document::useDefaultAppearance const):
        (WebCore::Document::styleColorOptions const):
        * dom/Document.h:
        * platform/Theme.cpp:
        (WebCore::Theme::paint):
        * platform/Theme.h:
        * platform/mac/LocalDefaultSystemAppearance.h:
        * platform/mac/LocalDefaultSystemAppearance.mm:
        (WebCore::LocalDefaultSystemAppearance::LocalDefaultSystemAppearance):
        (WebCore::LocalDefaultSystemAppearance::~LocalDefaultSystemAppearance):
        * platform/mac/ThemeMac.h:
        * platform/mac/ThemeMac.mm:
        (WebCore::paintToggleButton):
        (WebCore::paintButton):
        (WebCore::ThemeMac::ensuredView):
        (WebCore::ThemeMac::drawCellOrFocusRingWithViewIntoContext):
        (WebCore::ThemeMac::paint):
        (-[WebCoreThemeView initWithUseSystemAppearance:]): Deleted.
        * platform/wpe/ThemeWPE.cpp:
        (WebCore::ThemeWPE::paint):
        * platform/wpe/ThemeWPE.h:
        * rendering/RenderListBox.cpp:
        (WebCore::RenderListBox::paintItemBackground):
        * rendering/RenderTheme.cpp:
        (WebCore::RenderTheme::paint):
        (WebCore::RenderTheme::inactiveListBoxSelectionBackgroundColor const):
        (WebCore::RenderTheme::platformInactiveListBoxSelectionBackgroundColor const):
        * rendering/RenderTheme.h:
        * rendering/RenderThemeGtk.cpp:
        (WebCore::RenderThemeGtk::platformInactiveListBoxSelectionBackgroundColor const):
        * rendering/RenderThemeGtk.h:
        * rendering/RenderThemeMac.h:
        * rendering/RenderThemeMac.mm:
        (WebCore::RenderThemeMac::documentViewFor const):
        (WebCore::RenderThemeMac::platformInactiveListBoxSelectionBackgroundColor const):
        (WebCore::RenderThemeMac::systemColor const):
        (WebCore::RenderThemeMac::paintCellAndSetFocusedElementNeedsRepaintIfNecessary):
        (WebCore::RenderThemeMac::paintSliderThumb):

2018-05-09  Yacine Bandou  <yacine.bandou_ext@softathome.com>

        [EME][GStreamer] Crash when the mediaKeys are created before loading the media in debug conf
        https://bugs.webkit.org/show_bug.cgi?id=185244

        Reviewed by Xabier Rodriguez-Calvar.

        The function "MediaPlayerPrivateGStreamerBase::cdmInstanceAttached" is expected to be called once,
        so there is an ASSERT(!m_cdmInstance).
        But when the MediaKeys are created before loading the media, the cdminstance is created and attached
        to the MediaPlayerPrivate via "MediaPlayerPrivateGStreamerBase::cdmInstanceAttached" before loading
        the media, then when the media is loading, the function "MediaPlayerPrivateGStreamerBase::cdmInstanceAttached"
        will be called several times via the function "mediaEngineWasUpdated" wich is called for each change
        in the MediaElement state, thus the WebProcess crashes in the ASSERT(!m_cdmInstance).

        This commit avoid the crash by replacing the assert with a simple check.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::cdmInstanceAttached):
        (WebCore::MediaPlayerPrivateGStreamerBase::cdmInstanceDetached):

2018-05-09  Antti Koivisto  <antti@apple.com>

        Add OptionSet::operator& and operator bool
        https://bugs.webkit.org/show_bug.cgi?id=185306

        Reviewed by Anders Carlsson.

        Use it in a few places.

        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::reload):
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::logReasonsForCompositing):
        (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):

2018-05-08  Dean Jackson  <dino@apple.com>

        Disable system preview link fetching
        https://bugs.webkit.org/show_bug.cgi?id=185463

        Reviewed by Jon Lee.

        Temporarily disable system preview detection when a link
        is clicked.

        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::handleClick):

2018-05-08  Wenson Hsieh  <wenson_hsieh@apple.com>

        Unreviewed, fix the internal iOS build

        Add a missing import statement in an implementation file.

        * editing/cocoa/WebContentReaderCocoa.mm:

2018-05-08  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r231486.

        Caused service worker LayoutTest failures on macOS Debug WK2.

        Reverted changeset:

        "Allow WebResourceLoader to cancel a load served from a
        service worker"
        https://bugs.webkit.org/show_bug.cgi?id=185274
        https://trac.webkit.org/changeset/231486

2018-05-08  Wenson Hsieh  <wenson_hsieh@apple.com>

        Consolidate WebContentReaderIOS and WebContentReaderMac into WebContentReaderCocoa
        https://bugs.webkit.org/show_bug.cgi?id=185340

        Reviewed by Tim Horton.

        WebContentReader::readURL is currently the only method implemented separately in iOS and macOS platform
        WebContentReader files. The implementation across macOS and iOS is nearly identical (with some exceptions with
        the way iOS handles file URLs and plain text editing), so we can merge these into a single method
        WebContentReaderCocoa and delete WebContentReaderIOS and WebContentReaderMac.

        This also has the added bonus of fixing a latent bug in WebContentReaderMac, wherein URLs written to the
        pasteboard using -[NSPasteboard writeObjects:] are currently pasted as empty anchor elements. In this case, the
        link title isn't made explicit, so the `title` passed in to WebContentReader::readURL is empty. On iOS, we have
        code to fall back to pasting the absolute string of the URL if the title is empty, but on macOS, we'll just use
        this empty string as the title of the anchor.

        Test: PasteMixedContent.PasteURLWrittenToPasteboardUsingWriteObjects

        * SourcesCocoa.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::WebContentReader::readURL):
        * editing/ios/WebContentReaderIOS.mm: Removed.
        * editing/mac/WebContentReaderMac.mm: Removed.

2018-05-08  Zalan Bujtas  <zalan@apple.com>

        [Simple line layout] Cache run resolver.
        https://bugs.webkit.org/show_bug.cgi?id=185411

        Reviewed by Antti Koivisto.

        This patch caches the run resolver on the [SimpleLine]Layout object. 
        In certain cases, when the block container has thousands of elements (foobar1<br>foobar2<br>.....foobar9999<br>),
        constructing the resolver (and its dependencies) in a repeating fashion could hang the WebProcess.

        Covered by existing tests.

        * rendering/SimpleLineLayout.cpp:
        (WebCore::SimpleLineLayout::create):
        (WebCore::SimpleLineLayout::Layout::create):
        (WebCore::SimpleLineLayout::Layout::Layout):
        * rendering/SimpleLineLayout.h:
        (WebCore::SimpleLineLayout::Layout::runResolver const):
        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::paintFlow):
        (WebCore::SimpleLineLayout::hitTestFlow):
        (WebCore::SimpleLineLayout::collectFlowOverflow):
        (WebCore::SimpleLineLayout::computeBoundingBox):
        (WebCore::SimpleLineLayout::computeFirstRunLocation):
        (WebCore::SimpleLineLayout::collectAbsoluteRects):
        (WebCore::SimpleLineLayout::collectAbsoluteQuads):
        (WebCore::SimpleLineLayout::textOffsetForPoint):
        (WebCore::SimpleLineLayout::collectAbsoluteQuadsForRange):
        (WebCore::SimpleLineLayout::generateLineBoxTree):
        * rendering/SimpleLineLayoutResolver.cpp:
        (WebCore::SimpleLineLayout::LineResolver::LineResolver):
        * rendering/SimpleLineLayoutResolver.h:
        (WebCore::SimpleLineLayout::lineResolver):

2018-05-08  Brent Fulgham  <bfulgham@apple.com>

        Switch some RELEASE_ASSERTS to plain debug ASSERTS in PlatformScreenMac.mm
        https://bugs.webkit.org/show_bug.cgi?id=185451
        <rdar://problem/39620348>

        Reviewed by Zalan Bujtas.

        Change a set of RELEASE_ASSERTS used to prevent accessing NSScreen related functions in the
        PlatformScreenMac implementation to less expensive Debug ASSERTS.

        No change in behavior.

        * platform/mac/PlatformScreenMac.mm:
        (WebCore::screenHasInvertedColors):
        (WebCore::screenDepth):
        (WebCore::screenDepthPerComponent):
        (WebCore::screenRectForDisplay):
        (WebCore::screenRect):
        (WebCore::screenAvailableRect):
        (WebCore::screenColorSpace):
        (WebCore::screenSupportsExtendedColor):

2018-05-08  Daniel Bates  <dabates@apple.com>

        Resign Strong Password appearance when text field value changes
        https://bugs.webkit.org/show_bug.cgi?id=185433
        <rdar://problem/39958508>

        Reviewed by Ryosuke Niwa.

        Remove the Strong Password decoration when the text field's value changes to avoid interfering
        with web sites that allow a person to clear the password field.

        Tests: fast/forms/auto-fill-button/auto-fill-strong-password-button-when-maxlength-changes.html
               fast/forms/auto-fill-button/auto-fill-strong-password-button-when-minlength-changes.html
               fast/forms/auto-fill-button/hide-auto-fill-strong-password-button-when-value-changes.html

        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::resignStrongPasswordAppearance): Extracted from HTMLInputElement::updateType().
        (WebCore::HTMLInputElement::updateType): Extract out logic to resign the Strong Password appearance
        into a function that can be shared by this function and HTMLInputElement::setValue().
        (WebCore::HTMLInputElement::setValue): Resign the Strong Password appearance if this field was
        changed programmatically (i.e. no DOM change event was dispatched).
        * html/HTMLInputElement.h:

2018-05-08  Jer Noble  <jer.noble@apple.com>

        Unreviewed build fix; add missing function definition.

        * html/HTMLMediaElement.h:
        (WebCore::HTMLMediaElement::didPassCORSAccessCheck const):

2018-05-08  Jer Noble  <jer.noble@apple.com>

        Mute MediaElementSourceNode when tainted.
        https://bugs.webkit.org/show_bug.cgi?id=184866

        Reviewed by Eric Carlson.

        Test: http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin.html

        * Modules/webaudio/AudioContext.cpp:
        (WebCore::AudioContext::wouldTaintOrigin const):
        * Modules/webaudio/AudioContext.h:
        * Modules/webaudio/MediaElementAudioSourceNode.cpp:
        (WebCore::MediaElementAudioSourceNode::setFormat):
        (WebCore::MediaElementAudioSourceNode::wouldTaintOrigin):
        (WebCore::MediaElementAudioSourceNode::process):
        * Modules/webaudio/MediaElementAudioSourceNode.h:

2018-05-08  Eric Carlson  <eric.carlson@apple.com>

        Log rtcstats as JSON
        https://bugs.webkit.org/show_bug.cgi?id=185437
        <rdar://problem/40065332>

        Reviewed by Youenn Fablet.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::RTCStatsLogger::RTCStatsLogger): Create a wrapper class so we don't have to add a
        toJSONString method to libwebrtc.
        (WebCore::RTCStatsLogger::toJSONString const): Log stats as JSON.
        (WebCore::LibWebRTCMediaEndpoint::OnStatsDelivered): Don't use the LOGIDENTIFIER macro because
        it doesn't work well inside of a lambda.
        (WTF::LogArgument<WebCore::RTCStatsLogger>::toString): Move into .cpp file because it is only
        used here.
        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h:
        (WTF::LogArgument<webrtc::RTCStats>::toString): Deleted. Move to .cpp file.

2018-05-08  Dean Jackson  <dino@apple.com>

        System Preview links should trigger a download
        https://bugs.webkit.org/show_bug.cgi?id=185439
        <rdar://problem/40065545>

        Reviewed by Jon Lee.

        Add a new field to FrameLoadRequest, which then is copied
        into ResourceRequest, identifying if the link clicked
        is a system preview.

        * html/HTMLAnchorElement.cpp:
        (WebCore::HTMLAnchorElement::handleClick): Look for isSystemPreviewLink().
        * loader/FrameLoadRequest.cpp:
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        * loader/FrameLoadRequest.h: New property.
        (WebCore::FrameLoadRequest::FrameLoadRequest):
        (WebCore::FrameLoadRequest::isSystemPreview const):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::urlSelected):
        (WebCore::FrameLoader::loadURL):
        * loader/FrameLoader.h:
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::isSystemPreview const):
        (WebCore::ResourceRequestBase::setSystemPreview):
        * platform/network/ResourceRequestBase.h:

2018-05-08  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r231491.
        https://bugs.webkit.org/show_bug.cgi?id=185434

        Setting the Created key on a cookie does not work yet, due a
        bug in CFNetwork (Requested by ggaren on #webkit).

        Reverted changeset:

        "[WKHTTPCookieStore getAllCookies] returns inconsistent
        creation time"
        https://bugs.webkit.org/show_bug.cgi?id=185041
        https://trac.webkit.org/changeset/231491

2018-05-08  Sihui Liu  <sihui_liu@apple.com>

        [WKHTTPCookieStore getAllCookies] returns inconsistent creation time
        https://bugs.webkit.org/show_bug.cgi?id=185041
        <rdar://problem/34684214>

        Reviewed by Geoffrey Garen.

        Set creationtime property when creating Cookie object to keep consistency after conversion.

        New API test: WebKit.WKHTTPCookieStoreCreationTime.

        * platform/network/cocoa/CookieCocoa.mm:
        (WebCore::Cookie::operator NSHTTPCookie * const):

2018-05-08  Eric Carlson  <eric.carlson@apple.com>

        Text track cue logging should include cue text
        https://bugs.webkit.org/show_bug.cgi?id=185353
        <rdar://problem/40003565>

        Reviewed by Brent Fulgham.

        No new tests, tested manually.

        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::toJSON const):
        * platform/graphics/InbandTextTrackPrivateClient.h:
        (WebCore::GenericCueData::toJSONString const):
        * platform/graphics/iso/ISOVTTCue.cpp:
        (WebCore::ISOWebVTTCue::toJSONString const):

2018-05-08  Sam Weinig  <sam@webkit.org>

        More cleanup of XMLHttpRequestUpload
        https://bugs.webkit.org/show_bug.cgi?id=185409

        Reviewed by Alex Christensen.

        - Remove unneeded #includes
        - Rename m_xmlHttpRequest to m_request
        - Make some overloaded some methods private, and mark them as final rather
          than override.

        * xml/XMLHttpRequestUpload.cpp:
        (WebCore::XMLHttpRequestUpload::XMLHttpRequestUpload):
        * xml/XMLHttpRequestUpload.h:

2018-05-08  Zalan Bujtas  <zalan@apple.com>

        [LFC] Start using BlockMarginCollapse
        https://bugs.webkit.org/show_bug.cgi?id=185424

        Reviewed by Antti Koivisto.

        BlockMarginCollapse could be all static.

        * layout/blockformatting/BlockFormattingContext.cpp:
        (WebCore::Layout::BlockFormattingContext::marginTop const):
        (WebCore::Layout::BlockFormattingContext::marginBottom const):
        * layout/blockformatting/BlockMarginCollapse.cpp:
        (WebCore::Layout::isMarginTopCollapsedWithSibling):
        (WebCore::Layout::isMarginBottomCollapsedWithSibling):
        (WebCore::Layout::isMarginTopCollapsedWithParent):
        (WebCore::Layout::isMarginBottomCollapsedWithParent):
        (WebCore::Layout::collapsedMarginTopFromFirstChild):
        (WebCore::Layout::collapsedMarginBottomFromLastChild):
        (WebCore::Layout::nonCollapsedMarginTop):
        (WebCore::Layout::nonCollapsedMarginBottom):
        (WebCore::Layout::BlockMarginCollapse::marginTop):
        (WebCore::Layout::BlockMarginCollapse::marginBottom):
        (WebCore::Layout::BlockMarginCollapse::BlockMarginCollapse): Deleted.
        (WebCore::Layout::BlockMarginCollapse::marginTop const): Deleted.
        (WebCore::Layout::BlockMarginCollapse::marginBottom const): Deleted.
        (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithSibling const): Deleted.
        (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithSibling const): Deleted.
        (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithParent const): Deleted.
        (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithParent const): Deleted.
        (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginTop const): Deleted.
        (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginBottom const): Deleted.
        (WebCore::Layout::BlockMarginCollapse::collapsedMarginTopFromFirstChild const): Deleted.
        (WebCore::Layout::BlockMarginCollapse::collapsedMarginBottomFromLastChild const): Deleted.
        (WebCore::Layout::BlockMarginCollapse::hasAdjoiningMarginTopAndBottom const): Deleted.
        * layout/blockformatting/BlockMarginCollapse.h:

2018-05-08  Youenn Fablet  <youenn@apple.com>

        Allow WebResourceLoader to cancel a load served from a service worker
        https://bugs.webkit.org/show_bug.cgi?id=185274

        Reviewed by Chris Dumez.

        Add support for cancelling a fetch from WebProcess to service worker process.
        Use FetchIdentifier instead of uint64_t.

        * Modules/fetch/FetchIdentifier.h: Added.
        * WebCore.xcodeproj/project.pbxproj:
        * workers/service/context/ServiceWorkerFetch.h:
        * workers/service/context/ServiceWorkerThreadProxy.cpp:
        (WebCore::ServiceWorkerThreadProxy::startFetch):
        (WebCore::ServiceWorkerThreadProxy::cancelFetch):
        * workers/service/context/ServiceWorkerThreadProxy.h:

2018-05-08  Said Abou-Hallawa  <sabouhallawa@apple.com>

        feTurbulence is not rendered correctly on Retina display
        https://bugs.webkit.org/show_bug.cgi?id=183798

        Reviewed by Simon Fraser.

        On 2x display the feTurbulence filter creates a scaled ImageBuffer but
        processes only the unscaled size. This is a remaining work of r168577 and
        is very similar to what was done for the feMorphology filter in r188271.

        Test: fast/hidpi/filters-turbulence.html

        * platform/graphics/filters/FETurbulence.cpp:
        (WebCore::FETurbulence::fillRegion const):
        (WebCore::FETurbulence::platformApplySoftware):

2018-05-07  Zalan Bujtas  <zalan@apple.com>

        [LFC] Add FormattingContext::layoutOutOfFlowDescendants implementation
        https://bugs.webkit.org/show_bug.cgi?id=185377

        Reviewed by Antti Koivisto.

        Also, remove FormattingContext's m_layoutContext member and pass it in to ::layout() instead.
        In theory LayoutContext is needed only during ::layout() call. 

        * layout/FormattingContext.cpp:
        (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
        * layout/FormattingContext.h:
        (WebCore::Layout::FormattingContext::layoutContext const):
        * layout/LayoutContext.cpp:
        (WebCore::Layout::LayoutContext::updateLayout):
        * layout/blockformatting/BlockFormattingContext.cpp:
        (WebCore::Layout::BlockFormattingContext::layout const):
        * layout/blockformatting/BlockFormattingContext.h:
        * layout/inlineformatting/InlineFormattingContext.cpp:
        (WebCore::Layout::InlineFormattingContext::layout const):
        * layout/inlineformatting/InlineFormattingContext.h:

2018-05-07  Daniel Bates  <dabates@apple.com>

        Check X-Frame-Options and CSP frame-ancestors in network process
        https://bugs.webkit.org/show_bug.cgi?id=185410
        <rdar://problem/37733934>

        Reviewed by Ryosuke Niwa.

        * WebCore.xcodeproj/project.pbxproj: Make PingLoader.h a private header so that we can include it in WebKit.
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::responseReceived): Only check CSP frame-ancestors and X-Frame-Options here if
        we are not checking them in the NetworkProcess and HTTP response access is restricted. I code is otherwise kept
        unchanged. There may be opportunities to clean this code up more and share more of it. We should look into this
        in subsequent bugs.
        * loader/DocumentLoader.h: Change visibility of stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() from
        private to public and export it so that we can call it from the WebKit.
        * loader/PingLoader.h:
        * page/Settings.yaml: Add a new setting called networkProcessCSPFrameAncestorsCheckingEnabled (defaults: false)
        and is hardcoded in WebPage.cpp to be enabled. This setting is used to determine if we will be using the NetworkProcess.
        Ideally we wouldn't have this setting and just key off RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess().
        However RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() is always enabled in WebKit Legacy
        at the time of writing (why?). And, strangely, RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
        is conditionally enabled in WebKit. For now, we add a new setting, networkProcessCSPFrameAncestorsCheckingEnabled,
        to determine if CSP checking should be performed in NetworkProcess. For checking to actually happen in NetworkProcess
        and not in DocumentLoader::responseReceived() RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
        will also need to be enabled.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::allowFrameAncestors const): Added a variant that takes a vector of ancestor origins.
        * page/csp/ContentSecurityPolicy.h:
        * page/csp/ContentSecurityPolicyDirectiveList.cpp:
        (WebCore::checkFrameAncestors): Ditto.
        (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFrameAncestorOrigins const): Ditto.
        * page/csp/ContentSecurityPolicyDirectiveList.h: Export constructor so that we can invoke it from NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions().
        * page/csp/ContentSecurityPolicyResponseHeaders.h:
        * platform/network/HTTPParsers.h: Export XFrameOptionsDisposition() so that we can use in WebKit.

2018-05-07  Daniel Bates  <dabates@apple.com>

        Abstract logic to log console messages and send CSP violation reports into a client
        https://bugs.webkit.org/show_bug.cgi?id=185393
        <rdar://problem/40036053>

        Reviewed by Brent Fulgham.

        First pass at adding infrastructure to supporting CSP reporting from NetworkProcess and workers.
        Replaces the existing ContentSecurityPolicy constructor that takes a Frame with one that
        takes a ContentSecurityPolicyClient to delegate to for logging and sending reports. We will look
        to remove ContentSecurityPolicy constructor that takes a ScriptExecutionContext in a follow up.

        Standardize on instantiating a ContentSecurityPolicy with the full URL to resource that it protects
        instead of taking only the SecurityOrigin of this URL. By taking the full URL the ContentSecurityPolicy
        object is now capable of resolving a relative report URL without needing a Document/ScriptExecutionContext.

        We are underutilizing the CSPInfo struct and ContentSecurityPolicyClient::willSendCSPViolationReport()
        delegate callback in this patch. We will make use of this functionality in a subsequent patch to
        support collecting script state (e.g. source line number) when reporting CSP violations in worker
        threads. We also no longer go through the unnecessary motions to try to collect script state for a
        frame-ancestors violation (since DocumentLoader extends ContentSecurityPolicyClient and does not
        implement ContentSecurityPolicyClient::willSendCSPViolationReport()). The frame-ancestors directive
        is checked before a document is parsed and executes script; => there will never be any script state
        to collect; => it is not necessary to try to collect it as we currently do.

        * Sources.txt: Add file ContentSecurityPolicyClient.cpp. See the remarks for ContentSecurityPolicyClient.cpp
        below on why we have this file.
        * WebCore.xcodeproj/project.pbxproj: Add files ContentSecurityPolicyClient.{h, cpp}.
        * dom/Document.cpp:
        (WebCore::Document::initSecurityContext): Pass the URL of the protected document.
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::responseReceived): Ditto.
        (WebCore::DocumentLoader::addConsoleMessage): Added.
        (WebCore::DocumentLoader::sendCSPViolationReport): Added.
        (WebCore::DocumentLoader::dispatchSecurityPolicyViolationEvent): Added.
        * loader/DocumentLoader.h:
        * loader/FrameLoaderClient.h: Fix typo in comment.
        * loader/WorkerThreadableLoader.cpp:
        (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass the URL of the worker script.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::ContentSecurityPolicy): Added overload that takes a URL&& and an optional
        ContentSecurityPolicyClient*.
        (WebCore::ContentSecurityPolicy::deprecatedURLForReporting const): Extracted and simplified stripURLForUseInReport()
        into this member function.
        (WebCore::ContentSecurityPolicy::reportViolation const): Modified to make use of the client, if we have
        one and removed code for handling a ContentSecurityPolicy that was instantiated with a Frame.
        (WebCore::ContentSecurityPolicy::logToConsole const): Ditto.
        (WebCore::stripURLForUseInReport): Deleted; incorporated into ContentSecurityPolicy::deprecatedURLForReporting().
        * page/csp/ContentSecurityPolicy.h:
        * page/csp/ContentSecurityPolicyClient.cpp: Added. This file exists so that we can define the virtual
        destructor out-of-line and export this abstract class so as to avoid the need for the vtable to be
        defined in the translation unit of each derived class.
        * page/csp/ContentSecurityPolicyClient.h: Added.
        * page/csp/ContentSecurityPolicySource.cpp:
        (WebCore::ContentSecurityPolicySource::operator SecurityOriginData const): Added.
        * page/csp/ContentSecurityPolicySource.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::WorkerGlobalScope): Instantiate the ContentSecurityPolicy object with the
        URL of the worker script.

2018-05-07  Simon Fraser  <simon.fraser@apple.com>

        CSS filters which reference SVG filters fail to respect the "color-interpolation-filters" of the filter
        https://bugs.webkit.org/show_bug.cgi?id=185343

        Reviewed by Dean Jackson.

        Test: css3/filters/color-interpolation-filters.html
        
        When applying CSS reference filters, apply the value of "color-interpolation-filters" for the
        referenced filter effect element, just as we do for SVG filters.

        * rendering/FilterEffectRenderer.cpp:
        (WebCore::FilterEffectRenderer::buildReferenceFilter):

2018-05-07  Daniel Bates  <dabates@apple.com>

        CSP status-code incorrect for document blocked due to violation of its frame-ancestors directive
        https://bugs.webkit.org/show_bug.cgi?id=185366
        <rdar://problem/40035116>

        Reviewed by Brent Fulgham.

        Fixes an issue where the status-code in the sent CSP report for an HTTP document blocked because
        its frame-ancestors directive was violated would be the status code of the previously loaded
        document in the frame. If the previously loaded document was about:blank then this would be 0.

        Currently whenever we send a CSP report we ask the document's loader (Document::loader()) for the
        HTTP status code for the last response. Document::loader() returns the loader for the last committed
        document its frame. For a frame-ancestors violation, a CSP report is sent before the document
        that had the frame-ancestors directive has been committed and after it has been associate with a frame.
        As a result we are in are in a transient transition state for the frame and hence the last response
        for new document's loader (Document::loader()) is actually the last response of the previously loaded
        document in the frame. Instead we need to take care to tell CSP about the HTTP status code for the
        response associated with the document the CSP came from.

        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv):
        (WebCore::Document::initSecurityContext):
        Pass the HTTP status code to CSP.

        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::copyStateFrom):
        (WebCore::ContentSecurityPolicy::responseHeaders const):
        (WebCore::ContentSecurityPolicy::didReceiveHeaders):
        (WebCore::ContentSecurityPolicy::didReceiveHeader):
        (WebCore::ContentSecurityPolicy::reportViolation const):
        * page/csp/ContentSecurityPolicy.h:
        Modify existing functions to take the HTTP status code, store it in a instance variable,
        and reference this variable when reporting a violation.

        * page/csp/ContentSecurityPolicyResponseHeaders.cpp:
        (WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders):
        (WebCore::ContentSecurityPolicyResponseHeaders::isolatedCopy const):
        * page/csp/ContentSecurityPolicyResponseHeaders.h:
        (WebCore::ContentSecurityPolicyResponseHeaders::encode const):
        (WebCore::ContentSecurityPolicyResponseHeaders::decode):
        Store the HTTP status code along with the response headers.

2018-05-07  Daniel Bates  <dabates@apple.com>

        CSP referrer incorrect for document blocked due to violation of its frame-ancestors directive
        https://bugs.webkit.org/show_bug.cgi?id=185380

        Reviewed by Brent Fulgham.

        Similar to <https://bugs.webkit.org/show_bug.cgi?id=185366>, fixes an issue where the referrer
        in the sent CSP report for an HTTP document blocked because its frame-ancestors directive was
        violated would be the referrer of the previously loaded document in the frame.

        Currently whenever we send a CSP report we ask the document's loader (Document::loader()) for
        the referrer for the last request. Document::loader() returns the loader for the last committed
        document in its frame. For a frame-ancestors violation, a CSP report is sent before the document
        that had the frame-ancestors directive has been committed and after it has been associate with a
        frame. As a result we are in a transient transition state for the frame and hence the last request
        for the new document's loader (Document::loader()) is actually the last request of the previously
        loaded document in the frame. Instead we need to take care to tell CSP about the referrer for the
        request associated with the document the CSP came from.

        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::responseReceived):

2018-05-07  Brent Fulgham  <bfulgham@apple.com>

        Add experimental feature to prompt for Storage Access API use
        https://bugs.webkit.org/show_bug.cgi?id=185335
        <rdar://problem/39994649>

        Reviewed by Alex Christensen and Youenn Fablet.

        Create a new experimental feature that gates the ability of WebKit clients to prompt the user when
        Storage Access API is invoked.

        Currently this feature doesn't have any user-visible impact.

        * page/RuntimeEnabledFeatures.h:
        (WebCore::RuntimeEnabledFeatures::setStorageAccessPromptsEnabled):
        (WebCore::RuntimeEnabledFeatures::storageAccessPromptsEnabled const):
        * testing/InternalSettings.cpp:
        (WebCore::InternalSettings::Backup::Backup):
        (WebCore::InternalSettings::Backup::restoreTo):
        (WebCore::InternalSettings::setStorageAccessPromptsEnabled):
        * testing/InternalSettings.h:
        * testing/InternalSettings.idl:

2018-05-07  Chris Dumez  <cdumez@apple.com>

        Stop using an iframe's id as fallback if its name attribute is not set
        https://bugs.webkit.org/show_bug.cgi?id=11388

        Reviewed by Geoff Garen.

        WebKit had logic to use an iframe's id as fallback name when its name
        content attribute is not set. This behavior was not standard and did not
        match other browsers:
        - https://html.spec.whatwg.org/#attr-iframe-name

        Gecko / Trident never behaved this way. Blink was aligned with us until
        they started to match the specification in:
        - https://bugs.chromium.org/p/chromium/issues/detail?id=347169

        This WebKit quirk was causing some Web-compatibility issues because it
        would affect the behavior of Window's name property getter when trying
        to look up an iframe by id. Because of Window's named property getter
        behavior [1], we would return the frame's contentWindow instead of the
        iframe element itself.

        [1] https://html.spec.whatwg.org/multipage/window-object.html#named-access-on-the-window-object

        Test: fast/dom/Window/named-getter-frame-id.html

        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::openURL):
        (WebCore::HTMLFrameElementBase::parseAttribute):
        (WebCore::HTMLFrameElementBase::didFinishInsertingNode):
        * html/HTMLFrameElementBase.h:

2018-05-07  Chris Dumez  <cdumez@apple.com>

        ASSERT(!childItemWithTarget(child->target())) is hit in HistoryItem::addChildItem()
        https://bugs.webkit.org/show_bug.cgi?id=185322

        Reviewed by Geoff Garen.

        We generate unique names for Frame to be used in HistoryItem. Those names not only
        need to be unique, they also need to be repeatable to avoid layout tests flakiness
        and for things like restoring form state from a HistoryItem.

        The previously generated frame names were relying on the Frame's index among a
        parent Frame's children. The issue was that we could end up with duplicate names
        because one could insert a Frame *before* an existing one. This is because the code
        would not take care of updating existing Frames' unique name on frame tree mutation.

        Updating frame tree names on mutation would be inefficient and is also not necessary.
        The approach chosen in this patch is to stop using the Frame's index and instead rely
        on an increasing counter stored on the top-frame's FrameTree. To make the names
        repeatable, we reset the counter on page navigation.

        * page/Frame.cpp:
        (WebCore::Frame::setDocument):
        * page/FrameTree.cpp:
        (WebCore::FrameTree::uniqueChildName const):
        (WebCore::FrameTree::generateUniqueName const):
        * page/FrameTree.h:
        (WebCore::FrameTree::resetFrameIdentifiers):

2018-05-07  Yacine Bandou  <yacine.bandou_ext@softathome.com>

        [EME][GStreamer] Fix wrong subsample parsing on r227067
        https://bugs.webkit.org/show_bug.cgi?id=185382

        Reviewed by Philippe Normand.

        The initialization of sampleIndex should be moved outside of the loop.
        Without this patch we will have a bad log and the check of the subsample
        count will be useless.

        * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
        (webKitMediaClearKeyDecryptorDecrypt):

2018-05-07  Daniel Bates  <dabates@apple.com>

        CSP should be passed the referrer
        https://bugs.webkit.org/show_bug.cgi?id=185367

        Reviewed by Per Arne Vollan.

        As a step towards formalizing a CSP delegate object and removing the dependencies
        on ScriptExecutionContext and Frame, we should pass the document's referrer directly
        instead of indirectly obtaining it from the ScriptExecutionContext or Frame used
        to instantiate the ContentSecurityPolicy object.

        * dom/Document.cpp:
        (WebCore::Document::processHttpEquiv): Pass the document's referrer.
        (WebCore::Document::initSecurityContext): Ditto.
        (WebCore::Document::applyQuickLookSandbox): Ditto.
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::responseReceived): Ditto.
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::didBeginDocument): Ditto.
        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::copyStateFrom): We pass a null string for the referrer
        to didReceiveHeader() as a placeholder since it requires the referrer be given to it. We
        fix up the referrer (m_referrer) after copying all the policy headers.
        (WebCore::ContentSecurityPolicy::didReceiveHeaders): Ditto.
        (WebCore::ContentSecurityPolicy::didReceiveHeader): Modified to take a referrer and WTFMove()s
        it into an instance variable (m_referrer).
        (WebCore::ContentSecurityPolicy::reportViolation const): Modified to use the stored referrer.
        * page/csp/ContentSecurityPolicy.h:
        * workers/WorkerGlobalScope.cpp:
        (WebCore::WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders): Pass a null string
        for the referrer as a worker does not have a referrer.

2018-05-07  Daniel Bates  <dabates@apple.com>

        CSP should only notify Inspector to pause the debugger on the first policy to violate a directive
        https://bugs.webkit.org/show_bug.cgi?id=185364

        Reviewed by Brent Fulgham.

        Notify Web Inspector that a script was blocked on the first enforced CSP policy that it
        violates.

        A page can have more than one enforced Content Security Policy. Currently for inline
        scripts, inline event handlers, JavaScript URLs, and eval() that are blocked by CSP
        we notify Web Inspector that it was blocked for each CSP policy that blocked it. When
        Web Inspector is notified it pauses script execution. It does not seem very meaningful
        to pause script execution on the same script for each CSP policy that blocked it.
        Therefore, only tell Web Inspector that a script was blocked for the first enforced CSP
        policy that blocked it.

        * page/csp/ContentSecurityPolicy.cpp:
        (WebCore::ContentSecurityPolicy::allowJavaScriptURLs const):
        (WebCore::ContentSecurityPolicy::allowInlineEventHandlers const):
        (WebCore::ContentSecurityPolicy::allowInlineScript const):
        (WebCore::ContentSecurityPolicy::allowEval const):

2018-05-07  Daniel Bates  <dabates@apple.com>

        Substitute CrossOriginPreflightResultCache::clear() for CrossOriginPreflightResultCache::empty()
        https://bugs.webkit.org/show_bug.cgi?id=185170

        Reviewed by Per Arne Vollan.

        Rename CrossOriginPreflightResultCache::empty() to CrossOriginPreflightResultCache::clear() make
        it consistent with the terminology we use in WebKit to signify a function that clears a collection.
        A member function named "empty" is expected to return an instance of a class in its "empty state".
        For example, StringImpl::empty() returns a StringImpl instance that represents the empty string.
        However CrossOriginPreflightResultCache::empty() clears out the cache in-place. We should rename
        this function to better describe its purpose.

        * loader/CrossOriginPreflightResultCache.cpp:
        (WebCore::CrossOriginPreflightResultCache::clear):
        (WebCore::CrossOriginPreflightResultCache::empty): Deleted.
        * loader/CrossOriginPreflightResultCache.h:

2018-05-06  Dean Jackson  <dino@apple.com>

        WebGL: Reset simulated values after validation fails
        https://bugs.webkit.org/show_bug.cgi?id=185363
        <rdar://problem/39733417>

        Reviewed by Anders Carlsson.

        While fixing a previous bug, I forgot to reset some values
        when validation fails. This caused a bug where a subsequent
        invalid call might use those values and escape detection.

        Test: fast/canvas/webgl/index-validation-with-subsequent-draws.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Reset the
        sizes when validation fails.
        * html/canvas/WebGLRenderingContextBase.h:

2018-05-07  Ms2ger  <Ms2ger@igalia.com>

        Support negative sw/sh values in createImageBitmap().
        https://bugs.webkit.org/show_bug.cgi?id=184449

        Reviewed by Dean Jackson.

        Tests: LayoutTests/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage.html
               LayoutTests/http/wpt/2dcontext/imagebitmap/createImageBitmap.html

        * html/ImageBitmap.cpp:
        (WebCore::ImageBitmap::createPromise): handle negative values per spec.

2018-05-07  Brian Burg  <bburg@apple.com>

        Web Inspector: opt out of process swap on navigation if a Web Inspector frontend is connected
        https://bugs.webkit.org/show_bug.cgi?id=184861
        <rdar://problem/39153768>

        Reviewed by Timothy Hatcher.

        Notify the client of the current connection count whenever a frontend connects or disconnects.

        Covered by new API test.

        * inspector/InspectorClient.h:
        (WebCore::InspectorClient::frontendCountChanged):
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::connectFrontend):
        (WebCore::InspectorController::disconnectFrontend):
        (WebCore::InspectorController::disconnectAllFrontends):
        * inspector/InspectorController.h:

2018-05-07  Eric Carlson  <eric.carlson@apple.com>

        Text track cue logging should include cue text
        https://bugs.webkit.org/show_bug.cgi?id=185353
        <rdar://problem/40003565>

        Reviewed by Youenn Fablet.

        No new tests, tested manually.

        * html/track/VTTCue.cpp:
        (WebCore::VTTCue::toJSONString const): Use toJSON.
        (WebCore::VTTCue::toJSON const): New.
        * html/track/VTTCue.h:

        * platform/graphics/InbandTextTrackPrivateClient.h:
        (WebCore::GenericCueData::toJSONString const): Log m_content.

        * platform/graphics/iso/ISOVTTCue.cpp:
        (WebCore::ISOWebVTTCue::toJSONString const): Log m_cueText.

2018-05-06  Zalan Bujtas  <zalan@apple.com>

        [LFC] Add assertions for stale Display::Box geometry
        https://bugs.webkit.org/show_bug.cgi?id=185357

        Reviewed by Antti Koivisto.

        Ensure that we don't access stale geometry of other boxes during layout.
        For example, in order to layout a block child we need the containing block's content box top/left and width (but not the height)

        * layout/displaytree/DisplayBox.h:
        (WebCore::Display::Box::invalidateTop):
        (WebCore::Display::Box::invalidateLeft):
        (WebCore::Display::Box::invalidateWidth):
        (WebCore::Display::Box::invalidateHeight):
        (WebCore::Display::Box::hasValidPosition const):
        (WebCore::Display::Box::hasValidSize const):
        (WebCore::Display::Box::hasValidGeometry const):
        (WebCore::Display::Box::invalidatePosition):
        (WebCore::Display::Box::invalidateSize):
        (WebCore::Display::Box::setHasValidPosition):
        (WebCore::Display::Box::setHasValidSize):
        (WebCore::Display::Box::setHasValidGeometry):
        (WebCore::Display::Box::rect const):
        (WebCore::Display::Box::top const):
        (WebCore::Display::Box::left const):
        (WebCore::Display::Box::bottom const):
        (WebCore::Display::Box::right const):
        (WebCore::Display::Box::topLeft const):
        (WebCore::Display::Box::bottomRight const):
        (WebCore::Display::Box::size const):
        (WebCore::Display::Box::width const):
        (WebCore::Display::Box::height const):
        (WebCore::Display::Box::setRect):
        (WebCore::Display::Box::setTopLeft):
        (WebCore::Display::Box::setTop):
        (WebCore::Display::Box::setLeft):
        (WebCore::Display::Box::setSize):
        (WebCore::Display::Box::setWidth):
        (WebCore::Display::Box::setHeight):

2018-05-06  Zalan Bujtas  <zalan@apple.com>

        [LFC] Add BlockFormattingContext::computeStaticPosition
        https://bugs.webkit.org/show_bug.cgi?id=185352

        Reviewed by Antti Koivisto.

        This is the core logic for positioning inflow boxes in a block formatting context (very naive though).

        * layout/blockformatting/BlockFormattingContext.cpp:
        (WebCore::Layout::BlockFormattingContext::computeStaticPosition const):
        * layout/displaytree/DisplayBox.h:

2018-05-05  Sam Weinig  <sam@webkit.org>

        Cleanup XMLHttpRequestUpload a little
        https://bugs.webkit.org/show_bug.cgi?id=185344

        Reviewed by Yusuke Suzuki.

        * bindings/js/JSXMLHttpRequestCustom.cpp:
        (WebCore::JSXMLHttpRequest::visitAdditionalChildren):
        Use auto to reduce redundancy.

        * xml/XMLHttpRequest.cpp:
        (WebCore::XMLHttpRequest::upload):
        * xml/XMLHttpRequest.h:
        Switch upload() to return a reference.
        
        * xml/XMLHttpRequestUpload.cpp:
        (WebCore::XMLHttpRequestUpload::XMLHttpRequestUpload):
        (WebCore::XMLHttpRequestUpload::dispatchProgressEvent):
        * xml/XMLHttpRequestUpload.h:
        Cleanup formatting, modernize and switch XMLHttpRequest member from a pointer
        to a reference.

2018-05-05  Dean Jackson  <dino@apple.com>

        Draw a drop-shadow behind the system preview badge
        https://bugs.webkit.org/show_bug.cgi?id=185356
        <rdar://problem/40004936>

        Reviewed by Wenson Hsieh.

        Draw a very subtle drop-shadow under the system
        preview badge so that it is more visible on a pure
        white background.

        I also moved some code around to make it more clear
        and improved comments.

        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::paintSystemPreviewBadge):

2018-05-04  Wenson Hsieh  <wenson_hsieh@apple.com>

        [iOS] Multiple links in Mail are dropped in a single line, and are difficult to tell apart
        https://bugs.webkit.org/show_bug.cgi?id=185289
        <rdar://problem/35756912>

        Reviewed by Tim Horton and Darin Adler.

        When inserting multiple URLs as individual items in a single drop, we currently separate each item with a space
        (see r217284). However, it still seems difficult to tell dropped links apart. This patch makes some slight
        tweaks to WebContentReader::readURL so that it inserts line breaks before dropped URLs, if the dropped URL isn't
        the first item to be inserted in the resulting document fragment.

        Augments existing API tests in DataInteractionTests.

        * editing/ios/WebContentReaderIOS.mm:

        Additionally remove some extraneous header imports from this implementation file.

        (WebCore::WebContentReader::readURL):

2018-05-02  Dean Jackson  <dino@apple.com>

        Use IOSurfaces for CoreImage operations where possible
        https://bugs.webkit.org/show_bug.cgi?id=185230
        <rdar://problem/39926929>

        Reviewed by Jon Lee.

        On iOS hardware, we can use IOSurfaces as a rendering destination
        for CoreImage, which means we're keeping data on the GPU
        for rendering.

        As a drive-by fix, I used a convenience method for Gaussian blurs.

        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderThemeIOS::paintSystemPreviewBadge):

2018-05-04  Tim Horton  <timothy_horton@apple.com>

        Shift to a lower-level framework for simplifying URLs
        https://bugs.webkit.org/show_bug.cgi?id=185334

        Reviewed by Dan Bernstein.

        * Configurations/WebCore.xcconfig:
        * platform/mac/DragImageMac.mm:
        (WebCore::LinkImageLayout::LinkImageLayout):

2018-05-03  Ryosuke Niwa  <rniwa@webkit.org>

        Release assert in ScriptController::canExecuteScripts via HTMLMediaElement::~HTMLMediaElement()
        https://bugs.webkit.org/show_bug.cgi?id=185288

        Reviewed by Jer Noble.

        The crash is caused by HTMLMediaElement::~HTMLMediaElement canceling the resource load via CachedResource
        which ends up calling FrameLoader::checkCompleted() and fire load event on the document synchronously.
        Speculatively fix the crash by scheduling the check instead.

        In long term, ResourceLoader::cancel should never fire load event synchronously: webkit.org/b/185284.

        Unfortunately, no new tests since I can't get MediaResource to get destructed at the right time.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::isRunningDestructor): Added to detect this specific case.
        (WebCore::HTMLMediaElementDestructorScope): Added.
        (WebCore::HTMLMediaElementDestructorScope::HTMLMediaElementDestructorScope): Added.
        (WebCore::HTMLMediaElementDestructorScope::~HTMLMediaElementDestructorScope): Added.
        (WebCore::HTMLMediaElement::~HTMLMediaElement): Instantiate HTMLMediaElement.
        * html/HTMLMediaElement.h:
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::checkCompleted): Call scheduleCheckCompleted instead of synchronously calling
        checkCompleted if we're in the middle of destructing a HTMLMediaElement.

2018-05-04  Ryosuke Niwa  <rniwa@webkit.org>

        Rename DocumentOrderedMap to TreeScopeOrderedMap
        https://bugs.webkit.org/show_bug.cgi?id=185290

        Reviewed by Zalan Bujtas.

        Renamed the class since it's almost always a mistake to use this class as a member variable of Document.

        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/MouseRelatedEvent.cpp: Include the forgotten DOMWindow.h. Unified build files bit us here.
        * dom/TreeScope.cpp:
        (WebCore::TreeScope::addElementById):
        (WebCore::TreeScope::addElementByName):
        (WebCore::TreeScope::addImageMap):
        (WebCore::TreeScope::addImageElementByUsemap):
        (WebCore::TreeScope::labelElementForId):
        * dom/TreeScope.h:
        * dom/TreeScopeOrderedMap.cpp: Renamed from DocumentOrderedMap.cpp
        * dom/TreeScopeOrderedMap.h: Renamed from DocumentOrderedMap.h
        * html/HTMLDocument.h:

2018-05-04  Don Olmstead  <don.olmstead@sony.com>

        [Win][WebKit] Fix forwarding headers for Windows build
        https://bugs.webkit.org/show_bug.cgi?id=184412

        Reviewed by Alex Christensen.

        No new tests. No change in behavior.

        * PlatformWin.cmake:

2018-05-04  Zalan Bujtas  <zalan@apple.com>

        [Simple line layout] Add support for line layout box generation with multiple text renderers.
        https://bugs.webkit.org/show_bug.cgi?id=185276

        Reviewed by Antti Koivisto.

        Covered by existing tests.

        * rendering/SimpleLineLayoutFunctions.cpp:
        (WebCore::SimpleLineLayout::canUseForLineBoxTree):
        (WebCore::SimpleLineLayout::generateLineBoxTree):
        * rendering/SimpleLineLayoutResolver.cpp:
        (WebCore::SimpleLineLayout::RunResolver::Run::renderer const):
        (WebCore::SimpleLineLayout::RunResolver::Run::localStart const):
        (WebCore::SimpleLineLayout::RunResolver::Run::localEnd const):
        * rendering/SimpleLineLayoutResolver.h:

2018-05-04  Timothy Hatcher  <timothy@apple.com>

        Deprecate legacy WebView and friends
        https://bugs.webkit.org/show_bug.cgi?id=185279
        rdar://problem/33268700

        Reviewed by Tim Horton.

        * Configurations/WebCore.xcconfig:
        Added BUILDING_WEBKIT define to disable the deprecation macros.
        * bridge/objc/WebScriptObject.h:
        Added deprecation macros to WebScriptObject and WebUndefined.
        * platform/cocoa/WebKitAvailability.h:
        Added more macros and a way to disable deprecation warnings for
        WebKit build and in clients like Safari.

2018-05-04  Eric Carlson  <eric.carlson@apple.com>

        Log media time range as JSON
        https://bugs.webkit.org/show_bug.cgi?id=185321
        <rdar://problem/39986746>

        Reviewed by Youenn Fablet.

        No new tests, tested manually.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::addPlayedRange): Log as time range.
        (WebCore::HTMLMediaElement::visibilityStateChanged): Cleanup.

        * platform/graphics/MediaPlayer.h:
        (WTF::LogArgument<MediaTime>::toString):
        (WTF::LogArgument<MediaTimeRange>::toString):

        * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
        (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Log error as time range.

2018-05-04  Zalan Bujtas  <zalan@apple.com>

        Use the containing block to compute the pagination gap when the container is inline.
        https://bugs.webkit.org/show_bug.cgi?id=184724
        <rdar://problem/39521800>

        Reviewed by Simon Fraser.

        Test: fast/overflow/page-overflow-with-inline-body-crash.html

        * page/FrameView.cpp:
        (WebCore::FrameView::applyPaginationToViewport):

2018-05-04  Tim Horton  <timothy_horton@apple.com>

        Don't use GSFont* in minimal simulator mode
        https://bugs.webkit.org/show_bug.cgi?id=185320
        <rdar://problem/39734478>

        Reviewed by Beth Dakin.

        * page/cocoa/MemoryReleaseCocoa.mm:
        (WebCore::platformReleaseMemory):

2018-05-04  Chris Dumez  <cdumez@apple.com>

        Unreviewed, rolling out r231331.

        Caused a few tests to assert

        Reverted changeset:

        "Stop using an iframe's id as fallback if its name attribute
        is not set"
        https://bugs.webkit.org/show_bug.cgi?id=11388
        https://trac.webkit.org/changeset/231331

2018-05-04  Youenn Fablet  <youenn@apple.com>

        Use more references in updateTracksOfType
        https://bugs.webkit.org/show_bug.cgi?id=185305

        Reviewed by Eric Carlson.

        No change of behavior.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::updateTracksOfType):
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):

2018-05-04  Myles C. Maxfield  <mmaxfield@apple.com>

        Text shaping in the simple path is flipped in the y direction
        https://bugs.webkit.org/show_bug.cgi?id=185062
        <rdar://problem/39778678>

        Reviewed by Simon Fraser.

        Shaping in our simple codepath occurs in an "increasing-y-goes-up" coordinate system, but our painting
        code uses an "increasing-y-goes-down" coordinate system. We weren't fixing up the coordinate systems
        because we never noticed. This is because the simple codepath is only designed for kerning and ligatures,
        neither of which move glyphs vertically in the common case.

        Test: fast/text/vertical-displacement-simple-codepath.html

        * platform/graphics/Font.cpp:
        (WebCore::Font::applyTransforms const):
        * platform/graphics/WidthIterator.cpp:
        (WebCore::WidthIterator::applyFontTransforms):

2018-05-04  Chris Nardi  <cnardi@chromium.org>

        Serialize all URLs with double-quotes per CSSOM spec
        https://bugs.webkit.org/show_bug.cgi?id=184935

        Reviewed by Antti Koivisto.

        According to https://drafts.csswg.org/cssom/#serialize-a-url, all URLs should be serialized as strings,
        which means they should have double quotes around the text of the URL. Update our implementation to match
        this (and Firefox/Chrome). Also remove isCSSTokenizerURL() as this method is no longer needed.

        Tests: Many LayoutTests updated to use double quotes.

        * css/CSSMarkup.cpp:
        (WebCore::serializeString): Remove FIXME as this was already fixed in a previous patch.
        (WebCore::serializeURL): Remove FIXME and update implementation.

2018-05-04  Youenn Fablet  <youenn@apple.com>

        LayoutTests/fast/mediastream/change-tracks-media-stream-being-played.html is crashing after r231304
        https://bugs.webkit.org/show_bug.cgi?id=185303

        Reviewed by Eric Carlson.

        We need to stop observing the audio track like we do for video track once we are no longer interested in it.
        Covered by test no longer crashing.

        * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
        (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):

2018-05-04  Zalan Bujtas  <zalan@apple.com>

        [LFC] Set the invalidation root as the result of style change.
        https://bugs.webkit.org/show_bug.cgi?id=185301

        Reviewed by Antti Koivisto.

        Compute/propagate the update type on the ancestor chain and return the invalidation root
        so that LayoutContext could use it as the entry point for the next layout frame.

        * layout/LayoutContext.cpp:
        (WebCore::Layout::LayoutContext::updateLayout):
        (WebCore::Layout::LayoutContext::styleChanged):
        * layout/LayoutContext.h: order is not important.
        * layout/blockformatting/BlockInvalidation.cpp:
        (WebCore::Layout::invalidationStopsAtFormattingContextBoundary):
        (WebCore::Layout::computeUpdateType):
        (WebCore::Layout::computeUpdateTypeForAncestor):
        (WebCore::Layout::BlockInvalidation::invalidate):
        * layout/blockformatting/BlockInvalidation.h:
        * layout/inlineformatting/InlineInvalidation.cpp:
        (WebCore::Layout::InlineInvalidation::invalidate):
        * layout/inlineformatting/InlineInvalidation.h:

2018-05-04  Youenn Fablet  <youenn@apple.com>

        PeerConnection should have its connectionState closed even if doing gathering
        https://bugs.webkit.org/show_bug.cgi?id=185267

        Reviewed by Darin Adler.

        Test: webrtc/addICECandidate-closed.html

        In case m_iceConnectionState is closed, m_connectionState should also be set to closed
        and RTCPeerConnection should be closed so as to reject any other call.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::RTCPeerConnection::close):
        (WebCore::RTCPeerConnection::updateConnectionState):

2018-05-04  Yacine Bandou  <yacine.bandou_ext@softathome.com>

        [MSE][GStreamer] Delete properly the stream from the WebKitMediaSource
        https://bugs.webkit.org/show_bug.cgi?id=185242

        Reviewed by Xabier Rodriguez-Calvar.

        When the sourceBuffer is removed from mediasource, the appropriate stream is not
        properly deleted from WebKitMediaSource, because the appsrc and parser elements
        of the stream are not removed from the WebKitMediaSource bin.

        This patch avoids the regression of r231089, see https://bugs.webkit.org/show_bug.cgi?id=185071

        * platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:
        (webKitMediaSrcFreeStream):

2018-05-04  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Epiphany (GNOME Web) says "Error downloading: Service Unavailable." when trying to download an image from discogs.com
        https://bugs.webkit.org/show_bug.cgi?id=174730

        Reviewed by Michael Catanzaro.

        Export ResourceRequestBase::hasHTTPHeaderField().

        * platform/network/ResourceRequestBase.h:

2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>

        Use subprocess.call instead of os.system to handle path with spaces
        https://bugs.webkit.org/show_bug.cgi?id=185291

        Reviewed by Darin Adler.

        If gperf path includes spaces, these python scripts fail to execute gperf.
        We use subprocess module instead of os.system to invoke gperf.

        * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
        * css/makeSelectorPseudoElementsMap.py:
        * platform/network/create-http-header-name-table:

2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>

        Unreviewed, attempt to fix WinCairo build failure
        https://bugs.webkit.org/show_bug.cgi?id=185218

        * platform/text/win/LocaleWin.cpp:
        (WebCore::LocaleWin::getLocaleInfoString):

2018-05-03  Filip Pizlo  <fpizlo@apple.com>

        Strings should not be allocated in a gigacage
        https://bugs.webkit.org/show_bug.cgi?id=185218

        Reviewed by Saam Barati.

        No new tests because no new behavior.

        * Modules/indexeddb/server/IDBSerialization.cpp:
        (WebCore::decodeKey):
        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneDeserializer::readString):
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::normalizeSpaces):
        * html/parser/HTMLTreeBuilder.cpp:
        (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::takeRemainingWhitespace):
        * platform/URLParser.cpp:
        (WebCore::percentEncodeByte):
        (WebCore::serializeURLEncodedForm):
        (WebCore::URLParser::serialize):
        * platform/URLParser.h:
        * platform/graphics/FourCC.cpp:
        (WebCore::FourCC::toString const):
        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::ReplicaState::cloneID const):
        * platform/text/LocaleICU.cpp:
        (WebCore::LocaleICU::decimalSymbol):
        (WebCore::LocaleICU::decimalTextAttribute):
        (WebCore::getDateFormatPattern):
        (WebCore::LocaleICU::createLabelVector):
        (WebCore::getFormatForSkeleton):
        * platform/win/FileSystemWin.cpp:
        (WebCore::FileSystem::getFinalPathName):
        (WebCore::FileSystem::pathByAppendingComponent):
        (WebCore::FileSystem::storageDirectory):

2018-05-02  Brent Fulgham  <bfulgham@apple.com>

        Widgets should hold a WeakPtr to their parents
        https://bugs.webkit.org/show_bug.cgi?id=185239
        <rdar://problem/39741250>

        Reviewed by Zalan Bujtas.

        * platform/ScrollView.h:
        (WebCore::ScrollView::weakPtrFactory): Added.
        * platform/Widget.cpp:
        (WebCore::Widget::init): Don't perform an unnecessary assignment.
        (WebCore::Widget::setParent): Grab a WeakPtr to the parent ScrollView.
        * platform/Widget.h:
        (WebCore::Widget::parent const): Change type to a WeakPtr.

2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>

        Use pointer instead of std::optional<T&>
        https://bugs.webkit.org/show_bug.cgi?id=185186

        Reviewed by Alex Christensen.

        std::optional<T&> is not accepted in C++17 spec.
        In this patch, we replace it with T*, which is well-aligned to
        WebKit's convention.

        * Modules/mediastream/RTCPeerConnection.cpp:
        (WebCore::iceServersFromConfiguration):
        (WebCore::RTCPeerConnection::initializeConfiguration):
        (WebCore::RTCPeerConnection::setConfiguration):
        * css/parser/CSSParser.cpp:
        (WebCore::CSSParser::parseSystemColor):
        * css/parser/CSSParser.h:
        * dom/DatasetDOMStringMap.cpp:
        (WebCore::DatasetDOMStringMap::item const):
        (WebCore::DatasetDOMStringMap::namedItem const):
        (WebCore:: const): Deleted.
        * dom/DatasetDOMStringMap.h:
        * dom/Element.cpp:
        (WebCore::Element::insertAdjacentHTML):
        * dom/Element.h:
        * html/canvas/CanvasStyle.cpp:
        (WebCore::parseColor):
        * inspector/DOMEditor.cpp:
        * platform/network/curl/CurlFormDataStream.cpp:
        (WebCore::CurlFormDataStream::getPostData):
        (): Deleted.
        * platform/network/curl/CurlFormDataStream.h:
        * platform/network/curl/CurlRequest.cpp:
        (WebCore::CurlRequest::setupPOST):
        * testing/MockCDMFactory.cpp:
        (WebCore::MockCDMFactory::keysForSessionWithID const):
        (WebCore::MockCDMInstance::updateLicense):
        (WebCore:: const): Deleted.
        * testing/MockCDMFactory.h:

2018-05-03  Chris Dumez  <cdumez@apple.com>

        Stop using an iframe's id as fallback if its name attribute is not set
        https://bugs.webkit.org/show_bug.cgi?id=11388

        Reviewed by Geoff Garen.

        WebKit had logic to use an iframe's id as fallback name when its name
        content attribute is not set. This behavior was not standard and did not
        match other browsers:
        - https://html.spec.whatwg.org/#attr-iframe-name

        Gecko / Trident never behaved this way. Blink was aligned with us until
        they started to match the specification in:
        - https://bugs.chromium.org/p/chromium/issues/detail?id=347169

        This WebKit quirk was causing some Web-compatibility issues because it
        would affect the behavior of Window's name property getter when trying
        to look up an iframe by id. Because of Window's named property getter
        behavior [1], we would return the frame's contentWindow instead of the
        iframe element itself.

        [1] https://html.spec.whatwg.org/multipage/window-object.html#named-access-on-the-window-object

        Test: fast/dom/Window/named-getter-frame-id.html

        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::openURL):
        (WebCore::HTMLFrameElementBase::parseAttribute):
        (WebCore::HTMLFrameElementBase::didFinishInsertingNode):
        * html/HTMLFrameElementBase.h:

2018-05-03  Eric Carlson  <eric.carlson@apple.com>

        [iOS] Internal text and audio tracks not in fullscreen menu
        https://bugs.webkit.org/show_bug.cgi?id=185268
        <rdar://problem/38673440>

        Reviewed by Jer Noble.

        * platform/cocoa/PlaybackSessionModelMediaElement.mm:
        (WebCore::PlaybackSessionModelMediaElement::setMediaElement): 'addtrack' and 'removetrack'
        events are fired at the track lists, not the media element.

2018-05-03  Ryosuke Niwa  <rniwa@webkit.org>

        Using image map inside a shadow tree results hits a release assert in DocumentOrderedMap::add
        https://bugs.webkit.org/show_bug.cgi?id=185238

        Reviewed by Antti Koivisto.

        The bug was caused by DocumentOrderedMap for the image elements with usemap being stored in Document
        even if those image elements were in a shadow tree. Fixed the bug by moving the map to TreeScope.

        Test: fast/images/imagemap-in-nested-shadow-tree.html
              fast/images/imagemap-in-shadow-tree.html

        * dom/Document.cpp:
        (WebCore::Document::addImageElementByUsemap): Moved to TreeScope.
        (WebCore::Document::removeImageElementByUsemap): Ditto.
        (WebCore::Document::imageElementByUsemap const): Ditto.
        * dom/Document.h:
        * dom/TreeScope.cpp:
        (WebCore::TreeScope::destroyTreeScopeData): Clear m_imagesByUsemap as well as m_elementsByName.
        (WebCore::TreeScope::getImageMap const): Removed the code to parse usemap. RenderImage::imageMap()
        which used to call this function with the raw value of the usemap content attribute now calls it
        via HTMLImageElement::associatedMapElement(), which uses the parsed usemap.
        (WebCore::TreeScope::addImageElementByUsemap): Moved from Document.
        (WebCore::TreeScope::removeImageElementByUsemap): Ditto.
        (WebCore::TreeScope::imageElementByUsemap const): Ditto.
        * dom/TreeScope.h:
        * html/HTMLImageElement.cpp:
        (WebCore::HTMLImageElement::parseAttribute):
        (WebCore::HTMLImageElement::insertedIntoAncestor): This image element can be associated with a map element
        if it's connected to a document.