Unreviewed, rolling out r198500.
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-03-24  Chris Dumez  <cdumez@apple.com>
2
3         Unreviewed, rolling out r198500.
4
5         Roll back in r197552 as it did not seem to cause a PLT
6         regression after all
7
8         Reverted changeset:
9
10         "Unreviewed, rolling out r197552."
11         https://bugs.webkit.org/show_bug.cgi?id=154986
12         http://trac.webkit.org/changeset/198500
13
14 2016-03-24  Daniel Bates  <dabates@apple.com>
15
16         CSP: Move logic for reporting a violation from ContentSecurityPolicyDirectiveList to ContentSecurityPolicy
17         https://bugs.webkit.org/show_bug.cgi?id=155842
18         <rdar://problem/25340377>
19         And
20         https://bugs.webkit.org/show_bug.cgi?id=155133
21
22         Reviewed by Brent Fulgham.
23
24         Towards associating source file, line-, and column- numbers (https://bugs.webkit.org/show_bug.cgi?id=114317)
25         with a CSP console message we should move the logic for logging the console message/reporting the violation
26         from class ContentSecurityPolicyDirectiveList to class ContentSecurityPolicy so that it is closer to the
27         script execution context that can access such information.
28
29         The responsibilities of the class ContentSecurityPolicyDirectiveList have been reduced. It is responsible
30         for parsing a string representation of the Content Security Policy and providing functions to determine
31         the violated directive (if any) for a given source (e.g. URL). ContentSecurityPolicyDirectiveList no longer
32         takes responsibility logging a console message or sending a violation report (if applicable). Falling out
33         from this decrease in responsibility is the removal of enum ContentSecurityPolicyDirectiveList::ReportingStatus
34         and the need to pass a enumerator of this enum to each ContentSecurityPolicyDirectiveList to suppress
35         the sending of a violation report. The caller of ContentSecurityPolicyDirectiveList is responsible for
36         making this determination.
37
38         With the exception of a change to the error message for an inline event handler violation, there are no
39         other functional changes. When an inline event handler violation occurs we will emit either:
40
41             Refused to execute a script for an inline event handler because 'unsafe-inline' does not appear in the
42             script-src directive of the Content Security Policy.
43
44         Or:
45
46             Refused to execute a script for an inline event handler because 'unsafe-inline' appears in neither the
47             script-src directive nor the default-src directive of the Content Security Policy.
48
49         depending on whether the Content Security Policy contains a script-src directive or not.
50
51         * CMakeLists.txt: Add files ContentSecurityPolicyDirective.cpp and ContentSecurityPolicyDirectiveNames.cpp.
52         * WebCore.xcodeproj/project.pbxproj: Add files ContentSecurityPolicyDirective.cpp and ContentSecurityPolicyDirectiveNames.{cpp, h}.
53         * page/csp/ContentSecurityPolicy.cpp:
54         (WebCore::consoleMessageForViolation): Moved from file ContentSecurityPolicyDirectiveList.cpp and
55         incorporates the functionality of ContentSecurityPolicyDirectiveList::reportViolation(). Modified
56         to take a reference to the violated directive (ContentSecurityPolicyDirective object) and removed
57         the boolean parameter violatesDefaultSrc as we can deduce this from the violated directive.
58         (WebCore::ContentSecurityPolicy::didReceiveHeader): Modified to call ContentSecurityPolicyDirectiveList::violatedDirectiveForUnsafeEval().
59         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Renamed; Formerly named allPoliciesAllowHashFromContent.
60         Modified to early return if either no algorithms are given or the specified content to hash is
61         the empty string.
62         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Moved logic for reporting a violation from
63         ContentSecurityPolicyDirectiveList member function of the same name to here.
64         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Moved logic for reporting a violation from
65         ContentSecurityPolicyDirectiveList member function of the same name to here. Additionally, changed the
66         error message text to better describe the reason for the violation.
67         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): Ditto.
68         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
69         (WebCore::ContentSecurityPolicy::allowInlineScript): Ditto.
70         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
71         (WebCore::ContentSecurityPolicy::allowEval): Ditto.
72         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
73         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
74         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
75         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
76         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
77         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
78         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
79         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
80         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
81         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
82         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
83         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
84         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
85         (WebCore::ContentSecurityPolicy::reportViolation): Simplified signature by having it take a reference to
86         a ContentSecurityPolicyDirective object. Also split functionality into two variants: one variant takes a
87         pointer to a JSC::ExecState, one variant takes a source file, and line and column positions.
88         (WebCore::ContentSecurityPolicy::allPoliciesAllowHashFromContent): Deleted.
89         (WebCore::ContentSecurityPolicy::gatherReportURIs): Deleted.
90         * page/csp/ContentSecurityPolicy.h:
91         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Formerly named allPoliciesAllow. Modified
92         to return the violated directive.
93         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Deleted.
94         * page/csp/ContentSecurityPolicyDirective.cpp: Added.
95         * page/csp/ContentSecurityPolicyDirective.h: Added.
96         (WebCore::ContentSecurityPolicyDirective::ContentSecurityPolicyDirective): Modified to take a reference to the
97         directive list that contains this directive instead of pointer to a ContentSecurityPolicy object.
98         (WebCore::ContentSecurityPolicyDirective::name): Added.
99         (WebCore::ContentSecurityPolicyDirective::directiveList): Added.
100         (WebCore::ContentSecurityPolicyDirective::isDefaultSrc): Added.
101         (WebCore::ContentSecurityPolicyDirective::policy): Deleted.
102         * page/csp/ContentSecurityPolicyDirectiveList.cpp: Remove unused header <wtf/Optional.h>. Also remove header wtf/text/StringBuilder.h
103         as the function that made use of it, consoleMessageForViolation, was moved to file ContentSecurityPolicy.cpp.
104         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForUnsafeEval): Formerly named allowEval.
105         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForUnsafeInlineScript): Formerly named allowInlineScript.
106         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForUnsafeInlineStyle): Formerly named allowInlineStyle.
107         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForScriptHash): Formerly named allowInlineScriptWithHash.
108         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForStyleHash): Formerly named allowInlineStyleWithHash.
109         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForScriptNonce): Formerly named allowScriptWithNonce.
110         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForStyleNonce): Formerly named allowStyleWithNonce.
111         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForBaseURI): Formerly named allowBaseURI.
112         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForChildContext): Formerly named allowChildContextFromSource.
113         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForConnectSource): Formerly named allowConnectToSource.
114         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFont): Formerly named allowFontFromSource.
115         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFormAction): Formerly named allowFormAction.
116         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFrame): Formerly named allowChildFrameFromSource.
117         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFrameAncestor): Formerly named allowFrameAncestors.
118         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForImage): Formerly named allowImageFromSource.
119         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForMedia): Formerly named allowMediaFromSource.
120         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForObjectSource): Formerly named allowObjectFromSource.
121         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForPluginType): Formerly named allowPluginType.
122         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForScript): Formerly named allowScriptFromSource.
123         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForStyle): Formerly named allowStyleFromSource.
124         (WebCore::ContentSecurityPolicyDirectiveList::parse): Update code to make use of ContentSecurityPolicyDirectiveNames constants.
125         (WebCore::ContentSecurityPolicyDirectiveList::setCSPDirective): Pass |this| instead of the ContentSecurityPolicy object.
126         (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Update code to make use of ContentSecurityPolicyDirectiveNames constants.
127         (WebCore::isExperimentalDirectiveName): Deleted.
128         (WebCore::isCSPDirectiveName): Deleted.
129         (WebCore::ContentSecurityPolicyDirectiveList::reportViolation): Deleted.
130         (WebCore::consoleMessageForViolation): Deleted.
131         (WebCore::ContentSecurityPolicyDirectiveList::allowJavaScriptURLs): Deleted.
132         (WebCore::ContentSecurityPolicyDirectiveList::allowInlineEventHandlers): Deleted.
133         (WebCore::ContentSecurityPolicyDirectiveList::allowInlineScript): Deleted.
134         (WebCore::ContentSecurityPolicyDirectiveList::allowInlineScriptWithHash): Deleted.
135         (WebCore::ContentSecurityPolicyDirectiveList::allowScriptWithNonce): Deleted.
136         (WebCore::ContentSecurityPolicyDirectiveList::allowInlineStyle): Deleted.
137         (WebCore::ContentSecurityPolicyDirectiveList::allowInlineStyleWithHash): Deleted.
138         (WebCore::ContentSecurityPolicyDirectiveList::allowStyleWithNonce): Deleted.
139         (WebCore::ContentSecurityPolicyDirectiveList::allowEval): Deleted.
140         (WebCore::ContentSecurityPolicyDirectiveList::allowPluginType): Deleted.
141         (WebCore::ContentSecurityPolicyDirectiveList::allowScriptFromSource): Deleted.
142         (WebCore::ContentSecurityPolicyDirectiveList::allowObjectFromSource): Deleted.
143         (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Deleted.
144         (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Deleted.
145         (WebCore::ContentSecurityPolicyDirectiveList::allowImageFromSource): Deleted.
146         (WebCore::ContentSecurityPolicyDirectiveList::allowStyleFromSource): Deleted.
147         (WebCore::ContentSecurityPolicyDirectiveList::allowFontFromSource): Deleted.
148         (WebCore::ContentSecurityPolicyDirectiveList::allowMediaFromSource): Deleted.
149         (WebCore::ContentSecurityPolicyDirectiveList::allowConnectToSource): Deleted.
150         (WebCore::ContentSecurityPolicyDirectiveList::allowFormAction): Deleted.
151         (WebCore::ContentSecurityPolicyDirectiveList::allowBaseURI): Deleted.
152         (WebCore::ContentSecurityPolicyDirectiveList::allowFrameAncestors): Deleted.
153         * page/csp/ContentSecurityPolicyDirectiveList.h:
154         (WebCore::ContentSecurityPolicyDirectiveList::defaultSrc): Added.
155         (WebCore::ContentSecurityPolicyDirectiveList::policy): Added. Also added FIXME comment to remove this function. This
156         function is only used by ContentSecurityPolicyMediaListDirective so that it can log a console message on a parsing error.
157         (WebCore::ContentSecurityPolicyDirectiveList::denyIfEnforcingPolicy): Deleted.
158         * page/csp/ContentSecurityPolicyDirectiveNames.cpp: Added.
159         * page/csp/ContentSecurityPolicyDirectiveNames.h: Added.
160         * page/csp/ContentSecurityPolicyMediaListDirective.cpp:
161         (WebCore::ContentSecurityPolicyMediaListDirective::ContentSecurityPolicyMediaListDirective): Modified to take a reference to the
162         directive list that contains this directive instead of pointer to a ContentSecurityPolicy object.
163         (WebCore::ContentSecurityPolicyMediaListDirective::parse): Updated code to use ContentSecurityPolicyDirectiveList::policy() instead
164         of ContentSecurityPolicyDirective::policy() as the latter was removed. Ideally this class should not need to use the ContentSecurityPolicy
165         object to log a console message.
166         * page/csp/ContentSecurityPolicyMediaListDirective.h:
167         * page/csp/ContentSecurityPolicySourceList.cpp:
168         (WebCore::isExperimentalDirectiveName): Moved from file ContentSecurityPolicyDirectiveList.cpp because this function is only used
169         in this file.
170         (WebCore::isCSPDirectiveName): Ditto.
171         (WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar): Update code to make use of ContentSecurityPolicyDirectiveNames constants.
172         * page/csp/ContentSecurityPolicySourceListDirective.cpp:
173         (WebCore::ContentSecurityPolicySourceListDirective::ContentSecurityPolicySourceListDirective): Modified to take a reference to
174         the directive list that contains this directive instead of pointer to a ContentSecurityPolicy object. 
175         * page/csp/ContentSecurityPolicySourceListDirective.h:
176
177 2016-03-24  Myles C. Maxfield  <mmaxfield@apple.com>
178
179         [OS X] Overflow:scroll scrollbars do not obey overlay/always-on system preference changes
180         https://bugs.webkit.org/show_bug.cgi?id=155830
181
182         Reviewed by Simon Fraser.
183
184         When the scrollbar style changes, the available width of all ScrollableAreas change,
185         and therefore a relayout must occur.
186
187         Each ScrollableArea owns its own ScrollAnimator (if necessary). Upon creation, the
188         ScrollAnimator will start listening for changes to the system preference for
189         overlay / always-on scrollbars. When notified, the ScrollAnimator tells its owning
190         ScrollableArea that scrollbarStyleChanged().
191
192         For main-frame scrolling, FrameView overrides scrollbarStyleChanged and causes a
193         relayout. However, for overflow:scroll elements, no relayout is triggered. This
194         patch overrides availableContentSizeChanged() for RenderLayer (which is used for
195         overflow:scroll elements). This override triggers a relayout.
196
197         It also updates the mechanism in RenderBlock::recomputeLogicalWidth() to ensure that
198         a change in scrollbar size causes RenderBlockFlow::layoutBlock() to relayout its
199         children. This is appropriate because block child positioning is affected by
200         scrollbar size.
201
202         No new tests (for now). Presumably we could mock the message we receive when the
203         system preference is changed. However, I haven't implemented that yet.
204
205         * rendering/RenderBlock.cpp: Rename setHasBorderOrPaddingLogicalWidthChanged().
206         (WebCore::RenderBlock::styleDidChange):
207         (WebCore::RenderBlock::recomputeLogicalWidth):
208         * rendering/RenderBlock.h: Ditto.
209         (WebCore::RenderBlock::setShouldForceRelayoutChildren):
210         (WebCore::RenderBlock::shouldForceRelayoutChildren):
211         * rendering/RenderElement.cpp: Ditto.
212         (WebCore::RenderElement::RenderElement):
213         * rendering/RenderElement.h: Ditto.
214         (WebCore::RenderElement::setRenderBlockShouldForceRelayoutChildren):
215         (WebCore::RenderElement::renderBlockShouldForceRelayoutChildren):
216         * rendering/RenderLayer.cpp:
217         (WebCore::RenderLayer::availableContentSizeChanged): Cause a relayout to occur.
218         * rendering/RenderLayer.h:
219
220 2016-03-24  Said Abou-Hallawa  <sabouhallawa@apple,com>
221
222         Change NativeImagePtr for CG to be RetainPtr<CGImageRef>
223         https://bugs.webkit.org/show_bug.cgi?id=155412
224
225         Reviewed by Darin Adler.
226
227         Having NativeImagePtr as a raw pointer makes managing the life cycle of
228         the returned CGImageRef hard. A lot of work was done to ensure the CG
229         pointer is refcounted correctly. It was also not possible to move a
230         FrameData since calling the destructor was releasing the CGImageRef.
231
232         With this change, PassNativeImagePtr is not needed anymore. So all the
233         instance of PassNativeImagePtr can be replaced by NativeImagePtr.
234
235         * html/HTMLVideoElement.cpp:
236         (WebCore::HTMLVideoElement::nativeImageForCurrentTime):
237         * html/HTMLVideoElement.h: Replace PassNativeImagePtr with NativeImagePtr.
238
239         * html/canvas/CanvasRenderingContext2D.cpp:
240         (WebCore::CanvasRenderingContext2D::drawImage): Replace PassNativeImagePtr
241         with NativeImagePtr.
242  
243         * loader/cache/MemoryCache.cpp:
244         (WebCore::MemoryCache::addImageToCache):
245         * loader/cache/MemoryCache.h: Remove USE(CG) and CFRetain(image) since
246         this code can compile on all platforms. The image refcount will be
247         incremented when the image is assigned to FrameData.m_image in the
248         BitmapImage constructor.
249
250         * loader/icon/IconDatabase.cpp:
251         (WebCore::IconDatabase::synchronousNativeIconForPageURL):
252         * loader/icon/IconDatabase.h:
253         * loader/icon/IconDatabaseBase.h: Replace PassNativeImagePtr with NativeImagePtr.
254
255         * platform/graphics/BitmapImage.cpp:
256         (WebCore::BitmapImage::haveFrameImageAtIndex):
257         (WebCore::BitmapImage::cacheFrame):
258         (WebCore::BitmapImage::ensureFrameIsCached):
259         (WebCore::BitmapImage::frameImageAtIndex):
260         (WebCore::BitmapImage::nativeImageForCurrentFrame):
261         (WebCore::BitmapImage::haveFrameAtIndex): Deleted.
262         (WebCore::BitmapImage::frameAtIndex): Deleted.
263         Replace PassNativeImagePtr with NativeImagePtr, m_frame with m_image and
264         *Frame* with *FrameImage*.
265
266         * platform/graphics/BitmapImage.h:
267         (WebCore::FrameData::FrameData):
268         A BitmapImage can have one or more FrameData. A FrameData member can be
269         named for shortness as "frame", "m_frames", etc. A FrameData can have
270         zero or one NativeImagePtr. A NativeImagePtr can be named as "image",
271         "m_image", etc.
272
273         * platform/graphics/GraphicsContext.h: Replace PassNativeImagePtr with
274         NativeImagePtr.
275
276         * platform/graphics/GraphicsContext3D.h:
277         * platform/graphics/Icon.h:
278         Change the members of type CGImageRef to be RetainPtr<CGImageRef>.
279                 
280         * platform/graphics/Image.h:
281         (WebCore::Image::nativeImageForCurrentFrame):
282         (WebCore::Image::getNSImage):
283         (WebCore::Image::getTIFFRepresentation):
284         (WebCore::Image::getCGImageRef):
285         (WebCore::Image::getFirstCGImageRefOfSize):
286         (WebCore::Image::getCGImageArray):
287         (WebCore::Image::getGdkPixbuf):
288         (WebCore::Image::getEvasObject):
289         * platform/graphics/ImageBuffer.h:
290         * platform/graphics/ImageSource.cpp:
291         (WebCore::ImageSource::createFrameImageAtIndex):
292         (WebCore::ImageSource::createFrameAtIndex): Deleted.
293         * platform/graphics/ImageSource.h:
294         Change 0 to nullptr, PassRefPtr to RefPtr and PassNativeImagePtr to
295         NativeImagePtr.
296
297         * platform/graphics/MediaPlayer.cpp:
298         (WebCore::MediaPlayer::nativeImageForCurrentTime):
299         * platform/graphics/MediaPlayer.h:
300         * platform/graphics/MediaPlayerPrivate.h:
301         (WebCore::MediaPlayerPrivateInterface::nativeImageForCurrentTime):
302         Replace PassNativeImagePtr with NativeImagePtr.
303
304         * platform/graphics/NativeImagePtr.h:
305         Make NativeImagePtr a smart pointer for CG. Get rid of PassNativeImagePtr
306         since NativeImagePtr is now a smart pointer on all platforms.
307
308         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
309         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
310         (WebCore::MediaPlayerPrivateAVFoundationObjC::nativeImageForCurrentTime):
311         Replace PassNativeImagePtr with NativeImagePtr.
312
313         * platform/graphics/ca/GraphicsLayerCA.cpp:
314         (WebCore::GraphicsLayerCA::setContentsToImage):
315         Since Image::nativeImageForCurrentFrame() returns a RetainPtr, move it
316         to m_pendingContentsImage to remove the refcount churn.
317
318         * platform/graphics/cairo/BitmapImageCairo.cpp:
319         (WebCore::BitmapImage::BitmapImage):
320         (WebCore::BitmapImage::draw):
321         (WebCore::BitmapImage::checkForSolidColor):
322         (WebCore::FrameData::clear):
323         Replace m_frame with m_image and frame* with frameImage*.
324
325         * platform/graphics/cairo/CairoUtilities.cpp:
326         (WebCore::copyCairoImageSurface):
327         * platform/graphics/cairo/CairoUtilities.h:
328         Replace PassRefPtr with RefPtr.
329
330         * platform/graphics/cairo/GraphicsContext3DCairo.cpp:
331         (WebCore::GraphicsContext3D::ImageExtractor::extractImage):
332         Replace *Frame* with *FrameImage*.
333
334         * platform/graphics/cairo/GraphicsContextCairo.cpp:
335         (WebCore::GraphicsContext::drawNativeImage):
336         Replace PassNativeImagePtr with NativeImagePtr.
337
338         * platform/graphics/cairo/ImageBufferCairo.cpp:
339         (WebCore::ImageBuffer::copyImage): Create a new NativeImagePtr so it can
340         be moved to the BitmapImage::create().
341         (WebCore::copySurfaceToImageAndAdjustRect):
342         (WebCore::getImageData):
343         (WebCore::ImageBuffer::getUnmultipliedImageData):
344         (WebCore::ImageBuffer::getPremultipliedImageData):
345         Replace PassRefPtr with RefPtr.
346
347         * platform/graphics/cg/BitmapImageCG.cpp:
348         (WebCore::FrameData::clear): No need to call CGImageRelease(). Just assign
349         m_image to nullptr and CGImageRelease() will be called from the RetainPtr
350         destructor.
351
352         (WebCore::BitmapImage::BitmapImage):
353         (WebCore::BitmapImage::checkForSolidColor):
354         (WebCore::BitmapImage::getCGImageRef):
355         (WebCore::BitmapImage::getFirstCGImageRefOfSize):
356         (WebCore::BitmapImage::getCGImageArray):
357         (WebCore::BitmapImage::draw):
358         (WebCore::BitmapImage::copyUnscaledFrameImageAtIndex):
359         (WebCore::BitmapImage::copyUnscaledFrameAtIndex): Deleted.
360         Replace CGImageRef with RetainPtr<CGImageRef>. Replace *Frame* with
361         *FrameImage*.
362
363         * platform/graphics/cg/GraphicsContext3DCG.cpp:
364         (WebCore::GraphicsContext3D::ImageExtractor::extractImage):
365         (WebCore::GraphicsContext3D::paintToCanvas):
366         Use m_cgImage.get() instead of m_cgImage when calling CG functions.
367
368         * platform/graphics/cg/GraphicsContextCG.cpp:
369         (WebCore::GraphicsContext::drawNativeImage):
370         (WebCore::GraphicsContext::drawPattern):
371         Replace PassNativeImagePtr with NativeImagePtr. Get the raw CGImageRef
372         from the NativeImagePtr when calling the CG functions.
373         
374         * platform/graphics/cg/ImageBufferCG.cpp:
375         (WebCore::createBitmapImageAfterScalingIfNeeded): Move the image argument
376         when calling BitmapImage::create().
377         
378         (WebCore::ImageBuffer::getUnmultipliedImageData):
379         (WebCore::ImageBuffer::getPremultipliedImageData):
380         Replace PassRefPtr with RefPtr.
381         
382         * platform/graphics/cg/ImageSourceCG.cpp:
383         (WebCore::ImageSource::createFrameImageAtIndex):
384         (WebCore::ImageSource::createFrameAtIndex): Deleted.
385         Rename the function and simplify the code since the local variable
386         and the return value are both smart pointers.
387         
388         * platform/graphics/displaylists/DisplayListItems.cpp:
389         (WebCore::DisplayList::DrawNativeImage::DrawNativeImage):
390         (WebCore::DisplayList::DrawNativeImage::apply):
391         * platform/graphics/displaylists/DisplayListItems.h:
392         (WebCore::DisplayList::DrawNativeImage::create):
393         * platform/graphics/displaylists/DisplayListRecorder.cpp:
394         (WebCore::DisplayList::Recorder::drawNativeImage):
395         * platform/graphics/displaylists/DisplayListRecorder.h:
396         Replace PassNativeImagePtr with NativeImagePtr and use constant reference. 
397         
398         * platform/graphics/efl/GraphicsContext3DEfl.cpp:
399         (WebCore::GraphicsContext3D::ImageExtractor::extractImage):
400         Call a function with its new name.
401         
402         * platform/graphics/efl/IconEfl.cpp:
403         (WebCore::Icon::createIconForFiles):
404         * platform/graphics/gstreamer/ImageGStreamerCairo.cpp:
405         (ImageGStreamer::ImageGStreamer):
406         * platform/graphics/gtk/IconGtk.cpp:
407         (WebCore::Icon::createIconForFiles):
408         * platform/graphics/ios/IconIOS.mm:
409         (WebCore::Icon::Icon):
410         (WebCore::Icon::createIconForFiles):
411         (WebCore::Icon::createIconForImage):
412         * platform/graphics/mac/IconMac.mm:
413         (WebCore::Icon::createIconForFiles):
414         Use smart pointers RetainPtr<CGImageRef> instead of raw pointers CGImageRef.
415         And change PassRefPtr to RefPtr and 0 to nullptr.
416         
417         * platform/graphics/mac/ImageMac.mm:
418         (WebCore::BitmapImage::getTIFFRepresentation): Get the raw pointer from the
419         returned smart pointer.
420         
421         * platform/graphics/texmap/coordinated/CoordinatedSurface.cpp:
422         (WebCore::CoordinatedSurface::create):
423         * platform/graphics/texmap/coordinated/CoordinatedSurface.h:
424         Replace PassRefPtr with RefPtr.
425
426         * platform/graphics/win/IconWin.cpp:
427         (WebCore::Icon::createIconForFiles): Change PassRefPtr to RefPtr.
428         
429         * platform/graphics/win/ImageCGWin.cpp:
430         (WebCore::BitmapImage::create): Replace PassRefPtr with RefPtr.
431         (WebCore::BitmapImage::drawFrameMatchingSourceSize): Call the function
432         with its new name and get the raw pointer from the returned smart pointer.
433         
434         * platform/graphics/win/ImageCairoWin.cpp:
435         (WebCore::BitmapImage::create): Replace PassRefPtr with ReftPtr and use
436         the move semantics for passing the argument to BitmapImage::create().
437         (WebCore::BitmapImage::drawFrameMatchingSourceSize): Call the function
438         with its new name.
439         
440         * platform/image-decoders/ImageDecoder.h:
441         * platform/image-decoders/cairo/ImageDecoderCairo.cpp:
442         (WebCore::ImageFrame::asNewNativeImage):
443         * platform/win/DragImageCGWin.cpp:
444         (WebCore::createDragImageFromImage):
445         * svg/graphics/SVGImage.cpp:
446         (WebCore::SVGImage::nativeImageForCurrentFrame):
447         * svg/graphics/SVGImage.h:
448         * svg/graphics/SVGImageForContainer.cpp:
449         (WebCore::SVGImageForContainer::nativeImageForCurrentFrame):
450         * svg/graphics/SVGImageForContainer.h:
451         Replace PassNativeImagePtr with NativeImagePtr.
452         
453 2016-03-24  Jer Noble  <jer.noble@apple.com>
454
455         Safari Crashes if audio.src is changed while connected to AudioAnalyserNode
456         https://bugs.webkit.org/show_bug.cgi?id=153593
457         <rdar://problem/23648082>
458
459         Reviewed by Eric Carlson.
460
461         m_ringBuffer is accessed on the high-priority WebAudio thread after it has been cleared (a
462         null-deref). Protect against unsafe access on multiple threads of a non-refcounted object by
463         a simple try_lock.
464
465         Additionally, limit the use of variables in use by both the separate WebAudio thread method
466         (provideInput()) and AVAudioMix thread method (process()) where possible, and convert to
467         std::atomic<> where ivars must be acessed by both threads. m_writeCount is entirely superfluous,
468         as it is a synonym for the endTime returned by m_ringBuffer->getCurrentFrameBounds().
469
470         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.h:
471         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
472         (WebCore::AudioSourceProviderAVFObjC::provideInput):
473         (WebCore::AudioSourceProviderAVFObjC::prepare):
474         (WebCore::AudioSourceProviderAVFObjC::unprepare):
475         (WebCore::AudioSourceProviderAVFObjC::process):
476
477 2016-03-24  Enrica Casucci  <enrica@apple.com>
478
479         Adopt new SPI from DataDetectorsCore to decide link behavior.
480         https://bugs.webkit.org/show_bug.cgi?id=155780
481         rdar://problem/25303631
482
483         Reviewed by Sam Weinig.
484
485         isDataDetectorLink and shouldCancelDefaultAction now
486         use the SPI provided by DataDetectorsCore to decide
487         what is the link behavior when the user taps on it.
488
489         * editing/cocoa/DataDetection.h:
490         * editing/cocoa/DataDetection.mm:
491         (WebCore::detectItemAtPositionWithRange):
492         (WebCore::DataDetection::isDataDetectorLink):
493         (WebCore::DataDetection::requiresExtendedContext):
494         (WebCore::DataDetection::dataDetectorIdentifier):
495         (WebCore::DataDetection::shouldCancelDefaultAction):
496         * platform/cocoa/DataDetectorsCoreSoftLink.h:
497         * platform/cocoa/DataDetectorsCoreSoftLink.mm:
498         * platform/spi/cocoa/DataDetectorsCoreSPI.h:
499
500 2016-03-24  Enrica Casucci  <enrica@apple.com>
501
502         DataDetection creates links that are longer than the actual result.
503         https://bugs.webkit.org/show_bug.cgi?id=155850
504         rdar://problem/25280740
505
506         Reviewed by Anders Carlsson.
507
508         When a data detection result is composed of multiple fragments,
509         the range for the last fragment should take into account the end
510         offset of the query range structure, since there could be additional
511         content in that range that is not part of the result.
512
513         * editing/cocoa/DataDetection.mm:
514         (WebCore::DataDetection::detectContentInRange):
515
516 2016-03-24  Commit Queue  <commit-queue@webkit.org>
517
518         Unreviewed, rolling out r198627.
519         https://bugs.webkit.org/show_bug.cgi?id=155856
520
521         Caused use-after-free (Requested by ap on #webkit).
522
523         Reverted changeset:
524
525         "[Fetch API] Add basic loading of resources"
526         https://bugs.webkit.org/show_bug.cgi?id=155637
527         http://trac.webkit.org/changeset/198627
528
529 2016-03-24  Saam barati  <sbarati@apple.com>
530
531         Web Inspector: Separate Debugger enable state from the debugger breakpoints enabled state
532         https://bugs.webkit.org/show_bug.cgi?id=152193
533         <rdar://problem/23867520>
534
535         Reviewed by Joseph Pecoraro.
536
537         No new tests because this is already tested by inspector tests.
538
539         * inspector/PageScriptDebugServer.cpp:
540         (WebCore::PageScriptDebugServer::attachDebugger):
541         (WebCore::PageScriptDebugServer::detachDebugger):
542
543 2016-03-24  Jer Noble  <jer.noble@apple.com>
544
545         [MSE] Make calling HTMLMediaElement.buffered less expensive
546         https://bugs.webkit.org/show_bug.cgi?id=155846
547
548         Reviewed by Eric Carlson.
549
550         The MSE specification requires a new TimeRanges object be returned when calling
551         HTMLMediaElement.buffered. Additionally, the requirements for generating the buffered time
552         ranges for MediaSource and its constituent SourceBuffers are specific and expensive. Rather
553         than perform all these steps each time HTMLMediaElement.buffered is queried, cache the final
554         result and only regenerate the cached value if the buffered ranges of the consituent
555         SourceBuffers has changed.
556
557         Also, make copying a PlatformTimeRanges more efficient by doing a straight vector-to-vector
558         copy of the PlatformTimeRange's data.
559
560         * Modules/mediasource/MediaSource.cpp:
561         (WebCore::MediaSource::buffered):
562         (WebCore::MediaSource::regenerateActiveSourceBuffers):
563         * Modules/mediasource/MediaSource.h:
564         * Modules/mediasource/SourceBuffer.cpp:
565         (WebCore::SourceBuffer::removeCodedFrames):
566         (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
567         * Modules/mediasource/SourceBuffer.h:
568         * platform/graphics/PlatformTimeRanges.cpp:
569         (WebCore::PlatformTimeRanges::PlatformTimeRanges): Deleted.
570         (WebCore::PlatformTimeRanges::operator=): Deleted.
571         (WebCore::PlatformTimeRanges::copy): Deleted.
572         * platform/graphics/PlatformTimeRanges.h:
573
574 2016-03-24  Jer Noble  <jer.noble@apple.com>
575
576         REGRESSION(r189129): <audio> elements do not have playback controls on iOS.
577         https://bugs.webkit.org/show_bug.cgi?id=155808
578         <rdar://problem/23822457>
579
580         Reviewed by Eric Carlson.
581
582         Audio elements should never require fullscreen for playback.
583
584         * html/MediaElementSession.cpp:
585         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
586
587 2016-03-24  Alex Christensen  <achristensen@webkit.org>
588
589         Clean up cookie jar after r198195
590         https://bugs.webkit.org/show_bug.cgi?id=155484
591
592         Reviewed by Tim Horton.
593
594         Get rid of a now unneeded macro.
595
596         * loader/CookieJar.cpp:
597         (WebCore::storageSession):
598         (WebCore::cookies):
599         (WebCore::setCookies):
600         (WebCore::cookiesEnabled):
601         (WebCore::cookieRequestHeaderFieldValue):
602         (WebCore::getRawCookies):
603         (WebCore::deleteCookie):
604
605 2016-03-24  Youenn Fablet  <youenn.fablet@crf.canon.fr>
606
607         [Fetch API] Add basic loading of resources
608         https://bugs.webkit.org/show_bug.cgi?id=155637
609
610         Reviewed by Darin Adler.
611
612         Adding support for basic fetch for Window (no support for Worker yet).
613         A FetchResponse object is created for every fetch task.
614         But it will only be exposed to JS at promise fulfillment time, i.e. once initial response headers are retrieved.
615
616         Updating Blob resource handle to add Content-Type and Content-Length header and notifying of error in case of erroneous HTTP method.
617
618         Fetch is limited to same origin requests currently due to some WPT tests that would timeout otherwise.
619
620         Tests: http/tests/fetch/closing-while-fetching.html
621                http/tests/fetch/get-response-body-while-loading.html
622         Also covered by rebased tests.
623
624         * Modules/fetch/DOMWindowFetch.cpp: Creating a FetchResponse to start fetching.
625         (WebCore::DOMWindowFetch::fetch):
626         * Modules/fetch/DOMWindowFetch.h:
627         * Modules/fetch/FetchBody.cpp:
628         (WebCore::FetchBody::consume):
629         (WebCore::FetchBody::consumeArrayBuffer): Handling of body promises in case of data stored as a buffer.
630         (WebCore::FetchBody::consumeText): Passing the promise as a reference.
631         (WebCore::blobFromArrayBuffer): Helper routine.
632         (WebCore::FetchBody::fulfillTextPromise): Helper routine.
633         (WebCore::FetchBody::loadedAsArrayBuffer): Updated to handle storing of data as a buffer.
634         (WebCore::FetchBody::loadedAsText):
635         (WebCore::FetchBody::bodyForInternalRequest): Helper routine to generate the request body data to be sent as part of the fetch request.
636         (WebCore::FetchBody::extractFromText):
637         * Modules/fetch/FetchBody.h:
638         (WebCore::FetchBody::loadingBody):
639         (WebCore::FetchBody::FetchBody):
640         * Modules/fetch/FetchBodyOwner.cpp:
641         (WebCore::FetchBodyOwner::loadBlob): Updated to cope with the change that FetchLoader::start does not return a boolean anymore
642         but will directly call failure callbacks.
643         (WebCore::FetchBodyOwner::loadedBlobAsText): Moving it closer to other blob loading routines.
644         (WebCore::FetchBodyOwner::finishBlobLoading):
645         * Modules/fetch/FetchBodyOwner.h:
646         (WebCore::FetchBodyOwner::body):
647         (WebCore::FetchBodyOwner::loadedBlobAsArrayBuffer):
648         * Modules/fetch/FetchHeaders.cpp:
649         (WebCore::FetchHeaders::fill):
650         (WebCore::FetchHeaders::filterAndFill): Helper routine to fill headers from a HTTPHeaderMap after being filtered.
651         * Modules/fetch/FetchHeaders.h:
652         (WebCore::FetchHeaders::internalHeaders):
653         * Modules/fetch/FetchLoader.cpp:
654         (WebCore::FetchLoader::start):
655         (WebCore::FetchLoader::didFailRedirectCheck):
656         * Modules/fetch/FetchLoader.h:
657         * Modules/fetch/FetchRequest.cpp:
658         (WebCore::FetchRequest::internalRequest): Routine used to create the ResourceRequest transmitted to ThreadableLoader.
659        * Modules/fetch/FetchRequest.h:
660         * Modules/fetch/FetchResponse.cpp:
661         (WebCore::FetchResponse::fetch): Start fetching by creating a FetchLoader based on passed request.
662         (WebCore::FetchResponse::BodyLoader::didSucceed): FetchLoader callback.
663         (WebCore::FetchResponse::BodyLoader::didFail): Ditto.
664         (WebCore::FetchResponse::BodyLoader::BodyLoader): Ditto.
665         (WebCore::FetchResponse::BodyLoader::didReceiveResponse): Ditto.
666         (WebCore::FetchResponse::BodyLoader::didFinishLoadingAsArrayBuffer): Ditto.
667         (WebCore::FetchResponse::BodyLoader::start): Starting fetch loader.
668         (WebCore::FetchResponse::BodyLoader::stop): Stopping fetch loader.
669         (WebCore::FetchResponse::stop): Stop loader if any.
670         * Modules/fetch/FetchResponse.h:
671         * platform/network/BlobResourceHandle.cpp:
672         (WebCore::BlobResourceHandle::doStart: Notifying the loader with an error if verb is not GET.
673         (WebCore::BlobResourceHandle::notifyResponseOnSuccess): Adding support for Content-Type and Content-Lenth headers.
674         (WebCore::BlobResourceHandle::createAsync): Removing GET verb check.
675
676 2016-03-24  Andreas Kling  <akling@apple.com>
677
678         Remove virtual inheritance from SVGTransformable.
679         <https://webkit.org/b/155837>
680
681         Reviewed by Anders Carlsson.
682
683         Nothing else inherits SVGLocatable, so make the inheritance non-virtual.
684
685         * svg/SVGTransformable.h:
686
687 2016-03-24  Youenn Fablet  <youenn.fablet@crf.canon.fr>
688
689         Remove DeferredWrapper::resolve<Vector<unsigned char>>
690         https://bugs.webkit.org/show_bug.cgi?id=154849
691
692         Reviewed by Darin Adler.
693
694         Adding fulfillPromiseWithArrayBuffer to resolve a promise with an ArrayBuffer.
695         If the ArrayBuffer is null, the promise is rejected with an OutOfMemory exception.
696
697         Not covered by tests since we would need to make tryCreate return null on failing allocation.
698
699         * Modules/fetch/FetchBody.cpp:
700         (WebCore::FetchBody::processIfEmptyOrDisturbed):
701         (WebCore::FetchBody::loadedAsArrayBuffer):
702         * bindings/js/JSDOMPromise.cpp:
703         (WebCore::fulfillPromiseWithArrayBuffer):
704         * bindings/js/JSDOMPromise.h:
705         (WebCore::DeferredWrapper::resolve<JSC::JSValue>): Deleted.
706         (WebCore::DeferredWrapper::resolve): Deleted.
707         * bindings/js/JSSubtleCryptoCustom.cpp:
708         (WebCore::JSSubtleCrypto::encrypt):
709         (WebCore::JSSubtleCrypto::decrypt):
710         (WebCore::JSSubtleCrypto::sign):
711         (WebCore::JSSubtleCrypto::digest):
712         (WebCore::JSSubtleCrypto::exportKey):
713         (WebCore::JSSubtleCrypto::wrapKey):
714
715 2016-03-23  Daniel Bates  <dabates@apple.com>
716
717         CSP: Simplify logic for checking policies
718         https://bugs.webkit.org/show_bug.cgi?id=155817
719         <rdar://problem/25326546>
720
721         Reviewed by Zalan Bujtas.
722
723         Consolidate the various static template functions into a single function called ContentSecurityPolicy::allPoliciesAllow()
724         that tests whether a resource request when evaluated with respect to a directive (given as a ContentSecurityPolicyDirectiveList
725         pointer-to-member function) violates any of the CSPs that were delivered with the document.
726
727         No functionality changed. So, no new tests.
728
729         * page/csp/ContentSecurityPolicy.cpp:
730         (WebCore::ContentSecurityPolicy::allPoliciesAllowHashFromContent): Formerly name isAllowedByAllWithHash. Made it
731         a member function so that we query for the document encoding instead of taking it as an argument. Modified
732         it to take a predicate function to pass it to allPoliciesAllow().
733         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Modified to use ContentSecurityPolicy::allPoliciesAllow().
734         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
735         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): Ditto.
736         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
737         (WebCore::ContentSecurityPolicy::allowInlineScript): Modified to use ContentSecurityPolicy::allPoliciesAllow() and
738         ContentSecurityPolicy::allPoliciesAllowHashFromContent().
739         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
740         (WebCore::ContentSecurityPolicy::allowEval): Modified to use ContentSecurityPolicy::allPoliciesAllow().
741         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
742         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
743         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
744         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
745         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
746         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
747         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
748         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
749         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
750         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
751         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
752         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
753         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
754         (WebCore::isAllowedByAllWithFrame): Deleted.
755         (WebCore::isAllowedByAll): Deleted.
756         (WebCore::isAllowedByAllWithState): Deleted.
757         (WebCore::isAllowedByAllWithContext): Deleted.
758         (WebCore::isAllowedByAllWithNonce): Deleted.
759         (WebCore::isAllowedByAllWithHash): Deleted.
760         (WebCore::isAllowedByAllWithHashFromContent): Deleted.
761         (WebCore::isAllowedByAllWithURL): Deleted.
762         (WebCore::ContentSecurityPolicy::documentEncoding): Deleted. Incorporated its functionality into ContentSecurityPolicy::allPoliciesAllowHashFromContent().
763         (WebCore::ContentSecurityPolicy::isActive): Deleted. This function has been unused since the removal of the CSP script
764         interface in <http://trac.webkit.org/changeset/197142>.
765         * page/csp/ContentSecurityPolicy.h:
766         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the predicate function evaluates to true
767         for all CSP policies.
768
769 2016-03-23  Jer Noble  <jer.noble@apple.com>
770
771         Media elements allowed to play without a user gesture, but requiring fullscreen playback, should not be allowed to autoplay.
772         https://bugs.webkit.org/show_bug.cgi?id=155599
773
774         Reviewed by Darin Adler.
775
776         Test: media/video-autoplay-allowed-but-fullscreen-required.html
777
778         Entering fullscreen should always require a user gesture.
779
780         * html/MediaElementSession.cpp:
781         (WebCore::MediaElementSession::playbackPermitted):
782
783 2016-03-23  Commit Queue  <commit-queue@webkit.org>
784
785         Unreviewed, rolling out r198538.
786         https://bugs.webkit.org/show_bug.cgi?id=155819
787
788         Broke two API tests on iOS simulator (Requested by ap on
789         #webkit).
790
791         Reverted changeset:
792
793         "Media elements allowed to play without a user gesture, but
794         requiring fullscreen playback, should not be allowed to
795         autoplay."
796         https://bugs.webkit.org/show_bug.cgi?id=155599
797         http://trac.webkit.org/changeset/198538
798
799 2016-03-23  Simon Fraser  <simon.fraser@apple.com>
800
801         Change the paint count indicator to indicate whether a layer is opaque
802         https://bugs.webkit.org/show_bug.cgi?id=155810
803
804         Reviewed by Tim Horton.
805
806         In non-opaque layers, give the paint count indicator a diagonal top left corner. Being
807         able to see layer opaqueness helps diagnose bugs.
808         
809         Also use CGContextStateSaver, and move the indicator in by a pixel to overlap less
810         with the layer border.
811
812         * platform/graphics/ca/PlatformCALayer.cpp:
813         (WebCore::PlatformCALayer::drawRepaintIndicator):
814
815 2016-03-23  Zalan Bujtas  <zalan@apple.com>
816
817         ASSERTION FAILED: y2 >= y1 in WebCore::RenderElement::drawLineForBoxSide
818         https://bugs.webkit.org/show_bug.cgi?id=155791
819
820         Reviewed by Simon Fraser.
821
822         With certain combination of border rect and adjacent width, we could end up with an empty final rect.
823         This patch ensures that we don't try to paint this empty rect. 
824
825         Test: fast/borders/empty-outline-border-assert.html
826
827         * rendering/RenderElement.cpp:
828         (WebCore::RenderElement::drawLineForBoxSide):
829
830 2016-03-23  Dean Jackson  <dino@apple.com>
831
832         Screen queries should query the exact screen, not a default
833         https://bugs.webkit.org/show_bug.cgi?id=155806
834         <rdar://problem/25322916>
835
836         Reviewed by Simon Fraser.
837
838         Some of our media queries were using helper functions that
839         would query the capabilities of the deepest screen, rather
840         than the currently used screen. I changed them to use
841         the existing helper function (that works with WebKit 2)
842         and comment in some other helpers why a generic check is
843         ok.
844
845         Covered by the existing tests.
846
847         * platform/mac/PlatformScreenMac.mm:
848         (WebCore::screenDepth): Use the helper function.
849         (WebCore::screenDepthPerComponent):
850         (WebCore::screenIsMonochrome): Move these and make a comment.
851         (WebCore::screenHasInvertedColors):
852
853 2016-03-23  Daniel Bates  <dabates@apple.com>
854
855         CSP: Make violation console messages concise and consistent
856         https://bugs.webkit.org/show_bug.cgi?id=155777
857         <rdar://problem/25304031>
858
859         Reviewed by Darin Adler.
860
861         As a first step towards making the log messages that are emitted by the ContentSecurityPolicy object
862         concise and consistent with the language and formatting used in other WebKit console messages, including
863         other Content Security Policy messages, make the violation error messages concise and consistent.
864         Being concise and consistent will help make it straightforward for a person to understand the reason
865         for the violation by taking advantage of their familiarity with the language and formatting seen in
866         other WebKit console messages.
867
868         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
869         (WebCore::consoleMessageForViolation): Added. Builds up a console message for violation.
870         (WebCore::ContentSecurityPolicyDirectiveList::allowJavaScriptURLs): Extract logic for logging a console message/reporting
871         a violation from ContentSecurityPolicyDirectiveList::checkInlineAndReportViolation() to here and make use of WebCore::consoleMessageForViolation()
872         to build the actual console message.
873         (WebCore::ContentSecurityPolicyDirectiveList::allowInlineEventHandlers): Ditto.
874         (WebCore::ContentSecurityPolicyDirectiveList::allowInlineScript): Ditto.
875         (WebCore::ContentSecurityPolicyDirectiveList::allowInlineStyle): Ditto.
876         (WebCore::ContentSecurityPolicyDirectiveList::allowEval): Extract logic for logging a console message/reporting
877         a violation from ContentSecurityPolicyDirectiveList::checkEvalAndReportViolation() to here and make use of WebCore::consoleMessageForViolation()
878         to build the actual console message.
879         (WebCore::ContentSecurityPolicyDirectiveList::allowPluginType): Extract logic for logging a console message/reporting
880         a violation from ContentSecurityPolicyDirectiveList::checkMediaTypeAndReportViolation() to here and make use of WebCore::consoleMessageForViolation()
881         to build the actual console message.
882         (WebCore::ContentSecurityPolicyDirectiveList::allowScriptFromSource): Extract logic for logging a console message/reporting
883         a violation from ContentSecurityPolicyDirectiveList::checkSourceAndReportViolation() to here and make use of WebCore::consoleMessageForViolation()
884         to build the actual console message.
885         (WebCore::ContentSecurityPolicyDirectiveList::allowObjectFromSource): Ditto.
886         (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Ditto.
887         (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Ditto.
888         (WebCore::ContentSecurityPolicyDirectiveList::allowImageFromSource): Ditto.
889         (WebCore::ContentSecurityPolicyDirectiveList::allowStyleFromSource): Ditto.
890         (WebCore::ContentSecurityPolicyDirectiveList::allowFontFromSource): Ditto.
891         (WebCore::ContentSecurityPolicyDirectiveList::allowMediaFromSource): Ditto.
892         (WebCore::ContentSecurityPolicyDirectiveList::allowConnectToSource): Ditto.
893         (WebCore::ContentSecurityPolicyDirectiveList::allowFormAction): Ditto.
894         (WebCore::ContentSecurityPolicyDirectiveList::allowBaseURI): Ditto.
895         (WebCore::ContentSecurityPolicyDirectiveList::allowFrameAncestors): Extract logic for logging a console message/reporting
896         a violation from ContentSecurityPolicyDirectiveList::checkFrameAncestorsAndReportViolation() to here and make use of WebCore::consoleMessageForViolation()
897         to build the actual console message.
898         (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Add FIXME comment to log that the frame-src directive is
899         deprecated. See <https://bugs.webkit.org/show_bug.cgi?id=155773> for more details.
900         (WebCore::ContentSecurityPolicyDirectiveList::checkEvalAndReportViolation): Deleted.
901         (WebCore::ContentSecurityPolicyDirectiveList::checkMediaTypeAndReportViolation): Deleted.
902         (WebCore::ContentSecurityPolicyDirectiveList::checkInlineAndReportViolation): Deleted.
903         (WebCore::ContentSecurityPolicyDirectiveList::checkSourceAndReportViolation): Deleted.
904         (WebCore::ContentSecurityPolicyDirectiveList::checkFrameAncestorsAndReportViolation): Deleted.
905         * page/csp/ContentSecurityPolicyDirectiveList.h:
906
907 2016-03-23  Brent Fulgham  <bfulgham@apple.com>
908
909         [WebGL] Non-power-of-two texture optimization
910         https://bugs.webkit.org/show_bug.cgi?id=118409
911
912         Reviewed by Dean Jackson.
913
914         Based on a patch by Przemyslaw Szymanski  <p.szymanski3@samsung.com>
915  
916         This patch optimizes usage of handleNPOTTextures. We do not need to
917         iterate over each texture unit if no black textures were set. This
918         optimization provides a few more frames per seconds for certain
919         draw calls.
920     
921         Tested by:
922         (1) Existing tests: webgl/resources/webgl_test_files/conformance/textures/texture-npot.html
923         (2) New test case: fast/canvas/webgl/texture-alternating-npot.html
924
925         * html/canvas/WebGLRenderingContextBase.cpp:
926         (WebCore::WebGLRenderingContextBase::compressedTexImage2D): Use new helper method.
927         (WebCore::WebGLRenderingContextBase::validateNPOTTextureLevel): Added.
928         (WebCore::WebGLRenderingContextBase::drawArrays): Only check texture completeness
929         if a black texture was used.
930         (WebCore::WebGLRenderingContextBase::drawElements): Ditto.
931         (WebCore::WebGLRenderingContextBase::texImage2DBase): Use new helper method.
932         (WebCore::WebGLRenderingContextBase::validateTexFunc): Ditto.
933         (WebCore::WebGLRenderingContextBase::checkTextureCompleteness): Return flag to indicate
934         if a black fallbacktexture was used.
935         * html/canvas/WebGLRenderingContextBase.h:
936
937 2016-03-23  Alexey Proskuryakov  <ap@apple.com>
938
939         Build fix for a new warning.
940
941         * editing/VisibleSelection.cpp: (WebCore::makeSearchRange): Don't move when returning,
942         as that prevents copy elision.
943
944 2016-03-23  Antti Koivisto  <antti@apple.com>
945
946         Share style by sharing RenderStyle substructures not the object itself
947         https://bugs.webkit.org/show_bug.cgi?id=155787
948
949         Reviewed by Anreas Kling.
950
951         The current approach where we share RenderStyle objects between elements leads to lot of awkward and bug-prone code.
952         Most of the RenderStyle consists of shareable substructures. It is better to just share those.
953
954         With this patch we create shared styles with RenderStyle::clone(). Sharing is traced as state in Style::SharingResolver
955         instead of relying on RenderStyle equality to locate potential sharing cousins.
956
957         * rendering/style/StyleRareNonInheritedData.cpp:
958         (WebCore::StyleRareNonInheritedData::operator==):
959
960             m_altText was missing from operator==
961             This was exposed by TreeResolver::resolveElement change, tested by fast/css/alt-inherit-initial.html
962
963         * style/StyleSharingResolver.cpp:
964         (WebCore::Style::elementHasDirectionAuto):
965         (WebCore::Style::SharingResolver::resolve):
966
967             Save share results to a map.
968
969         (WebCore::Style::SharingResolver::findSibling):
970         (WebCore::Style::SharingResolver::locateCousinList):
971
972             Instead of traversing we can now just do a hash lookup to locate a candidate cousin list.
973             There is no need for recursion anymore, the map covers sharing beyond immediate siblings too.
974             Remove most tests here as they have been already covered when sharing occured.
975
976         (WebCore::Style::canShareStyleWithControl):
977         * style/StyleSharingResolver.h:
978         * style/StyleTreeResolver.cpp:
979         (WebCore::Style::TreeResolver::styleForElement):
980         (WebCore::Style::TreeResolver::resolveElement):
981
982             No need to do forced setting anymore just to support style sharing.
983
984 2016-03-23  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
985
986         Reduce PassRefPtr uses in editing
987         https://bugs.webkit.org/show_bug.cgi?id=155743
988
989         Reviewed by Darin Adler.
990
991         Use RefPtr<>&&, raw pointer, or reference in arugments instead of PassRefPtr.
992         Besides RefPtr is used if function may be able to return nullptr.
993
994         * dom/Element.cpp:
995         (WebCore::Element::setOuterHTML):
996         (WebCore::Element::setInnerHTML):
997         * dom/Range.cpp:
998         (WebCore::Range::createContextualFragment):
999         * dom/ShadowRoot.cpp:
1000         (WebCore::ShadowRoot::setInnerHTML):
1001         * editing/CompositeEditCommand.cpp:
1002         (WebCore::CompositeEditCommand::wrapContentsInDummySpan):
1003         * editing/CompositeEditCommand.h:
1004         * editing/DictationCommand.cpp:
1005         (WebCore::DictationCommand::insertText):
1006         * editing/SplitTextNodeContainingElementCommand.cpp:
1007         (WebCore::SplitTextNodeContainingElementCommand::doApply):
1008         * editing/TextInsertionBaseCommand.cpp:
1009         (WebCore::TextInsertionBaseCommand::applyTextInsertionCommand):
1010         * editing/TextInsertionBaseCommand.h:
1011         * editing/TypingCommand.cpp:
1012         (WebCore::TypingCommand::deleteSelection):
1013         (WebCore::TypingCommand::deleteKeyPressed):
1014         (WebCore::TypingCommand::forwardDeleteKeyPressed):
1015         (WebCore::TypingCommand::insertText):
1016         (WebCore::TypingCommand::insertLineBreak):
1017         (WebCore::TypingCommand::insertParagraphSeparatorInQuotedContent):
1018         (WebCore::TypingCommand::insertParagraphSeparator):
1019         (WebCore::TypingCommand::lastTypingCommandIfStillOpenForTyping):
1020         (WebCore::TypingCommand::closeTyping):
1021         (WebCore::TypingCommand::ensureLastEditCommandHasCurrentSelectionIfOpenForMoreTyping):
1022         * editing/TypingCommand.h:
1023         * editing/VisibleSelection.cpp:
1024         (WebCore::VisibleSelection::firstRange):
1025         (WebCore::makeSearchRange):
1026         * editing/VisibleSelection.h:
1027         * editing/WrapContentsInDummySpanCommand.cpp:
1028         (WebCore::WrapContentsInDummySpanCommand::WrapContentsInDummySpanCommand):
1029         * editing/WrapContentsInDummySpanCommand.h:
1030         (WebCore::WrapContentsInDummySpanCommand::create):
1031         * editing/atk/FrameSelectionAtk.cpp:
1032         (WebCore::maybeEmitTextFocusChange):
1033         (WebCore::FrameSelection::notifyAccessibilityForSelectionChange):
1034         * editing/htmlediting.cpp:
1035         (WebCore::createOrderedListElement):
1036         (WebCore::createUnorderedListElement):
1037         (WebCore::createListItemElement):
1038         (WebCore::createTabSpanElement):
1039         * editing/htmlediting.h:
1040         * editing/markup.cpp:
1041         (WebCore::AttributeChange::AttributeChange):
1042         (WebCore::ancestorToRetainStructureAndAppearanceForBlock):
1043         (WebCore::styleFromMatchedRulesAndInlineDecl):
1044         (WebCore::createFragmentForInnerOuterHTML):
1045         (WebCore::createFragmentForTransformToFragment):
1046         (WebCore::createContextualFragment):
1047         * editing/markup.h:
1048         * html/HTMLElement.cpp:
1049         (WebCore::HTMLElement::insertAdjacentHTML):
1050         * xml/XSLTProcessor.cpp:
1051         (WebCore::XSLTProcessor::transformToFragment):
1052
1053 2016-03-23  Carlos Garcia Campos  <cgarcia@igalia.com>
1054
1055         Use Region instead of IntRect in PageClient and WebPageProxy setViewNeedsDisplay method
1056         https://bugs.webkit.org/show_bug.cgi?id=155747
1057
1058         Reviewed by Darin Adler.
1059
1060         Add helper function to make cairo region out of a WebCore::Region.
1061
1062         * platform/graphics/cairo/CairoUtilities.cpp:
1063         (WebCore::toCairoRegion):
1064         * platform/graphics/cairo/CairoUtilities.h:
1065
1066 2016-03-22  Tim Horton  <timothy_horton@apple.com>
1067
1068         Invoking a link preview on a complex link (e.g. an image) results in an empty TextIndicator
1069         https://bugs.webkit.org/show_bug.cgi?id=155779
1070         <rdar://problem/22408793>
1071
1072         Reviewed by Simon Fraser.
1073
1074         * page/FrameSnapshotting.cpp:
1075         (WebCore::snapshotFrameRect):
1076         (WebCore::snapshotFrameRectWithClip):
1077         * page/FrameSnapshotting.h:
1078         * page/TextIndicator.cpp:
1079         (WebCore::takeSnapshot):
1080         (WebCore::takeSnapshots):
1081         (WebCore::initializeIndicator):
1082         When snapshotting, clip to the indicated range's rects. This is important
1083         to avoid painting into the margins in the non-selection-only painting case.
1084         This didn't come up with normal selection-only painting because the text
1085         didn't intersect the margin, and the background doesn't paint.
1086
1087 2016-03-22  Darin Adler  <darin@apple.com>
1088
1089         showModalDialog code runs with "first window" set to wrong window
1090         https://bugs.webkit.org/show_bug.cgi?id=155710
1091
1092         Reviewed by Brent Fulgham.
1093
1094         Test: http/tests/security/cross-origin-modal-dialog-base.html
1095
1096         * page/Chrome.cpp:
1097         (WebCore::Chrome::runModal): Null out entryScope so that the "first window"
1098         checks inside the modal dialog won't run in the context of the original window
1099         that presented the dialog.
1100
1101 2016-03-22  Said Abou-Hallawa  <sabouhallawa@apple.com>
1102
1103         userSpaceOnUse patterns are not stroked for empty object bounding box elements
1104         https://bugs.webkit.org/show_bug.cgi?id=109758
1105
1106         Reviewed by Brent Fulgham.
1107
1108         Checking whether the patternUnits is objectBoundingBox needs to be done
1109         after calling collectPatternAttributes(). Otherwise the default value
1110         will be always checked which is 'objectBoundingBox'.
1111
1112         Tests: svg/custom/pattern-units-fill-stroke.svg
1113
1114         * rendering/svg/RenderSVGResourcePattern.cpp:
1115         (WebCore::RenderSVGResourcePattern::buildPattern):
1116         (WebCore::RenderSVGResourcePattern::applyResource):
1117
1118 2016-03-22  Myles C. Maxfield  <mmaxfield@apple.com>
1119
1120         Use references instead of pointers for absolute positioning code
1121         https://bugs.webkit.org/show_bug.cgi?id=155775
1122
1123         Reviewed by Simon Fraser.
1124
1125         There are many pointers which will never be null in this code. This patch
1126         migrates them to use references.
1127
1128         No new tests because there is no behavior change.
1129
1130         * rendering/RenderBlockFlow.cpp:
1131         (WebCore::RenderBlockFlow::layoutBlockChild):
1132         (WebCore::RenderBlockFlow::marginBeforeEstimateForChild):
1133         (WebCore::RenderBlockFlow::insertFloatingObject):
1134         * rendering/RenderBox.cpp:
1135         (WebCore::RenderBox::constrainLogicalWidthInRegionByMinMax):
1136         (WebCore::RenderBox::shrinkLogicalWidthToAvoidFloats):
1137         (WebCore::RenderBox::computeLogicalWidthInRegion):
1138         (WebCore::RenderBox::computeLogicalWidthInRegionUsing):
1139         (WebCore::RenderBox::computeInlineDirectionMargins):
1140         (WebCore::RenderBox::renderBoxRegionInfo):
1141         (WebCore::RenderBox::computeLogicalHeight):
1142         (WebCore::RenderBox::skipContainingBlockForPercentHeightCalculation):
1143         (WebCore::RenderBox::computePercentageLogicalHeight):
1144         (WebCore::RenderBox::computeReplacedLogicalWidthUsing):
1145         (WebCore::RenderBox::computeReplacedLogicalHeightUsing):
1146         (WebCore::RenderBox::availableLogicalHeightUsing):
1147         (WebCore::RenderBox::computeBlockDirectionMargins):
1148         (WebCore::RenderBox::computeAndSetBlockDirectionMargins):
1149         (WebCore::RenderBox::containingBlockLogicalWidthForPositioned):
1150         (WebCore::RenderBox::containingBlockLogicalHeightForPositioned):
1151         (WebCore::computeInlineStaticDistance):
1152         (WebCore::RenderBox::computePositionedLogicalWidth):
1153         (WebCore::computeLogicalLeftPositionedOffset):
1154         (WebCore::RenderBox::computePositionedLogicalWidthUsing):
1155         (WebCore::computeBlockStaticDistance):
1156         (WebCore::RenderBox::computePositionedLogicalHeight):
1157         (WebCore::computeLogicalTopPositionedOffset):
1158         (WebCore::RenderBox::computePositionedLogicalHeightUsing):
1159         (WebCore::RenderBox::computePositionedLogicalWidthReplaced):
1160         (WebCore::RenderBox::computePositionedLogicalHeightReplaced):
1161         (WebCore::percentageLogicalHeightIsResolvable):
1162         (WebCore::RenderBox::percentageLogicalHeightIsResolvableFromBlock):
1163         (WebCore::RenderBox::hasDefiniteLogicalHeight):
1164         (WebCore::RenderBox::hasUnsplittableScrollingOverflow):
1165         * rendering/RenderBox.h:
1166         * rendering/RenderDeprecatedFlexibleBox.cpp:
1167         (WebCore::RenderDeprecatedFlexibleBox::layoutHorizontalBox):
1168         (WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox):
1169         * rendering/RenderFlexibleBox.cpp:
1170         (WebCore::RenderFlexibleBox::computeMainAxisExtentForChild):
1171         (WebCore::RenderFlexibleBox::applyStretchAlignmentToChild):
1172         * rendering/RenderGrid.cpp:
1173         (WebCore::RenderGrid::minSizeForChild):
1174         (WebCore::RenderGrid::computeMarginLogicalHeightForChild):
1175         * rendering/RenderTable.cpp:
1176         (WebCore::RenderTable::updateLogicalWidth):
1177         * rendering/RenderTableRow.cpp:
1178         (WebCore::RenderTableRow::layout):
1179
1180 2016-03-22  Jon Davis  <jond@apple.com>
1181
1182         Add Download Attribute to the Feature Status page
1183         https://bugs.webkit.org/show_bug.cgi?id=155772
1184
1185         Reviewed by Timothy Hatcher.
1186
1187         * features.json:
1188
1189 2016-03-22  Jer Noble  <jer.noble@apple.com>
1190
1191         CachedResource::MediaResource types shouldn't be blocked due to mixed-content.
1192         https://bugs.webkit.org/show_bug.cgi?id=155588
1193         <rdar://problem/25177795>
1194
1195         Reviewed by Brent Fulgham.
1196
1197         Follow-up to address crashes caused by r198549. Rather than destroy MediaResourceLoader on a background thread,
1198         migrate the Ref to the main thread before releasing.
1199
1200         * platform/graphics/PlatformMediaResourceLoader.h:
1201         * platform/network/cocoa/WebCoreNSURLSession.mm:
1202         (-[WebCoreNSURLSession dealloc]):
1203
1204 2016-03-22  John Wilander  <wilander@apple.com>
1205
1206         Restrict WebSockets header parsing according to RFC6455 and RFC7230. Based on Lamarque V. Souza's original patch.
1207         https://bugs.webkit.org/show_bug.cgi?id=82714
1208
1209         Reviewed by Brent Fulgham.
1210
1211         Tests: http/tests/websocket/tests/hybi/error-event-ready-state-non-existent-url-with-server-responding-404.html
1212                http/tests/websocket/tests/hybi/handshake-fail-by-invalid-http-version.html
1213                http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-accept.html
1214                http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-extensions.html
1215                http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-header-value-sec-websocket-protocol.html
1216                http/tests/websocket/tests/hybi/handshake-fail-by-non-ascii-status-line.html
1217                http/tests/websocket/tests/hybi/handshake-fail-by-null-char-in-status.html
1218                http/tests/websocket/tests/hybi/handshake-ok-with-http-version-beyond-1_1.html
1219
1220         * Modules/websockets/WebSocketHandshake.cpp:
1221         (WebCore::WebSocketHandshake::httpURLForAuthenticationAndCookies):
1222         (WebCore::headerHasValidHTTPVersion):
1223             - Check for HTTP version 1.1 and above.
1224         (WebCore::WebSocketHandshake::readStatusLine):
1225             - Only allow ASCII characters in status line.
1226             - Only allow HTTP version 1.1 and above in status line.
1227         (WebCore::WebSocketHandshake::readHTTPHeaders):
1228             - Only allow ASCII characters in values for new HTTP headers.
1229
1230 2016-03-22  Myles C. Maxfield  <mmaxfield@apple.com>
1231
1232         [RTL Scrollbars] Position: absolute divs are covered by vertical scrollbar
1233         https://bugs.webkit.org/show_bug.cgi?id=155533
1234
1235         Reviewed by Darin Adler.
1236
1237         This patch changes the behavior of position: absolute elements when their
1238         containing block has overflow: scroll in RTL scrollbar mode. Previously, we
1239         were only adjusting the overflow calculation for such elements (but not
1240         their position calculation). This patch updates the position calculation,
1241         which automatically makes the overflow calculation work propertly, so the
1242         old calculation is no longer necessary.
1243
1244         This patch also updates iframes to appropriately move their dirty rects
1245         and their painting CTM by the scrollbar width when traversing frame
1246         boundaries. This fixes all our existing RTL scrollbar RTL tests.
1247
1248         The RTL scrollbar tests are only marked as passing on certain OSes, so these
1249         tests are transitioning from failing to passing in that other repository.
1250
1251         Test: fast/scrolling/rtl-scrollbars-positioning.html
1252               fast/scrolling/rtl-scrollbars-overflow-elementFromPoint.html
1253               fast/scrolling/rtl-scrollbars-overflow-position-absolute.html
1254               fast/scrolling/rtl-scrollbars-iframe-offset.html
1255               fast/scrolling/rtl-scrollbars-iframe-position-absolute.html
1256               fast/scrolling/rtl-scrollbars-iframe-scrolled.html
1257               fast/scrolling/rtl-scrollbars-iframe.html
1258
1259         * platform/ScrollView.cpp:
1260         (WebCore::ScrollView::paint):
1261         (WebCore::ScrollView::locationOfContents):
1262         * platform/ScrollView.h:
1263         * platform/graphics/ca/GraphicsLayerCA.cpp:
1264         (WebCore::GraphicsLayerCA::repaintLayerDirtyRects):
1265         * rendering/RenderBlock.cpp:
1266         (WebCore::RenderBlock::addOverflowFromPositionedObjects):
1267         * rendering/RenderBox.cpp:
1268         (WebCore::RenderBox::computePositionedLogicalWidth):
1269         * rendering/RenderView.cpp:
1270         (WebCore::RenderView::repaintViewRectangle):
1271
1272 2016-03-22  Antti Koivisto  <antti@apple.com>
1273
1274         Non-const DocumentRuleSets::features() does not check default style version
1275         https://bugs.webkit.org/show_bug.cgi?id=155766
1276
1277         Reviewed by Andreas Kling.
1278
1279         This may leave it out of date when the default stylesheet expands.
1280
1281         No test, don't know how to hit this with current codebase. With some further optimizations
1282         it starts affecting some tests involving UA media control stylesheets.
1283
1284         * css/DocumentRuleSets.h:
1285         (WebCore::DocumentRuleSets::mutableFeatures):
1286
1287             Check the default style version number in non-const case too.
1288
1289 2016-03-22  Daniel Bates  <dabates@apple.com>
1290
1291         CSP: Should only execute <script> or apply <style> if its hash appears in all policies
1292         https://bugs.webkit.org/show_bug.cgi?id=155709
1293         <rdar://problem/25263368>
1294
1295         Reviewed by Darin Adler.
1296
1297         Fixes an issue where a <script>/<style> was allowed to execute/be applied if its hash is listed
1298         in at least one Content Security Policy (CSP) delivered with the page. We should only execute/apply
1299         such a script/stylesheet if its hash is listed in all CSPs delivered with the page.
1300
1301         Tests: http/tests/security/contentSecurityPolicy/1.1/scripthash-multiple-policies.html
1302                http/tests/security/contentSecurityPolicy/1.1/stylehash-multiple-policies.html
1303
1304         * page/csp/ContentSecurityPolicy.cpp:
1305         (WebCore::isAllowedByAllWithHash): Added. Checks if the specified hash is allowed by all policies.
1306         (WebCore::isAllowedByAllWithHashFromContent): Modified to call WebCore::isAllowedByAllWithHash()
1307         to determine if the <script>/<style> is allowed by all CSPs delivered with the page.
1308
1309 2016-03-18  Jer Noble  <jer.noble@apple.com>
1310
1311         CRASH in WebCore::MediaResourceLoader::requestResource + 698
1312         https://bugs.webkit.org/show_bug.cgi?id=155651
1313         <rdar://problem/25130582>
1314
1315         Reviewed by Eric Carlson.
1316
1317         No new tests, fixes existing tests running under GuardMalloc.
1318
1319         Protect against the Document passed into MediaResourceLoader being destroyed during the MediaResourceLoader's lifetime.
1320
1321         * loader/MediaResourceLoader.cpp:
1322         (WebCore::MediaResourceLoader::MediaResourceLoader):
1323         (WebCore::MediaResourceLoader::contextDestroyed):
1324         (WebCore::MediaResourceLoader::requestResource):
1325         (WebCore::MediaResource::responseReceived):
1326         * loader/MediaResourceLoader.h:
1327
1328 2016-03-22  Beth Dakin  <bdakin@apple.com>
1329
1330         Advanced spell checking should be guarded behind 
1331         HAVE(ADVANCED_SPELL_CHECKING)
1332         https://bugs.webkit.org/show_bug.cgi?id=155738
1333
1334         Reviewed by Geoff Garen.
1335
1336         * config.h:
1337         (WebCore::ScrollableArea::systemLanguageIsRTL):
1338         * platform/spi/mac/NSSpellCheckerSPI.h:
1339
1340 2016-03-22  Nan Wang  <n_wang@apple.com>
1341
1342         AX: Change "dialog" role description to "web dialog" so users can distinguish from native alerts
1343         https://bugs.webkit.org/show_bug.cgi?id=154292
1344
1345         Reviewed by Chris Fleizach.
1346
1347         Changed role descriptions for "dialog" and "alert dialog" roles as required.
1348
1349         No new tests needed.
1350
1351         * English.lproj/Localizable.strings:
1352
1353 2016-03-22  Alex Christensen  <achristensen@webkit.org>
1354
1355         Add null check in CachedResourceLoader::determineRevalidationPolicy
1356         https://bugs.webkit.org/show_bug.cgi?id=155758
1357         rdar://problem/25108408
1358
1359         Reviewed by Jer Noble.
1360
1361         * loader/cache/CachedResourceLoader.cpp:
1362         (WebCore::CachedResourceLoader::frame):
1363         (WebCore::CachedResourceLoader::determineRevalidationPolicy):
1364         Null-check frame() before dereferencing it.
1365
1366 2016-03-22  Daniel Bates  <dabates@apple.com>
1367
1368         CSP: Check inline event handlers on each run, not only the first
1369         https://bugs.webkit.org/show_bug.cgi?id=115700
1370         <rdar://problem/24211159>
1371
1372         Reviewed by Andy Estes.
1373
1374         Fixes an issue where an inline event handler would always be allowed to execute if it
1375         executed at least once.
1376
1377         Currently we query whether the Content Security Policy (CSP) of the page permits inline event
1378         handlers each time we register a new handler for an event. And a handler is registered exactly
1379         once the first time the event associated with it is dispatched. Once a handler is registered
1380         as a listener for an event E then we will always invoke the handler when event E is dispatched
1381         regardless of whether the CSP of the page changes (say, as a result of programmatically inserting
1382         a <meta http-equiv="Content-Security-Policy">). Instead we should always check the
1383         CSP of the page whenever we are going to invoke an event handler.
1384
1385         * bindings/js/JSEventListener.cpp:
1386         (WebCore::JSEventListener::handleEvent): Check the CSP of the page and bail out if the
1387         policy does not permit execution of an inline event handler.
1388         * bindings/js/JSEventListener.h:
1389         (WebCore::JSEventListener::sourceURL): Added. Default implementation that returns an empty string.
1390         (WebCore::JSEventListener::sourcePosition): Added. Default implementation that returns a default position.
1391         * bindings/js/JSLazyEventListener.cpp:
1392         (WebCore::JSLazyEventListener::JSLazyEventListener): Update code following instance variable
1393         renaming in JSLazyEventListener.h.
1394         (WebCore::JSLazyEventListener::initializeJSFunction): Ditto. 
1395         * bindings/js/JSLazyEventListener.h: Override JSEventListener::sourceURL() and JSEventListener::sourcePosition().
1396         Changed all mutable instance variables to immutable ones as we do not modify these variables
1397         in any const member functions. Also renamed instance variable m_position to m_sourcePosition
1398         to better describe that it represents the source code position where the event handler was defined.
1399
1400 2016-03-22  Jer Noble  <jer.noble@apple.com>
1401
1402         Media elements allowed to play without a user gesture, but requiring fullscreen playback, should not be allowed to autoplay.
1403         https://bugs.webkit.org/show_bug.cgi?id=155599
1404
1405         Reviewed by Darin Adler.
1406
1407         Test: media/video-autoplay-allowed-but-fullscreen-required.html
1408
1409         Entering fullscreen should always require a user gesture.
1410
1411         * html/MediaElementSession.cpp:
1412         (WebCore::MediaElementSession::playbackPermitted):
1413
1414 2016-03-22  Carlos Garcia Campos  <cgarcia@igalia.com>
1415
1416         [GTK] WebInspector broken after r197620
1417         https://bugs.webkit.org/show_bug.cgi?id=155497
1418         <rdar://problem/25171910>
1419
1420         Reviewed by Philippe Normand.
1421
1422         Add resource scheme to the list of secure protocols.
1423
1424         * platform/SchemeRegistry.cpp:
1425         (WebCore::secureSchemes):
1426
1427 2016-03-22  Brent Fulgham  <bfulgham@apple.com>
1428
1429         SharedBuffer::copy() can cause a segmentation fault.
1430         https://bugs.webkit.org/show_bug.cgi?id=155739
1431
1432         Reviewed by Ryosuke Niwa.
1433
1434         Based on a Blink patch by Huang Dongsung <luxtella@company100.net>.
1435         <https://src.chromium.org/viewvc/blink?revision=153850&view=revision>
1436
1437         After SharedBuffer::copy(), SharedBuffer::append() can cause segmentation fault,
1438         because copy() calls clone->m_buffer.append(m_segments[i], segmentSize) even if
1439         'i' is the last index. The data size of m_segments.last() is often less than
1440         segmentSize. So, in the cloned instance m_size < (m_buffer.size() + SUM(m_segments[i].size())).
1441         This patch appends the exact size of the last segment instead of segmentSize.
1442
1443         Tested by TestWebKitAPI SharedBufferTest::copy
1444
1445         * platform/SharedBuffer.cpp:
1446         (SharedBuffer::copy): 
1447
1448 2016-03-22  Alberto Garcia  <berto@igalia.com>
1449
1450         Unreviewed typo fix.
1451
1452         * platform/gtk/LocalizedStringsGtk.cpp:
1453         (WebCore::textTrackAutomaticMenuItemText): "choosen" => "chosen"
1454
1455 2016-03-22  Zan Dobersek  <zdobersek@igalia.com>
1456
1457         [TextureMapper] Destructing TextureMapperLayer should clean up its effect target
1458         https://bugs.webkit.org/show_bug.cgi?id=155718
1459
1460         Reviewed by Darin Adler.
1461
1462         TextureMapperLayer destructor should, in case of non-null effect target,
1463         null out the effect target's mask and replica layer pointers if those
1464         pointers point to the TextureMapperLayer object that's being destroyed,
1465         avoiding use-after-free occurrences.
1466
1467         * platform/graphics/texmap/TextureMapperLayer.cpp:
1468         (WebCore::TextureMapperLayer::~TextureMapperLayer):
1469
1470 2016-03-22  Zan Dobersek  <zdobersek@igalia.com>
1471
1472         [TexMap] Shrink-to-fit the CompositingCoordinator's update atlases vector after cleanup
1473         https://bugs.webkit.org/show_bug.cgi?id=155719
1474
1475         Reviewed by Carlos Garcia Campos.
1476
1477         Shrink the Vector object containing the cached UpdateAtlas objects
1478         after the inactive ones are removed. This way the capacity of the
1479         Vector is kept under control, preventing unnecessary waste of memory.
1480
1481         * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
1482         (WebCore::CompositingCoordinator::releaseInactiveAtlasesTimerFired):
1483
1484 2016-03-21  Brent Fulgham  <bfulgham@apple.com>
1485
1486         Improve SharedBuffer testing
1487         https://bugs.webkit.org/show_bug.cgi?id=93078
1488         <rdar://problem/25277829>
1489
1490         Reviewed by Ryosuke Niwa.
1491
1492         * platform/SharedBuffer.h: Mark a few methods as WEBCORE_EXPORT so they
1493         can be used by TestWebKitAPI.
1494
1495 2016-03-21  Zalan Bujtas  <zalan@apple.com>
1496
1497         WebCore::RenderTableCell::setCol should put a cap on the column value. 
1498         https://bugs.webkit.org/show_bug.cgi?id=155642
1499         <rdar://problem/15895201>
1500
1501         Reviewed by Simon Fraser.
1502
1503         This patch ensures that we don't crash when the column number is large enough.
1504         see webkit.org/b/71135 for more information.
1505
1506         Test: tables/colspan-with-large-value-crash.html
1507
1508         * rendering/RenderTableCell.h:
1509         (WebCore::RenderTableCell::setCol):
1510
1511 2016-03-21  Simon Fraser  <simon.fraser@apple.com>
1512
1513         [iOS WK2] Use larger tiles when possible to reduce per-tile painting overhead
1514         https://bugs.webkit.org/show_bug.cgi?id=155734
1515         rdar://problem/24968144
1516
1517         Reviewed by Tim Horton.
1518
1519         The existing tile size logic is wired to adjustScrollbars, which doesn't fire
1520         when scrolling is delegated. For iOS WK2, key off of a new unobscuredContentSizeChanged()
1521         function that runs when the UI process tells told WebCore that the unobscured size
1522         has changed. In addition, contentsResized() is used to update scrollability when
1523         page changes size.
1524
1525         * page/FrameView.cpp:
1526         (WebCore::FrameView::contentsResized):
1527         (WebCore::FrameView::addedOrRemovedScrollbar):
1528         (WebCore::FrameView::adjustTiledBackingScrollability): Handle both delegated and non-delegated
1529         scrolling; the former looks at the visible size (based on the unobscuredVisibleContentRect),
1530         the latter at the presence of scrollbars.
1531         (WebCore::FrameView::unobscuredContentSizeChanged):
1532         * page/FrameView.h:
1533         * platform/ScrollView.h:
1534         (WebCore::ScrollView::unobscuredContentSizeChanged):
1535         * platform/graphics/ca/TileController.cpp:
1536         (WebCore::TileController::adjustTileCoverageRect): Use kDefaultTileSize rather than the
1537         tile size, to retain the old amount of overdraw.
1538         (WebCore::TileController::tileSize): There was a bug in the not-scrollable case; we need
1539         to scale.
1540         * platform/ios/ScrollViewIOS.mm:
1541         (WebCore::ScrollView::setUnobscuredContentSize):
1542
1543 2016-03-21  Chris Dumez  <cdumez@apple.com>
1544
1545         Unreviewed, rolling out r197552.
1546
1547         May have caused a ~2% PLT regression on iOS
1548
1549         Reverted changeset:
1550
1551         "Drop DocumentSharedObjectPool immediately when going into
1552         PageCache."
1553         https://bugs.webkit.org/show_bug.cgi?id=154986
1554         http://trac.webkit.org/changeset/197552
1555
1556 2016-03-21  Simon Fraser  <simon.fraser@apple.com>
1557
1558         Very flashy scrolling on http://quellish.tumblr.com page
1559         https://bugs.webkit.org/show_bug.cgi?id=155728
1560         rdar://problem/22299375
1561
1562         Reviewed by Zalan Bujtas.
1563
1564         http://quellish.tumblr.com/post/126712999812/how-on-earth-the-facebook-ios-application-is-so
1565         has many elements that are nested inside elements with non-equal corner radius clipping.
1566         This requires building bezier paths for the rounded-rect clip which is expensive.
1567
1568         For many rows of the table, we can avoid the rounded-rect clipping because the intersection
1569         of the paintDirtyRect and the clip is actually rectangular.
1570
1571         * platform/graphics/FloatRoundedRect.cpp:
1572         (WebCore::FloatRoundedRect::intersectionIsRectangular):
1573         * platform/graphics/FloatRoundedRect.h:
1574         * rendering/RenderLayer.cpp:
1575         (WebCore::RenderLayer::clipToRect):
1576
1577 2016-03-21  Zalan Bujtas  <zalan@apple.com>
1578
1579         Web Inspector search icon does not fit when zoomed in.
1580         https://bugs.webkit.org/show_bug.cgi?id=155708
1581
1582         Reviewed by Simon Fraser.
1583
1584         Adjusts the paint rect for the magnifier icon so that it fits even when zoomed in.
1585
1586         Covered by existing tests.
1587
1588         * rendering/RenderThemeMac.mm:
1589         (WebCore::RenderThemeMac::resultsButtonSizes):
1590         (WebCore::RenderThemeMac::paintSearchFieldResultsButton):
1591
1592 2016-03-21  Per Arne Vollan  <peavo@outlook.com>
1593
1594         [WinCairo][MediaFoundation] Crash when media player is destroyed.
1595         https://bugs.webkit.org/show_bug.cgi?id=155716
1596
1597         Reviewed by Alex Christensen.
1598
1599         Increase the reference count on the video presenter object in the ActivateObject method
1600         to avoid referencing a deleted object when the media player is destroyed.
1601
1602         * platform/graphics/win/MediaPlayerPrivateMediaFoundation.cpp:
1603         (WebCore::MediaPlayerPrivateMediaFoundation::CustomVideoPresenter::ActivateObject):
1604
1605 2016-03-21  Eric Carlson  <eric.carlson@apple.com>
1606
1607         Add a WebRTC specific compile flag
1608         https://bugs.webkit.org/show_bug.cgi?id=155663
1609
1610         Guard WebRTC-only files with ENABLE(WEB_RTC) rather than ENABLE(MEDIA_STREAM).
1611
1612         Reviewed by Jer Noble.
1613
1614         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
1615         * Modules/mediastream/MediaEndpointPeerConnection.h:
1616         * Modules/mediastream/PeerConnectionBackend.h:
1617         * Modules/mediastream/PeerConnectionStates.h:
1618         * Modules/mediastream/RTCConfiguration.cpp:
1619         * Modules/mediastream/RTCConfiguration.h:
1620         * Modules/mediastream/RTCConfiguration.idl:
1621         * Modules/mediastream/RTCDTMFSender.cpp:
1622         * Modules/mediastream/RTCDTMFSender.h:
1623         * Modules/mediastream/RTCDTMFSender.idl:
1624         * Modules/mediastream/RTCDTMFToneChangeEvent.cpp:
1625         * Modules/mediastream/RTCDTMFToneChangeEvent.h:
1626         * Modules/mediastream/RTCDTMFToneChangeEvent.idl:
1627         * Modules/mediastream/RTCDataChannel.cpp:
1628         * Modules/mediastream/RTCDataChannel.h:
1629         * Modules/mediastream/RTCDataChannel.idl:
1630         * Modules/mediastream/RTCDataChannelEvent.cpp:
1631         * Modules/mediastream/RTCDataChannelEvent.h:
1632         * Modules/mediastream/RTCDataChannelEvent.idl:
1633         * Modules/mediastream/RTCIceCandidate.cpp:
1634         * Modules/mediastream/RTCIceCandidate.h:
1635         * Modules/mediastream/RTCIceCandidate.idl:
1636         * Modules/mediastream/RTCIceCandidateEvent.cpp:
1637         * Modules/mediastream/RTCIceCandidateEvent.h:
1638         * Modules/mediastream/RTCIceCandidateEvent.idl:
1639         * Modules/mediastream/RTCIceServer.h:
1640         * Modules/mediastream/RTCIceServer.idl:
1641         * Modules/mediastream/RTCOfferAnswerOptions.cpp:
1642         * Modules/mediastream/RTCOfferAnswerOptions.h:
1643         * Modules/mediastream/RTCPeerConnection.cpp:
1644         * Modules/mediastream/RTCPeerConnection.h:
1645         * Modules/mediastream/RTCPeerConnection.idl:
1646         * Modules/mediastream/RTCPeerConnection.js:
1647         (createOffer):
1648         * Modules/mediastream/RTCPeerConnectionInternals.js:
1649         * Modules/mediastream/RTCRtpReceiver.cpp:
1650         * Modules/mediastream/RTCRtpReceiver.h:
1651         * Modules/mediastream/RTCRtpReceiver.idl:
1652         * Modules/mediastream/RTCRtpSender.cpp:
1653         * Modules/mediastream/RTCRtpSender.h:
1654         * Modules/mediastream/RTCRtpSender.idl:
1655         * Modules/mediastream/RTCRtpSenderReceiverBase.h:
1656         * Modules/mediastream/RTCSessionDescription.cpp:
1657         * Modules/mediastream/RTCSessionDescription.h:
1658         * Modules/mediastream/RTCSessionDescription.idl:
1659         * Modules/mediastream/RTCStatsReport.cpp:
1660         * Modules/mediastream/RTCStatsReport.idl:
1661         * Modules/mediastream/RTCStatsResponse.cpp:
1662         * Modules/mediastream/RTCStatsResponse.idl:
1663         * Modules/mediastream/RTCTrackEvent.cpp:
1664         * Modules/mediastream/RTCTrackEvent.h:
1665         * Modules/mediastream/RTCTrackEvent.idl:
1666         * Modules/mediastream/SDPProcessor.cpp:
1667         * Modules/mediastream/SDPProcessor.h:
1668         * bindings/generic/RuntimeEnabledFeatures.cpp:
1669         (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures):
1670         * bindings/generic/RuntimeEnabledFeatures.h:
1671         (WebCore::RuntimeEnabledFeatures::setMediaStreamEnabled):
1672         (WebCore::RuntimeEnabledFeatures::webkitGetUserMediaEnabled):
1673         (WebCore::RuntimeEnabledFeatures::webkitMediaStreamEnabled):
1674         (WebCore::RuntimeEnabledFeatures::peerConnectionEnabled):
1675         (WebCore::RuntimeEnabledFeatures::setPeerConnectionEnabled):
1676         (WebCore::RuntimeEnabledFeatures::webkitRTCPeerConnectionEnabled):
1677         * bindings/js/JSDOMGlobalObject.cpp:
1678         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
1679         * bindings/js/JSDictionary.cpp:
1680         (WebCore::JSDictionary::convertValue):
1681         * bindings/js/JSDictionary.h:
1682         * bindings/js/JSRTCIceCandidateCustom.cpp:
1683         * bindings/js/JSRTCPeerConnectionCustom.cpp:
1684         * bindings/js/JSRTCSessionDescriptionCustom.cpp:
1685         * bindings/js/JSRTCStatsResponseCustom.cpp:
1686         * bindings/js/WebCoreJSBuiltinInternals.cpp:
1687         (WebCore::JSBuiltinInternalFunctions::JSBuiltinInternalFunctions):
1688         (WebCore::JSBuiltinInternalFunctions::visit):
1689         (WebCore::JSBuiltinInternalFunctions::initialize):
1690         * bindings/js/WebCoreJSBuiltinInternals.h:
1691         (WebCore::JSBuiltinInternalFunctions::rtcPeerConnectionInternals):
1692         * bindings/js/WebCoreJSBuiltins.h:
1693         (WebCore::JSBuiltinFunctions::JSBuiltinFunctions):
1694         (WebCore::JSBuiltinFunctions::mediaDevicesBuiltins):
1695         (WebCore::JSBuiltinFunctions::navigatorUserMediaBuiltins):
1696         (WebCore::JSBuiltinFunctions::rtcPeerConnectionBuiltins):
1697         (WebCore::JSBuiltinFunctions::rtcPeerConnectionInternalsBuiltins):
1698         * dom/EventNames.in:
1699         * dom/EventTargetFactory.in:
1700         * loader/FrameLoaderClient.h:
1701         * platform/mediastream/IceCandidate.h:
1702         * platform/mediastream/MediaEndpoint.cpp:
1703         * platform/mediastream/MediaEndpoint.h:
1704         * platform/mediastream/MediaEndpointConfiguration.cpp:
1705         * platform/mediastream/MediaEndpointConfiguration.h:
1706         * platform/mediastream/MediaEndpointSessionConfiguration.h:
1707         * platform/mediastream/MediaPayload.h:
1708         * platform/mediastream/PeerMediaDescription.h:
1709         * platform/mediastream/RTCConfigurationPrivate.h:
1710         * platform/mediastream/RTCDTMFSenderHandler.h:
1711         * platform/mediastream/RTCDTMFSenderHandlerClient.h:
1712         * platform/mediastream/RTCDataChannelHandler.h:
1713         * platform/mediastream/RTCDataChannelHandlerClient.h:
1714         * platform/mediastream/RTCIceCandidateDescriptor.cpp:
1715         * platform/mediastream/RTCIceCandidateDescriptor.h:
1716         * platform/mediastream/RTCIceServerPrivate.h:
1717         * platform/mediastream/RTCPeerConnectionHandler.cpp:
1718         * platform/mediastream/RTCPeerConnectionHandler.h:
1719         * platform/mediastream/RTCPeerConnectionHandlerClient.h:
1720         * platform/mediastream/RTCSessionDescriptionDescriptor.cpp:
1721         * platform/mediastream/RTCSessionDescriptionDescriptor.h:
1722         * platform/mediastream/RTCSessionDescriptionRequest.h:
1723         * platform/mediastream/RTCStatsRequest.h:
1724         * platform/mediastream/RTCStatsResponseBase.h:
1725         * platform/mediastream/RTCVoidRequest.h:
1726         * platform/mediastream/SDPProcessorScriptResource.cpp:
1727         * platform/mediastream/SDPProcessorScriptResource.h:
1728         * platform/mock/MockMediaEndpoint.cpp:
1729         * platform/mock/MockMediaEndpoint.h:
1730         * platform/mock/RTCDTMFSenderHandlerMock.cpp:
1731         * platform/mock/RTCDTMFSenderHandlerMock.h:
1732         * platform/mock/RTCDataChannelHandlerMock.cpp:
1733         * platform/mock/RTCDataChannelHandlerMock.h:
1734         * platform/mock/RTCNotifiersMock.cpp:
1735         * platform/mock/RTCNotifiersMock.h:
1736         * platform/mock/RTCPeerConnectionHandlerMock.cpp:
1737         * platform/mock/RTCPeerConnectionHandlerMock.h:
1738         * platform/mock/TimerEventBasedMock.h:
1739         (WebCore::RenderLayerBacking::paintIntoLayer):
1740         * testing/Internals.cpp:
1741         (WebCore::Internals::Internals):
1742         (WebCore::Internals::enableMockSpeechSynthesizer):
1743         (WebCore::Internals::enableMockMediaEndpoint):
1744         (WebCore::Internals::enableMockRTCPeerConnectionHandler):
1745         (WebCore::Internals::setMockMediaCaptureDevicesEnabled):
1746         * testing/Internals.h:
1747
1748 2016-03-21  Joonghun Park  <jh718.park@samsung.com>
1749
1750         [JSC] Add ArrayBuffer::tryCreate and change the callsites where it is needed
1751         https://bugs.webkit.org/show_bug.cgi?id=155328
1752
1753         Reviewed by Darin Adler.
1754
1755         No new tests, no new behaviours.
1756
1757         * Modules/fetch/FetchBody.cpp:
1758         (WebCore::FetchBody::processIfEmptyOrDisturbed):
1759         (WebCore::FetchBody::consumeText):
1760         * Modules/fetch/FetchLoader.cpp:
1761         (WebCore::FetchLoader::didFinishLoading):
1762         * bindings/js/JSDOMPromise.h:
1763         (WebCore::char>>):
1764         * dom/MessageEvent.cpp:
1765         (WebCore::MessageEvent::MessageEvent):
1766         * dom/MessageEvent.h:
1767         * fileapi/FileReaderLoader.cpp:
1768         (WebCore::FileReaderLoader::didReceiveResponse):
1769         (WebCore::FileReaderLoader::didReceiveData):
1770         (WebCore::FileReaderLoader::arrayBufferResult):
1771         * html/canvas/WebGLBuffer.cpp:
1772         (WebCore::WebGLBuffer::associateBufferDataImpl):
1773         * html/track/DataCue.cpp:
1774         (WebCore::DataCue::DataCue):
1775         (WebCore::DataCue::data):
1776         (WebCore::DataCue::setData):
1777         (WebCore::DataCue::cueContentsMatch):
1778         * html/track/DataCue.h:
1779         * html/track/InbandDataTextTrack.cpp:
1780         (WebCore::InbandDataTextTrack::addDataCue):
1781         (WebCore::InbandDataTextTrack::removeCue):
1782         * platform/mac/SerializedPlatformRepresentationMac.mm:
1783         (WebCore::jsValueWithDataInContext):
1784
1785 2016-02-03  Sergio Villar Senin  <svillar@igalia.com>
1786
1787         [css-grid] Fix percentage tracks' size computation in grids with gutters
1788         https://bugs.webkit.org/show_bug.cgi?id=153825
1789
1790         Reviewed by Darin Adler.
1791
1792         The track sizing algorithm is passed an available size
1793         (freeSpace in the code) where to size the tracks. The total size of the grid
1794         gutters was pre-removed from that available size because we cannot use it to size
1795         the tracks. However that available size is also used to compute the size of
1796         percentage tracks. As we're removing the size of the gutters, the base size for
1797         percentage computations is smaller than it should be.
1798
1799         * rendering/RenderGrid.cpp:
1800         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
1801
1802 2016-03-21  Carlos Garcia Campos  <cgarcia@igalia.com>
1803
1804         [GTK] scrollbar thumb clipped in 2.11.92
1805         https://bugs.webkit.org/show_bug.cgi?id=155586
1806
1807         Reviewed by Michael Catanzaro.
1808
1809         In the current version of Adwaita, the scrollbar itself also has a
1810         one pixel border that we are not taking into account.
1811
1812         * platform/gtk/ScrollbarThemeGtk.cpp:
1813         (WebCore::ScrollbarThemeGtk::paintThumb): Use the scrollbar size
1814         in indicator mode, instead of only the thumb size, to correctly
1815         position the thumb in indicator mode.
1816
1817 2016-03-20  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1818
1819         Reduce uses of PassRefPtr in WebCore/dom - 6
1820         https://bugs.webkit.org/show_bug.cgi?id=155579
1821
1822         Reviewed by Darin Adler.
1823
1824         * dom/MessagePortChannel.h:
1825         * dom/default/PlatformMessagePortChannel.cpp:
1826         (WebCore::PlatformMessagePortChannel::EventData::EventData):
1827         (WebCore::MessagePortChannel::createChannel):
1828         (WebCore::MessagePortChannel::MessagePortChannel):
1829         (WebCore::MessagePortChannel::postMessageToRemote):
1830         (WebCore::PlatformMessagePortChannel::create):
1831         (WebCore::PlatformMessagePortChannel::PlatformMessagePortChannel):
1832         * dom/default/PlatformMessagePortChannel.h:
1833         (WebCore::PlatformMessagePortChannel::EventData::message):
1834
1835 2016-03-20  Jinwoo Jeong  <jw00.jeong@samsung.com>
1836
1837         The setter of binaryType attribute in WebSocket should raise the exception.
1838         https://bugs.webkit.org/show_bug.cgi?id=135874
1839
1840         Reviewed by Antonio Gomes.
1841
1842         According to W3C WebSocket Specification, <https://www.w3.org/TR/2012/CR-websockets-20120920/>
1843         when an invalid value is set on binaryType of WebSocket, a SyntaxError should be raised.
1844
1845         * Modules/websockets/WebSocket.cpp:
1846         (WebCore::WebSocket::setBinaryType): Add a parameter to set an exception.
1847         * Modules/websockets/WebSocket.h: Ditto.
1848         * Modules/websockets/WebSocket.idl: Update that setter of binaryType could raise an exception.
1849
1850 2016-03-20  Dan Bernstein  <mitz@apple.com>
1851
1852         [Mac] Determine TARGET_MAC_OS_X_VERSION_MAJOR from MACOSX_DEPLOYMENT_TARGET rather than from MAC_OS_X_VERSION_MAJOR
1853         https://bugs.webkit.org/show_bug.cgi?id=155707
1854         <rdar://problem/24980691>
1855
1856         Reviewed by Darin Adler.
1857
1858         * Configurations/Base.xcconfig: Set TARGET_MAC_OS_X_VERSION_MAJOR based on the last
1859           component of MACOSX_DEPLOYMENT_TARGET.
1860         * Configurations/DebugRelease.xcconfig: For engineering builds, preserve the behavior of
1861           TARGET_MAC_OS_X_VERSION_MAJOR being the host’s OS version.
1862
1863 2016-03-20  Konstantin Tokarev  <annulen@yandex.ru>
1864
1865         Added implementations of AXObjectCache methods for !HAVE(ACCESSIBILITY).
1866         https://bugs.webkit.org/show_bug.cgi?id=155697
1867
1868         Reviewed by Darin Adler.
1869
1870         No new tests needed.
1871
1872         * accessibility/AXObjectCache.h:
1873         (WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):
1874         (WebCore::AXObjectCache::absoluteCaretBoundsForCharacterOffset):
1875         (WebCore::AXObjectCache::characterOffsetForIndex):
1876         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
1877         (WebCore::AXObjectCache::endCharacterOffsetOfLine):
1878         (WebCore::AXObjectCache::nextCharacterOffset):
1879         (WebCore::AXObjectCache::previousCharacterOffset):
1880
1881 2016-03-20  Darin Adler  <darin@apple.com>
1882
1883         Disable Caches in Safari's Develop menu does not disable caches.
1884         https://bugs.webkit.org/show_bug.cgi?id=64483
1885
1886         Reviewed by Antti Koivisto.
1887
1888         Moved feature from Settings to Page.
1889
1890         * history/PageCache.cpp:
1891         (WebCore::canCachePage): Use function on Page instead of Settings.
1892         (WebCore::PageCache::take): Ditto.
1893         (WebCore::PageCache::get): Ditto.
1894         * loader/FrameLoader.cpp:
1895         (WebCore::FrameLoader::subresourceCachePolicy): Ditto.
1896         (WebCore::FrameLoader::addExtraFieldsToRequest): Ditto.
1897         * loader/cache/CachedResourceLoader.cpp:
1898         (WebCore::CachedResourceLoader::cachePolicy): Ditto.
1899
1900         * page/Page.h:
1901         (WebCore::Page::isResourceCachingDisabled): Added.
1902         (WebCore::Page::setResourceCachingDisabled): Added.
1903
1904         * page/Settings.in: Removed resourceCachingDisabled.
1905
1906 2016-03-20  Dan Bernstein  <mitz@apple.com>
1907
1908         Update build settings
1909
1910         Rubber-stamped by Andy Estes.
1911
1912         * Configurations/DebugRelease.xcconfig:
1913         * Configurations/FeatureDefines.xcconfig:
1914         * Configurations/Version.xcconfig:
1915
1916 2016-03-20  Chris Fleizach  <cfleizach@apple.com>
1917
1918         AX: Radio button members are not identified together in all cases
1919         https://bugs.webkit.org/show_bug.cgi?id=155604
1920         <rdar://problem/21186992>
1921
1922         Reviewed by Darin Adler.
1923
1924         Allow aria radio buttons to be grouped together as linked ui elements even if they're not input types of radio button.
1925
1926         Modified test: accessibility/radio-button-group-members.html
1927
1928         * accessibility/AccessibilityRenderObject.cpp:
1929         (WebCore::AccessibilityRenderObject::speakProperty):
1930         (WebCore::AccessibilityRenderObject::addRadioButtonGroupChildren):
1931         (WebCore::AccessibilityRenderObject::addRadioButtonGroupMembers):
1932         * accessibility/AccessibilityRenderObject.h:
1933
1934 2016-03-19  Joonghun Park  <jh718.park@samsung.com>
1935
1936         Purge PassRefPtr from WebCore/html/shadow
1937         https://bugs.webkit.org/show_bug.cgi?id=155681
1938
1939         Reviewed by Darin Adler.
1940
1941         No new tests, no new behaviours.
1942
1943         * html/HTMLImageElement.cpp:
1944         (WebCore::HTMLImageElement::updateImageControls):
1945         (WebCore::HTMLImageElement::tryCreateImageControls):
1946         (WebCore::HTMLImageElement::createImageControls): Deleted.
1947         * html/HTMLImageElement.h:
1948         * html/shadow/ImageControlsRootElement.h:
1949         * html/shadow/MediaControls.h:
1950         * html/shadow/MediaControlsApple.cpp:
1951         (WebCore::MediaControls::tryCreate):
1952         (WebCore::MediaControlsApple::tryCreateControls):
1953         (WebCore::MediaControlsApple::showClosedCaptionTrackList):
1954         (WebCore::MediaControlsApple::hideClosedCaptionTrackList):
1955         (WebCore::MediaControlsApple::eventListener):
1956         (WebCore::MediaControls::create): Deleted.
1957         (WebCore::MediaControlsApple::createControls): Deleted.
1958         * html/shadow/MediaControlsApple.h:
1959         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
1960         (WebCore::ImageControlsButtonElementMac::tryCreate):
1961         (WebCore::ImageControlsButtonElementMac::maybeCreate): Deleted.
1962         * html/shadow/mac/ImageControlsButtonElementMac.h:
1963         * html/shadow/mac/ImageControlsRootElementMac.cpp:
1964         (WebCore::ImageControlsRootElement::tryCreate):
1965         (WebCore::ImageControlsRootElement::maybeCreate): Deleted.
1966
1967 2016-03-19  Antti Koivisto  <antti@apple.com>
1968
1969         Data URL DecodeTask may get deleted outside main thread
1970         https://bugs.webkit.org/show_bug.cgi?id=155584
1971         rdar://problem/24492104
1972
1973         Reviewed by David Kilzer.
1974
1975         Follow-up: fix a possible null pointer crash.
1976
1977         * platform/network/DataURLDecoder.cpp:
1978         (WebCore::DataURLDecoder::DecodingResultDispatcher::startTimer):
1979
1980             If timer fires under startOneShot m_decodeTask may become zero before schedule() is called.
1981             Fix by copying schedule context to a local before calling startOneShot.
1982
1983 2016-03-18  Zhuo Li  <zachli@apple.com>
1984
1985         Update AutoFill button in input fields.
1986         https://bugs.webkit.org/show_bug.cgi?id=155619.
1987         rdar://problem/24486939.
1988
1989         Reviewed by Daniel Bates.
1990
1991         * css/html.css:
1992         (input::-webkit-contacts-auto-fill-button):
1993         Use the new AutoFill button.
1994
1995 2016-03-18  Alex Christensen  <achristensen@webkit.org>
1996
1997         Give NSURLSessionConfiguration information about parent process
1998         https://bugs.webkit.org/show_bug.cgi?id=155661
1999
2000         Reviewed by Anders Carlsson.
2001
2002         * platform/spi/cf/CFNetworkSPI.h:
2003         Add newly-used SPI declarations.
2004
2005 2016-03-18  Simon Fraser  <simon.fraser@apple.com>
2006
2007         Sideways-scrollable RTL document has wrong initial and reload offset in WKWebView
2008         https://bugs.webkit.org/show_bug.cgi?id=155660
2009         rdar://problem/22212662
2010
2011         Reviewed by Tim Horton.
2012         
2013         There were two problems with the scroll position of RTL documents on initial and reload
2014         in WKWebView.
2015
2016         First, in the delegatesScrolling() code path, ScrollView::updateScrollbars() needs to
2017         tell someone that the scroll origin changed, to trigger a scroll to the page origin.
2018
2019         Secondly, WKWebView had scrollPosition/scrollOffset confusion in various places.
2020
2021         Test: fast/scrolling/rtl-initial-scroll-position.html
2022
2023         * platform/ScrollView.cpp:
2024         (WebCore::ScrollView::updateScrollbars):
2025
2026 2016-03-18  Ryan Haddad  <ryanhaddad@apple.com>
2027
2028         Unreviewed, rolling out r198443.
2029
2030         This change caused API test failures on El Capitan
2031
2032         Reverted changeset:
2033
2034         "CRASH in WebCore::MediaResourceLoader::requestResource + 698"
2035         https://bugs.webkit.org/show_bug.cgi?id=155651
2036         http://trac.webkit.org/changeset/198443
2037
2038 2016-03-18  Darin Adler  <darin@apple.com>
2039
2040         ASSERTION FAILED: m_isValid == valid() in WebCore::HTMLFormControlElement::isValidFormControlElement
2041         https://bugs.webkit.org/show_bug.cgi?id=139481
2042
2043         Reviewed by Daniel Bates.
2044
2045         Test: fast/forms/validity-assertion-inserting-into-datalist.html
2046
2047         * html/HTMLFormControlElement.cpp:
2048         (WebCore::HTMLFormControlElement::insertedInto): Set the flags that will cause
2049         "will validate" to be recomputed *before* calling willValidate().
2050
2051 2016-03-18  Chris Dumez  <cdumez@apple.com>
2052
2053         Speculative revalidation requests do not have their HTTP user-agent set
2054         https://bugs.webkit.org/show_bug.cgi?id=155620
2055         <rdar://problem/24657567>
2056
2057         Reviewed by Brady Eidson.
2058
2059         Export a couple of symbols so they can be used from WebKit2.
2060
2061         Test: http/tests/cache/disk-cache/speculative-validation/validation-request.html
2062
2063         * platform/network/ResourceRequestBase.h:
2064
2065 2016-03-18  Zhuo Li  <zachli@apple.com>
2066
2067         Need to forward declare NSScrollerImpSPI::scrollerLayoutDirection.
2068         https://bugs.webkit.org/show_bug.cgi?id=155662.
2069
2070         Reviewed by Myles C. Maxfield.
2071
2072         * platform/spi/mac/NSScrollerImpSPI.h:
2073         Forward declare NSScrollerImpSPI::scrollerLayoutDirection.
2074
2075 2016-03-18  Myles C. Maxfield  <mmaxfield@apple.com>
2076
2077         [OS X] Scrollbars are sometimes erroneously reported as overlay
2078         https://bugs.webkit.org/show_bug.cgi?id=155630
2079
2080         Reviewed by Darin Adler.
2081
2082         When AppKit boots up, if the system preference is set to determine at runtime whether
2083         scrollbars should be overlay or always-on, AppKit must do some processing to determine
2084         this scrollbar state. We listen for the results by using NSScrollerImpPairDelegate's
2085         scrollerImpPair:updateScrollerStyleForNewRecommendedScrollerStyle: method.
2086
2087         However, our NSScrollerImpPairDelegates are owned by the FrameView, and when loading
2088         a page, there is a short amount of time when no FrameViews are alive. This means that
2089         there is a point in time when we don't have any NSScrollerImpPairs alive. Unfortunately,
2090         the processesing that AppKit does to determine the scrollbar state is done
2091         asynchronously, and the results may be reported within this short window. In this case,
2092         we don't receive the notification that the scrollbar should be non-overlay, and our
2093         internal state (gUsesOverlayScrollbars in ScrollbarThemeMac) becomes stale.
2094
2095         The solution is to simply always check what the scrollbar state is upon creation of a
2096         NSScrollerImpPair. That way, as soon as the second FrameView is created, the scrollbar
2097         state will be correctly updated immediately.
2098
2099         An alternative, similar, approach would be for ScrollbarThemeMac to listen to the
2100         NSPreferredScrollerStyleDidChangeNotification. This patch doesn't use this approach
2101         in order to align with the current division of responsibilities between ScrollAnimator
2102         and ScrollbarTheme.
2103
2104         Covered by existing (RTL Scrollbar) tests.
2105
2106         * platform/mac/ScrollAnimatorMac.mm:
2107         (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
2108
2109 2016-03-18  Jer Noble  <jer.noble@apple.com>
2110
2111         CRASH in WebCore::MediaResourceLoader::requestResource + 698
2112         https://bugs.webkit.org/show_bug.cgi?id=155651
2113         <rdar://problem/25130582>
2114
2115         Reviewed by Eric Carlson.
2116
2117         No new tests, fixes existing tests running under GuardMalloc.
2118
2119         Protect against the Document passed into MediaResourceLoader being destroyed during the MediaResourceLoader's lifetime.
2120
2121         * loader/MediaResourceLoader.cpp:
2122         (WebCore::MediaResourceLoader::MediaResourceLoader):
2123         (WebCore::MediaResourceLoader::contextDestroyed):
2124         (WebCore::MediaResourceLoader::requestResource):
2125         (WebCore::MediaResource::responseReceived):
2126         * loader/MediaResourceLoader.h:
2127
2128 2016-03-18  Mark Lam  <mark.lam@apple.com>
2129
2130         JSDOMGlobalObject.h needs to #include StructureInlines.h.
2131         https://bugs.webkit.org/show_bug.cgi?id=155657
2132
2133         Reviewed by Filip Pizlo.
2134
2135         No new tests needed.  This is a build fix for the Win EWS.
2136
2137         * bindings/js/JSDOMGlobalObject.h:
2138
2139 2016-03-18  Brent Fulgham  <bfulgham@apple.com>
2140
2141         Local file restrictions should not block sessionStorage access
2142         https://bugs.webkit.org/show_bug.cgi?id=155609
2143         <rdar://problem/25229461>
2144
2145         Reviewed by Andy Estes.
2146
2147         Use of 'sesssionStorage' is governed by SecurityOrigin with third party access
2148         set to 'ShouldAllowFromThirdParty::AlwaysAllowFromThirdParty'. We should not
2149         reject local files for this combination of arguments.
2150
2151         Test: storage/domstorage/sessionstorage/blocked-file-access.html
2152
2153         * page/SecurityOrigin.cpp:
2154         (WebCore::SecurityOrigin::canAccessStorage): For the case of sessionStorage,
2155         allow local file access.
2156
2157 2016-03-18  Jer Noble  <jer.noble@apple.com>
2158
2159         CachedResource::MediaResource types shouldn't be blocked due to mixed-content.
2160         https://bugs.webkit.org/show_bug.cgi?id=155588
2161         <rdar://problem/25177795>
2162
2163         Reviewed by Daniel Bates.
2164
2165         The Mixed Content spec specifically allows (with certain restrictions) loads of <image>,
2166         <video>, and <audio> resources from mixed-content origins, albeit with warnings.
2167
2168         No new tests, fixes existing test: http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html
2169
2170         * loader/cache/CachedResourceLoader.cpp:
2171         (WebCore::contentTypeFromResourceType):
2172
2173 2016-03-18  Nan Wang  <n_wang@apple.com>
2174
2175         AX: AXARIACurrent exposed but not displayed in Accessibility Inspector
2176         https://bugs.webkit.org/show_bug.cgi?id=155600
2177
2178         Reviewed by Chris Fleizach.
2179
2180         AXARIACurrent attribute was added to a temporary array that was never returned.
2181
2182         Test: accessibility/mac/aria-current-attribute-exposed.html
2183
2184         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
2185         (-[WebAccessibilityObjectWrapper accessibilityAttributeNames]):
2186
2187 2016-03-18  Nan Wang  <n_wang@apple.com>
2188
2189         AX: Typing broken on form input field while using VoiceOver
2190         https://bugs.webkit.org/show_bug.cgi?id=155613
2191
2192         Reviewed by Chris Fleizach.
2193
2194         The div element inside the INPUT element gives a collapsed TextMarkerRange which then creates
2195         a collapsed Range. Fixed it by using the parent node to create the Range when the div node has
2196         no children.
2197
2198         Test: accessibility/mac/text-marker-range-for-node-without-children.html
2199
2200         * accessibility/AXObjectCache.cpp:
2201         (WebCore::setRangeStartOrEndWithCharacterOffset):
2202
2203 2016-03-18  Chris Fleizach  <cfleizach@apple.com>
2204
2205         AX: Implement AutoFill Available attribute for a text field
2206         https://bugs.webkit.org/show_bug.cgi?id=155567
2207
2208         Reviewed by Darin Adler.
2209
2210         This file was left out of original commit accidentally.
2211
2212         * accessibility/AccessibilityRenderObject.cpp:
2213         (WebCore::AccessibilityRenderObject::addTextFieldChildren):
2214
2215 2016-03-18  Csaba Osztrogonác  <ossy@webkit.org>
2216
2217         [Mac][cmake] Unreviewed speculative buildfix after r197956. Just for fun.
2218
2219         * PlatformMac.cmake:
2220
2221 2016-03-18  Csaba Osztrogonác  <ossy@webkit.org>
2222
2223         [Mac][cmake] Unreviewed speculative buildfix after r197628. Just for fun.
2224
2225         * PlatformMac.cmake:
2226
2227 2016-03-18  Csaba Osztrogonác  <ossy@webkit.org>
2228
2229         [Mac][cmake] One more attempt to try to fix the build after r197633.
2230
2231         * PlatformMac.cmake:
2232
2233 2016-03-18  Csaba Osztrogonác  <ossy@webkit.org>
2234
2235         [Mac][cmake] One more attempt to try to fix the build after r197633.
2236
2237         * PlatformMac.cmake:
2238
2239 2016-03-18  Csaba Osztrogonác  <ossy@webkit.org>
2240
2241         [Mac][cmake] One more attempt to try to fix the build after r197633.
2242
2243         * PlatformMac.cmake: Revert r198398, which was incorrect.
2244
2245 2016-03-18  Csaba Osztrogonác  <ossy@webkit.org>
2246
2247         [Mac][cmake] Last attempt to try to fix the build after r197633.
2248
2249         * PlatformMac.cmake:
2250
2251 2016-03-18  Manuel Rego Casasnovas  <rego@igalia.com>
2252
2253         [css-grid] Rename GridSpan properties
2254         https://bugs.webkit.org/show_bug.cgi?id=155636
2255
2256         Reviewed by Sergio Villar Senin.
2257
2258         GridSpan was using old names initialResolvedPosition and
2259         finalResolvedPosition.
2260         This patch rename them to startLine and endLine.
2261
2262         Some reasons for this refactoring:
2263         - "position" is a vague term not defined in the spec.
2264         - GridSpan is currently storing grid lines. A grid "line" is defined
2265           in the spec: https://drafts.csswg.org/css-grid/#grid-line-concept
2266         - The spec uses the concepts "start" and "end" lines too.
2267
2268         No new tests, no change of behavior.
2269
2270         * css/CSSGridTemplateAreasValue.cpp:
2271         (WebCore::stringForPosition):
2272         * css/CSSParser.cpp:
2273         (WebCore::CSSParser::parseGridTemplateAreasRow):
2274         * css/StyleBuilderConverter.h:
2275         (WebCore::StyleBuilderConverter::createImplicitNamedGridLinesFromGridArea):
2276         * rendering/RenderGrid.cpp:
2277         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
2278         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
2279         (WebCore::RenderGrid::insertItemIntoGrid):
2280         (WebCore::RenderGrid::populateExplicitGridAndOrderIterator):
2281         (WebCore::RenderGrid::placeSpecifiedMajorAxisItemsOnGrid):
2282         (WebCore::RenderGrid::placeAutoMajorAxisItemOnGrid):
2283         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
2284         (WebCore::RenderGrid::gridAreaBreadthForChildIncludingAlignmentOffsets):
2285         (WebCore::RenderGrid::columnAxisOffsetForChild):
2286         (WebCore::RenderGrid::rowAxisOffsetForChild):
2287         * rendering/style/GridArea.h:
2288         (WebCore::GridSpan::untranslatedDefiniteGridSpan):
2289         (WebCore::GridSpan::translatedDefiniteGridSpan):
2290         (WebCore::GridSpan::operator==):
2291         (WebCore::GridSpan::integerSpan):
2292         (WebCore::GridSpan::untranslatedStartLine):
2293         (WebCore::GridSpan::untranslatedEndLine):
2294         (WebCore::GridSpan::startLine):
2295         (WebCore::GridSpan::endLine):
2296         (WebCore::GridSpan::begin):
2297         (WebCore::GridSpan::end):
2298         (WebCore::GridSpan::translate):
2299         (WebCore::GridSpan::GridSpan):
2300         (WebCore::GridSpan::untranslatedResolvedInitialPosition): Deleted.
2301         (WebCore::GridSpan::untranslatedResolvedFinalPosition): Deleted.
2302         (WebCore::GridSpan::resolvedInitialPosition): Deleted.
2303         (WebCore::GridSpan::resolvedFinalPosition): Deleted.
2304         * rendering/style/GridPositionsResolver.cpp:
2305         (WebCore::definiteGridSpanWithNamedLineSpanAgainstOpposite):
2306         (WebCore::resolveNamedGridLinePositionAgainstOppositePosition):
2307         (WebCore::resolveGridPositionAgainstOppositePosition):
2308         (WebCore::GridPositionsResolver::resolveGridPositionsFromStyle):
2309
2310 2016-03-18  Csaba Osztrogonác  <ossy@webkit.org>
2311
2312         [Mac][cmake] One more unreviewed speculative buildfix after r197633. Just for fun.
2313
2314         * PlatformMac.cmake:
2315
2316 2016-03-18  Csaba Osztrogonác  <ossy@webkit.org>
2317
2318         [Mac][cmake] Unreviewed speculative buildfix after r197633. Just for fun.
2319
2320         * PlatformMac.cmake:
2321
2322 2016-03-18  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2323
2324         crossorigin element resource loading should check HTTP redirection
2325         https://bugs.webkit.org/show_bug.cgi?id=130578
2326
2327         Reviewed by Daniel Bates and Brent Fulgham.
2328
2329         Moved part of DocumentThreadableLoader redirection cross origin control code
2330         into functions in CrossOriginAccessControl.cpp. Added cross origin control for
2331         redirections in SubResourceLoader when policy is set to PotentiallyCrossOriginEnabled 
2332         using CrossOriginAccessControl.cpp new functions. Added a new test that checks that 
2333         cross-origin redirections are checked against CORS.
2334
2335         Test: http/tests/security/shape-image-cors-redirect.html
2336
2337         * loader/CrossOriginAccessControl.cpp:
2338         (WebCore::isValidCrossOriginRedirectionURL): Returns true if the redirected URL is a valid URL for cross-origin requests.
2339         (WebCore::cleanRedirectedRequestForAccessControl): Removes all headers added by the network backend that may cause the response CORS validation to fail.
2340         * loader/CrossOriginAccessControl.h: Added above function prototypes.
2341         * loader/DocumentThreadableLoader.cpp:
2342         (WebCore::DocumentThreadableLoader::redirectReceived): Used new CORS redirection methods of CrossOriginAccessControl.cpp.
2343         * loader/SubresourceLoader.cpp:
2344         (WebCore::SubresourceLoader::init): Initialize the SecurityOrigin to be used for loading the resource.
2345         (WebCore::SubresourceLoader::willSendRequest): Added cross-origin redirection response check.
2346         (WebCore::SubresourceLoader::checkCrossOriginAccessControl): Checks CORS and update request if needed. Returns true if control checks passed.
2347         * loader/SubresourceLoader.h: Added checkCrossOriginAccessControl declaration and m_origin declaration.
2348
2349 2016-03-18  Darin Adler  <darin@apple.com>
2350
2351         Disable Caches in Safari's Develop menu does not disable caches.
2352         https://bugs.webkit.org/show_bug.cgi?id=64483
2353
2354         Reviewed by Antti Koivisto.
2355
2356         Add a new setting, ResourceCachingDisabled, for use in future versions of Safari.
2357
2358         * history/PageCache.cpp:
2359         (WebCore::canCachePage): Check resourceCachingDisabled and return false.
2360         (WebCore::PageCache::take): Check resourceCachingDisabled, and return null.
2361         (WebCore::PageCache::get): Ditto.
2362
2363         * loader/FrameLoader.cpp:
2364         (WebCore::FrameLoader::subresourceCachePolicy): Check resourceCachingDisabled, and
2365         request a reload.
2366         (WebCore::FrameLoader::addExtraFieldsToRequest): Check resourceCachingDisabled, and
2367         set the cache policy to trigger a reload.
2368         * loader/cache/CachedResourceLoader.cpp:
2369         (WebCore::CachedResourceLoader::cachePolicy): Check resourceCachingDisabled, and
2370         request a reload.
2371
2372         * page/Settings.in: Added resourceCachingDisabled.
2373
2374 2016-03-18  Csaba Osztrogonác  <ossy@webkit.org>
2375
2376         [Mac][cmake] Unreviewed speculative buildfix. Just for fun.
2377
2378         * loader/EmptyClients.cpp:
2379
2380 2016-03-17  Antti Koivisto  <antti@apple.com>
2381
2382         Data URL DecodeTask may get deleted outside main thread
2383         https://bugs.webkit.org/show_bug.cgi?id=155584
2384         rdar://problem/24492104
2385
2386         Reviewed by Darin Adler.
2387
2388         This is unsafe as it owns strings and other types that are only safe to delete in the main thread.
2389
2390         There is a race between deref in dispatch() and deref in timerFired(). If the timer fires before dispatch()
2391         exits the implicit deref will trigger deletion of DecodingResultDispatcher in the dispatching thread.
2392
2393         (WebCore::DataURLDecoder::DecodingResultDispatcher::timerFired):
2394
2395             Fix by clearing m_decodeTask when the timer fires.
2396
2397 2016-03-17  Carlos Garcia Campos  <cgarcia@igalia.com>
2398
2399         REGRESSION(r195661): [GTK] very slow scrolling
2400         https://bugs.webkit.org/show_bug.cgi?id=155334
2401
2402         Reviewed by Michael Catanzaro.
2403
2404         We need to also restore the PerAxisData visible length when it's
2405         reset because of a non animated scroll. To prevent making the same
2406         mistake in the future, the current position and visible lengths
2407         members are now required to construct PerAxisData. This also
2408         simplifies the code and ensures that when the ScrollAnimatorSmooth
2409         is created, it's updated to the current position.
2410
2411         * platform/ScrollAnimationSmooth.cpp:
2412         (WebCore::ScrollAnimationSmooth::ScrollAnimationSmooth):
2413         Initialize PerAxisData members.
2414         (WebCore::ScrollAnimationSmooth::setCurrentPosition): Pass the
2415         current position and visible length as parameters to the
2416         PerAxisData constructor.
2417         (WebCore::ScrollAnimationSmooth::animateScroll): Ditto.
2418         * platform/ScrollAnimationSmooth.h: Add a PerAxisData constructor
2419         that receives current position and visible length and disallow to
2420         use the default constructor.
2421         * platform/ScrollAnimatorSmooth.cpp:
2422         (WebCore::ScrollAnimatorSmooth::ScrollAnimatorSmooth): Pass the
2423         current position to the ScrollAnimationSmooth constructor.
2424         * platform/gtk/ScrollAnimatorGtk.cpp:
2425         (WebCore::ScrollAnimatorGtk::ensureSmoothScrollingAnimation): Ditto.
2426
2427 2016-03-17  Chris Fleizach  <cfleizach@apple.com>
2428
2429         AX: WEB: VoiceOver does not announce some WAI-ARIA document structures
2430         https://bugs.webkit.org/show_bug.cgi?id=155603
2431         <rdar://problem/25227385>
2432
2433         Reviewed by Darin Adler.
2434
2435         Expose more ARIA landmark type roles on iOS for accessibility.
2436
2437         Updated test: accessibility/ios-simulator/landmark-type.html
2438
2439         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
2440         (-[WebAccessibilityObjectWrapper _accessibilityIsLandmarkRole:]):
2441         (-[WebAccessibilityObjectWrapper accessibilityLabel]):
2442         * platform/LocalizedStrings.cpp:
2443         (WebCore::searchMenuClearRecentSearchesText):
2444         (WebCore::AXWebAreaText):
2445         (WebCore::AXListItemActionVerb):
2446         (WebCore::AXAutoFillCredentialsLabel):
2447         * platform/LocalizedStrings.h:
2448
2449 2016-03-17  Daniel Bates  <dabates@apple.com>
2450
2451         Cleanup: Remove the need to pass reporting status to ContentSecurityPolicy functions
2452         https://bugs.webkit.org/show_bug.cgi?id=155623
2453
2454         Reviewed by Andy Estes and Alex Christensen.
2455
2456         ScriptController::initScript() is the only function that passes ContentSecurityPolicy::ReportingStatus::SuppressReport
2457         following the removal of the SecurityPolicy script interface in <http://trac.webkit.org/changeset/197142>. It
2458         passes this reporting status to prevent sending a violation report when determining whether the CSP policy allows
2459         use of the JavaScript eval()/operator eval so that it enable or disable this capability as appropriate. We
2460         should teach ScriptController::initScript() to delegate the responsibility of enabling/disabling this capability
2461         to the ContentSecurityPolicy. Then we can remove the need to expose ContentSecurityPolicy::ReportingStatus as
2462         part of the ContentSecurityPolicy interface.
2463
2464         No functionality changed. So, no new tests.
2465
2466         * bindings/js/ScriptController.cpp:
2467         (WebCore::ScriptController::createWindowShell): Return a reference to a JSDOMWindowShell object
2468         instead of a pointer as the pointer is always non-null.
2469         (WebCore::ScriptController::initScript): Updated as needed now that ScriptController::createWindowShell()
2470         returns a reference. Moved logic to enable/disable JavaScript eval() and operator eval from here into
2471         ContentSecurityPolicy::didCreateWindowShell() and make use of this member function.
2472         * bindings/js/ScriptController.h:
2473         * page/csp/ContentSecurityPolicy.cpp:
2474         (WebCore::ContentSecurityPolicy::didCreateWindowShell): Added. Moved logic from to enable/disable JavaScript
2475         eval() and operator eval from ScriptController::initScript() to here.
2476         (WebCore::ContentSecurityPolicy::didReceiveHeader): Substitute ContentSecurityPolicyDirectiveList::ReportingStatus::SuppressReport
2477         for ContentSecurityPolicy::ReportingStatus::SuppressReport as the enum has moved from class ContentSecurityPolicy
2478         to ContentSecurityPolicyDirectiveList. Fix minor code style nit; substitute nullptr for 0 in the first argument
2479         to ContentSecurityPolicyDirectiveList::allowEval().
2480         (WebCore::isAllowedByAllWithFrame): Substitute ContentSecurityPolicyDirectiveList::ReportingStatus::SuppressReport
2481         for ContentSecurityPolicy::ReportingStatus::SuppressReport as the enum has moved from class ContentSecurityPolicy
2482         to ContentSecurityPolicyDirectiveList.
2483         (WebCore::isAllowedByAll): Substitute ContentSecurityPolicyDirectiveList::ReportingStatus::SuppressReport
2484         for ContentSecurityPolicy::ReportingStatus::SuppressReport as the enum has moved from class ContentSecurityPolicy
2485         to ContentSecurityPolicyDirectiveList. Also make this function static so that it has internal linkage.
2486         (WebCore::isAllowedByAllWithState): Ditto.
2487         (WebCore::isAllowedByAllWithContext): Ditto.
2488         (WebCore::isAllowedByAllWithHashFromContent): Ditto.
2489         (WebCore::isAllowedByAllWithURL): Ditto.
2490         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Remove argument reportingStatus and always pass
2491         ContentSecurityPolicyDirectiveList::ReportingStatus::SendReport to the directive list member function. In a
2492         subsequent patch we will remove the need to pass the reporting status to the directive list member function.
2493         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
2494         (WebCore::ContentSecurityPolicy::allowInlineScript): Ditto.
2495         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
2496         (WebCore::ContentSecurityPolicy::allowEval): Ditto.
2497         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
2498         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
2499         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
2500         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
2501         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
2502         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
2503         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
2504         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
2505         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
2506         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
2507         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
2508         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
2509         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
2510         (WebCore::ContentSecurityPolicy::evalDisabledErrorMessage): Deleted.
2511         * page/csp/ContentSecurityPolicy.h:
2512         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
2513         (WebCore::ContentSecurityPolicyDirectiveList::allowJavaScriptURLs): Substitute ReportingStatus for
2514         ContentSecurityPolicy::ReportingStatus as the enum has moved from class ContentSecurityPolicy to this class.
2515         (WebCore::ContentSecurityPolicyDirectiveList::allowInlineEventHandlers): Ditto.
2516         (WebCore::ContentSecurityPolicyDirectiveList::allowInlineScript): Ditto.
2517         (WebCore::ContentSecurityPolicyDirectiveList::allowInlineStyle): Ditto.
2518         (WebCore::ContentSecurityPolicyDirectiveList::allowEval): Ditto.
2519         (WebCore::ContentSecurityPolicyDirectiveList::allowPluginType): Ditto.
2520         (WebCore::ContentSecurityPolicyDirectiveList::allowScriptFromSource): Ditto.
2521         (WebCore::ContentSecurityPolicyDirectiveList::allowObjectFromSource): Ditto.
2522         (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Ditto.
2523         (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Ditto.
2524         (WebCore::ContentSecurityPolicyDirectiveList::allowImageFromSource): Ditto.
2525         (WebCore::ContentSecurityPolicyDirectiveList::allowStyleFromSource): Ditto.
2526         (WebCore::ContentSecurityPolicyDirectiveList::allowFontFromSource): Ditto.
2527         (WebCore::ContentSecurityPolicyDirectiveList::allowMediaFromSource): Ditto.
2528         (WebCore::ContentSecurityPolicyDirectiveList::allowConnectToSource): Ditto.
2529         (WebCore::ContentSecurityPolicyDirectiveList::allowFormAction): Ditto.
2530         (WebCore::ContentSecurityPolicyDirectiveList::allowBaseURI): Ditto.
2531         (WebCore::ContentSecurityPolicyDirectiveList::allowFrameAncestors): Ditto.
2532         * page/csp/ContentSecurityPolicyDirectiveList.h:
2533
2534 2016-03-17  Brent Fulgham  <bfulgham@apple.com>
2535
2536         [XSS Auditor] Off by one in XSSAuditor::canonicalizedSnippetForJavaScript()
2537         https://bugs.webkit.org/show_bug.cgi?id=155624
2538         <rdar://problem/25219962>
2539
2540         Unreviewed merge from Blink (patch by Tom Sepez <tsepez@chromium.org>):
2541         <https://src.chromium.org/viewvc/blink?revision=201803&view=revision>
2542
2543         Test: http/tests/security/xssAuditor/script-tag-with-trailing-script-and-urlencode.html
2544
2545         * html/parser/XSSAuditor.cpp:
2546         (WebCore::XSSAuditor::canonicalizedSnippetForJavaScript): Correct off-by-one error.
2547
2548 2016-03-17  Zalan Bujtas  <zalan@apple.com>
2549
2550         Images in feed on ebay.com jiggle when one is hovered
2551         https://bugs.webkit.org/show_bug.cgi?id=155608
2552         <rdar://problem/25160681>
2553
2554         The content offset in compositing layer = subpixel gap between the graphics layer and the layer bounds + layer bounds top left.
2555
2556         Reviewed by Simon Fraser.
2557
2558         Test: compositing/hidpi-viewport-clipping-on-composited-content.html
2559
2560         * rendering/RenderLayerBacking.cpp:
2561         (WebCore::RenderLayerBacking::updateGeometry):
2562         (WebCore::RenderLayerBacking::contentOffsetInCompostingLayer):
2563         * rendering/RenderLayerBacking.h:
2564
2565 2016-03-17  Zalan Bujtas  <zalan@apple.com>
2566
2567         Don't initiate a style recall while drawing text 
2568         https://bugs.webkit.org/show_bug.cgi?id=155618
2569
2570         Reviewed by Simon Fraser.
2571
2572         This patch ensures that we don't initiate a style recalc while in the middle of text drawing.
2573
2574         Test: fast/canvas/crash-while-resizing-canvas.html
2575
2576         * html/canvas/CanvasRenderingContext2D.cpp:
2577         (WebCore::CanvasRenderingContext2D::drawTextInternal):
2578
2579 2016-03-17  Commit Queue  <commit-queue@webkit.org>
2580
2581         Unreviewed, rolling out r198335.
2582         https://bugs.webkit.org/show_bug.cgi?id=155617
2583
2584         This change caused existing LayoutTests to crash
2585         intermittently (Requested by ryan|afk on #webkit).
2586
2587         Reverted changeset:
2588
2589         "DataURLDecoder::DecodingResultDispatcher may get deleted
2590         outside main thread"
2591         https://bugs.webkit.org/show_bug.cgi?id=155584
2592         http://trac.webkit.org/changeset/198335
2593
2594 2016-03-17  Eric Carlson  <eric.carlson@apple.com>
2595
2596         Improve some metadata tests
2597         https://bugs.webkit.org/show_bug.cgi?id=155616
2598
2599         Reviewed by Saam Barati.
2600
2601         * html/track/DataCue.cpp:
2602         (WebCore::DataCue::DataCue):
2603         (WebCore::DataCue::setData):
2604
2605 2016-03-17  Myles C. Maxfield  <mmaxfield@apple.com>
2606
2607         [RTL Scrollbars] Position: absolute divs are covered by vertical scrollbar
2608         https://bugs.webkit.org/show_bug.cgi?id=155531
2609
2610         Reviewed by Darin Adler.
2611
2612         This patch updates ScrollView::documentScrollPositionRelativeToViewOrigin(), which is
2613         a helper function primarily used by WebCore::ScrollView::viewToContents() and
2614         WebCore::ScrollView::contentsToView().
2615
2616         Tests: fast/scrolling/rtl-scrollbars-elementFromPoint-static.html
2617                fast/scrolling/rtl-scrollbars-elementFromPoint.html
2618                fast/scrolling/rtl-scrollbars-iframe-offset.html
2619                fast/scrolling/rtl-scrollbars-iframe-position-absolute.html
2620                fast/scrolling/rtl-scrollbars-iframe-scrolled.html
2621                fast/scrolling/rtl-scrollbars-iframe.html
2622                fast/scrolling/rtl-scrollbars-overflow-elementFromPoint.html
2623                fast/scrolling/rtl-scrollbars-overflow-position-absolute.html
2624                fast/scrolling/rtl-scrollbars-overflow-text-selection-scrolled.html
2625                fast/scrolling/rtl-scrollbars-position-absolute.html
2626                fast/scrolling/rtl-scrollbars-position-fixed.html
2627                fast/scrolling/rtl-scrollbars-text-selection-scrolled.html
2628                fast/scrolling/rtl-scrollbars-text-selection.html
2629
2630         * platform/ScrollView.cpp:
2631         (WebCore::ScrollView::documentScrollPositionRelativeToViewOrigin):
2632
2633 2016-03-17  Filip Pizlo  <fpizlo@apple.com>
2634
2635         Replace all of the various non-working and non-compiling sampling profiler hacks with a single super hack
2636         https://bugs.webkit.org/show_bug.cgi?id=155561
2637
2638         Reviewed by Saam Barati.
2639
2640         No new tests because no new behavior.
2641
2642         * platform/audio/ios/MediaSessionManagerIOS.mm:
2643         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
2644
2645 2016-03-17  Brent Fulgham  <bfulgham@apple.com>
2646
2647         Some media tests are flaky.
2648         https://bugs.webkit.org/show_bug.cgi?id=155614
2649
2650         Reviewed by Eric Carlson.
2651
2652         * html/track/TextTrack.cpp:
2653         (WebCore::TextTrack::~TextTrack):
2654
2655 2016-03-17  Brady Eidson  <beidson@apple.com>
2656
2657         Don't try to restore deleted MemoryIndexes if their owning object store is not restored.
2658         https://bugs.webkit.org/show_bug.cgi?id=155068
2659
2660         Reviewed by Alex Christensen.
2661
2662         Test: storage/indexeddb/modern/deleteindex-4-private.html
2663
2664         * Modules/indexeddb/server/MemoryBackingStoreTransaction.cpp:
2665         (WebCore::IDBServer::MemoryBackingStoreTransaction::indexDeleted):
2666
2667 2016-03-17  Doug Russell  <d_russell@apple.com>
2668
2669         AX: attributes to retrieve focusable and editable ancestors
2670         https://bugs.webkit.org/show_bug.cgi?id=155554
2671
2672         Reviewed by Chris Fleizach.
2673
2674         Add attributes to help give context to focus changes:
2675         AXFocusableAncestor - nearest accessibility ancestor that returns true for
2676         canSetFocusAttribute().
2677         AXEditableAncestor - nearest accessibility ancestor that returns true for
2678         isTextControl().
2679         AXHighestEditableAncestor - highest element in accessibility that returns true
2680         for isTextControl().
2681
2682         Test: accessibility/mac/ancestor-attributes.html
2683
2684         * accessibility/AccessibilityNodeObject.cpp:
2685         * accessibility/AccessibilityObject.cpp:
2686         (WebCore::AccessibilityObject::focusableAncestor):
2687         (WebCore::AccessibilityObject::editableAncestor):
2688         (WebCore::AccessibilityObject::highestEditableAncestor):
2689         * accessibility/AccessibilityObject.h:
2690         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
2691         (-[WebAccessibilityObjectWrapper accessibilityAttributeNames]):
2692         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):
2693
2694 2016-03-17  Sam Weinig  <sam@webkit.org>
2695
2696         Implement document.queryCommandSupported("copy")
2697         https://bugs.webkit.org/show_bug.cgi?id=155548
2698         <rdar://problem/25195295>
2699
2700         Reviewed by Enrica Casucci.
2701
2702         - document.queryCommandSupported("copy") and document.queryCommandSupported("cut") need
2703           to return true if the ClipboardAccessPolicy is either Allow or RequiresUserGesture.
2704           But, document.queryCommandEnabled("copy") and document.queryCommandEnabled("cut")
2705           should still return false when there is no user gesture. I also had to maintain a weird
2706           quirk that copy and cut should be allowed to execute, and thus fire the oncopy and oncut
2707           events, even when disabled, if coming from a "MenuOrKeyBinding" source. To do this, I
2708           upgraded the allowExecutionWhenDisabled bit to a function taking a source, and return true
2709           only when the correct source is specified.
2710
2711         * editing/Editor.h:
2712         * editing/EditorCommand.cpp:
2713         (WebCore::defaultValueForSupportedCopyCut):
2714         (WebCore::allowCopyCutFromDOM):
2715         (WebCore::enabledCopy):
2716         (WebCore::enabledCut):
2717         (WebCore::allowExecutionWhenDisabled):
2718         (WebCore::doNotAllowExecutionWhenDisabled):
2719         (WebCore::allowExecutionWhenDisabledCopyCut):
2720         (WebCore::Editor::Command::execute):
2721         (WebCore::Editor::Command::allowExecutionWhenDisabled):
2722
2723 2016-03-17  Antti Koivisto  <antti@apple.com>
2724
2725         DataURLDecoder::DecodingResultDispatcher may get deleted outside main thread
2726         https://bugs.webkit.org/show_bug.cgi?id=155584
2727         rdar://problem/24492104
2728
2729         Reviewed by Chris Dumez.
2730
2731         This is unsafe as it owns strings and other types that are only safe to delete in the main thread.
2732
2733         * platform/network/DataURLDecoder.cpp:
2734         (WebCore::DataURLDecoder::DecodingResultDispatcher::dispatch):
2735
2736             The problem is that this was a refcounted type. This created a race. If the timer fired before dispatch()
2737             was exited the implicit deref here would trigger the deletion in the dispatching thread.
2738
2739             Fix by getting rid of the unnecessary refcounting. Timer firing will now delete the instance explicitly.
2740
2741         (WebCore::DataURLDecoder::DecodingResultDispatcher::startTimer):
2742         (WebCore::DataURLDecoder::DecodingResultDispatcher::timerFired):
2743
2744 2016-03-17  Commit Queue  <commit-queue@webkit.org>
2745
2746         Unreviewed, rolling out r198201.
2747         https://bugs.webkit.org/show_bug.cgi?id=155585
2748
2749         That was not the proper solution (Requested by KaL on
2750         #webkit).
2751
2752         Reverted changeset:
2753
2754         "REGRESSION (r197724): [GTK] Web Inspector: Images being
2755         blocked by CSP 2.0"
2756         https://bugs.webkit.org/show_bug.cgi?id=155432
2757         http://trac.webkit.org/changeset/198201
2758
2759 2016-03-16  Chris Fleizach  <cfleizach@apple.com>
2760
2761         AX: Implement AutoFill Available attribute for a text field
2762         https://bugs.webkit.org/show_bug.cgi?id=155567
2763
2764         Reviewed by Darin Adler.
2765
2766         Expose the auto fill buttons to the AX hierarchy.
2767         Add an attribute for the textfield to inform when the auto fill button is available.
2768
2769         Test: accessibility/auto-fill-types.html
2770
2771         * English.lproj/Localizable.strings:
2772         * accessibility/AccessibilityObject.cpp:
2773         (WebCore::AccessibilityObject::element):
2774         (WebCore::AccessibilityObject::isValueAutofillAvailable):
2775         (WebCore::AccessibilityObject::isValueAutofilled):
2776         * accessibility/AccessibilityObject.h:
2777         (WebCore::AccessibilityObject::passwordFieldValue):
2778         * accessibility/AccessibilityRenderObject.cpp:
2779         (WebCore::AccessibilityRenderObject::addTextFieldChildren):
2780         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
2781         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):
2782         * html/TextFieldInputType.cpp:
2783         (WebCore::limitLength):
2784         (WebCore::autoFillButtonTypeToAccessibilityLabel):
2785         (WebCore::autoFillButtonTypeToAutoFillButtonPseudoClassName):
2786         (WebCore::TextFieldInputType::createAutoFillButton):
2787         (WebCore::TextFieldInputType::updateAutoFillButton):
2788         * platform/LocalizedStrings.cpp:
2789         (WebCore::AXListItemActionVerb):
2790         (WebCore::AXAutoFillCredentialsLabel):
2791         (WebCore::AXAutoFillContactsLabel):
2792         (WebCore::AXARIAContentGroupText):
2793         * platform/LocalizedStrings.h:
2794
2795 2016-03-17  Csaba Osztrogonác  <ossy@webkit.org>
2796
2797         [Mac][cmake] Unreviewed speculative buildfix after r198179. Just for fun.
2798
2799         * PlatformMac.cmake:
2800
2801 2016-03-17  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2802
2803         [Fetch API] response-consume.html is crashing on Mac WK1 Debug builds
2804         https://bugs.webkit.org/show_bug.cgi?id=155490
2805
2806         Reviewed by Darin Adler.
2807
2808         Covered by existing tests.
2809
2810         Ensured to lock state before calling JSC:JSONParse.
2811         Adding fulfillPromiseWithJSON routine to handle it.
2812         Applied it to FetchBody.
2813
2814         * Modules/fetch/FetchBody.cpp:
2815         (WebCore::FetchBody::json):
2816         (WebCore::FetchBody::loadedAsText):
2817         (WebCore::FetchBody::resolveAsJSON): Deleted.
2818         * Modules/fetch/FetchBody.h:
2819         * Modules/fetch/FetchBodyOwner.cpp:
2820         (WebCore::FetchBodyOwner::loadedBlobAsText):
2821         * bindings/js/JSDOMPromise.cpp:
2822         (WebCore::parseAsJSON):
2823         (WebCore::fulfillPromiseWithJSON):
2824         * bindings/js/JSDOMPromise.h:
2825
2826 2016-03-17  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2827
2828         WebRTC: Update RTCIceCandidate
2829         https://bugs.webkit.org/show_bug.cgi?id=155535
2830
2831         Reviewed by Eric Carlson.
2832
2833         Update the RTCIceCandidate constructor procedure to match the WebRTC 1.0 specification [1].
2834         In short: The "candidate" init dictionary member is required. At least one of the dictionary
2835         members "sdpMid" and "sdpMLine" needs to be present; the corresponding attribute of the
2836         other, is initialized to null.
2837
2838         [1] https://w3c.github.io/webrtc-pc/archives/20160215/webrtc.html
2839
2840         Tests: Updated fast/mediastream/RTCIceCandidate.htm
2841
2842         * Modules/mediastream/RTCIceCandidate.cpp:
2843         (WebCore::RTCIceCandidate::create):
2844         (WebCore::RTCIceCandidate::RTCIceCandidate):
2845         * Modules/mediastream/RTCIceCandidate.h:
2846         (WebCore::RTCIceCandidate::sdpMLineIndex):
2847         (WebCore::RTCIceCandidate::setSdpMLineIndex):
2848         * Modules/mediastream/RTCIceCandidate.idl:
2849         * bindings/js/JSRTCIceCandidateCustom.cpp:
2850         (WebCore::JSRTCIceCandidate::sdpMid):
2851         (WebCore::JSRTCIceCandidate::sdpMLineIndex):
2852
2853 2016-03-16  Nikos Andronikos  <nikos.andronikos-webkit@cisra.canon.com.au>
2854
2855         SVG tear offs should return a const reference if possible
2856         https://bugs.webkit.org/show_bug.cgi?id=153214
2857
2858         Reviewed by Alex Christensen.
2859
2860         A smaller change than expected because the returned reference is being copied into a value in additional locations that baseVal and animVal are used.
2861
2862         No new tests as there is no change in behaviour.
2863
2864         * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
2865         * svg/properties/SVGAnimatedStaticPropertyTearOff.h:
2866         (WebCore::SVGAnimatedStaticPropertyTearOff::baseVal):
2867         (WebCore::SVGAnimatedStaticPropertyTearOff::animVal):
2868
2869 2016-03-16  Chris Dumez  <cdumez@apple.com>
2870
2871         Unreviewed, partial roll out of r197254.
2872         <rdar://problem/25078552>
2873
2874         It caused a ~1.1% PLT regression on iOS.
2875
2876         * loader/FrameLoader.cpp:
2877         (WebCore::FrameLoader::commitProvisionalLoad): Deleted.
2878
2879 2016-03-16  Enrica Casucci  <enrica@apple.com>
2880
2881         Recognize mailto and tel url as data detector links.
2882         https://bugs.webkit.org/show_bug.cgi?id=155569
2883         rdar://problem/24836185
2884
2885         Reviewed by Sam Weinig.
2886
2887         When we check if the element is a data detector link,
2888         we should return true also for URLs with mailto: and tel: scheme.
2889
2890         * editing/cocoa/DataDetection.mm:
2891         (WebCore::DataDetection::isDataDetectorLink):
2892
2893 2016-03-16  Zalan Bujtas  <zalan@apple.com>
2894
2895         Subpixel rendering: Directly composited image layers need pixelsnapping.
2896         https://bugs.webkit.org/show_bug.cgi?id=155558
2897
2898         Reviewed by Simon Fraser.
2899
2900         In order to match non-composited image size/position, we need to pixelsnap both the contents and the clipping
2901         layer bounds for directly composited images.
2902
2903         Test: fast/images/hidpi-directly-composited-image-on-subpixel-position.html
2904
2905         * rendering/RenderLayerBacking.cpp:
2906         (WebCore::RenderLayerBacking::resetContentsRect):
2907         (WebCore::RenderLayerBacking::updateChildClippingStrategy):
2908         (WebCore::RenderLayerBacking::updateImageContents):
2909
2910 2016-03-16  Beth Dakin  <bdakin@apple.com>
2911
2912         Provide NSSpellChecker spellChecking methods with the current insertion point
2913         https://bugs.webkit.org/show_bug.cgi?id=155532
2914         -and corresponding-
2915         rdar://problem/24066952
2916
2917         Reviewed by Simon Fraser.
2918
2919         Pass the Frame’s selection to a handful of spelling checking methods that 
2920         call into WebKit/WebKit2 to ultimately call into NSSpellChecker.
2921         * accessibility/AccessibilityObject.cpp:
2922         (WebCore::AccessibilityObject::hasMisspelling):
2923         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
2924         (AXAttributeStringSetSpelling):
2925         * editing/AlternativeTextController.cpp:
2926         (WebCore::AlternativeTextController::timerFired):
2927         * editing/Editor.cpp:
2928         (WebCore::Editor::guessesForMisspelledWord):
2929         (WebCore::Editor::markAllMisspellingsAndBadGrammarInRanges):
2930         * editing/SpellChecker.cpp:
2931         (WebCore::SpellChecker::invokeRequest):
2932         (WebCore::SpellChecker::enqueueRequest):
2933         * editing/TextCheckingHelper.cpp:
2934         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
2935         (WebCore::TextCheckingHelper::guessesForMisspelledOrUngrammaticalRange):
2936         (WebCore::TextCheckingHelper::unifiedTextCheckerEnabled):
2937         (WebCore::checkTextOfParagraph):
2938         * editing/TextCheckingHelper.h:
2939         * loader/EmptyClients.cpp:
2940         (WebCore::EmptyFrameLoaderClient::createNetworkingContext):
2941         (WebCore::EmptyTextCheckerClient::requestCheckingOfString):
2942         * loader/EmptyClients.h:
2943         * platform/text/TextCheckerClient.h:
2944         (WebCore::TextCheckerClient::~TextCheckerClient):
2945
2946         The key needed to include the insertion point.
2947         * platform/spi/mac/NSSpellCheckerSPI.h:
2948
2949 2016-03-16  Alex Christensen  <achristensen@webkit.org>
2950
2951         Fix assertion failure on drive.google.com after r196052
2952         https://bugs.webkit.org/show_bug.cgi?id=155562
2953
2954         Reviewed by Jer Noble.
2955
2956         * rendering/RenderGeometryMap.cpp:
2957         (WebCore::RenderGeometryMap::mapToContainer):
2958         Change float equality check to areEssentiallyEqual.
2959         This assertion was failing because rendererMappedResult was (944.335693, 232.047409)
2960         but result was (944.335693, 232.047394).  They differ by (0, 0.000015).
2961
2962 2016-03-16  Nan Wang  <n_wang@apple.com>
2963
2964         AX: Expose aria-current status to children
2965         https://bugs.webkit.org/show_bug.cgi?id=155469
2966
2967         Reviewed by Chris Fleizach.
2968
2969         Added aria-current to the global ARIA attributes list.
2970
2971         Test: accessibility/aria-current-global-attribute.html
2972
2973         * accessibility/AccessibilityObject.cpp:
2974         (WebCore::AccessibilityObject::supportsARIAAttributes):
2975
2976 2016-03-16  Tim Horton  <timothy_horton@apple.com>
2977
2978         [mac] Printing test snapshots are upside-down after r198242
2979         https://bugs.webkit.org/show_bug.cgi?id=155543
2980
2981         Reviewed by Simon Fraser.
2982
2983         * page/PrintContext.cpp:
2984         (WebCore::PrintContext::spoolAllPagesWithBoundaries):
2985         Stop PLATFORM(COCOA)-conditionally flipping here. Just paint.
2986         This function is only used by the test runners so this doesn't have a
2987         huge impact on anything else.
2988
2989 2016-03-16  Daniel Bates  <dabates@apple.com>
2990
2991         Update WebKit Feature Status page to include the status of Content Security Policy Level 2 and Level 3
2992
2993         * features.json:
2994
2995 2016-03-16  Daniel Bates  <dabates@apple.com>
2996
2997         <video> and <audio> elements do not obey Content Security Policy on redirect
2998         https://bugs.webkit.org/show_bug.cgi?id=155509
2999         <rdar://problem/10234844>
3000
3001         Reviewed by Alex Christensen.
3002
3003         Fixes an issue where the Content Security Policy of the page was not enforced
3004         on redirects when loading a media subresource via an HTML video or HTML audio
3005         element.
3006
3007         Tests: http/tests/security/contentSecurityPolicy/audio-redirect-allowed.html
3008                http/tests/security/contentSecurityPolicy/audio-redirect-blocked.html
3009                http/tests/security/contentSecurityPolicy/font-redirect-allowed.html
3010                http/tests/security/contentSecurityPolicy/font-redirect-blocked.html
3011                http/tests/security/contentSecurityPolicy/image-redirect-allowed.html
3012                http/tests/security/contentSecurityPolicy/image-redirect-blocked.html
3013                http/tests/security/contentSecurityPolicy/script-redirect-allowed.html
3014                http/tests/security/contentSecurityPolicy/script-redirect-blocked.html
3015                http/tests/security/contentSecurityPolicy/stylesheet-redirect-allowed.html
3016                http/tests/security/contentSecurityPolicy/stylesheet-redirect-blocked.html
3017                http/tests/security/contentSecurityPolicy/svg-font-redirect-allowed.html
3018                http/tests/security/contentSecurityPolicy/svg-font-redirect-blocked.html
3019                http/tests/security/contentSecurityPolicy/svg-image-redirect-allowed.html
3020                http/tests/security/contentSecurityPolicy/svg-image-redirect-blocked.html
3021                http/tests/security/contentSecurityPolicy/track-redirect-allowed.html
3022                http/tests/security/contentSecurityPolicy/track-redirect-blocked.html
3023                http/tests/security/contentSecurityPolicy/video-redirect-allowed.html
3024                http/tests/security/contentSecurityPolicy/video-redirect-blocked.html
3025                http/tests/security/contentSecurityPolicy/xsl-redirect-allowed.html
3026                http/tests/security/contentSecurityPolicy/xsl-redirect-blocked.html
3027
3028         * inspector/InspectorPageAgent.cpp:
3029         (WebCore::InspectorPageAgent::cachedResourceContent): Treat media resources as raw resources just as we do currently.
3030         (WebCore::InspectorPageAgent::cachedResourceType): Ditto.
3031         * loader/MediaResourceLoader.cpp:
3032         (WebCore::MediaResourceLoader::requestResource): Modified to use CachedResourceLoader::requestMedia() instead
3033         of CachedResourceLoader::requestRawResource() so that we can differentiate between a media resource and a raw
3034         resource in CachedResourceLoader. Added FIXME comment to skip checking the Content Security Policy for loads
3035         initiated by an element in a user agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505> for
3036         more details.
3037         * loader/ResourceLoadInfo.cpp:
3038         (WebCore::toResourceType): Treat media resources as raw resources just as we do currently. Also, add cases for
3039         CachedResource::LinkPrefetch and CachedResource::LinkSubresource (when ENABLE(LINK_PREFETCH) is enabled) and
3040         remove the default statement to force a compile-time error when a new CachedResource enumerator is added and
3041         the switch block in this function is not updated.
3042         * loader/SubresourceLoader.cpp:
3043         (WebCore::logResourceLoaded): Ditto.
3044         * loader/cache/CachedRawResource.cpp:
3045         (WebCore::CachedRawResource::CachedRawResource): Substitute CachedResource::isMainOrMediaOrRawResource() for
3046         CachedResource::isMainOrRawResource() as the latter was renamed to the former.
3047         * loader/cache/CachedRawResource.h:
3048         (isType): Ditto.
3049         * loader/cache/CachedResource.cpp:
3050         (WebCore::defaultPriorityForResourceType): Use priority ResourceLoadPriority::Medium for media resources just as
3051         we do currently.
3052         * loader/cache/CachedResource.h:
3053         (WebCore::CachedResource::isMainOrMediaOrRawResource): Formerly named isMainOrRawResource. Returns true if the type
3054         of this resource is a main resource, media resource, or raw resource.
3055         (WebCore::CachedResource::isMainOrRawResource): Deleted.
3056         * loader/cache/CachedResourceLoader.cpp:
3057         (WebCore::createResource): Treat media resources as raw resources just as we do currently.
3058         (WebCore::CachedResourceLoader::requestMedia): Added.
3059         (WebCore::contentTypeFromResourceType): Consider media resources as MixedContentChecker::ContentType::Active
3060         just as we do currently.
3061         (WebCore::CachedResourceLoader::checkInsecureContent): Apply the mixed content policy to media resources
3062         just as we do currently.
3063         (WebCore::CachedResourceLoader::canRequest): Apply the Same Origin Policy to media resources just as we
3064         do currently. Query the Content Security Policy of the page to determine if the media resource can be
3065         requested.
3066         (WebCore::CachedResourceLoader::determineRevalidationPolicy): Substitute CachedResource::isMainOrMediaOrRawResource()
3067         for CachedResource::isMainOrRawResource() as the latter was renamed to the former.
3068         * loader/cache/CachedResourceLoader.h:
3069         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
3070         (WebCore::WebCoreAVFResourceLoader::startLoading): Modified to use CachedResourceLoader::requestMedia() instead
3071         of CachedResourceLoader::requestRawResource() so that we can differentiate between a media resource and a raw
3072         resource in CachedResourceLoader. Added FIXME comment to skip checking the Content Security Policy for loads
3073         initiated by an element in a user agent shadow tree. See <https://bugs.webkit.org/show_bug.cgi?id=155505> for
3074         more details. Additionally, simplified code that determined whether to request the media resource or error out
3075         by coalescing two conditional expressions into one conditional on whether we have a loader and substituted
3076         nullptr for 0.
3077
3078 2016-03-16  Chris Dumez  <cdumez@apple.com>
3079
3080         Unreviewed, rolling out r198235, r198240, r198241, and
3081         r198252.
3082
3083         Causing crashes on ARM
3084
3085         Reverted changesets:
3086
3087         "Remove compile time define for SEPARATED_HEAP"
3088         https://bugs.webkit.org/show_bug.cgi?id=155508
3089         http://trac.webkit.org/changeset/198235
3090
3091         "Gardening: build fix after r198235."
3092         http://trac.webkit.org/changeset/198240
3093
3094         "Build fix."
3095         http://trac.webkit.org/changeset/198241
3096
3097         "Rename performJITMemcpy to something more inline with our
3098         normal webkit function names"
3099         https://bugs.webkit.org/show_bug.cgi?id=155525
3100         http://trac.webkit.org/changeset/198252
3101
3102 2016-03-16  Jiewen Tan  <jiewen_tan@apple.com>
3103
3104         URL Parsing should signal failure for illegal IDN
3105         https://bugs.webkit.org/show_bug.cgi?id=154945
3106         <rdar://problem/8014795>
3107
3108         Reviewed by Brent Fulgham.
3109
3110         WebCore::URL will now invalidate URLs with illegal IDN. And functions inside WebCoreNSURLExtras.h
3111         that deal with IDN mapping will now return nil to signal error.
3112
3113         Test: fast/url/invalid-idn.html
3114
3115         * platform/URL.cpp:
3116         (WebCore::isSchemeFirstChar):
3117         (WebCore::URL::init):
3118         (WebCore::appendEncodedHostname):
3119         (WebCore::encodeHostnames):
3120         (WebCore::encodeRelativeString):
3121         * platform/mac/WebCoreNSURLExtras.h:
3122         * platform/mac/WebCoreNSURLExtras.mm:
3123         (WebCore::mapHostNameWithRange):
3124         (WebCore::hostNameNeedsDecodingWithRange):
3125         (WebCore::hostNameNeedsEncodingWithRange):
3126         (WebCore::decodeHostNameWithRange):
3127         (WebCore::encodeHostNameWithRange):
3128         (WebCore::decodeHostName):
3129         (WebCore::encodeHostName):
3130         (WebCore::collectRangesThatNeedMapping):
3131         (WebCore::mapHostNames):
3132         (WebCore::URLWithData):
3133         (WebCore::dataWithUserTypedString):
3134         (WebCore::URLWithUserTypedString):
3135         (WebCore::URLWithUserTypedStringDeprecated):
3136         (WebCore::userVisibleString):
3137
3138 2016-03-16  Antti Koivisto  <antti@apple.com>
3139
3140         Don't invalidate style unnecessarily when setting inline style cssText
3141         https://bugs.webkit.org/show_bug.cgi?id=155541
3142         rdar://problem/23318893
3143
3144         Reviewed by Simon Fraser.
3145
3146         We currently invalidate style when cssText is set whether the style declaration changed or not.
3147
3148         Based on a patch by Simon.
3149
3150         Test: fast/css/style-invalidation-inline-csstext.html
3151
3152         * css/PropertySetCSSStyleDeclaration.cpp:
3153         (WebCore::PropertySetCSSStyleDeclaration::cssText):
3154         (WebCore::PropertySetCSSStyleDeclaration::setCssText):
3155
3156             Invalidate only if the parsed style changed.
3157
3158         * css/StyleProperties.cpp:
3159         (WebCore::MutableStyleProperties::parseDeclaration):
3160
3161             Compare the original and new style after parsing, return result.
3162
3163         * css/StyleProperties.h:
3164
3165 2016-03-16  Carlos Garcia Campos  <cgarcia@igalia.com>
3166
3167         REGRESSION(r195661): [GTK] very slow scrolling
3168         https://bugs.webkit.org/show_bug.cgi?id=155334
3169
3170         Reviewed by Sergio Villar Senin.
3171
3172         Fix smooth scrolling behaviour change after r195661.
3173
3174         * platform/ScrollAnimationSmooth.cpp:
3175         (WebCore::getAnimationParametersForGranularity): Fix a typo,
3176         animationTime for pixel granularity should be 11 * tickTime.
3177         (WebCore::ScrollAnimationSmooth::animateScroll): Previous code
3178         reset all the data except the visibleLenght, so keep it in the
3179         PerAxisData after the reset.
3180
3181 2016-03-16  Commit Queue  <commit-queue@webkit.org>
3182
3183         Unreviewed, rolling out r196803.
3184         https://bugs.webkit.org/show_bug.cgi?id=155534
3185
3186         Introduced several rendering issues in popular websites
3187         (Requested by KaL on #webkit).
3188
3189         Reverted changeset:
3190
3191         "[GTK] Limit the number of tiles according to the visible
3192         area"
3193         https://bugs.webkit.org/show_bug.cgi?id=126122
3194         http://trac.webkit.org/changeset/196803
3195
3196 2016-03-15  Zalan Bujtas  <zalan@apple.com>
3197
3198         Remove overflow: -webkit-marquee
3199         https://bugs.webkit.org/show_bug.cgi?id=155517
3200         <rdar://problem/25028481>
3201
3202         Reviewed by Simon Fraser.
3203
3204         This patch is based on Blink patch from jchaffraix@chromium.org (https://src.chromium.org/viewvc/blink?revision=151756&view=revision)
3205
3206         * css/CSSParser.cpp:
3207         (WebCore::isValidKeywordPropertyAndValue):
3208         * css/CSSPrimitiveValueMappings.h:
3209         (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Deleted.
3210         (WebCore::CSSPrimitiveValue::operator EOverflow): Deleted.
3211         * css/CSSValueKeywords.in:
3212         * css/StyleResolver.cpp:
3213         (WebCore::StyleResolver::adjustRenderStyle):
3214         * css/html.css:
3215         (marquee): Deleted.
3216         * rendering/RenderBox.cpp:
3217         (WebCore::RenderBox::sizesLogicalWidthToFitContent):
3218         * rendering/RenderLayer.cpp:
3219         (WebCore::RenderLayer::scrollTo):
3220         (WebCore::RenderLayer::updateScrollInfoAfterLayout):
3221         (WebCore::RenderLayer::calculateClipRects):
3222         * rendering/RenderLayer.h:
3223         * rendering/RenderMarquee.h:
3224         * rendering/style/RenderStyleConstants.h:
3225
3226 2016-03-15  Joanmarie Diggs  <jdiggs@igalia.com>
3227
3228         AX: Expose pointers to SVG elements referenced by aria-labelledby
3229         https://bugs.webkit.org/show_bug.cgi?id=155481
3230
3231         Reviewed by Chris Fleizach.
3232
3233         Expose elements referenced by aria-labelledby via ATK_RELATION_LABELLED_BY.
3234         Stop calling the supportsARIA* methods before getting the elements referred
3235         to by the associated ARIA property in the accessible wrapper for ATK and
3236         the inspector: Getting the elements will be just as fast when there are no
3237         such elements, and faster when there are.
3238
3239         Modified the w3c-svg-name-calculation.html test to include AXTitleUIElement
3240         in its output.
3241
3242         * accessibility/AccessibilityObject.cpp:
3243         (WebCore::AccessibilityObject::supportsARIAAttributes):
3244         (WebCore::AccessibilityObject::ariaElementsFromAttribute): Added.
3245         (WebCore::AccessibilityObject::ariaControlsElements): Added.
3246         (WebCore::AccessibilityObject::ariaDescribedByElements): Added.
3247         (WebCore::AccessibilityObject::ariaFlowToElements): Added.
3248         (WebCore::AccessibilityObject::ariaLabelledByElements): Added.
3249         (WebCore::AccessibilityObject::ariaOwnsElements): Added.
3250         * accessibility/AccessibilityObject.h:
3251         (WebCore::AccessibilityObject::ariaOwnsElements): No longer virtual.
3252         (WebCore::AccessibilityObject::supportsARIAFlowTo): Deleted.
3253         (WebCore::AccessibilityObject::ariaFlowToElements): No longer virtual.
3254         (WebCore::AccessibilityObject::supportsARIADescribedBy): Deleted.
3255         (WebCore::AccessibilityObject::ariaDescribedByElements): No longer virtual.
3256         (WebCore::AccessibilityObject::supportsARIAControls): Deleted.
3257         (WebCore::AccessibilityObject::ariaControlsElements): No longer virtual.
3258         * accessibility/AccessibilityRenderObject.cpp:
3259         (WebCore::AccessibilityRenderObject::ariaElementsFromAttribute): Moved to AccessibilityObject.
3260         (WebCore::AccessibilityRenderObject::supportsARIAFlowTo): Deleted.
3261         (WebCore::AccessibilityRenderObject::ariaFlowToElements): Moved to AccessibilityObject.
3262         (WebCore::AccessibilityRenderObject::supportsARIADescribedBy): Deleted.
3263         (WebCore::AccessibilityRenderObject::ariaDescribedByElements): Moved to AccessibilityObject.
3264         (WebCore::AccessibilityRenderObject::supportsARIAControls): Deleted.
3265         (WebCore::AccessibilityRenderObject::ariaControlsElements): Moved to AccessibilityObject.
3266         (WebCore::AccessibilityRenderObject::ariaOwnsElements): Moved to AccessibilityObject.
3267         * accessibility/AccessibilityRenderObject.h:
3268         * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
3269         (setAtkRelationSetFromCoreObject):
3270         * inspector/InspectorDOMAgent.cpp:
3271         (WebCore::InspectorDOMAgent::buildObjectForAccessibilityProperties):
3272
3273 2016-03-15  Simon Fraser  <simon.fraser@apple.com>
3274
3275         Occasional crash under GraphicsContext::platformContext when dragging Google maps
3276         https://bugs.webkit.org/show_bug.cgi?id=155521
3277         rdar://problem/24357307
3278
3279         Reviewed by Tim Horton.
3280
3281         It's possible for createDragImageForSelection() to return a null image, if the bounds
3282         of the selection are an empty rect. That would cause a crash under convertImageToBitmap()
3283         because a zero-sized ShareableBitmap will return a null GraphicsContext.
3284         
3285         To avoid this, early return from DragController::startDrag() if the dragImage is null.
3286         
3287         I wasn't able to come up with a test for this.
3288
3289         * page/DragController.cpp:
3290         (WebCore::DragController::startDrag):
3291
3292 2016-03-15  Tim Horton  <timothy_horton@apple.com>
3293
3294         iOS <attachment> element should allow customization of action text color
3295         https://bugs.webkit.org/show_bug.cgi?id=155513
3296         <rdar://problem/24805991>
3297
3298         Reviewed by Simon Fraser.
3299
3300         Test: fast/attachment/attachment-action.html
3301
3302         * css/html.css:
3303         (attachment):
3304         On iOS (the only place it is used), <attachment> color should default to system blue.
3305
3306         * rendering/RenderThemeIOS.mm:
3307         (WebCore::attachmentActionColor):
3308         (WebCore::AttachmentInfo::AttachmentInfo):
3309         Make use of the <attachment>'s CSS color for the action text.
3310         This is a little weird because there are multiple bits of text in an
3311         <attachment>, but only the action text ever changes color.
3312
3313 2016-03-15  Zalan Bujtas  <zalan@apple.com>
3314
3315         Delay HTMLFormControlElement::focus() call until after layout is finished.
3316         https://bugs.webkit.org/show_bug.cgi?id=155503
3317         <rdar://problem/24046635>
3318
3319         Reviewed by Simon Fraser.
3320
3321         Calling focus on a form element can trigger arbitrary JS code which could interfere with
3322         the ongoing layout. 
3323         This patch delays HTMLFormControlElement::focus() call until after layout is finished.
3324         If we are currently not in the middle of a layout, HTMLFormControlElement::focus() is delayed until
3325         after style resolution is done. 
3326
3327         Covered by LayoutTests/fast/dom/adopt-node-crash-2.html
3328
3329         * accessibility/AccessibilityObject.cpp:
3330         (WebCore::AccessibilityObject::updateBackingStore):
3331         * dom/Document.cpp:
3332         (WebCore::Document::updateStyleIfNeeded):
3333         (WebCore::Document::updateLayout):
3334         (WebCore::Document::updateLayoutIfDimensionsOutOfDate):
3335         * html/HTMLEmbedElement.cpp:
3336         (WebCore::HTMLEmbedElement::renderWidgetLoadingPlugin):
3337         * html/HTMLFormControlElement.cpp:
3338         (WebCore::HTMLFormControlElement::didAttachRenderers):
3339         * page/FrameView.cpp:
3340         (WebCore::FrameView::layout):
3341         (WebCore::FrameView::queuePostLayoutCallback):
3342         (WebCore::FrameView::flushPostLayoutTasksQueue):
3343         (WebCore::FrameView::performPostLayoutTasks):
3344         (WebCore::FrameView::sendResizeEventIfNeeded):
3345         * page/FrameView.h:
3346         * rendering/RenderBox.cpp:
3347         (WebCore::RenderBox::imageChanged):
3348         * rendering/RenderLayer.cpp:
3349         (WebCore::RenderLayer::scrollTo):
3350
3351 2016-03-15  Oliver Hunt  <oliver@apple.com>
3352
3353         Remove compile time define for SEPARATED_HEAP
3354         https://bugs.webkit.org/show_bug.cgi?id=155508
3355
3356         Reviewed by Mark Lam.
3357
3358         Remove the feature define.
3359
3360         * Configurations/FeatureDefines.xcconfig:
3361
3362 2016-03-15  Chris Dumez  <cdumez@apple.com>
3363
3364         Restore pre-r197244 behavior on Mac
3365         https://bugs.webkit.org/show_bug.cgi?id=155507
3366         <rdar://problem/25174132>
3367
3368         Reviewed by Gavin Barraclough.
3369
3370         <http://trac.webkit.org/changeset/197244> changed the session restore
3371         behavior to disallow stale content on all platforms except iOS.
3372         We would also like to maintain the behavior on Mac for performance
3373         reasons and consistency between iOS and Mac.
3374
3375         * loader/FrameLoader.cpp:
3376         (WebCore::FrameLoader::loadDifferentDocumentItem):
3377
3378 2016-03-15  Tim Horton  <timothy_horton@apple.com>
3379
3380         <attachment> on iOS isn't quite vertically centered
3381         https://bugs.webkit.org/show_bug.cgi?id=155502
3382         <rdar://problem/24805991>
3383
3384         Reviewed by Beth Dakin.
3385
3386         No new tests; there are existing tests that will be enabled shortly.
3387
3388         * rendering/RenderThemeIOS.mm:
3389         (WebCore::AttachmentInfo::AttachmentInfo):
3390         We were overcounting the total height of the attachment content by one margin, because each item
3391         would add in its margin, including the last one. Remove one margin.
3392
3393 2016-03-15  Chris Fleizach  <cfleizach@apple.com>
3394
3395         AX: certain elements not included in accessibility tree
3396         https://bugs.webkit.org/show_bug.cgi?id=155480
3397
3398         Reviewed by Beth Dakin.
3399
3400         This test case exposed a hole in the nextSibling logic where you can get into a state where we skip content.
3401         The fix is to check if an inline element continuation has no sibling, to fall back on to the parent case to see if that has a sibling.
3402
3403         Test: accessibility/double-nested-inline-element-missing-from-tree.html
3404
3405         * accessibility/AccessibilityRenderObject.cpp: