4ace6bd0559812f492024df1f80676707ca96927
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>
2
3         REGRESSION(r196268): WTFCrashWithSecurityImplication on SVG path animation tests
4         https://bugs.webkit.org/show_bug.cgi?id=154221
5
6         Reviewed by Brent Fulgham.
7
8         In r196268, a destructor was added to SVGListPropertyTearOff that notifies
9         its wrapper (the SVGAnimatedListPropertyTearoff) about its deletion. This
10         allows the wrapper to nullify any references to the wrapped content.
11         
12         We needed to do the same thing for SVGPathSegListPropertyTearOff. Both
13         SVGPathSegListPropertyTearOff and SVGListPropertyTearOff inherit from
14         SVGListProperty and both hold pointers to SVGAnimatedListPropertyTearOff
15         which needs to be notified.
16         
17         Tests: exiting svg path animation tests should not crash.
18
19         * svg/properties/SVGPathSegListPropertyTearOff.h:
20         (WebCore::SVGPathSegListPropertyTearOff::~SVGPathSegListPropertyTearOff):
21
22 2016-02-16  Said Abou-Hallawa  <sabouhallawa@apple.com>
23
24         REGRESSION (r190430): WTFCrashWithSecurityImplication in:void SVGRootInlineBox::layoutCharactersInTextBoxes()
25         https://bugs.webkit.org/show_bug.cgi?id=154185
26
27         Reviewed by Ryosuke Niwa.
28
29         This is a regression caused by adding support for HTMLSlotElement. The
30         crash happens when adding an HTMLSlotElement to anther element which should
31         not have it as a child like SVGTextElement for example. In this case, we
32         were creating a RenderText which should not be happen inside an SVG document.
33         The RenderText::createTextBox() was creating InlineTextBox for the slot's
34         text and attach it to the SVGRootInlineBox. In layoutCharactersInTextBoxes(),
35         the assumption is the inline box is either SVGInlineTextBox or SVGInlineFlowBox.
36         But since we have an InlineTextBox instead, the crash happens when casting
37         the InlineTextBox to SVGInlineFlowBox.
38
39         The fix is for createRenderTreeForSlotAssignees() to not create a renderer
40         when the parent element should not have a renderer for the this element.
41         This is the same thing we do for createRenderer() which handles the non
42         HTMLSlotElement case and which is called also from createRenderTreeRecursively().
43         
44         Test: fast/shadow-dom/text-slot-child-crash.svg
45
46         * style/StyleTreeResolver.cpp:
47         (WebCore::Style::moveToFlowThreadIfNeeded):
48         (WebCore::Style::TreeResolver::createRenderer): Delete the check for
49         shouldCreateRenderer() and handling the case when resolvedStyle is null
50         since these are handled by the caller createRenderTreeRecursively().
51         
52         (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
53         Assert shouldCreateRenderer() is true for this element.
54         
55         (WebCore::Style::TreeResolver::createRenderTreeRecursively): Don't create
56         the renderer if shouldCreateRenderer() returns false. Also handle the case
57         when resolvedStyle is null and pass the new style to createRenderer().
58         
59         * style/StyleTreeResolver.h:
60
61 2016-02-16  Simon Fraser  <simon.fraser@apple.com>
62
63         Every RenderLayer should not have to remove itself from the scrollableArea set
64         https://bugs.webkit.org/show_bug.cgi?id=154311
65
66         Reviewed by Zalan Bujtas.
67
68         A subset of RenderLayers are are scrollable, and get registered on the FrameView,
69         but we pay the cost of a hash lookup for removal on every RenderLayer, which is a waste.
70         
71         Store a bit that tells RenderLayer that it's in the set and needs to be removed.
72
73         * rendering/RenderLayer.cpp:
74         (WebCore::RenderLayer::RenderLayer):
75         (WebCore::RenderLayer::~RenderLayer):
76         (WebCore::RenderLayer::calculateClipRects):
77         * rendering/RenderLayer.h:
78
79 2016-02-16  Daniel Bates  <dabates@apple.com>
80
81         CSP: Update violation report 'Content-Type' header
82         https://bugs.webkit.org/show_bug.cgi?id=153166
83         <rdar://problem/24383327>
84
85         Reviewed by Brent Fulgham.
86
87         Inspired by Blink patch:
88         <https://src.chromium.org/viewvc/blink?view=rev&revision=154215>
89
90         Post the Content Security Policy violation report with Content-Type application/csp-report as
91         per section Reporting of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/>.
92
93         Currently we post CSP violation reports with Content-Type application/json.
94
95         * html/parser/XSSAuditorDelegate.cpp:
96         (WebCore::XSSAuditorDelegate::didBlockScript): Use report type ViolationReportType::XSSAuditor to PingLoader.
97         * loader/PingLoader.cpp:
98         (WebCore::PingLoader::sendViolationReport): Modified to take argument of type ViolationReportType
99         to determine the appropriate Content-Type header to use for the report. For a XSS Auditor violation report
100         we use Content-Type application/json. For a Content Security Policy violation report we use Content-Type
101         application/csp-report. Additionally, pass a ASCIILiteral() to ResourceRequestBase::setHTTPMethod()
102         as opposed to a constant string literal to avoid a copy of a constant string literal.
103         * loader/PingLoader.h: Add enum class ViolationReportType.
104         * page/csp/ContentSecurityPolicy.cpp:
105         (WebCore::ContentSecurityPolicy::reportViolation): Use report type ViolationReportType::ContentSecurityPolicy.
106
107 2016-02-16  Alex Christensen  <achristensen@webkit.org>
108
109         Add checks before redirecting with NetworkSession
110         https://bugs.webkit.org/show_bug.cgi?id=154298
111
112         Reviewed by Andy Estes.
113
114         This fixes http/tests/security/cors-post-redirect-307.html and 
115         http/tests/navigation/post-307-response.html when using NetworkSession.
116
117         * platform/network/ResourceRequestBase.h:
118         WEBCORE_EXPORT some functions newly used in WebKit2.
119
120 2016-02-16  Daniel Bates  <dabates@apple.com>
121
122         CSP: Fix parsing of 'host/path' source expressions
123         https://bugs.webkit.org/show_bug.cgi?id=153170
124         <rdar://problem/24383407>
125
126         Reviewed by Brent Fulgham.
127
128         Merged from Blink (patch by Mike West):
129         <https://src.chromium.org/viewvc/blink?revision=154875&view=revision>
130
131         Fixes an issue where a source of the form example.com/A/ was incorrectly considered
132         invalid and hence such a requested resource would be blocked. A source of this form
133         is valid by the definition of host-source in section Source List Syntax of the Content
134         Security Policy 2.0 spec., <http://www.w3.org/TR/2015/CR-CSP2-20150721/>.
135
136         * page/csp/ContentSecurityPolicySourceList.cpp:
137         (WebCore::ContentSecurityPolicySourceList::parseSource):
138
139 2016-02-16  Daniel Bates  <dabates@apple.com>
140
141         CSP: Disallow an empty host in a host-source source expression
142         https://bugs.webkit.org/show_bug.cgi?id=153168
143         <rdar://problem/24383366>
144
145         Reviewed by Brent Fulgham.
146
147         Merged from Blink (patch by rob@robwu.nl):
148         <https://src.chromium.org/viewvc/blink?revision=180407&view=revision>
149
150         * page/csp/ContentSecurityPolicySourceList.cpp:
151         (WebCore::ContentSecurityPolicySourceList::parseSource):
152
153 2016-02-16  Brady Eidson  <beidson@apple.com>
154
155         Modern IDB: WK2 IPC Scaffolding.
156         https://bugs.webkit.org/show_bug.cgi?id=154296
157
158         Reviewed by Alex Christensen.
159         
160         No change in behavior yet; Just laying the groundwork.
161
162         * Modules/indexeddb/client/IDBConnectionToServer.h:
163         * Modules/indexeddb/server/IDBConnectionToClient.h:
164         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
165
166 2016-02-16  Chris Dumez  <cdumez@apple.com>
167
168         [Web IDL] Operations should be on the instance for global objects or if [Unforgeable]
169         https://bugs.webkit.org/show_bug.cgi?id=154120
170         <rdar://problem/24613231>
171
172         Reviewed by Gavin Barraclough.
173
174         Operations should be on the instance for global objects or if
175         [Unforgeable] as per the Web IDL specification:
176         - http://heycam.github.io/webidl/#es-operations
177         - http://heycam.github.io/webidl/#dfn-unforgeable-on-an-interface
178
179         This patch implements this behavior in order to align
180         with the specification and other browsers.
181
182         No new tests, already covered by existing tests.
183
184         * bindings/js/JSDOMWindowCustom.cpp:
185         (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
186         Update function names now that they have "Instance" in their
187         name instead of "Prototype".
188
189         (WebCore::JSDOMWindow::getOwnPropertySlot):
190         - Update function names now that they have "Instance" in their
191           name instead of "Prototype".
192         - Move the functions hard-coding *before* the static table check
193           now that these functions are in the static table to maintain
194           the previous behavior.
195
196         * bindings/js/JSLocationCustom.cpp:
197         (WebCore::JSLocation::getOwnPropertySlotDelegate):
198         Update function names now that they have "Instance" in their
199         name instead of "Prototype".
200
201         * bindings/scripts/CodeGeneratorJS.pm:
202         - Move functions to the instance if their interface is a global
203           object or if they are marked as [Unforgeable]. Operations are
204           now treated more like attributes, as they can now be either on
205           the instance or the prototype. In a lot of places, I now use
206           the naming "properties" instead of "attributes" as "properties"
207           refer both "attributes" and "operations" / "functions".
208
209         * bindings/scripts/test/JS/JSTestInterface.cpp:
210         * bindings/scripts/test/JS/JSTestObj.cpp:
211         Rebaseline bindings tests.
212
213 2016-02-16  Simon Fraser  <simon.fraser@apple.com>
214
215         Rollout r188659. This broke scrolling of iframes and overflow when
216         navigating back to a page in the page cache.
217         
218         The fix was overly agressive and had no layout test. I will fix the original
219         issue a different way.
220
221         * history/CachedFrame.cpp:
222         (WebCore::CachedFrame::CachedFrame):
223         * page/FrameView.cpp:
224         (WebCore::FrameView::clearScrollableAreas): Deleted.
225         * page/FrameView.h:
226
227 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
228
229         [GTK] No hover-horizontal scrolling available
230         https://bugs.webkit.org/show_bug.cgi?id=122859
231
232         Reviewed by Michael Catanzaro.
233
234         This is a regression of WebKit2, because in WebKit1 we used native
235         widgets for frame scrollbars that handled this automatically. Now
236         we need to also check if the mouse is over frame scrollbars to
237         adjust the wheel event.
238
239         Test: platform/gtk/scrollbars/main-frame-scrollbar-horizontal-wheel-scroll.html
240
241         * page/EventHandler.cpp:
242         (WebCore::EventHandler::handleWheelEvent): Pass the adjusted wheel
243         event to platformCompleteWheelEvent().
244         * page/gtk/EventHandlerGtk.cpp:
245         (WebCore::EventHandler::shouldTurnVerticalTicksIntoHorizontal):
246         Check also frame scrollbars.
247
248 2016-02-16  Antti Koivisto  <antti@apple.com>
249
250         Factor id mutation style invalidation code into a class
251         https://bugs.webkit.org/show_bug.cgi?id=154287
252
253         Reviewed by Andreas Kling.
254
255         Also add a cheap basic optimization that avoids descendant invalidation if they can not be affected.
256
257         It would be easy to implement fine grained invalidation like with classes and attribute selectors.
258         However dynamic id changes are not common enough (nor recommended) to pay the memory cost of
259         the required data structures.
260
261         Test: fast/css/style-invalidation-id-change-descendants.html
262
263         * CMakeLists.txt:
264         * WebCore.vcxproj/WebCore.vcxproj:
265         * WebCore.xcodeproj/project.pbxproj:
266         * css/RuleFeature.cpp:
267         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
268         (WebCore::RuleFeatureSet::add):
269         (WebCore::RuleFeatureSet::clear):
270         * css/RuleFeature.h:
271         * dom/Element.cpp:
272         (WebCore::makeIdForStyleResolution):
273         (WebCore::Element::attributeChanged):
274         (WebCore::checkNeedsStyleInvalidationForIdChange): Deleted.
275         * style/IdChangeInvalidation.cpp: Added.
276         (WebCore::Style::IdChangeInvalidation::invalidateStyle):
277         * style/IdChangeInvalidation.h: Added.
278         (WebCore::Style::IdChangeInvalidation::IdChangeInvalidation):
279         (WebCore::Style::IdChangeInvalidation::~IdChangeInvalidation):
280
281 2016-02-16  Andreas Kling  <akling@apple.com>
282
283         Drop StyleResolver and SelectorQueryCache when entering PageCache.
284         <https://webkit.org/b/154238>
285
286         Reviewed by Antti Koivisto.
287
288         Stop keeping these around for cached pages to save lots of memory.
289         We can easily rebuild them if a cached navigation occurs, and this
290         way we also don't need to worry about invalidating style for cached
291         pages in all the right places.
292
293         Restoring a cached page will now lead to a forced style recalc.
294         We don't try to defer this (beyond a zero-timer) since it's going
295         to happen anyway, and it's nicer to front-load the cost rather than
296         stuttering on the first user content interaction.
297
298         * dom/Document.cpp:
299         (WebCore::Document::setInPageCache):
300         * history/CachedPage.cpp:
301         (WebCore::CachedPage::restore):
302         (WebCore::CachedPage::clear): Deleted.
303         * history/CachedPage.h:
304         (WebCore::CachedPage::markForVisitedLinkStyleRecalc): Deleted.
305         (WebCore::CachedPage::markForFullStyleRecalc): Deleted.
306         * history/PageCache.cpp:
307         (WebCore::PageCache::markPagesForVisitedLinkStyleRecalc): Deleted.
308         (WebCore::PageCache::markPagesForFullStyleRecalc): Deleted.
309         * history/PageCache.h:
310         * page/Frame.cpp:
311         (WebCore::Frame::setPageAndTextZoomFactors): Deleted.
312         * page/Page.cpp:
313         (WebCore::Page::setViewScaleFactor): Deleted.
314         (WebCore::Page::setDeviceScaleFactor): Deleted.
315         (WebCore::Page::setPagination): Deleted.
316         (WebCore::Page::setPaginationLineGridEnabled): Deleted.
317         (WebCore::Page::setVisitedLinkStore): Deleted.
318
319 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
320
321         [GTK] clicking on the scrollbar trough steps rather than jumps to the clicked position
322         https://bugs.webkit.org/show_bug.cgi?id=115363
323
324         Reviewed by Michael Catanzaro.
325
326         Allow ScrollbarTheme to decide the behavior of a button press event,
327         instead of only deciding whether to center on thumb or not. This
328         way we can match the current GTK+ behavior in WebKit, without
329         affecting other ports.
330
331         * platform/ScrollTypes.h: Add ScrollbarButtonPressAction enum.
332         * platform/Scrollbar.cpp:
333         (WebCore::Scrollbar::mouseDown): Ask ScrollbarTheme to handle the
334         event for the pressed part and do the requested action.
335         * platform/ScrollbarTheme.cpp:
336         (WebCore::ScrollbarTheme::handleMousePressEvent): Add default
337         implementation. It's equivalent to the previous default implementation.
338         * platform/ScrollbarTheme.h:
339         * platform/gtk/ScrollbarThemeGtk.cpp:
340         (WebCore::ScrollbarThemeGtk::handleMousePressEvent): Match current
341         GTK+ behavior: left click centers on thumb and right click
342         scrolls. Dragging the thumb works for left and middle buttons.
343         * platform/gtk/ScrollbarThemeGtk.h:
344         * platform/ios/ScrollbarThemeIOS.h: Remove shouldCenterOnThumb,
345         and don't override handleMousePressEvent since iOS wants the
346         default behavior.
347         * platform/ios/ScrollbarThemeIOS.mm:
348         * platform/mac/ScrollbarThemeMac.h: Override handleMousePressEvent
349         and remove shouldCenterOnThumb.
350         * platform/mac/ScrollbarThemeMac.mm:
351         (WebCore::shouldCenterOnThumb): Same implementation just made it
352         static to be used as helper.
353         (WebCore::ScrollbarThemeMac::handleMousePressEvent): Return the
354         desired action keeping the same behavior.
355         * platform/win/ScrollbarThemeWin.cpp:
356         (WebCore::ScrollbarThemeWin::handleMousePressEvent): Ditto.
357         * platform/win/ScrollbarThemeWin.h:
358         * rendering/RenderScrollbarTheme.h:
359
360 2016-02-16  Carlos Garcia Campos  <cgarcia@igalia.com>
361
362         Mouse cursor doesn't change when entering scrollbars
363         https://bugs.webkit.org/show_bug.cgi?id=154243
364
365         Reviewed by Simon Fraser.
366
367         If the scrollbar is over or very close to text or a link, when
368         entering the scrollbar the cursor is not changed, keeping the beam
369         or hand cursor when using the scrollbar. Same happens for image
370         documents where the magnifier cursor is used and it remains when
371         entering the scrollbars. We should use pointer cursor always for
372         scrollbars.
373
374         * page/EventHandler.cpp:
375         (WebCore::EventHandler::updateCursor): Request also to include
376         frame scrollbars in hit test result.
377         (WebCore::EventHandler::selectCursor): Use always pointer cursor
378         for scrollbars.
379
380 2016-02-15  Antti Koivisto  <antti@apple.com>
381
382         Optimize style invalidations for attribute selectors
383         https://bugs.webkit.org/show_bug.cgi?id=154242
384
385         Reviewed by Andreas Kling.
386
387         Currently we invalidate the whole element subtree if there are any attribute selectors for the changed attribute.
388         This is slow as generally few if any elements are really affected. Using attribute selectors for dynamic styling
389         should be performant.
390
391         This patch implements optimization strategy for attributes similar to what we already have for classes:
392
393         - Collect a map of all rules that contains descendant-affecting attribute selectors for a given attribute.
394         - When an attribute value changes check if there are any such rules for it.
395         - Check if the value change affects the results of any of the attribute selectors.
396         - Only if it does invalidate the exact descendant elements affected by the rules.
397
398         Test: fast/css/style-invalidation-attribute-change-descendants.html
399
400         * WebCore.xcodeproj/project.pbxproj:
401         * css/DocumentRuleSets.cpp:
402         (WebCore::DocumentRuleSets::ancestorClassRules):
403         (WebCore::DocumentRuleSets::ancestorAttributeRulesForHTML):
404
405             Create optimization RuleSets when needed.
406
407         * css/DocumentRuleSets.h:
408         (WebCore::DocumentRuleSets::uncommonAttribute):
409         (WebCore::DocumentRuleSets::features):
410         * css/RuleFeature.cpp:
411         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
412         (WebCore::makeAttributeSelectorKey):
413         (WebCore::RuleFeatureSet::collectFeatures):
414
415             Collect rules with descendant affecting attribute selectors.
416
417         (WebCore::RuleFeatureSet::add):
418         (WebCore::RuleFeatureSet::clear):
419         (WebCore::RuleFeatureSet::shrinkToFit):
420         * css/RuleFeature.h:
421         * css/SelectorChecker.cpp:
422         (WebCore::anyAttributeMatches):
423         (WebCore::SelectorChecker::attributeSelectorMatches):
424
425             Expose function for matching single attribute selectors.
426
427         (WebCore::canMatchHoverOrActiveInQuirksMode):
428         * css/SelectorChecker.h:
429         * dom/Attr.cpp:
430         (WebCore::Attr::setValue):
431         (WebCore::Attr::childrenChanged):
432         * dom/Element.cpp:
433         (WebCore::Element::setAttributeInternal):
434         (WebCore::makeIdForStyleResolution):
435         (WebCore::Element::attributeChanged):
436         (WebCore::Element::removeAttributeInternal):
437         (WebCore::Element::addAttributeInternal):
438         (WebCore::Element::removeAttribute):
439
440             Add AttributeChangeInvalidation where needed.
441
442         (WebCore::Element::needsStyleInvalidation):
443
444             Move to Element from ClassChangeInvalidation.
445
446         (WebCore::Element::willModifyAttribute):
447
448             No more full style invalidation on attribute change.
449
450         * style/AttributeChangeInvalidation.cpp: Added.
451         (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):
452
453             Invalidate local style.
454             Check if we need to invalidate descendants by looking into ancestorAttributeRules.
455
456         (WebCore::Style::AttributeChangeInvalidation::invalidateDescendants):
457
458             Use StyleInvalidationAnalysis to invalidate the subtree for the relevant rules.
459
460         * style/AttributeChangeInvalidation.h: Added.
461         (WebCore::Style::AttributeChangeInvalidation::needsInvalidation):
462         (WebCore::Style::AttributeChangeInvalidation::AttributeChangeInvalidation):
463         (WebCore::Style::AttributeChangeInvalidation::~AttributeChangeInvalidation):
464
465             If needed, invalidate descendants before and after attribute change to catch rules that start and stop applying.
466
467 2016-02-16  Chris Dumez  <cdumez@apple.com>
468
469         Do security checks early in JSDOMWindow::put*()
470         https://bugs.webkit.org/show_bug.cgi?id=154270
471
472         Reviewed by Gavin Barraclough.
473
474         Do security checks early in JSDOMWindow::put() / JSDOMWindow::putByIndex()
475         and return as soon as possible. This makes it less error-prone as we need
476         to do the security check only once, at the top of the function.
477
478         Also lock down the security further by calling lookupPut() only if the
479         property name is "location". The "location" property is the only one that
480         can be set cross-origin. Previously, trying to set a property such as
481         "name" (which cannot be set cross-origin) relied on the attribute setter
482         doing the security check when getting called. The new check is less error
483         prone and will correctly prevent overriding window's method cross-origin
484         once these move down from the prototype (Bug 154120).
485
486         Finally, the previous code was failing to set the "location" property
487         cross-origin after the window has been reified. This patch fixes the
488         issue by always calling the original "location" property setter from the
489         static table in the cross-origin case.
490
491         Test: http/tests/security/cross-origin-reified-window-location-setting.html
492
493         * bindings/js/JSDOMWindowCustom.cpp:
494         (WebCore::JSDOMWindow::put):
495         (WebCore::JSDOMWindow::putByIndex):
496
497 2016-02-15  Brent Fulgham  <bfulgham@apple.com>
498
499         [Mac] Gather some rudimentary statistics during resource load 
500         https://bugs.webkit.org/show_bug.cgi?id=153575
501         <rdar://problem/24075254>
502
503         Reviewed by Brady Eidson.
504
505         Tested by: http/tests/navigation/statistics.html
506
507         * CMakeLists.txt:
508         * PlatformWin.cmake:
509         * WebCore.xcodeproj/project.pbxproj:
510         * dom/Document.cpp:
511         (WebCore::Document::updateLastHandledUserGestureTimestamp): Log user interaction
512         with the ResourceLoadObserver.
513         * loader/DocumentLoader.cpp:
514         (WebCore::DocumentLoader::willSendRequest): Track load statistics if the
515         user interacted with the document.
516         * loader/ResourceLoadObserver.cpp: Added.
517         * loader/ResourceLoadObserver.h: Added.
518         * loader/ResourceLoadStatistics.cpp: Added.
519         * loader/ResourceLoadStatistics.h: Added.
520         * loader/SubresourceLoader.cpp:
521         (WebCore::SubresourceLoader::willSendRequestInternal): Track load statistics.
522         * page/Settings.cpp:
523         (WebCore::Settings::setResourceLoadStatisticsEnabled): Added.
524         * page/Settings.h:
525         (WebCore::Settings::resourceLoadStatisticsEnabled): Added.
526         * platform/Logging.h:
527         * testing/Internals.cpp:
528         (WebCore::Internals::resourceLoadStatisticsForOrigin):
529         (WebCore::Internals::setResourceLoadStatisticsEnabled):
530         * testing/Internals.h:
531         * testing/Internals.idl:
532
533 2016-02-15  Chris Dumez  <cdumez@apple.com>
534
535         The following properties should exist on the global object: AudioTrackList, AudioTrack, VideoTrackList, VideoTrack
536         https://bugs.webkit.org/show_bug.cgi?id=154250
537         <rdar://problem/24660829>
538
539         Reviewed by Eric Carlson.
540
541         The following properties should exist on the global object:
542         - AudioTrackList, AudioTrack, VideoTrackList, VideoTrack
543
544         These interfaces are not marked as [NoInterfaceObject] in:
545         - https://html.spec.whatwg.org/#audiotracklist-and-videotracklist-objects
546
547         No new tests, already covered by existing tests.
548
549         * html/track/AudioTrack.idl:
550         * html/track/AudioTrackList.idl:
551         * html/track/VideoTrack.idl:
552         * html/track/VideoTrackList.idl:
553
554 2016-02-15  Sam Weinig  <sam@webkit.org>
555
556         Stop using NSMapTable in places where we were only using it to be GC safe
557         <rdar://problem/24063723>
558         https://bugs.webkit.org/show_bug.cgi?id=154264
559
560         Reviewed by Dan Bernstein.
561
562         Switch from NSMapTable to HashMap.
563
564         * WebCore.xcodeproj/project.pbxproj:
565         * bindings/objc/DOMInternal.h:
566         * bindings/objc/DOMInternal.mm:
567         * bindings/objc/WebScriptObject.mm:
568         * bridge/objc/objc_instance.mm:
569         * platform/spi/cocoa/NSPointerFunctionsSPI.h: Removed. No longer used.
570
571 2016-02-15  Myles C. Maxfield  <mmaxfield@apple.com>
572
573         [Font Loading] Implement FontFace JavaScript object
574         https://bugs.webkit.org/show_bug.cgi?id=153345
575
576         Reviewed by Antti Koivisto.
577
578         Test: fast/text/font-face-javascript.html
579
580         This patch implements the FontFace Javascript object. This object mostly consists of
581         style getters / setters, which we implement by parsing input strings and generating
582         output strings similarly to getComputedStyle(). This object also has a load() function
583         which returns a promise which will be fulfilled or rejected depending on the load.
584         There is also a "loaded" attribute which exposes this promise directly. Also, a status
585         field is exposed so script knows what the state of the load is.
586
587         Currently, loading depends on our CachedResourceLoader which is part of the Document,
588         so this API is not available in a non-document context.
589
590         Another caveat is that immediate-mode font loading (where the content provides an
591         ArrayBuffer containing the bytes of the font file) is forthcoming. This requires
592         changing the relationship between CSSFontFaceSource and CachedFont.
593
594         CSSFontFace has been modified to keep a strong reference to the CSSFontSelector. This
595         is because the lifetime of the CSSFontFace can now outlive the CSSFontSelector. When
596         the CSSFontSelector is removed from the Document, it explicitly clears its constituent
597         CSSFontFaces, thereby breaking the reference cycle.
598
599         Test: fast/text/font-face-javascript-expected.html
600
601         * CMakeLists.txt: Add new files.
602         * DerivedSources.cpp: Ditto.
603         * DerivedSources.make: Ditto.
604         * WebCore.vcxproj/WebCore.vcxproj: Ditto.
605         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
606         * WebCore.xcodeproj/project.pbxproj: Ditto.
607         * bindings/js/JSDOMPromise.cpp:
608         (WebCore::DeferredWrapper::globalObject): Remove whitespace.
609         (WebCore::DeferredWrapper::deferred): Allow access to the inner JSC object.
610         * bindings/js/JSDOMPromise.h:
611         (WebCore::DOMPromise::deferred): Ditto.
612         * bindings/js/JSFontFaceCustom.cpp: Copied from Source/WebCore/bindings/js/JSDOMPromise.cpp.
613         (WebCore::JSFontFace::loaded):
614         (WebCore::JSFontFace::load):
615         * css/CSSFontFace.cpp:
616         (WebCore::CSSFontFace::CSSFontFace): 
617         (WebCore::CSSFontFace::adoptSource):
618         (WebCore::CSSFontFace::updateStatus): Enforce the state machine's transitions.
619         (WebCore::CSSFontFace::fontLoaded):
620         (WebCore::CSSFontFace::pump):
621         (WebCore::CSSFontFace::load):
622         * css/CSSFontFace.h:
623         (WebCore::CSSFontFaceClient::~CSSFontFaceClient):
624         (WebCore::CSSFontFace::create):
625         (WebCore::CSSFontFace::status):
626         * css/CSSFontSelector.cpp:
627         (WebCore::CSSFontSelector::appendSources): Update for new CSSFontFace API.
628         (WebCore::CSSFontSelector::registerLocalFontFacesForFamily): Ditto.
629         (WebCore::CSSFontSelector::addFontFaceRule): Ditto.
630         (WebCore::CSSFontSelector::kick): Ditto.
631         (WebCore::appendSources): Deleted.
632         (WebCore::registerLocalFontFacesForFamily): Deleted.
633         * css/CSSFontSelector.h:
634         * css/CSSUnicodeRangeValue.cpp: Use for serializing the "unicodeRange" property.
635         * css/FontFace.cpp:
636         (WebCore::createPromise): Implement the remaining Javascript API functions.
637         (WebCore::valueFromDictionary):
638         (WebCore::FontFace::create):
639         (WebCore::FontFace::FontFace):
640         (WebCore::FontFace::parseString):
641         (WebCore::FontFace::status):
642         (WebCore::FontFace::kick):
643         (WebCore::FontFace::load):
644         (WebCore::FontFace::fulfillPromise):
645         (WebCore::FontFace::rejectPromise):
646         (WebCore::parseString): Deleted.
647         * css/FontFace.h:
648         (WebCore::FontFace::promise):
649         (WebCore::FontFace::backing):
650         (WebCore::FontFace::create): Deleted.
651         * css/FontFace.idl: Copied from Source/WebCore/bindings/js/JSDOMPromise.cpp.
652
653 2016-02-15  Jer Noble  <jer.noble@apple.com>
654
655         Null-deref crash in DefaultAudioDestinationNode::suspend()
656         https://bugs.webkit.org/show_bug.cgi?id=154248
657
658         Reviewed by Alex Christensen.
659
660         Drive-by fix: AudioContext should be a reference, not a pointer.
661
662         * Modules/webaudio/AnalyserNode.cpp:
663         (WebCore::AnalyserNode::AnalyserNode):
664         * Modules/webaudio/AnalyserNode.h:
665         (WebCore::AnalyserNode::create):
666         * Modules/webaudio/AudioBasicInspectorNode.cpp:
667         (WebCore::AudioBasicInspectorNode::AudioBasicInspectorNode):
668         (WebCore::AudioBasicInspectorNode::connect):
669         (WebCore::AudioBasicInspectorNode::disconnect):
670         (WebCore::AudioBasicInspectorNode::checkNumberOfChannelsForInput):
671         (WebCore::AudioBasicInspectorNode::updatePullStatus):
672         * Modules/webaudio/AudioBasicInspectorNode.h:
673         * Modules/webaudio/AudioBasicProcessorNode.cpp:
674         (WebCore::AudioBasicProcessorNode::AudioBasicProcessorNode):
675         (WebCore::AudioBasicProcessorNode::checkNumberOfChannelsForInput):
676         * Modules/webaudio/AudioBasicProcessorNode.h:
677         * Modules/webaudio/AudioBufferSourceNode.cpp:
678         (WebCore::AudioBufferSourceNode::create):
679         (WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
680         (WebCore::AudioBufferSourceNode::renderFromBuffer):
681         (WebCore::AudioBufferSourceNode::setBuffer):
682         (WebCore::AudioBufferSourceNode::startPlaying):
683         (WebCore::AudioBufferSourceNode::looping):
684         (WebCore::AudioBufferSourceNode::setLooping):
685         * Modules/webaudio/AudioBufferSourceNode.h:
686         * Modules/webaudio/AudioContext.cpp:
687         (WebCore::AudioContext::AudioContext):
688         (WebCore::AudioContext::createBufferSource):
689         (WebCore::AudioContext::createMediaElementSource):
690         (WebCore::AudioContext::createMediaStreamDestination):
691         (WebCore::AudioContext::createScriptProcessor):
692         (WebCore::AudioContext::createBiquadFilter):
693         (WebCore::AudioContext::createWaveShaper):
694         (WebCore::AudioContext::createPanner):
695         (WebCore::AudioContext::createConvolver):
696         (WebCore::AudioContext::createDynamicsCompressor):
697         (WebCore::AudioContext::createAnalyser):
698         (WebCore::AudioContext::createGain):
699         (WebCore::AudioContext::createDelay):
700         (WebCore::AudioContext::createChannelSplitter):
701         (WebCore::AudioContext::createChannelMerger):
702         (WebCore::AudioContext::createOscillator):
703         * Modules/webaudio/AudioContext.h:
704         (WebCore::operator==):
705         (WebCore::operator!=):
706         * Modules/webaudio/AudioDestinationNode.cpp:
707         (WebCore::AudioDestinationNode::AudioDestinationNode):
708         (WebCore::AudioDestinationNode::render):
709         (WebCore::AudioDestinationNode::updateIsEffectivelyPlayingAudio):
710         * Modules/webaudio/AudioDestinationNode.h:
711         * Modules/webaudio/AudioNode.cpp:
712         (WebCore::AudioNode::AudioNode):
713         (WebCore::AudioNode::connect):
714         (WebCore::AudioNode::disconnect):
715         (WebCore::AudioNode::setChannelCount):
716         (WebCore::AudioNode::setChannelCountMode):
717         (WebCore::AudioNode::setChannelInterpretation):
718         (WebCore::AudioNode::scriptExecutionContext):
719         (WebCore::AudioNode::processIfNecessary):
720         (WebCore::AudioNode::checkNumberOfChannelsForInput):
721         (WebCore::AudioNode::propagatesSilence):
722         (WebCore::AudioNode::pullInputs):
723         (WebCore::AudioNode::enableOutputsIfNecessary):
724         (WebCore::AudioNode::deref):
725         (WebCore::AudioNode::finishDeref):
726         * Modules/webaudio/AudioNode.h:
727         (WebCore::AudioNode::context):
728         * Modules/webaudio/AudioNodeInput.cpp:
729         (WebCore::AudioNodeInput::connect):
730         (WebCore::AudioNodeInput::disconnect):
731         (WebCore::AudioNodeInput::disable):
732         (WebCore::AudioNodeInput::enable):
733         (WebCore::AudioNodeInput::updateInternalBus):
734         (WebCore::AudioNodeInput::bus):
735         (WebCore::AudioNodeInput::internalSummingBus):
736         (WebCore::AudioNodeInput::sumAllConnections):
737         (WebCore::AudioNodeInput::pull):
738         * Modules/webaudio/AudioNodeOutput.cpp:
739         (WebCore::AudioNodeOutput::setNumberOfChannels):
740         (WebCore::AudioNodeOutput::updateNumberOfChannels):
741         (WebCore::AudioNodeOutput::propagateChannelCount):
742         (WebCore::AudioNodeOutput::pull):
743         (WebCore::AudioNodeOutput::bus):
744         (WebCore::AudioNodeOutput::fanOutCount):
745         (WebCore::AudioNodeOutput::paramFanOutCount):
746         (WebCore::AudioNodeOutput::addInput):
747         (WebCore::AudioNodeOutput::removeInput):
748         (WebCore::AudioNodeOutput::disconnectAllInputs):
749         (WebCore::AudioNodeOutput::addParam):
750         (WebCore::AudioNodeOutput::removeParam):
751         (WebCore::AudioNodeOutput::disconnectAllParams):
752         (WebCore::AudioNodeOutput::disable):
753         (WebCore::AudioNodeOutput::enable):
754         * Modules/webaudio/AudioNodeOutput.h:
755         (WebCore::AudioNodeOutput::context):
756         * Modules/webaudio/AudioParam.cpp:
757         (WebCore::AudioParam::value):
758         (WebCore::AudioParam::smooth):
759         (WebCore::AudioParam::calculateSampleAccurateValues):
760         (WebCore::AudioParam::calculateFinalValues):
761         (WebCore::AudioParam::calculateTimelineValues):
762         (WebCore::AudioParam::connect):
763         (WebCore::AudioParam::disconnect):
764         * Modules/webaudio/AudioParam.h:
765         (WebCore::AudioParam::create):
766         (WebCore::AudioParam::AudioParam):
767         * Modules/webaudio/AudioParamTimeline.cpp:
768         (WebCore::AudioParamTimeline::valueForContextTime):
769         * Modules/webaudio/AudioParamTimeline.h:
770         * Modules/webaudio/AudioScheduledSourceNode.cpp:
771         (WebCore::AudioScheduledSourceNode::AudioScheduledSourceNode):
772         (WebCore::AudioScheduledSourceNode::updateSchedulingInfo):
773         (WebCore::AudioScheduledSourceNode::start):
774         (WebCore::AudioScheduledSourceNode::finish):
775         * Modules/webaudio/AudioScheduledSourceNode.h:
776         * Modules/webaudio/AudioSummingJunction.cpp:
777         (WebCore::AudioSummingJunction::AudioSummingJunction):
778         (WebCore::AudioSummingJunction::~AudioSummingJunction):
779         (WebCore::AudioSummingJunction::changedOutputs):
780         (WebCore::AudioSummingJunction::updateRenderingState):
781         * Modules/webaudio/AudioSummingJunction.h:
782         (WebCore::AudioSummingJunction::context):
783         * Modules/webaudio/BiquadFilterNode.cpp:
784         (WebCore::BiquadFilterNode::BiquadFilterNode):
785         * Modules/webaudio/BiquadFilterNode.h:
786         (WebCore::BiquadFilterNode::create):
787         * Modules/webaudio/BiquadProcessor.cpp:
788         (WebCore::BiquadProcessor::BiquadProcessor):
789         * Modules/webaudio/BiquadProcessor.h:
790         * Modules/webaudio/ChannelMergerNode.cpp:
791         (WebCore::ChannelMergerNode::create):
792         (WebCore::ChannelMergerNode::ChannelMergerNode):
793         (WebCore::ChannelMergerNode::checkNumberOfChannelsForInput):
794         * Modules/webaudio/ChannelMergerNode.h:
795         * Modules/webaudio/ChannelSplitterNode.cpp:
796         (WebCore::ChannelSplitterNode::create):
797         (WebCore::ChannelSplitterNode::ChannelSplitterNode):
798         * Modules/webaudio/ChannelSplitterNode.h:
799         * Modules/webaudio/ConvolverNode.cpp:
800         (WebCore::ConvolverNode::ConvolverNode):
801         (WebCore::ConvolverNode::setBuffer):
802         * Modules/webaudio/ConvolverNode.h:
803         (WebCore::ConvolverNode::create):
804         * Modules/webaudio/DefaultAudioDestinationNode.cpp:
805         (WebCore::DefaultAudioDestinationNode::DefaultAudioDestinationNode):
806         (WebCore::DefaultAudioDestinationNode::resume):
807         (WebCore::DefaultAudioDestinationNode::suspend):
808         (WebCore::DefaultAudioDestinationNode::close):
809         * Modules/webaudio/DefaultAudioDestinationNode.h:
810         (WebCore::DefaultAudioDestinationNode::create):
811         * Modules/webaudio/DelayNode.cpp:
812         (WebCore::DelayNode::DelayNode):
813         * Modules/webaudio/DelayNode.h:
814         (WebCore::DelayNode::create):
815         * Modules/webaudio/DelayProcessor.cpp:
816         (WebCore::DelayProcessor::DelayProcessor):
817         * Modules/webaudio/DelayProcessor.h:
818         * Modules/webaudio/DynamicsCompressorNode.cpp:
819         (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
820         * Modules/webaudio/DynamicsCompressorNode.h:
821         (WebCore::DynamicsCompressorNode::create):
822         * Modules/webaudio/GainNode.cpp:
823         (WebCore::GainNode::GainNode):
824         (WebCore::GainNode::checkNumberOfChannelsForInput):
825         * Modules/webaudio/GainNode.h:
826         (WebCore::GainNode::create):
827         * Modules/webaudio/MediaElementAudioSourceNode.cpp:
828         (WebCore::MediaElementAudioSourceNode::create):
829         (WebCore::MediaElementAudioSourceNode::MediaElementAudioSourceNode):
830         (WebCore::MediaElementAudioSourceNode::setFormat):
831         * Modules/webaudio/MediaElementAudioSourceNode.h:
832         * Modules/webaudio/MediaStreamAudioDestinationNode.cpp:
833         (WebCore::MediaStreamAudioDestinationNode::create):
834         (WebCore::MediaStreamAudioDestinationNode::MediaStreamAudioDestinationNode):
835         * Modules/webaudio/MediaStreamAudioDestinationNode.h:
836         * Modules/webaudio/MediaStreamAudioSourceNode.cpp:
837         (WebCore::MediaStreamAudioSourceNode::MediaStreamAudioSourceNode):
838         (WebCore::MediaStreamAudioSourceNode::setFormat):
839         * Modules/webaudio/OfflineAudioDestinationNode.cpp:
840         (WebCore::OfflineAudioDestinationNode::OfflineAudioDestinationNode):
841         (WebCore::OfflineAudioDestinationNode::offlineRender):
842         (WebCore::OfflineAudioDestinationNode::notifyComplete):
843         * Modules/webaudio/OfflineAudioDestinationNode.h:
844         (WebCore::OfflineAudioDestinationNode::create):
845         * Modules/webaudio/OscillatorNode.cpp:
846         (WebCore::OscillatorNode::create):
847         (WebCore::OscillatorNode::OscillatorNode):
848         * Modules/webaudio/OscillatorNode.h:
849         * Modules/webaudio/PannerNode.cpp:
850         (WebCore::PannerNode::PannerNode):
851         (WebCore::PannerNode::pullInputs):
852         (WebCore::PannerNode::process):
853         (WebCore::PannerNode::listener):
854         (WebCore::PannerNode::setPanningModel):
855         * Modules/webaudio/PannerNode.h:
856         (WebCore::PannerNode::create):
857         * Modules/webaudio/ScriptProcessorNode.cpp:
858         (WebCore::ScriptProcessorNode::create):
859         (WebCore::ScriptProcessorNode::ScriptProcessorNode):
860         (WebCore::ScriptProcessorNode::initialize):
861         (WebCore::ScriptProcessorNode::fireProcessEvent):
862         * Modules/webaudio/ScriptProcessorNode.h:
863         * Modules/webaudio/WaveShaperNode.cpp:
864         (WebCore::WaveShaperNode::WaveShaperNode):
865         (WebCore::WaveShaperNode::setOversample):
866         * Modules/webaudio/WaveShaperNode.h:
867         (WebCore::WaveShaperNode::create):
868
869 2016-02-15  Jer Noble  <jer.noble@apple.com>
870
871         Null-deref crash in DefaultAudioDestinationNode::suspend()
872         https://bugs.webkit.org/show_bug.cgi?id=154248
873
874         Reviewed by Alex Christensen.
875
876         Null-check scriptExecutionContext() before deref.
877
878         * Modules/webaudio/DefaultAudioDestinationNode.cpp:
879         (WebCore::DefaultAudioDestinationNode::resume):
880         (WebCore::DefaultAudioDestinationNode::suspend):
881         (WebCore::DefaultAudioDestinationNode::close):
882
883 2016-02-15  Chris Dumez  <cdumez@apple.com>
884
885         XMLHttpRequest / XMLHttpRequestUpload should inherit XMLHttpRequestEventTarget
886         https://bugs.webkit.org/show_bug.cgi?id=154230
887
888         Reviewed by Alex Christensen.
889
890         MLHttpRequest / XMLHttpRequestUpload should inherit XMLHttpRequestEventTarget
891         as per:
892         https://xhr.spec.whatwg.org/#xmlhttprequesteventtarget
893
894         Firefox and Chrome already match the specification.
895
896         No new tests, already covered by existing tests.
897
898         * CMakeLists.txt:
899         * DerivedSources.make:
900         * WebCore.vcxproj/WebCore.vcxproj:
901         * WebCore.vcxproj/WebCore.vcxproj.filters:
902         * WebCore.xcodeproj/project.pbxproj:
903         * xml/XMLHttpRequest.h:
904         * xml/XMLHttpRequest.idl:
905         * xml/XMLHttpRequestEventTarget.h: Added.
906         * xml/XMLHttpRequestEventTarget.idl: Copied from Source/WebCore/xml/XMLHttpRequestUpload.idl.
907         * xml/XMLHttpRequestUpload.h:
908         * xml/XMLHttpRequestUpload.idl:
909
910 2016-02-15  Jiewen Tan  <jiewen_tan@apple.com>
911
912         Refine SimulatedMouseEvent to support Event.isTrusted
913         https://bugs.webkit.org/show_bug.cgi?id=154133
914         <rdar://problem/24616246>
915
916         Reviewed by Darin Adler.
917
918         This patch extracts everything related to create/dispatch SimulatedMouseEvent from MouseEvent.h/cpp
919         and EventDispatcher.h/cpp, and produces SimulateClick.h/cpp which will handle simulated click solely.
920         After that, we hide the SimulatedMouseEvent and only expose simulateClick to be called. The reason is
921         that we both want to tell whether the call sites are from user agent/bindings and keep the
922         SimulatedMouseEvent intact.
923
924         Also, this patch separate Element::dispatchSimulatedClick into two: one for the user agent, and another
925         for the bindings. Therefore, HTMLElement.click will be treated as untrusted.
926
927         Some of the changes in this patch referred Blink r200401:
928         https://codereview.chromium.org/1285793004
929
930         Modified test:
931         LayoutTests/imported/blink/fast/events/event-trusted.html
932
933         * CMakeLists.txt:
934         * WebCore.xcodeproj/project.pbxproj:
935         * dom/Element.cpp:
936         (WebCore::Element::dispatchSimulatedClick):
937         (WebCore::Element::dispatchSimulatedClickForBindings):
938         * dom/Element.h:
939         * dom/EventDispatcher.cpp:
940         (WebCore::EventDispatcher::dispatchSimulatedClick): Deleted.
941         * dom/EventDispatcher.h:
942         * dom/MouseEvent.cpp:
943         (WebCore::SimulatedMouseEvent::create): Deleted.
944         (WebCore::SimulatedMouseEvent::~SimulatedMouseEvent): Deleted.
945         (WebCore::SimulatedMouseEvent::SimulatedMouseEvent): Deleted.
946         * dom/MouseEvent.h:
947         * dom/SimulatedClick.cpp: Added.
948         (WebCore::simulateMouseEvent):
949         (WebCore::simulateClick):
950         * dom/SimulatedClick.h: Added.
951         * html/HTMLElement.cpp:
952         (WebCore::HTMLElement::click):
953
954 2016-02-15  Joseph Pecoraro  <pecoraro@apple.com>
955
956         Web Inspector: Web Workers have no access to console for debugging
957         https://bugs.webkit.org/show_bug.cgi?id=26237
958
959         Reviewed by Timothy Hatcher.
960
961         This adds the most basic console message support to Workers.
962         Messages logged from workers get surfaced through the Page's console.
963         This lacks support for logging and interacting with arguments,
964         which would be addressed when adding more complete Worker
965         debugging tools.
966
967         Test: inspector/console/messageAdded-from-worker.html
968
969         * CMakeLists.txt:
970         * WebCore.xcodeproj/project.pbxproj:
971         Add new files.
972
973         * bindings/js/WorkerScriptController.cpp:
974         (WebCore::WorkerScriptController::~WorkerScriptController):
975         (WebCore::WorkerScriptController::initScript):
976         Set the ConsoleClient for the Worker's global object. We route
977         the messages to the Page's console.
978
979         * bindings/js/WorkerScriptController.h:
980         * workers/WorkerConsoleClient.h: Added.
981         * workers/WorkerConsoleClient.cpp: Added.
982         (WebCore::WorkerConsoleClient::WorkerConsoleClient):
983         (WebCore::WorkerConsoleClient::~WorkerConsoleClient):
984         (WebCore::WorkerConsoleClient::profile):
985         (WebCore::WorkerConsoleClient::profileEnd):
986         (WebCore::WorkerConsoleClient::count):
987         (WebCore::WorkerConsoleClient::time):
988         (WebCore::WorkerConsoleClient::timeEnd):
989         (WebCore::WorkerConsoleClient::timeStamp):
990         Stub most console methods in a Worker.
991
992         (WebCore::WorkerConsoleClient::messageWithTypeAndLevel):
993         Send worker log messages to the global scope and on to the main page.
994
995         * workers/WorkerGlobalScope.h:
996         * workers/WorkerGlobalScope.cpp:
997         (WebCore::WorkerGlobalScope::addConsoleMessage):
998         (WebCore::WorkerGlobalScope::addMessageToWorkerConsole):
999         Ideally we want to converge on simple addConsoleMessage
1000         APIs that just take a ConsoleMessage, without a barrage
1001         of parameters. Add these versions now.
1002
1003 2016-02-15  Alex Christensen  <achristensen@webkit.org>
1004
1005         CMake build fix.
1006
1007         * PlatformMac.cmake:
1008
1009 2016-02-15  Chris Dumez  <cdumez@apple.com>
1010
1011         Regression(r196563): It is no longer possible to call window.addEventListener without an explicit 'this'
1012         https://bugs.webkit.org/show_bug.cgi?id=154245
1013
1014         Reviewed by Ryosuke Niwa.
1015
1016         This patch adds support for calling the EventListener API without an
1017         explicit 'this' value. If no explicit 'this' value is passed, then we
1018         fall back to using the global object. This matches Chrome and Firefox's
1019         behavior. It also fixes the Dromaeo/cssquery-dojo.html test.
1020
1021         Test: fast/dom/Window/addEventListener-implicit-this.html
1022
1023         * bindings/scripts/CodeGeneratorJS.pm:
1024         (GenerateFunctionCastedThis):
1025
1026 2016-02-14  Gavin Barraclough  <barraclough@apple.com>
1027
1028         Organize, deduplicate & comment JSDOMWindowCustom getOwnPropertySlot
1029         https://bugs.webkit.org/show_bug.cgi?id=154224
1030
1031         Reviewed by Chris Dumez.
1032
1033         * bindings/js/JSDOMWindowCustom.cpp:
1034         (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
1035         (WebCore::jsDOMWindowGetOwnPropertySlotNamedItemGetter):
1036         (WebCore::JSDOMWindow::getOwnPropertySlot):
1037         (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
1038             - organized property access sequence into a more logical order, removed
1039               duplicated code & added comments.
1040         (WebCore::namedItemGetter): Deleted.
1041             - there was no need for a custom callback here; merged functionality into
1042               jsDOMWindowGetOwnPropertySlotNamedItemGetter.
1043         (WebCore::jsDOMWindowGetOwnPropertySlotCrossOrigin): Deleted.
1044             - renamed to jsDOMWindowGetOwnPropertySlotRestrictedAccess
1045               (this now also handles frameless access).
1046
1047 2016-02-15  Daniel Bates  <dabates@apple.com>
1048
1049         CSP: 'sandbox' should be ignored in report-only mode
1050         https://bugs.webkit.org/show_bug.cgi?id=153167
1051         <rdar://problem/22708669>
1052
1053         Reviewed by Brent Fulgham.
1054
1055         Merged from Blink (patch by Mike West):
1056         <https://src.chromium.org/viewvc/blink?revision=165322&view=revision>
1057
1058         * page/csp/ContentSecurityPolicy.cpp:
1059         (WebCore::ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode): Added. Logs a
1060         console message to the console to explain that the specified directive is invalid in
1061         report-only mode.
1062         * page/csp/ContentSecurityPolicy.h:
1063         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
1064         (WebCore::ContentSecurityPolicyDirectiveList::applySandboxPolicy): Do not apply sandbox
1065         policy when in report-only mode and call ContentSecurityPolicy::reportInvalidDirectiveInReportOnlyMode()
1066         to log a message to the console.
1067
1068 2016-02-15  Daniel Bates  <dabates@apple.com>
1069
1070         CSP: Allow schemeless source expressions to match an HTTP or HTTPS resource
1071         https://bugs.webkit.org/show_bug.cgi?id=154177
1072         <rdar://problem/22708772>
1073
1074         Reviewed by Brent Fulgham.
1075
1076         Allow a schemeless source expression to match an HTTP or HTTPS subresource when the page is
1077         delivered over HTTP as per section Matching Source Expressions of the Content Security Policy
1078         2.0 spec., <https://www.w3.org/TR/2015/CR-CSP2-20150721/> (21 July 2015).
1079
1080         Currently we have logic that implements this functionality, but it is guarded behind the compile-
1081         time macro ENABLE(CSP_NEXT) that is disabled by default. Instead we should always compile such
1082         code. In subsequent commits we will move more code out from under the ENABLE(CSP_NEXT)-guard
1083         towards removing the ENABLE_CSP_NEXT macro entirely.
1084
1085         * page/csp/ContentSecurityPolicy.cpp:
1086         (WebCore::ContentSecurityPolicy::protocolMatchesSelf):
1087
1088 2016-02-15  Konstantin Tokarev  <annulen@yandex.ru>
1089
1090         [cmake] Consolidated Linux-specific file lists.
1091         https://bugs.webkit.org/show_bug.cgi?id=154219
1092
1093         Reviewed by Gyuyoung Kim.
1094
1095         No new tests needed.
1096
1097         * PlatformEfl.cmake: Moved Linux files and include dir to Linux.cmake.
1098         * PlatformGTK.cmake: Ditto.
1099         * platform/Linux.cmake: Added.
1100
1101 2016-02-15  Csaba Osztrogonác  <ossy@webkit.org>
1102
1103         Fix the !(ENABLE(SVG_FONTS) || ENABLE(SVG_OTF_CONVERTER)) build after r196322
1104         https://bugs.webkit.org/show_bug.cgi?id=154104
1105
1106         Reviewed by Myles C. Maxfield.
1107
1108         * css/CSSFontFaceSource.cpp:
1109         (WebCore::CSSFontFaceSource::CSSFontFaceSource):
1110
1111 2016-02-14  Antti Koivisto  <antti@apple.com>
1112
1113         Add test for class change style invalidation optimization
1114         https://bugs.webkit.org/show_bug.cgi?id=154226
1115
1116         Reviewed by Myles Maxfield.
1117
1118         Test for https://trac.webkit.org/r196383
1119
1120         Add internals.styleChangeType function.
1121
1122         Test: fast/css/style-invalidation-class-change-descendants.html
1123
1124         * testing/Internals.cpp:
1125         (WebCore::Internals::nodeNeedsStyleRecalc):
1126         (WebCore::asString):
1127         (WebCore::Internals::styleChangeType):
1128         (WebCore::Internals::description):
1129         * testing/Internals.h:
1130         * testing/Internals.idl:
1131
1132 2016-02-14  Simon Fraser  <simon.fraser@apple.com>
1133
1134         [CSS Filters] When applying an SVG filter on a composited image using CSS the image is rendered without the filter
1135         https://bugs.webkit.org/show_bug.cgi?id=154108
1136
1137         Reviewed by Sam Weinig.
1138         
1139         When checking whether we can directly composite an image, we need to check for software-rendered
1140         filters.
1141
1142         Test: compositing/filters/simple-image-with-svg-filter.html
1143
1144         * rendering/RenderLayerBacking.cpp:
1145         (WebCore::RenderLayerBacking::isDirectlyCompositedImage):
1146
1147 2016-02-14  Chris Dumez  <cdumez@apple.com>
1148
1149         Drop the [EventTarget] WebKit-specific IDL extended attribute
1150         https://bugs.webkit.org/show_bug.cgi?id=154171
1151
1152         Reviewed by Sam Weinig.
1153
1154         Drop the [EventTarget] WebKit-specific IDL extended attribute now that
1155         all interfaces inherit EventTarget when they should.
1156
1157         No new tests, no Web-Exposed behavior change.
1158
1159         * Modules/battery/BatteryManager.idl:
1160         * Modules/encryptedmedia/MediaKeySession.idl:
1161         * Modules/indexeddb/IDBDatabase.idl:
1162         * Modules/indexeddb/IDBOpenDBRequest.idl:
1163         * Modules/indexeddb/IDBRequest.idl:
1164         * Modules/indexeddb/IDBTransaction.idl:
1165         * Modules/mediasession/MediaRemoteControls.idl:
1166         * Modules/mediasource/MediaSource.idl:
1167         * Modules/mediasource/SourceBuffer.idl:
1168         * Modules/mediasource/SourceBufferList.idl:
1169         * Modules/mediastream/MediaStream.idl:
1170         * Modules/mediastream/MediaStreamTrack.idl:
1171         * Modules/mediastream/RTCDTMFSender.idl:
1172         * Modules/mediastream/RTCDataChannel.idl:
1173         * Modules/mediastream/RTCPeerConnection.idl:
1174         * Modules/notifications/Notification.idl:
1175         * Modules/speech/SpeechSynthesisUtterance.idl:
1176         * Modules/webaudio/AudioContext.idl:
1177         * Modules/webaudio/AudioNode.idl:
1178         * Modules/webaudio/OfflineAudioContext.idl:
1179         * Modules/websockets/WebSocket.idl:
1180         * bindings/scripts/CodeGeneratorGObject.pm:
1181         (ImplementsInterface):
1182         (SkipFunction): Deleted.
1183         (GenerateCFile): Deleted.
1184         * bindings/scripts/CodeGeneratorJS.pm:
1185         (InstanceNeedsVisitChildren):
1186         (GenerateImplementation):
1187         * bindings/scripts/IDLAttributes.txt:
1188         * bindings/scripts/test/TestEventTarget.idl:
1189         * bindings/scripts/test/TestNode.idl:
1190         * css/FontLoader.idl:
1191         * dom/EventTarget.idl:
1192         * dom/MessagePort.idl:
1193         * dom/Node.idl:
1194         * dom/WebKitNamedFlow.idl:
1195         * fileapi/FileReader.idl:
1196         * html/MediaController.idl:
1197         * html/track/AudioTrackList.idl:
1198         * html/track/TextTrack.idl:
1199         * html/track/TextTrackCue.idl:
1200         * html/track/TextTrackList.idl:
1201         * html/track/VideoTrackList.idl:
1202         * loader/appcache/DOMApplicationCache.idl:
1203         * page/DOMWindow.idl:
1204         * page/EventSource.idl:
1205         * page/Performance.idl:
1206         * workers/WorkerGlobalScope.idl:
1207         * xml/XMLHttpRequest.idl:
1208         * xml/XMLHttpRequestUpload.idl:
1209
1210 2016-02-14  Chris Dumez  <cdumez@apple.com>
1211
1212         Unreviewed attempt to fix the Mac CMake build after r196136
1213
1214         * PlatformMac.cmake:
1215
1216 2016-02-14  Chris Dumez  <cdumez@apple.com>
1217
1218         Unreviewed attempt to fix the Windows build.
1219
1220         * Modules/webdatabase/Database.cpp:
1221         * bridge/c/c_utility.cpp:
1222         * platform/MemoryPressureHandler.cpp:
1223
1224 2016-02-14  Chris Dumez  <cdumez@apple.com>
1225
1226         Window and WorkerGlobalScope should inherit EventTarget
1227         https://bugs.webkit.org/show_bug.cgi?id=154170
1228         <rdar://problem/24642377>
1229
1230         Reviewed by Darin Adler.
1231
1232         Window and WorkerGlobalScope should inherit EventTarget instead of
1233         duplicating the EventTarget API in their IDL. These were the last
1234         interfaces that needed fixing. The next step will be to get rid
1235         of the [EventTarget] IDL extended attribute and rely entirely
1236         on the EventTarget inheritance.
1237
1238         Test:
1239         - fast/frames/detached-frame-eventListener.html
1240         - Covered by existing tests.
1241
1242         * WebCore.xcodeproj/project.pbxproj:
1243         Add JSEventTargetCustom.h header to the project.
1244
1245         * bindings/js/JSDOMWindowCustom.cpp:
1246         Drop custom bindings for Window's addEventListener() and
1247         removeEventListener(). The only reason these needed custom
1248         code was to add a check for frameless windows. The frameless
1249         Window checks was moved to the respective methods in the
1250         JSEventTarget generated bindings.
1251
1252         * bindings/js/JSDOMWindowShell.cpp:
1253         (WebCore::JSDOMWindowShell::setWindow):
1254         Set WindowPrototype's prototype to EventTarget's prototype.
1255
1256         * bindings/js/JSDOMWindowShell.h:
1257         * bindings/js/JSDictionary.cpp:
1258         Include "DOMWindow.h" to fix the build.
1259
1260         * bindings/js/JSEventTargetCustom.cpp:
1261         (WebCore::JSEventTarget::toWrapped):
1262         Handle DOMWindow and WorkerGlobalScope explicitely in toWrapped()
1263         and get rid of the DOM_EVENT_TARGET_INTERFACES_FOR_EACH(TRY_TO_UNWRAP_WITH_INTERFACE)
1264         now that all interfaces inherit EventTarget when they should.
1265         The reason DOMWindow and WorkerGlobalScope still need special
1266         handling is because their wrappers (JSDOMWindow /
1267         JSWorkerGlobalScope) do not subclass JSEventTarget.
1268
1269         (WebCore::JSEventTargetOrGlobalScope::create):
1270         * bindings/js/JSEventTargetCustom.h: Added.
1271         (WebCore::JSEventTargetOrGlobalScope::wrapped):
1272         (WebCore::JSEventTargetOrGlobalScope::operator JSC::JSObject&):
1273         (WebCore::JSEventTargetOrGlobalScope::JSEventTargetOrGlobalScope):
1274         Add a wrapper type for JSEventTarget / JSDOMWindow and
1275         JSWorkerGlobalScope for use in the generated bindings. This is
1276         needed because JSDOMWindow and JSWorkerGlobalScope do not
1277         subclass JSEventTarget. Subclassing JSEventTarget would be
1278         complicated for them because they already subclass
1279         JSDOMWindowBase / JSWorkerGlobalScopeBase, which subclasses
1280         JSDOMGlobalObject.
1281
1282         * bindings/js/WorkerScriptController.cpp:
1283         (WebCore::WorkerScriptController::initScript):
1284         Set WorkerGlobalScopePrototype's prototype to EventTarget's prototype.
1285
1286         * bindings/scripts/CodeGeneratorJS.pm:
1287         (ShouldGenerateToJSDeclaration):
1288         Do not generate to toJS() implementation for interfaces that use
1289         the [CustomProxyToJSObject] IDL extended attribute, even if they
1290         inherit EventTarget.
1291
1292         (GetCastingHelperForThisObject):
1293         To initialize castedThis from thisValue JSValue, we now use the
1294         JSEventTargetOrGlobalScope wrapper for the EventTarget
1295         implementation. This is to work around the fact that JSDOMWindow
1296         and JSWorkerGlobalScope do not subclass JSEventTarget.
1297
1298         (GenerateFunctionCastedThis):
1299         - Drop code handling [WorkerGlobalScope] IDL extended attribute
1300           as there is no such attribute.
1301         - Use auto instead of auto* type for castedThis because
1302           JSEventTargetOrGlobalScope::create() returns a unique_ptr.
1303         - Do not check that castedThis inherits JSEventTarget in the
1304           EventTarget bindings code as this no longer holds true.
1305
1306         (GenerateImplementation):
1307         Generate frameless window() and security checks for EventTarget
1308         methods when thisValue is a JSDOMWindow.
1309
1310         * dom/EventTarget.idl:
1311         Add [JSCustomHeader] IDL Extended attribute as we need a header
1312         to expose JSEventTargetOrGlobalScope class.
1313
1314         * page/DOMWindow.idl:
1315         * workers/WorkerGlobalScope.idl:
1316         Inherit EventTarget and stop duplicating the EventTarget API.
1317         This matches the HTML specification.
1318
1319 2016-02-14  Darin Adler  <darin@apple.com>
1320
1321         Small tweaks to some SimpleLineLayout code
1322         https://bugs.webkit.org/show_bug.cgi?id=154229
1323
1324         Reviewed by Zalan Bujtas.
1325
1326         * rendering/SimpleLineLayoutFunctions.cpp:
1327         (WebCore::SimpleLineLayout::paintFlow): Use std::ceil instead of ceilf.
1328         Use auto instead of const auto& for a for loop where the local object is
1329         copied and not a reference.
1330         (WebCore::SimpleLineLayout::hitTestFlow): Use modern for loop.
1331         (WebCore::SimpleLineLayout::collectFlowOverflow): Use std::ceil instead of
1332         ceilf. Use a modern for loop, and use slightly more descriptive local
1333         variable names.
1334         (WebCore::SimpleLineLayout::computeBoundingBox): Use auto instead of
1335         const auto& as above.
1336         (WebCore::SimpleLineLayout::computeFirstRunLocation): Use auto and use
1337         the name "range" for the range rather than the name "it", since the range
1338         is not an iterator.
1339         (WebCore::SimpleLineLayout::collectAbsoluteRects): Use auto instead of
1340         const auto& as above.
1341         (WebCore::SimpleLineLayout::collectAbsoluteQuads): Ditto.
1342         (WebCore::SimpleLineLayout::showLineLayoutForFlow): Use modern for loop.
1343
1344         * rendering/SimpleLineLayoutResolver.cpp:
1345         (WebCore::SimpleLineLayout::RunResolver::Run::text): Convert from a String
1346         to a StringView using the StringView constructor instead of writing out
1347         explicit 8-bit and 16-bit cases.
1348
1349 2016-02-13  Antti Koivisto  <antti@apple.com>
1350
1351         Factor class change style invalidation code into a class
1352         https://bugs.webkit.org/show_bug.cgi?id=154163
1353
1354         Reviewed by Andreas Kling.
1355
1356         Factor this piece of functionality out of Element and into ClassChangeInvalidation class.
1357
1358         * CMakeLists.txt:
1359         * WebCore.vcxproj/WebCore.vcxproj:
1360         * WebCore.xcodeproj/project.pbxproj:
1361         * dom/Element.cpp:
1362         (WebCore::classStringHasClassName):
1363         (WebCore::Element::classAttributeChanged):
1364         (WebCore::collectClasses): Deleted.
1365         (WebCore::computeClassChange): Deleted.
1366         (WebCore::invalidateStyleForClassChange): Deleted.
1367         * style/ClassChangeInvalidation.cpp: Added.
1368         (WebCore::Style::ClassChangeInvalidation::computeClassChange):
1369         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
1370         * style/ClassChangeInvalidation.h: Added.
1371         (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
1372         (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
1373         (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
1374
1375 2016-02-13  Myles C. Maxfield  <mmaxfield@apple.com>
1376
1377         [Win] [SVG -> OTF Converter] SVG fonts drawn into ImageBuffers are invisible
1378         https://bugs.webkit.org/show_bug.cgi?id=154222
1379
1380         Reviewed by Antti Koivisto.
1381
1382         Windows ImageBuffer code is sensitive to broken bounding box and
1383         descent code.
1384
1385         Covered by existing tests.
1386
1387         * svg/SVGToOTFFontConversion.cpp:
1388         (WebCore::SVGToOTFFontConverter::appendHHEATable):
1389         (WebCore::SVGToOTFFontConverter::appendOS2Table):
1390         (WebCore::SVGToOTFFontConverter::processGlyphElement):
1391         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
1392
1393 2016-02-13  Antti Koivisto  <antti@apple.com>
1394
1395         Add version number for default stylesheet
1396         https://bugs.webkit.org/show_bug.cgi?id=154220
1397
1398         Reviewed by Ryosuke Niwa.
1399
1400         We currently fail to update RuleFeatureSets for shadow trees when the default stylesheet grows
1401         (for example when media controls stylesheet is initialized).
1402
1403         No test since this is not causing known bugs. It is blocking optimizations in shadow trees that
1404         rely on rule features being up-to-date.
1405
1406         * css/CSSDefaultStyleSheets.cpp:
1407         (WebCore::CSSDefaultStyleSheets::loadSimpleDefaultStyle):
1408         (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):
1409
1410             Increment version number when the default stylesheet changes.
1411
1412         * css/CSSDefaultStyleSheets.h:
1413         * css/DocumentRuleSets.cpp:
1414         (WebCore::DocumentRuleSets::appendAuthorStyleSheets):
1415         (WebCore::DocumentRuleSets::collectFeatures):
1416
1417             Store the current default stylesheet version number.
1418
1419         * css/DocumentRuleSets.h:
1420         (WebCore::DocumentRuleSets::features):
1421
1422             Collect features again if the default stylesheet has changed.
1423
1424         * css/StyleResolver.cpp:
1425         (WebCore::StyleResolver::styleForElement):
1426
1427 2016-02-13  Konstantin Tokarev  <annulen@yandex.ru>
1428
1429         [cmake] Consolidate building of GStreamer and OpenWebRTC code.
1430         https://bugs.webkit.org/show_bug.cgi?id=154116
1431
1432         Reviewed by Michael Catanzaro.
1433
1434         No new tests needed.
1435
1436         * PlatformEfl.cmake: Migrated shared code to GStreamer.cmake.
1437         * PlatformGTK.cmake: Ditto.
1438         * platform/GStreamer.cmake: Added.
1439
1440 2016-02-13  Mark Lam  <mark.lam@apple.com>
1441
1442         Add thread violation checks to WebView public APIs.
1443         https://bugs.webkit.org/show_bug.cgi?id=154183
1444
1445         Reviewed by Timothy Hatcher.
1446
1447         No new tests.  Just adding a new thread violation round.
1448
1449         * platform/ThreadCheck.h:
1450         * platform/mac/ThreadCheck.mm:
1451         - Adding WebCoreThreadViolationCheckRoundThree().
1452
1453 2016-02-12  Nan Wang  <n_wang@apple.com>
1454
1455         AX: Implement paragraph related text marker functions using TextIterator
1456         https://bugs.webkit.org/show_bug.cgi?id=154098
1457         <rdar://problem/24269675>
1458
1459         Reviewed by Chris Fleizach.
1460
1461         Using CharacterOffset to implement paragraph related text marker calls. Reused
1462         logic from VisibleUnits class. And refactored textMarkerForCharacterOffset method
1463         to get better performance. Also fixed an issue where we can't navigate through a text
1464         node with line breaks in it using next/previousCharacterOffset call.
1465
1466         Test: accessibility/mac/text-marker-paragraph-nav.html
1467
1468         * accessibility/AXObjectCache.cpp:
1469         (WebCore::AXObjectCache::traverseToOffsetInRange):
1470         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
1471         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
1472         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
1473         (WebCore::AXObjectCache::textMarkerDataForNextCharacterOffset):
1474         (WebCore::AXObjectCache::textMarkerDataForPreviousCharacterOffset):
1475         (WebCore::AXObjectCache::nextNode):
1476         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
1477         (WebCore::AXObjectCache::nextCharacterOffset):
1478         (WebCore::AXObjectCache::previousCharacterOffset):
1479         (WebCore::startWordBoundary):
1480         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
1481         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
1482         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
1483         (WebCore::AXObjectCache::previousWordBoundary):
1484         (WebCore::AXObjectCache::startCharacterOffsetOfParagraph):
1485         (WebCore::AXObjectCache::endCharacterOffsetOfParagraph):
1486         (WebCore::AXObjectCache::paragraphForCharacterOffset):
1487         (WebCore::AXObjectCache::nextParagraphEndCharacterOffset):
1488         (WebCore::AXObjectCache::previousParagraphStartCharacterOffset):
1489         (WebCore::AXObjectCache::rootAXEditableElement):
1490         * accessibility/AXObjectCache.h:
1491         (WebCore::CharacterOffset::remaining):
1492         (WebCore::CharacterOffset::isNull):
1493         (WebCore::CharacterOffset::isEqual):
1494         (WebCore::AXObjectCache::isNodeInUse):
1495         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
1496         (+[WebAccessibilityTextMarker textMarkerWithCharacterOffset:cache:]):
1497         (-[WebAccessibilityObjectWrapper nextMarkerForCharacterOffset:]):
1498         (-[WebAccessibilityObjectWrapper previousMarkerForCharacterOffset:]):
1499         (-[WebAccessibilityObjectWrapper rangeForTextMarkers:]):
1500         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
1501         (startOrEndTextmarkerForRange):
1502         (nextTextMarkerForCharacterOffset):
1503         (previousTextMarkerForCharacterOffset):
1504         (-[WebAccessibilityObjectWrapper nextTextMarkerForCharacterOffset:]):
1505         (-[WebAccessibilityObjectWrapper previousTextMarkerForCharacterOffset:]):
1506         (-[WebAccessibilityObjectWrapper textMarkerForCharacterOffset:]):
1507         (textMarkerForCharacterOffset):
1508         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
1509         (-[WebAccessibilityObjectWrapper nextTextMarkerForNode:offset:]): Deleted.
1510         (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]): Deleted.
1511         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]): Deleted.
1512         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]): Deleted.
1513         * editing/VisibleUnits.cpp:
1514         (WebCore::nextSentencePosition):
1515         (WebCore::findStartOfParagraph):
1516         (WebCore::findEndOfParagraph):
1517         (WebCore::startOfParagraph):
1518         (WebCore::endOfParagraph):
1519         * editing/VisibleUnits.h:
1520
1521 2016-02-12  Ryan Haddad  <ryanhaddad@apple.com>
1522
1523         Reset results for bindings tests after r196520
1524
1525         Unreviewed test gardening.
1526
1527         No new tests needed.
1528
1529         * bindings/scripts/test/GObject/WebKitDOMTestEventTarget.cpp:
1530         (webkit_dom_test_event_target_dispatch_event):
1531         * bindings/scripts/test/GObject/WebKitDOMTestNode.cpp:
1532         (webkit_dom_test_node_dispatch_event):
1533
1534 2016-02-12  Saam barati  <sbarati@apple.com>
1535
1536         Attempting build fix from https://bugs.webkit.org/show_bug.cgi?id=154144.
1537
1538         * bindings/js/JSDOMGlobalObject.cpp:
1539         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
1540
1541 2016-02-12  Daniel Bates  <dabates@apple.com>
1542
1543         CSP: 'blob:' URLs should not match 'self' in CSP source expression lists.
1544         https://bugs.webkit.org/show_bug.cgi?id=153158
1545         <rdar://problem/24383264>
1546
1547         Reviewed by Brent Fulgham.
1548
1549         A blob URL should not match source 'self' by section Security Considerations for GUID URL schemes
1550         of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/CSP2/> (21 July 2015).
1551
1552         Tests: http/tests/security/contentSecurityPolicy/blob-url-does-not-match-source-self.html
1553                http/tests/security/contentSecurityPolicy/blob-url-matches-source-blob.html
1554
1555         * page/csp/ContentSecurityPolicySourceList.cpp:
1556         (WebCore::ContentSecurityPolicySourceList::matches): Do not make a distinction between URLs that
1557         contain a nested URL (e.g. blob://http://www.example.com/...) and URLs that do not contain a nested
1558         URL. The URL of the requested resource should be matched against the source list source expressions.
1559
1560 2016-02-12  Daniel Bates  <dabates@apple.com>
1561
1562         CSP: Implement child-src directive
1563         https://bugs.webkit.org/show_bug.cgi?id=153562
1564         <rdar://problem/24610087>
1565
1566         Reviewed by Brent Fulgham.
1567
1568         Add support for the child-src directive, <https://w3c.github.io/webappsec-csp/2/#child_src> (29 August 2015),
1569         which formally replaces the deprecated frame-src directive as of the Content Security Policy 2.0 spec. The
1570         child-src directive was first introduced in the Content Security Policy 1.1 spec, <https://www.w3.org/TR/2014/WD-CSP11-20140211/>.
1571
1572         As a side effect of this change, the script URL for a Web Worker is checked against the child-src directive
1573         as opposed to the script-src directive. This is a backward incompatible change from the CSP 1.0 spec.
1574
1575         Tests: http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-blocked.html
1576                http/tests/security/contentSecurityPolicy/1.1/child-src/frame-fires-load-event-when-redirect-blocked.html
1577                http/tests/security/contentSecurityPolicy/1.1/child-src/frame-src-takes-precedence-over-child-src.html
1578                http/tests/security/contentSecurityPolicy/1.1/child-src/worker-redirect-blocked.html
1579                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-redirect.html
1580
1581         * loader/DocumentThreadableLoader.cpp:
1582         (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Check child-src directive (if applicable).
1583         * loader/ThreadableLoader.h: Add enum value EnforceChildSrcDirective to enum class ContentSecurityPolicyEnforcement to
1584         enforce the child-src directive on redirect.
1585         * page/csp/ContentSecurityPolicy.cpp:
1586         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Added.
1587         * page/csp/ContentSecurityPolicy.h:
1588         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
1589         (WebCore::ContentSecurityPolicyDirectiveList::checkSourceAndReportViolation): Add message prefix for a child-src violation.
1590         We use the same message prefix as used by Blink.
1591         (WebCore::ContentSecurityPolicyDirectiveList::allowChildContextFromSource): Added.
1592         (WebCore::ContentSecurityPolicyDirectiveList::allowChildFrameFromSource): Modified to check the frame-src
1593         directive (if specified) before checking the child-src directive by <https://w3c.github.io/webappsec-csp/2/#directive-child-src-nested>.
1594         (WebCore::ContentSecurityPolicyDirectiveList::addDirective): Parse the child-src directive.
1595         * page/csp/ContentSecurityPolicyDirectiveList.h:
1596         * workers/AbstractWorker.cpp:
1597         (WebCore::AbstractWorker::resolveURL): Check if the script URL for the worker is allowed by the child-src directive
1598         as opposed to the script-src directive. This is a backwards incompatible change from the CSP 1.0 spec.
1599         * workers/Worker.cpp:
1600         (WebCore::Worker::create): Enforce the child-src directive on redirects (if applicable).
1601
1602 2016-02-12  Saam barati  <sbarati@apple.com>
1603
1604         The parser doesn't properly protect against global variable references in builtins
1605         https://bugs.webkit.org/show_bug.cgi?id=154144
1606
1607         Reviewed by Geoffrey Garen.
1608
1609         Change JS builtins to no longer reference global variables.
1610
1611         No new tests because old tests cover the issues here.
1612
1613         * Modules/mediastream/NavigatorUserMedia.js:
1614         (webkitGetUserMedia):
1615         * Modules/mediastream/RTCPeerConnection.js:
1616         (addIceCandidate):
1617         (getStats):
1618         * Modules/mediastream/RTCPeerConnectionInternals.js:
1619         (setLocalOrRemoteDescription):
1620         * Modules/plugins/QuickTimePluginReplacement.js:
1621         (Replacement.prototype.handleEvent):
1622         * Modules/streams/ByteLengthQueuingStrategy.js:
1623         (initializeByteLengthQueuingStrategy):
1624         * Modules/streams/CountQueuingStrategy.js:
1625         (initializeCountQueuingStrategy):
1626         * Modules/streams/ReadableStreamInternals.js:
1627         (teeReadableStream):
1628         * bindings/js/JSDOMGlobalObject.cpp:
1629         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
1630         * bindings/js/WebCoreBuiltinNames.h:
1631
1632 2016-02-12  Jiewen Tan  <jiewen_tan@apple.com>
1633
1634         WebKit should expose the DOM 4 Event.isTrusted property
1635         https://bugs.webkit.org/show_bug.cgi?id=76121
1636         <rdar://problem/22558494>
1637
1638         Reviewed by Darin Adler.
1639
1640         Implements Event.isTrusted. The implementation here is slitely different from and better than
1641         the DOM specification. Here Event.isTrusted will be initialized differently depending on the
1642         callers of the constructors/create methods. If the caller is from user agent, the isTrusted
1643         will be true. Otherwise, it will be false. Since a user agent dispatched event can be catched
1644         and re-initialized/redispatched by the bindings, the flag will be unset at *Event::init*Event
1645         and EventTarget::dispatchEventForBindings. As currently there is no way to let user agent to
1646         dispatch a bindings created event, therefore we ensure that the Event.isTrusted is set for
1647         events dispatched by user agent, and unset for those by bindings.
1648
1649         EventTarget::dispatchEvent(Event*, ExceptionCode&) is renamed to EventTarget::dispatchEventForBindings
1650         in this patch as well. So that, together with the improved design of the API, developers in
1651         the future will be less likely using a wrong dispatchEvent method and setting Event.isTrusted
1652         incorrectly comparing to the DOM design.
1653
1654         After this patch, all events that are created by user agent should be dispatched by
1655         EventTarget::dispatchEvent, and those are created by bindings should be dispatched by
1656         EventTarget::dispatchEventForBindings.
1657
1658         Some of the changes in this patch referred Blink r198996:
1659         https://codereview.chromium.org/1241613004
1660
1661         Test: imported/blink/fast/events/event-trusted.html
1662
1663         * bindings/scripts/CodeGeneratorGObject.pm:
1664         (GenerateEventTargetIface):
1665         * dom/Event.cpp:
1666         (WebCore::Event::Event):
1667         (WebCore::Event::initEvent):
1668         * dom/Event.h:
1669         (WebCore::Event::isTrusted):
1670         (WebCore::Event::setUntrusted):
1671         * dom/Event.idl:
1672         * dom/EventTarget.cpp:
1673         (WebCore::EventTarget::dispatchEventForBindings):
1674         (WebCore::EventTarget::dispatchEvent): Deleted.
1675         * dom/EventTarget.h:
1676         * dom/EventTarget.idl:
1677         * page/DOMWindow.idl:
1678         * page/EventHandler.cpp:
1679         (WebCore::EventHandler::dispatchDragEvent):
1680         * workers/WorkerGlobalScope.idl:
1681
1682 2016-02-12  Brady Eidson  <beidson@apple.com>
1683
1684         Modern IDB: IDBObjectStore and IDBIndex need to be ActiveDOMObjects.
1685         https://bugs.webkit.org/show_bug.cgi?id=154153
1686
1687         Reviewed by Alex Christensen.
1688
1689         No new tests (No testable change in behavior).
1690
1691         This is needed so that IDBObjectStore and IDBIndex JS wrappers are not garbage collected
1692         while their IDBTransaction is still in progress.
1693
1694         * Modules/indexeddb/client/IDBIndexImpl.cpp:
1695         (WebCore::IDBClient::IDBIndex::IDBIndex):
1696         (WebCore::IDBClient::IDBIndex::activeDOMObjectName):
1697         (WebCore::IDBClient::IDBIndex::canSuspendForDocumentSuspension):
1698         (WebCore::IDBClient::IDBIndex::hasPendingActivity):
1699         * Modules/indexeddb/client/IDBIndexImpl.h:
1700         
1701         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
1702         (WebCore::IDBClient::IDBObjectStore::create):
1703         (WebCore::IDBClient::IDBObjectStore::IDBObjectStore):
1704         (WebCore::IDBClient::IDBObjectStore::activeDOMObjectName):
1705         (WebCore::IDBClient::IDBObjectStore::canSuspendForDocumentSuspension):
1706         (WebCore::IDBClient::IDBObjectStore::hasPendingActivity):
1707         (WebCore::IDBClient::IDBObjectStore::index):
1708         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
1709         
1710         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
1711         (WebCore::IDBClient::IDBTransaction::objectStore):
1712         (WebCore::IDBClient::IDBTransaction::createObjectStore):
1713         (WebCore::IDBClient::IDBTransaction::createIndex):
1714
1715 2016-02-12  Brady Eidson  <beidson@apple.com>
1716
1717         Modern IDB: Simplify the relationship between IDBObjectStore and IDBIndex.
1718         https://bugs.webkit.org/show_bug.cgi?id=154187
1719
1720         Reviewed by Alex Christensen.
1721
1722         Tests: storage/indexeddb/modern/deleteindex-3-private.html
1723                storage/indexeddb/modern/deleteindex-3.html
1724
1725         Instead of allowing IDBIndex to have two different lifecycle modes, it is now always
1726         owned by an IDBObjectStore.
1727         
1728         To support the case where an IDBIndex is deleted from its IDBObjectStore, the object
1729         store simply hangs on to deleted indexes until it is destroyed itself.
1730         
1731         * Modules/indexeddb/client/IDBIndexImpl.cpp:
1732         (WebCore::IDBClient::IDBIndex::markAsDeleted):
1733         (WebCore::IDBClient::IDBIndex::ref):
1734         (WebCore::IDBClient::IDBIndex::deref):
1735         * Modules/indexeddb/client/IDBIndexImpl.h:
1736         
1737         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
1738         (WebCore::IDBClient::IDBObjectStore::deleteIndex):
1739         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
1740
1741 2016-02-12  Myles C. Maxfield  <mmaxfield@apple.com>
1742
1743         [CSS Font Loading] Implement CSSFontFace Boilerplate
1744         https://bugs.webkit.org/show_bug.cgi?id=154145
1745
1746         Reviewed by Dean Jackson.
1747
1748         The CSS Font Loading spec[1] dictates that the FontFace object needs to have string
1749         accessors and mutators for a bunch of properties. Our CSSFontFace object currently
1750         contains this parsed information, but it isn't accessible via string-based methods.
1751         This patch adds the necessary accessors and mutators, and migrates CSSFontSelector
1752         to use these mutators where necessary.
1753
1754         There is more work to come on CSSFontFace; the next step is to create an .idl file
1755         and hook it up to our CSSFontFace object. In this patch I have left some
1756         unimplemented pieces (for example: where the spec dictates that some operation should
1757         throw a JavaScript exception) which will be implemented in a follow-up patch. This
1758         patch does not have any visible behavior change; I'm separating out the boilerplate
1759         into this patch in order to ease reviewing burden.
1760
1761         This patch separates the externally-facing JavaScript API into a new class, FontFace.
1762         This class owns a CSSFontFace, which provides the backing implementation. There will
1763         be a system of shared ownership of these objects once FontFaceSet is implemented.
1764
1765         No new tests because there is no behavior change.
1766
1767         * CMakeLists.txt: Add new files to CMake builds.
1768         * WebCore.vcxproj/WebCore.vcxproj: Ditto for Windows.
1769         * WebCore.vcxproj/WebCore.vcxproj.filters: Ditto.
1770         * WebCore.xcodeproj/project.pbxproj: Ditto for Cocoa.
1771         * css/CSSAllInOne.cpp: Ditto for All-In-One builds.
1772         * css/CSSFontFace.cpp: Move shared code from CSSFontSelector into CSSFontFace.
1773         (WebCore::CSSFontFace::CSSFontFace):
1774         (WebCore::CSSFontFace::~CSSFontFace):
1775         (WebCore::CSSFontFace::setFamilies):
1776         (WebCore::CSSFontFace::setStyle):
1777         (WebCore::CSSFontFace::setWeight):
1778         (WebCore::CSSFontFace::setUnicodeRange):
1779         (WebCore::CSSFontFace::setVariantLigatures):
1780         (WebCore::CSSFontFace::setVariantPosition):
1781         (WebCore::CSSFontFace::setVariantCaps):
1782         (WebCore::CSSFontFace::setVariantNumeric):
1783         (WebCore::CSSFontFace::setVariantAlternates):
1784         (WebCore::CSSFontFace::setVariantEastAsian):
1785         (WebCore::CSSFontFace::setFeatureSettings):
1786         * css/CSSFontFace.h: Clean up.
1787         (WebCore::CSSFontFace::create):
1788         (WebCore::CSSFontFace::families):
1789         (WebCore::CSSFontFace::traitsMask):
1790         (WebCore::CSSFontFace::featureSettings):
1791         (WebCore::CSSFontFace::variantSettings):
1792         (WebCore::CSSFontFace::setVariantSettings):
1793         (WebCore::CSSFontFace::setTraitsMask):
1794         (WebCore::CSSFontFace::isLocalFallback):
1795         (WebCore::CSSFontFace::addRange): Deleted.
1796         (WebCore::CSSFontFace::insertFeature): Deleted.
1797         (WebCore::CSSFontFace::setVariantCommonLigatures): Deleted.
1798         (WebCore::CSSFontFace::setVariantDiscretionaryLigatures): Deleted.
1799         (WebCore::CSSFontFace::setVariantHistoricalLigatures): Deleted.
1800         (WebCore::CSSFontFace::setVariantContextualAlternates): Deleted.
1801         (WebCore::CSSFontFace::setVariantPosition): Deleted.
1802         (WebCore::CSSFontFace::setVariantCaps): Deleted.
1803         (WebCore::CSSFontFace::setVariantNumericFigure): Deleted.
1804         (WebCore::CSSFontFace::setVariantNumericSpacing): Deleted.
1805         (WebCore::CSSFontFace::setVariantNumericFraction): Deleted.
1806         (WebCore::CSSFontFace::setVariantNumericOrdinal): Deleted.
1807         (WebCore::CSSFontFace::setVariantNumericSlashedZero): Deleted.
1808         (WebCore::CSSFontFace::setVariantAlternates): Deleted.
1809         (WebCore::CSSFontFace::setVariantEastAsianVariant): Deleted.
1810         (WebCore::CSSFontFace::setVariantEastAsianWidth): Deleted.
1811         (WebCore::CSSFontFace::setVariantEastAsianRuby): Deleted.
1812         (WebCore::CSSFontFace::CSSFontFace): Deleted.
1813         * css/CSSFontSelector.cpp: Migrate shared code into CSSFontFace, and udpate
1814         to use the new API.
1815         (WebCore::appendSources):
1816         (WebCore::registerLocalFontFacesForFamily):
1817         (WebCore::CSSFontSelector::addFontFaceRule):
1818         (WebCore::computeTraitsMask): Deleted.
1819         (WebCore::createFontFace): Deleted.
1820         * css/FontFace.cpp: Added. External JavaScript API. Owns a CSSFontFace.
1821         (WebCore::FontFace::FontFace):
1822         (WebCore::FontFace::~FontFace):
1823         (WebCore::parseString):
1824         (WebCore::FontFace::setFamily):
1825         (WebCore::FontFace::setStyle):
1826         (WebCore::FontFace::setWeight):
1827         (WebCore::FontFace::setStretch):
1828         (WebCore::FontFace::setUnicodeRange):
1829         (WebCore::FontFace::setVariant):
1830         (WebCore::FontFace::setFeatureSettings):
1831         (WebCore::FontFace::family):
1832         (WebCore::FontFace::style):
1833         (WebCore::FontFace::weight):
1834         (WebCore::FontFace::stretch):
1835         (WebCore::FontFace::unicodeRange):
1836         (WebCore::FontFace::variant):
1837         (WebCore::FontFace::featureSettings):
1838         * css/FontFace.h: Added. Ditto.
1839         (WebCore::FontFace::create):
1840         * css/FontVariantBuilder.cpp: Added. Moved code here from FontVariantBuilder.h.
1841         Refactored to support a new client (CSSFontFace).
1842         (WebCore::extractFontVariantLigatures):
1843         (WebCore::extractFontVariantNumeric):
1844         (WebCore::extractFontVariantEastAsian):
1845         (WebCore::computeFontVariant):
1846         * css/FontVariantBuilder.h: Moved code from here into FontVariantBuilder.cpp.
1847         (WebCore::applyValueFontVariantLigatures): Deleted.
1848         (WebCore::applyValueFontVariantNumeric): Deleted.
1849         (WebCore::applyValueFontVariantEastAsian): Deleted.
1850         * css/StyleBuilderCustom.h: Update for new FontVariantBuilder API.
1851         (WebCore::StyleBuilderCustom::applyValueFontVariantLigatures):
1852         (WebCore::StyleBuilderCustom::applyValueFontVariantNumeric):
1853         (WebCore::StyleBuilderCustom::applyValueFontVariantEastAsian):
1854         * platform/text/TextFlags.h: Provide convenience classes.
1855         (WebCore::FontVariantLigaturesValues::FontVariantLigaturesValues):
1856         (WebCore::FontVariantNumericValues::FontVariantNumericValues):
1857         (WebCore::FontVariantEastAsianValues::FontVariantEastAsianValues):
1858
1859 2016-02-12  Jer Noble  <jer.noble@apple.com>
1860
1861         Build fix after r196506; publish MediaResourceLoader.h as a private header so it can be used by
1862         TestWebKitAPI.
1863
1864         * WebCore.xcodeproj/project.pbxproj:
1865
1866 2016-02-11  Jer Noble  <jer.noble@apple.com>
1867
1868         [Mac] Adopt MediaResourceLoader (instead of CachedResourceLoader) in WebCoreNSURLSession.
1869         https://bugs.webkit.org/show_bug.cgi?id=154136
1870
1871         Reviewed by Alex Christensen.
1872
1873         MediaResourceLoader already supports using CORS attribute to verify CORS access requirements
1874         when loading media resources, so use it, rather than CachedResourceLoader, as the backing for
1875         WebCoreNSURLSession.
1876
1877         * platform/network/cocoa/WebCoreNSURLSession.h:
1878         * platform/network/cocoa/WebCoreNSURLSession.mm:
1879         (-[WebCoreNSURLSession delegateQueue]):
1880         (-[WebCoreNSURLSession streamTaskWithNetService:]):
1881         (-[WebCoreNSURLSession isKindOfClass:]):
1882         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):
1883         (-[WebCoreNSURLSessionDataTask _restart]):
1884         (-[WebCoreNSURLSessionDataTask _cancel]):
1885         (-[WebCoreNSURLSessionDataTask resume]):
1886         (-[WebCoreNSURLSessionDataTask _timingData]):
1887         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
1888         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
1889         (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Deleted.
1890         (-[WebCoreNSURLSession loader]): Deleted.
1891         (WebCore::WebCoreNSURLSessionDataTaskClient::dataSent): Deleted.
1892         (WebCore::WebCoreNSURLSessionDataTaskClient::responseReceived): Deleted.
1893         (WebCore::WebCoreNSURLSessionDataTaskClient::dataReceived): Deleted.
1894         (WebCore::WebCoreNSURLSessionDataTaskClient::redirectReceived): Deleted.
1895         (WebCore::WebCoreNSURLSessionDataTaskClient::notifyFinished): Deleted.
1896         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]): Deleted.
1897         (-[WebCoreNSURLSessionDataTask _finish]): Deleted.
1898         (-[WebCoreNSURLSessionDataTask _setDefersLoading:]): Deleted.
1899         (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]): Deleted.
1900         (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]): Deleted.
1901         (-[WebCoreNSURLSessionDataTask resourceFinished:]): Deleted.
1902         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
1903         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
1904
1905 2016-02-12  Alex Christensen  <achristensen@webkit.org>
1906
1907         Fix non-internal builds when using NetworkSession
1908         https://bugs.webkit.org/show_bug.cgi?id=152285
1909
1910         * platform/spi/cf/CFNetworkSPI.h:
1911         Add SPI declaration used in r194156.
1912
1913 2016-02-12  Andreas Kling  <akling@apple.com>
1914
1915         Throw out all live resource decoded data on memory pressure / suspension.
1916         <https://webkit.org/b/154176>
1917
1918         Reviewed by Antti Koivisto.
1919
1920         When pruning live resource decoded data from the memory cache,
1921         we normally avoid pruning anything that's been painted in the last second.
1922         This is an optimization to avoid getting into image decoding loops.
1923
1924         For memory pressure / process suspension scenarios this doesn't really
1925         make sense though:
1926
1927             - In the pressure case, if we have to render again soon it'll likely
1928               be a new GIF frame which we have to decode anyway.
1929
1930             - In the process suspension case, we might *never* render again,
1931               so we should be good citizens and drop all the decoded data we can.
1932
1933         This patch makes us drop all the decoded data, recently painted or not.
1934
1935         * platform/MemoryPressureHandler.cpp:
1936         (WebCore::MemoryPressureHandler::releaseCriticalMemory):
1937
1938 2016-02-12  Gavin Barraclough  <barraclough@apple.com>
1939
1940         Separate out !allowsAccess path in JSDOMWindowCustom getOwnPropertySlot
1941         https://bugs.webkit.org/show_bug.cgi?id=154156
1942
1943         Reviewed by Chris Dumez.
1944
1945         JSDOMWindowCustom getOwnPropertySlot currently allows cross-origin access to all
1946         static properties, relying on the property to perform the access check. This is
1947         a little insecure, since it is error prone - someone could easily add a property
1948         to the static table without realizing it would be automatcially exposed.
1949
1950         Instead, add a hard-coded filter to restrict access. As a future implementation
1951         we might consider autogenerating this (the properties are already tagged in IDL,
1952         we might be able to track this in a flag on the static table).
1953
1954         By separating out the handling of the same- and cross-origin access we can
1955         simplify & make the policy being enforced much clearer.
1956
1957         * bindings/js/JSDOMBinding.cpp:
1958         (WebCore::objectToStringFunctionGetter): Deleted.
1959             - removed objectToStringFunctionGetter - this duplicated functionality of
1960               nonCachingStaticFunctionGetter.
1961         * bindings/js/JSDOMBinding.h:
1962         (WebCore::objectToStringFunctionGetter): Deleted.
1963             - removed objectToStringFunctionGetter - this duplicated functionality of
1964               nonCachingStaticFunctionGetter.
1965         * bindings/js/JSDOMWindowCustom.cpp:
1966         (WebCore::jsDOMWindowGetOwnPropertySlotDisallowAccess):
1967             - explicitly handle providing access to only the things we do want to allow cross-origin.
1968         (WebCore::JSDOMWindow::getOwnPropertySlot):
1969         (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
1970             - push all !allowsAccess handling to jsDOMWindowGetOwnPropertySlotDisallowAccess
1971         (WebCore::childFrameGetter): Deleted.
1972             - this was just a deoptimiztion - moving access into a callback saved very
1973               little & caused more work to be duplicated.
1974
1975 2016-02-12  Sukolsak Sakshuwong  <sukolsak@gmail.com>
1976
1977         Update ICU header files to version 52
1978         https://bugs.webkit.org/show_bug.cgi?id=154160
1979
1980         Reviewed by Alex Christensen.
1981
1982         Update ICU header files to version 52 to allow the use of newer APIs.
1983
1984         No new tests because there is no behavior change.
1985
1986         * icu/unicode/bytestream.h:
1987         * icu/unicode/chariter.h:
1988         * icu/unicode/localpointer.h:
1989         * icu/unicode/platform.h:
1990         * icu/unicode/ptypes.h:
1991         * icu/unicode/putil.h:
1992         * icu/unicode/rep.h:
1993         (Replaceable::Replaceable):
1994         * icu/unicode/std_string.h:
1995         * icu/unicode/strenum.h:
1996         * icu/unicode/stringpiece.h:
1997         * icu/unicode/ubrk.h:
1998         * icu/unicode/uchar.h:
1999         * icu/unicode/ucnv.h:
2000         * icu/unicode/ucol.h:
2001         * icu/unicode/ucoleitr.h:
2002         * icu/unicode/uconfig.h:
2003         * icu/unicode/ucsdet.h:
2004         * icu/unicode/uenum.h:
2005         * icu/unicode/uidna.h:
2006         * icu/unicode/uiter.h:
2007         * icu/unicode/uloc.h:
2008         * icu/unicode/umachine.h:
2009         * icu/unicode/unistr.h:
2010         (UnicodeString::UnicodeString):
2011         (UnicodeString::operator== ):
2012         (UnicodeString::startsWith):
2013         (UnicodeString::setTo):
2014         (UnicodeString::remove):
2015         (UnicodeString::replace): Deleted.
2016         (UnicodeString::extract): Deleted.
2017         (UnicodeString::char32At): Deleted.
2018         (UnicodeString::getChar32Start): Deleted.
2019         (UnicodeString::getChar32Limit): Deleted.
2020         (UnicodeString::getTerminatedBuffer): Deleted.
2021         (UnicodeString::append): Deleted.
2022         (UnicodeString::truncate): Deleted.
2023         * icu/unicode/unorm2.h:
2024         * icu/unicode/uobject.h:
2025         * icu/unicode/urename.h:
2026         * icu/unicode/uscript.h:
2027         * icu/unicode/usearch.h:
2028         * icu/unicode/uset.h:
2029         * icu/unicode/ushape.h:
2030         * icu/unicode/ustring.h:
2031         * icu/unicode/utext.h:
2032         * icu/unicode/utf.h:
2033         * icu/unicode/utf16.h:
2034         * icu/unicode/utf8.h:
2035         * icu/unicode/utf_old.h:
2036         * icu/unicode/utypes.h:
2037         * icu/unicode/uvernum.h:
2038         * icu/unicode/uversion.h:
2039
2040 2016-02-12  Andreas Kling  <akling@apple.com>
2041
2042         [Mac] BitmapImage::decodedDataIsPurgeable() is telling lies and causing massive memory usage.
2043         <https://webkit.org/b/154172>
2044
2045         Reviewed by Antti Koivisto.
2046
2047         The underlying mechanism in CoreAnimation that made this work is no longer in place.
2048
2049         Instead of keeping purgeable frames and juggling volatility bits, we were simply caching
2050         every single frame of large GIF animations, sometimes leading to monstrous memory usage.
2051
2052         Remove the code from WebCore since it's not doing at all what it means to.
2053
2054         Now iOS and Mac will behave the same again, and frame caching decisions will be
2055         made by WebKit, based on total pixel byte size.
2056
2057         * loader/cache/CachedImage.h:
2058         * loader/cache/CachedResource.h:
2059         (WebCore::CachedResource::decodedDataIsPurgeable): Deleted.
2060         * loader/cache/MemoryCache.cpp:
2061         (WebCore::MemoryCache::pruneLiveResourcesToSize): Deleted.
2062         * platform/graphics/BitmapImage.cpp:
2063         (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
2064         (WebCore::BitmapImage::destroyDecodedDataIfNecessary): Deleted.
2065         * platform/graphics/BitmapImage.h:
2066         * platform/graphics/Image.h:
2067         (WebCore::Image::decodedDataIsPurgeable): Deleted.
2068         * platform/graphics/cg/BitmapImageCG.cpp:
2069         (WebCore::BitmapImage::decodedDataIsPurgeable): Deleted.
2070         * platform/graphics/cg/ImageSourceCG.cpp:
2071         (WebCore::ImageSource::createFrameAtIndex): Deleted.
2072
2073 2016-02-12  Brady Eidson  <beidson@apple.com>
2074
2075         Modern IDB: Ref cycle between IDBObjectStore and IDBIndex.
2076         https://bugs.webkit.org/show_bug.cgi?id=154110
2077
2078         Reviewed by Darin Adler.
2079
2080         No new tests (Currently untestable).
2081
2082         The lifetime of IDBObjectStore and IDBIndex are closely intertwined, but we have to break the ref cycle.
2083         
2084         This patch does a few semi-gnarly things:
2085         1 - Makes both IDBIndex and IDBObjectStore have a custom marking function so they can add each other as 
2086             opaque roots.
2087         2 - Adds a lock to protect IDBObjectStore's collection of referenced indexes to support #1, as GC marking
2088             can happen on any thread.
2089         3 - Makes IDBIndex not be traditionally RefCounted; Instead, IDBIndex::ref()/deref() simply ref()/deref()
2090             the owning IDBObjectStore.
2091         4 - ...Except when somebody deletes an IDBIndex from its IDBObjectStore. Once that happens, the object
2092             store no longer has a reference back to the index, but the index still needs a reference back to the
2093             object store. To support this, the IDBIndex becomes "traditionally RefCounted" while holding a ref to
2094             its IDBObjectStore.
2095
2096         * CMakeLists.txt:
2097         * WebCore.xcodeproj/project.pbxproj:
2098
2099         * Modules/indexeddb/IDBIndex.h:
2100         (WebCore::IDBIndex::isModern):
2101         * Modules/indexeddb/IDBIndex.idl:
2102         
2103         * Modules/indexeddb/IDBObjectStore.h:
2104         (WebCore::IDBObjectStore::isModern):
2105         * Modules/indexeddb/IDBObjectStore.idl:
2106         
2107         * Modules/indexeddb/client/IDBIndexImpl.cpp:
2108         (WebCore::IDBClient::IDBIndex::objectStore):
2109         (WebCore::IDBClient::IDBIndex::openCursor):
2110         (WebCore::IDBClient::IDBIndex::doCount):
2111         (WebCore::IDBClient::IDBIndex::openKeyCursor):
2112         (WebCore::IDBClient::IDBIndex::doGet):
2113         (WebCore::IDBClient::IDBIndex::doGetKey):
2114         (WebCore::IDBClient::IDBIndex::markAsDeleted):
2115         (WebCore::IDBClient::IDBIndex::ref):
2116         (WebCore::IDBClient::IDBIndex::deref):
2117         (WebCore::IDBClient::IDBIndex::create): Deleted.
2118         * Modules/indexeddb/client/IDBIndexImpl.h:
2119         (WebCore::IDBClient::IDBIndex::modernObjectStore):
2120         
2121         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
2122         (WebCore::IDBClient::IDBObjectStore::createIndex):
2123         (WebCore::IDBClient::IDBObjectStore::index):
2124         (WebCore::IDBClient::IDBObjectStore::deleteIndex):
2125         (WebCore::IDBClient::IDBObjectStore::visitReferencedIndexes):
2126         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
2127         
2128         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
2129         (WebCore::IDBClient::IDBTransaction::createIndex):
2130         * Modules/indexeddb/client/IDBTransactionImpl.h:
2131         
2132         * Modules/indexeddb/legacy/LegacyIndex.cpp:
2133         (WebCore::LegacyIndex::ref):
2134         (WebCore::LegacyIndex::deref):
2135         * Modules/indexeddb/legacy/LegacyIndex.h:
2136         
2137         * bindings/js/JSIDBIndexCustom.cpp: Added.
2138         (WebCore::JSIDBIndex::visitAdditionalChildren):
2139         
2140         * bindings/js/JSIDBObjectStoreCustom.cpp:
2141         (WebCore::JSIDBObjectStore::visitAdditionalChildren):
2142
2143 2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>
2144
2145         [EFL][GTK] Fix ENABLE(SVG_OTF_CONVERTER) build
2146         https://bugs.webkit.org/show_bug.cgi?id=154165
2147
2148         Reviewed by Alex Christensen.
2149
2150         * CMakeLists.txt:
2151         * css/CSSFontFaceSource.cpp:
2152         (WebCore::CSSFontFaceSource::font):
2153         * svg/SVGToOTFFontConversion.cpp:
2154         * svg/SVGToOTFFontConversion.h:
2155
2156 2016-02-12  Chris Dumez  <cdumez@apple.com>
2157
2158         Unreviewed nit fixes after r196466.
2159
2160         * Modules/speech/SpeechSynthesisUtterance.idl: Fix curly bracket
2161           placement.
2162         * bindings/scripts/CodeGeneratorJS.pm:
2163         (GenerateHeader): Use wrappableObject instead of domObject.
2164         * bindings/scripts/test/*: Rebaseline.
2165         * dom/WebKitNamedFlow.idl: Drop unnecessary #if case.
2166
2167 2016-02-12  Carlos Garcia Campos  <cgarcia@igalia.com>
2168
2169         [GTK] Properly handle classes inheriting from EventTarget
2170         https://bugs.webkit.org/show_bug.cgi?id=154158
2171
2172         Reviewed by Michael Catanzaro.
2173
2174         Instead of removing its parent we now handle the case of classes
2175         having EventTarget as parent to make them implement the interface
2176         instead.
2177
2178         * bindings/scripts/CodeGeneratorGObject.pm:
2179         (ShouldBeExposedAsInterface): Whether the parent given class
2180         should be exposed as an interface instead of a parent class.
2181         (GetParentClassName): Return Object as parent for classes having
2182         a parent that should be exposed as an interface.
2183         (GetParentImplClassName): Ditto.
2184         (GetBaseClass): Ditto.
2185         (GetParentGObjType): Ditto.
2186         (SkipFunction): Add FIXME comment.
2187         (ImplementsInterface): Helper function to check if a class
2188         implements the given interface.
2189         (GenerateCFile): Check whether the class implements EventTarget to
2190         generate the interface implementation.
2191         (GenerateInterface): Do not remove the parent class when it's EventTarget.
2192
2193 2016-02-12  Commit Queue  <commit-queue@webkit.org>
2194
2195         Unreviewed, rolling out r196470.
2196         https://bugs.webkit.org/show_bug.cgi?id=154167
2197
2198         Broke some tests (Requested by anttik on #webkit).
2199
2200         Reverted changeset:
2201
2202         "Factor class change style invalidation code into a class"
2203         https://bugs.webkit.org/show_bug.cgi?id=154163
2204         http://trac.webkit.org/changeset/196470
2205
2206 2016-02-12  Antti Koivisto  <antti@apple.com>
2207
2208         Factor class change style invalidation code into a class
2209         https://bugs.webkit.org/show_bug.cgi?id=154163
2210
2211         Reviewed by Andreas Kling.
2212
2213         Factor this piece of functionality out of Element and into ClassChangeInvalidation class.
2214
2215         * CMakeLists.txt:
2216         * WebCore.vcxproj/WebCore.vcxproj:
2217         * WebCore.xcodeproj/project.pbxproj:
2218         * dom/Element.cpp:
2219         (WebCore::classStringHasClassName):
2220         (WebCore::Element::classAttributeChanged):
2221         (WebCore::collectClasses): Deleted.
2222         (WebCore::computeClassChange): Deleted.
2223         (WebCore::invalidateStyleForClassChange): Deleted.
2224         * style/ClassChangeInvalidation.cpp: Added.
2225         (WebCore::Style::ClassChangeInvalidation::computeClassChange):
2226         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
2227         * style/ClassChangeInvalidation.h: Added.
2228         (WebCore::Style::ClassChangeInvalidation::needsInvalidation):
2229         (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
2230         (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
2231
2232 2016-02-12  Csaba Osztrogonác  <ossy@webkit.org>
2233
2234         GCC buildfix in Source/WebCore/svg/SVGToOTFFontConversion.cpp
2235         https://bugs.webkit.org/show_bug.cgi?id=154162
2236
2237         Reviewed by Andreas Kling.
2238
2239         * svg/SVGToOTFFontConversion.cpp:
2240         (WebCore::SVGToOTFFontConverter::finishAppendingKERNSubtable):
2241
2242 2016-02-12  Andreas Kling  <akling@apple.com>
2243
2244         Don't invalidate the FontCache on memory pressure.
2245         <https://webkit.org/b/154161>
2246
2247         Reviewed by Antti Koivisto.
2248
2249         Invalidating the FontCache does more harm than good:
2250
2251             - Anything that's still in the cache at this point is also
2252               referenced outside the cache, thus will not actually get deleted.
2253
2254             - Future deduplication will fail, leading to more objects.
2255
2256             - The global FontCache generation gets bumped, causing future style
2257               recalcs to be less efficient and breaking style sharing.
2258
2259             - All FontSelector invalidation callbacks will fire, potentially
2260               causing forced full-document style recalcs.
2261
2262         In fact, the only win from invalidating the FontCache comes from some
2263         minor shrinkage in the containers that make up the cache itself.
2264
2265         * platform/MemoryPressureHandler.cpp:
2266         (WebCore::MemoryPressureHandler::releaseCriticalMemory): Deleted.
2267
2268 2016-02-11  Chris Dumez  <cdumez@apple.com>
2269
2270         [Web IDL] interfaces should inherit EventTarget instead of duplicating the EventTarget API
2271         https://bugs.webkit.org/show_bug.cgi?id=154121
2272         <rdar://problem/24613234>
2273
2274         Reviewed by Gavin Barraclough.
2275
2276         Interfaces should inherit EventTarget instead of duplicating the
2277         EventTarget API in their IDL. Not only the duplication is ugly and
2278         error-prone, but this also does not match the specifications and
2279         have subtle web-exposed differences.
2280
2281         This patch takes care of all interfaces except for DOMWindow and
2282         WorkerGlobalScope. Those will be updated in the follow-up patch
2283         as they will require a little bit more work and testing.
2284
2285         We should also be able to get rid of the [EventTarget] WebKit IDL
2286         attribute in a follow-up.
2287
2288         No new tests, already covered by existing tests.
2289
2290         * Modules/battery/BatteryManager.idl:
2291         * Modules/encryptedmedia/MediaKeySession.idl:
2292         * Modules/indexeddb/IDBDatabase.h:
2293         * Modules/indexeddb/IDBDatabase.idl:
2294         * Modules/indexeddb/IDBRequest.h:
2295         * Modules/indexeddb/IDBRequest.idl:
2296         * Modules/indexeddb/IDBTransaction.h:
2297         * Modules/indexeddb/IDBTransaction.idl:
2298         * Modules/mediasession/MediaRemoteControls.idl:
2299         * Modules/mediasource/MediaSource.h:
2300         * Modules/mediasource/MediaSource.idl:
2301         * Modules/mediasource/SourceBuffer.h:
2302         * Modules/mediasource/SourceBuffer.idl:
2303         * Modules/mediasource/SourceBufferList.h:
2304         * Modules/mediasource/SourceBufferList.idl:
2305         * Modules/mediastream/MediaStream.h:
2306         * Modules/mediastream/MediaStream.idl:
2307         * Modules/mediastream/MediaStreamTrack.h:
2308         * Modules/mediastream/MediaStreamTrack.idl:
2309         * Modules/mediastream/RTCDTMFSender.h:
2310         * Modules/mediastream/RTCDTMFSender.idl:
2311         * Modules/mediastream/RTCDataChannel.h:
2312         * Modules/mediastream/RTCDataChannel.idl:
2313         * Modules/mediastream/RTCPeerConnection.h:
2314         * Modules/mediastream/RTCPeerConnection.idl:
2315         * Modules/notifications/Notification.idl:
2316         * Modules/speech/SpeechSynthesisUtterance.idl:
2317         * Modules/webaudio/AudioContext.idl:
2318         * Modules/webaudio/AudioNode.idl:
2319         * Modules/websockets/WebSocket.idl:
2320         * css/FontLoader.idl:
2321         * dom/EventTarget.h:
2322         * dom/MessagePort.idl:
2323         * dom/Node.h:
2324         * dom/Node.idl:
2325         * dom/WebKitNamedFlow.idl:
2326         * fileapi/FileReader.idl:
2327         * html/MediaController.idl:
2328         * html/track/AudioTrackList.idl:
2329         * html/track/TextTrack.idl:
2330         * html/track/TextTrackCue.idl:
2331         * html/track/TextTrackList.idl:
2332         * html/track/VideoTrackList.idl:
2333         * loader/appcache/DOMApplicationCache.h:
2334         * loader/appcache/DOMApplicationCache.idl:
2335         * page/EventSource.idl:
2336         * page/Performance.h:
2337         * page/Performance.idl:
2338         * workers/Worker.idl:
2339         * xml/XMLHttpRequest.h:
2340         * xml/XMLHttpRequest.idl:
2341         * xml/XMLHttpRequestUpload.idl:
2342         - Drop hardcoded EventTarget operations and inherit EventTarget instead.
2343         - Drop JSGenerateToNativeObject / JSGenerateToJSObject IDL extended
2344           attributes for interfaces inheriting the EventTarget interface as
2345           the bindings generator now does this automatically for us.
2346         - On native side, have EventTarget subclass ScriptWrappable instead of
2347           each of its subclasses doing so. The issue was that
2348           EventTargetOwner::finalize() was calling uncacheWrapper() with an
2349           EventTarget*, which would not clear inlined cached wrapped (see
2350           clearInlineCachedWrapper()) because EventTarget did not subclass
2351           ScriptWrappable. However, cacheWrapper() is called is a specific
2352           subtype pointer (e.g. Node*) and we would decide to create an
2353           inline cached wrapper because Node subclassed ScriptWrappable
2354           (as well as EventTarget).
2355
2356         * WebCore.xcodeproj/project.pbxproj:
2357         Export JSEventTarget.h as private header to fix the build.
2358
2359         * bindings/js/JSDOMBinding.h:
2360         (WebCore::wrapperKey):
2361         (WebCore::getCachedWrapper):
2362         (WebCore::cacheWrapper):
2363         (WebCore::uncacheWrapper):
2364         Use new wrapperKey() function that is generated for each bindings
2365         class that also has wrapperOwner(). This is used instead of the
2366         C cast to void* in order to cast to the base wrapped type to fix
2367         issues with multiple inheritance. The issue was that cacheWrapper()
2368         was getting called with a DOM object subtype pointer (e.g.
2369         AudioContext*) but uncacheWrapper() was getting called with a base
2370         wrapped type pointer (e.g. EventTarget*). Most of our DOM classes
2371         use multiple inheritance and thus the pointer values (used as keys
2372         in the weak map) may differ.
2373
2374         * bindings/js/JSTrackCustom.cpp:
2375         (WebCore::toJS):
2376         Call CREATE_DOM_WRAPPER() with an actual wrapped type (e.g. AudioTrack)
2377         instead of TrackBase type. TrackBase does not have corresponding
2378         generated bindings and therefore does not have a wrapperKey()
2379         function.
2380
2381         * bindings/scripts/CodeGeneratorJS.pm:
2382         (ShouldGenerateToWrapped):
2383         (ShouldGenerateToJSDeclaration):
2384         (GenerateHeader):
2385         - Generate a wrapperKey() utility function along-side wrapperOwner()
2386           to help cast to the base wrapped type.
2387         - Generate toWrapped() / toJS() utility functions for interfaces
2388           that inherit EventTarget as those are required by our
2389           implementation and this avoids having to explicitly have them in
2390           the IDL.
2391
2392         * bindings/scripts/test/*:
2393         Rebaseline bindings tests.
2394
2395 2016-02-11  Brent Fulgham  <bfulgham@apple.com>
2396
2397         Optimize texture-complete checks
2398         https://bugs.webkit.org/show_bug.cgi?id=98308
2399
2400         Reviewed by Dean Jackson.
2401
2402         No new tests: No change in behavior.
2403
2404         * html/canvas/WebGLRenderingContextBase.cpp:
2405         (WebCore::WebGLRenderingContextBase::initializeNewContext): Initially consider all
2406         textures as suspect.
2407         (WebCore::WebGLRenderingContextBase::extensions): New helper function.
2408         (WebCore::WebGLRenderingContextBase::reshape): Mark textures as invalid when appropriate.
2409         (WebCore::WebGLRenderingContextBase::bindTexture): Identify invalid textures and mark
2410         them for later fix-up. Likewise, remove 'known good' textures from the fix-up pass.
2411         (WebCore::WebGLRenderingContextBase::deleteTexture): Remove instances of the deleted texture
2412         from our set of invalid textures.
2413         (WebCore::WebGLRenderingContextBase::checkTextureCompleteness): Only iterate through
2414         the 'bad' textures, rather than checking every single texture.
2415         * html/canvas/WebGLRenderingContextBase.h:
2416
2417 2016-02-11  Alex Christensen  <achristensen@webkit.org>
2418
2419         Assert that IDBTransaction::transitionedToFinishing transitions to finishing.
2420         https://bugs.webkit.org/show_bug.cgi?id=154061
2421
2422         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
2423         (WebCore::IDBClient::IDBTransaction::transitionedToFinishing):
2424         Added assertion that we are transitioning to a finished or finishing state, based on Darin's feedback.
2425
2426 2016-02-11  Enrica Casucci  <enrica@apple.com>
2427
2428         WebContent process crashes when performing data detection on content with existing data detector links.
2429         https://bugs.webkit.org/show_bug.cgi?id=154118
2430         rdar://problem/24511860
2431
2432         Reviewed by Tim Horton.
2433
2434         The DOM mutation caused by removing the existing links, can shift the range endpoints.
2435         We now save the range enpoints as positions so that we can recreate the ranges,
2436         if a DOM mutation occurred.
2437
2438         * editing/cocoa/DataDetection.mm:
2439         (WebCore::removeResultLinksFromAnchor):
2440         (WebCore::searchForLinkRemovingExistingDDLinks):
2441         (WebCore::DataDetection::detectContentInRange):
2442
2443 2016-02-11  Jer Noble  <jer.noble@apple.com>
2444
2445         Make MediaResourceLoader behave more like a CachedResourceLoader.
2446         https://bugs.webkit.org/show_bug.cgi?id=154117
2447
2448         Reviewed by Alex Christensen.
2449
2450         MediaResourceLoader currently can only handle a single request at a time. Split the class
2451         into two, MediaResourceLoader and MediaResource, effectively wrapping CachedResourceLoader
2452         and CachedRawResource respectively. With this devision, the same loader can be used to issue
2453         multiple simultaneous resource requests.
2454
2455         This necessecitates splitting PlatformMediaResource into two classes as well.  To simplify
2456         the HTMLMediaElement, MediaPlayer, and MediaPlayerClient APIs, do not require a client
2457         object when creating the loader; instead, the client is required to create the resource.
2458         This also matches the CachedRawResource API.
2459
2460         * html/HTMLMediaElement.cpp:
2461         (WebCore::HTMLMediaElement::mediaPlayerCreateResourceLoader): Remove the client parameter.
2462         * html/HTMLMediaElement.h:
2463         * loader/MediaResourceLoader.cpp:
2464         (WebCore::MediaResourceLoader::MediaResourceLoader):
2465         (WebCore::MediaResourceLoader::~MediaResourceLoader):
2466         (WebCore::MediaResourceLoader::requestResource): Renamed from start().
2467         (WebCore::MediaResourceLoader::removeResource): Remove resource from live resource list.
2468         (WebCore::MediaResource::create): Utility factory.
2469         (WebCore::MediaResource::MediaResource):
2470         (WebCore::MediaResource::~MediaResource):
2471         (WebCore::MediaResource::stop): Moved from MediaResourceLoader.
2472         (WebCore::MediaResource::setDefersLoading): Ditto.
2473         (WebCore::MediaResource::responseReceived): Ditto.
2474         (WebCore::MediaResource::redirectReceived): Ditto.
2475         (WebCore::MediaResource::dataSent): Ditto.
2476         (WebCore::MediaResource::dataReceived): Ditto.
2477         (WebCore::MediaResource::notifyFinished): Ditto.
2478         (WebCore::MediaResource::getOrCreateReadBuffer): Ditto.
2479         * loader/MediaResourceLoader.h:
2480         * platform/graphics/MediaPlayer.cpp:
2481         (WebCore::MediaPlayer::createResourceLoader):
2482         * platform/graphics/MediaPlayer.h:
2483         (WebCore::MediaPlayerClient::mediaPlayerCreateResourceLoader):
2484         * platform/graphics/PlatformMediaResourceLoader.h:
2485         (WebCore::PlatformMediaResourceClient::~PlatformMediaResourceClient): Renamed from PlatformMediaResourceLoaderClient.
2486         (WebCore::PlatformMediaResourceClient::responseReceived): Client methods now take a reference to the resource.
2487         (WebCore::PlatformMediaResourceClient::redirectReceived): Ditto.
2488         (WebCore::PlatformMediaResourceClient::dataSent): Ditto. 
2489         (WebCore::PlatformMediaResourceClient::dataReceived): Ditto.
2490         (WebCore::PlatformMediaResourceClient::accessControlCheckFailed): Ditto.
2491         (WebCore::PlatformMediaResourceClient::loadFailed): Ditto.
2492         (WebCore::PlatformMediaResourceClient::loadFinished): Ditto.
2493         (WebCore::PlatformMediaResourceClient::getOrCreateReadBuffer): Ditto.
2494         (WebCore::PlatformMediaResourceLoader::PlatformMediaResourceLoader): Ditto.
2495         (WebCore::PlatformMediaResource::PlatformMediaResource): 
2496         (WebCore::PlatformMediaResource::~PlatformMediaResource): 
2497         (WebCore::PlatformMediaResource::setClient):
2498         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
2499         (webKitWebSrcStart):
2500         (webKitWebSrcNeedData):
2501         (webKitWebSrcEnoughData):
2502         (CachedResourceStreamingClient::getOrCreateReadBuffer):
2503         (CachedResourceStreamingClient::responseReceived):
2504         (CachedResourceStreamingClient::dataReceived):
2505         (CachedResourceStreamingClient::accessControlCheckFailed):
2506         (CachedResourceStreamingClient::loadFailed):
2507         (CachedResourceStreamingClient::loadFinished):
2508
2509 2016-02-11  Zalan Bujtas  <zalan@apple.com>
2510
2511         Subpixel rendering: Make focusring painting subpixel aware.
2512         https://bugs.webkit.org/show_bug.cgi?id=154111
2513
2514         Reviewed by David Hyatt.
2515
2516         Do not integral snap focusring rects while collecting them (use device pixel snapping instead
2517         right before passing them to GraphicsContext::drawFocusRing).
2518
2519         Unable to test.
2520
2521         * platform/graphics/GraphicsContext.h:
2522         * platform/graphics/displaylists/DisplayListItems.h:
2523         (WebCore::DisplayList::DrawFocusRingRects::create):
2524         (WebCore::DisplayList::DrawFocusRingRects::rects):
2525         (WebCore::DisplayList::DrawFocusRingRects::DrawFocusRingRects):
2526         * platform/graphics/displaylists/DisplayListRecorder.cpp:
2527         (WebCore::DisplayList::Recorder::drawFocusRing):
2528         * platform/graphics/displaylists/DisplayListRecorder.h:
2529         * platform/graphics/mac/GraphicsContextMac.mm:
2530         (WebCore::GraphicsContext::drawFocusRing):
2531         * rendering/RenderBlock.cpp:
2532         (WebCore::RenderBlock::addFocusRingRectsForInlineChildren):
2533         (WebCore::RenderBlock::addFocusRingRects):
2534         * rendering/RenderBlock.h:
2535         * rendering/RenderBlockFlow.cpp:
2536         (WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren):
2537         * rendering/RenderBlockFlow.h:
2538         * rendering/RenderBox.cpp:
2539         (WebCore::RenderBox::addFocusRingRects):
2540         * rendering/RenderBox.h:
2541         * rendering/RenderElement.cpp:
2542         (WebCore::RenderElement::paintFocusRing):
2543         (WebCore::RenderElement::issueRepaintForOutlineAuto):
2544         * rendering/RenderInline.cpp:
2545         (WebCore::RenderInline::absoluteRects):
2546         (WebCore::RenderInline::addFocusRingRects):
2547         * rendering/RenderInline.h:
2548         * rendering/RenderListBox.cpp:
2549         (WebCore::RenderListBox::addFocusRingRects):
2550         * rendering/RenderListBox.h:
2551         * rendering/RenderObject.cpp:
2552         (WebCore::RenderObject::addPDFURLRect):
2553         (WebCore::RenderObject::absoluteFocusRingQuads):
2554         * rendering/RenderObject.h:
2555         (WebCore::RenderObject::addFocusRingRects):
2556         * rendering/RenderTextControl.cpp:
2557         (WebCore::RenderTextControl::addFocusRingRects):
2558         * rendering/RenderTextControl.h:
2559         * rendering/svg/RenderSVGContainer.cpp:
2560         (WebCore::RenderSVGContainer::addFocusRingRects):
2561         * rendering/svg/RenderSVGContainer.h:
2562         * rendering/svg/RenderSVGImage.cpp:
2563         (WebCore::RenderSVGImage::addFocusRingRects):
2564         * rendering/svg/RenderSVGImage.h:
2565         * rendering/svg/RenderSVGShape.cpp:
2566         (WebCore::RenderSVGShape::addFocusRingRects):
2567         * rendering/svg/RenderSVGShape.h:
2568
2569 2016-02-11  Myles C. Maxfield  <mmaxfield@apple.com>
2570
2571         Addressing post-review comments after r196393
2572
2573         Unreviewed.
2574
2575         * css/CSSFontSelector.cpp:
2576         (WebCore::CSSFontSelector::getFontFace):
2577         * css/CSSSegmentedFontFace.h:
2578
2579 2016-02-11  Antti Koivisto  <antti@apple.com>
2580
2581         Rename Element::style() to Element::cssomStyle()
2582         https://bugs.webkit.org/show_bug.cgi?id=154107
2583
2584         Reviewed by Alex Christensen.
2585
2586         It implements the IDL "style" attribute that returns a CSSOM object.
2587         Inside WebCore "style" generally refers to a RenderStyle.
2588
2589         * dom/Element.cpp:
2590         (WebCore::Element::hasAttributeNS):
2591         (WebCore::Element::cssomStyle):
2592         (WebCore::Element::focus):
2593         (WebCore::Element::style): Deleted.
2594         * dom/Element.h:
2595         (WebCore::Element::tagQName):
2596         * dom/Element.idl:
2597         * dom/StyledElement.cpp:
2598         (WebCore::StyledElement::~StyledElement):
2599         (WebCore::StyledElement::cssomStyle):
2600         (WebCore::StyledElement::style): Deleted.
2601         * dom/StyledElement.h:
2602         (WebCore::StyledElement::synchronizeStyleAttributeInternal):
2603         (WebCore::StyledElement::collectStyleForPresentationAttribute):
2604         * editing/Editor.cpp:
2605         (WebCore::Editor::applyEditingStyleToElement):
2606         * inspector/InspectorCSSAgent.cpp:
2607         (WebCore::InspectorCSSAgent::getMatchedStylesForNode):
2608         (WebCore::InspectorCSSAgent::getInlineStylesForNode):
2609         (WebCore::InspectorCSSAgent::asInspectorStyleSheet):
2610         * inspector/InspectorStyleSheet.cpp:
2611         (WebCore::InspectorStyleSheetForInlineStyle::didModifyElementAttribute):
2612         (WebCore::InspectorStyleSheetForInlineStyle::inlineStyle):
2613         (WebCore::InspectorStyleSheetForInlineStyle::elementStyleText):
2614         * svg/SVGElement.idl:
2615
2616 2016-02-11  Konstantin Tokarev  <annulen@yandex.ru>
2617
2618         [cmake] Consolidate TextureMapper file and include dir lists.
2619         https://bugs.webkit.org/show_bug.cgi?id=154106
2620
2621         Reviewed by Michael Catanzaro.
2622
2623         No new tests needed.
2624
2625         * CMakeLists.txt: Moved texmap include dir and source list to
2626         TextureMapper.cmake, removed non-existent include dir "filters/texmap".
2627         * PlatformEfl.cmake: Moved texmap and coordinatedgraphics include
2628         dirs and source list to TextureMapper.cmake.
2629         * PlatformGTK.cmake: Ditto, also removed non-existent include dir
2630         "texmap/threadedcompositor"
2631         * PlatformWinCairo.cmake: Moved texmap files to TextureMapper.cmake.
2632         * platform/TextureMapper.cmake: Added.
2633
2634 2016-02-11  Chris Dumez  <cdumez@apple.com>
2635
2636         Move 'length' property to the prototype
2637         https://bugs.webkit.org/show_bug.cgi?id=154051
2638         <rdar://problem/24577385>
2639
2640         Reviewed by Darin Adler.
2641
2642         Move 'length' property to the prototype, where it should be. We used to
2643         keep it on the instance because our implementation of
2644         getOwnPropertySlot() was wrong for interfaces with a named property
2645         getter. However, our implementation of getOwnPropertySlot() is now
2646         spec-compliant so this should be OK.
2647
2648         Moving 'length' to the prototype is also a little bit risky in terms of
2649         performance, especially for HTMLCollection / NodeList. However, I did
2650         not see an impact on realistic benchmarks like Speedometer and only saw
2651         a small impact (< 5%) on micro-benchmarks. I propose we make our behavior
2652         correct and monitor performance. If we see any benchmark we care about
2653         regress then we should try and optimize while keeping the attribute on
2654         the prototype.
2655
2656         No new tests, already covered by existing tests.
2657
2658         * bindings/js/JSDOMBinding.h:
2659         (WebCore::getStaticValueSlotEntryWithoutCaching):
2660         * bindings/js/JSHTMLDocumentCustom.cpp:
2661         (WebCore::JSHTMLDocument::getOwnPropertySlot):
2662         (WebCore::JSHTMLDocument::nameGetter): Deleted.
2663         * bindings/js/JSLocationCustom.cpp:
2664         (WebCore::JSLocation::putDelegate):
2665         * bindings/js/JSPluginElementFunctions.h:
2666         (WebCore::pluginElementCustomGetOwnPropertySlot):
2667         * bindings/js/JSStorageCustom.cpp:
2668         (WebCore::JSStorage::deleteProperty):
2669         (WebCore::JSStorage::deletePropertyByIndex):
2670         (WebCore::JSStorage::putDelegate):
2671         Leverage the new hasStaticPropertyTable static property in the
2672         generated bindings for performance.
2673
2674         * bindings/scripts/CodeGeneratorJS.pm:
2675         (GenerateHeader):
2676         Generate a "hasStaticPropertyTable" static const boolean property
2677         for each bindings class so we can check at build time if
2678         ClassInfo::staticPropHashTable is null.
2679
2680         (AttributeShouldBeOnInstance):
2681         Move "length" to the prototype.
2682
2683         * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
2684         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
2685         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
2686         * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
2687         * bindings/scripts/test/JS/JSTestEventConstructor.h:
2688         * bindings/scripts/test/JS/JSTestEventTarget.h:
2689         * bindings/scripts/test/JS/JSTestException.h:
2690         * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
2691         * bindings/scripts/test/JS/JSTestInterface.h:
2692         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
2693         * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
2694         * bindings/scripts/test/JS/JSTestNamedConstructor.h:
2695         * bindings/scripts/test/JS/JSTestNode.h:
2696         * bindings/scripts/test/JS/JSTestNondeterministic.h:
2697         * bindings/scripts/test/JS/JSTestObj.h:
2698         * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
2699         * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
2700         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
2701         * bindings/scripts/test/JS/JSTestTypedefs.h:
2702         * bindings/scripts/test/JS/JSattribute.h:
2703         * bindings/scripts/test/JS/JSreadonly.h:
2704         Rebaseline bindings tests.
2705
2706
2707 2016-02-11  Csaba Osztrogonác  <ossy@webkit.org>
2708
2709         Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
2710         https://bugs.webkit.org/show_bug.cgi?id=154035
2711
2712         Reviewed by Antti Koivisto.
2713
2714         Follow-up fix after r196365. Removed guards around slotNodeIndex.
2715
2716         * dom/ComposedTreeIterator.h:
2717         (WebCore::ComposedTreeIterator::Context::Context):
2718
2719 2016-02-10  Ryan Haddad  <ryanhaddad@apple.com>
2720
2721         Updating bindings test reference file for JSTestEventConstructor.cpp after r196400
2722
2723         Unreviewed test gardening.
2724
2725         No new tests needed.
2726
2727         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
2728         (WebCore::JSTestEventConstructorConstructor::construct):
2729
2730 2016-02-10  Eric Carlson  <eric.carlson@apple.com>
2731
2732         Update "manual" caption track logic
2733         https://bugs.webkit.org/show_bug.cgi?id=154084
2734         <rdar://problem/24530516>
2735
2736         Reviewed by Dean Jackson.
2737
2738         No new tests, media/track/track-manual-mode.html was updated.
2739
2740         * English.lproj/Localizable.strings: Add new string.
2741
2742         * html/HTMLMediaElement.cpp:
2743         (WebCore::HTMLMediaElement::addTextTrack): track.setManualSelectionMode is no more.
2744         (WebCore::HTMLMediaElement::configureTextTrackGroup): Never enable a track automatically when
2745           in manual selection mode.
2746         (WebCore::HTMLMediaElement::captionPreferencesChanged):  track.setManualSelectionMode is no more.
2747
2748         * html/track/TextTrack.cpp:
2749         (WebCore::TextTrack::containsOnlyForcedSubtitles): Return true for forced tracks.
2750         (WebCore::TextTrack::kind): Deleted.
2751         * html/track/TextTrack.h:
2752
2753         * html/track/TrackBase.h:
2754         (WebCore::TrackBase::kind): De-virtualize, nobody overrides it.
2755
2756         * page/CaptionUserPreferencesMediaAF.cpp:
2757         (WebCore::trackDisplayName): Include "forced" in the name of forced tracks.
2758
2759         * platform/LocalizedStrings.cpp:
2760         (WebCore::forcedTrackMenuItemText): New.
2761         * platform/LocalizedStrings.h:
2762
2763 2016-02-10  Jiewen Tan  <jiewen_tan@apple.com>
2764
2765         Rename *Event::create* which creates events for bindings to *Event::createForBindings* and cleanup corresponding paths
2766         https://bugs.webkit.org/show_bug.cgi?id=153903
2767         <rdar://problem/24518146>
2768
2769         Reviewed by Darin Adler.
2770
2771         Rename Event::create(const AtomicString&, const EventInit&) to Event::createForBindings
2772         (const AtomicString&, const EventInit&) and for all the subclasses as well in order to
2773         support Event.isTrusted. Besides, some of the subclasses use the create method for bindings
2774         to create events not for bindings and vice versa. Therefore, this patch also cleanup
2775         corresponding paths to ensure no misuse of the create mehtod. The same for Event::create()
2776         as it is combined with Event::initEvent to create an event for bindings for legacy content.
2777
2778         After this patch, all call sites of *Event::create* are supposed to use *Event::create
2779         to create events for user agent and *Event::createForBindings for bindings.
2780
2781         No change in behavior.
2782
2783         * Modules/airplay/WebKitPlaybackTargetAvailabilityEvent.h:
2784         (WebCore::WebKitPlaybackTargetAvailabilityEvent::create):
2785         (WebCore::WebKitPlaybackTargetAvailabilityEvent::createForBindings):
2786         (WebCore::WebKitPlaybackTargetAvailabilityEventInit::WebKitPlaybackTargetAvailabilityEventInit): Deleted.
2787         * Modules/encryptedmedia/MediaKeyMessageEvent.cpp:
2788         (WebCore::MediaKeyMessageEvent::MediaKeyMessageEvent):
2789         (WebCore::MediaKeyMessageEventInit::MediaKeyMessageEventInit): Deleted.
2790         * Modules/encryptedmedia/MediaKeyMessageEvent.h:
2791         (WebCore::MediaKeyMessageEvent::create):
2792         (WebCore::MediaKeyMessageEvent::createForBindings):
2793         * Modules/encryptedmedia/MediaKeyNeededEvent.cpp:
2794         (WebCore::MediaKeyNeededEvent::MediaKeyNeededEvent):
2795         (WebCore::MediaKeyNeededEventInit::MediaKeyNeededEventInit): Deleted.
2796         * Modules/encryptedmedia/MediaKeyNeededEvent.h:
2797         (WebCore::MediaKeyNeededEvent::create):
2798         (WebCore::MediaKeyNeededEvent::createForBindings):
2799         * Modules/encryptedmedia/MediaKeySession.cpp:
2800         (WebCore::MediaKeySession::sendMessage):
2801         * Modules/gamepad/GamepadEvent.h:
2802         (WebCore::GamepadEvent::create):
2803         (WebCore::GamepadEvent::createForBindings):
2804         (WebCore::GamepadEventInit::GamepadEventInit): Deleted.
2805         * Modules/indieui/UIRequestEvent.cpp:
2806         (WebCore::UIRequestEvent::createForBindings):
2807         (WebCore::UIRequestEvent::UIRequestEvent):
2808         (WebCore::UIRequestEventInit::UIRequestEventInit): Deleted.
2809         (WebCore::UIRequestEvent::create): Deleted.
2810         * Modules/indieui/UIRequestEvent.h:
2811         * Modules/mediastream/MediaStreamEvent.cpp:
2812         (WebCore::MediaStreamEvent::createForBindings):
2813         (WebCore::MediaStreamEventInit::MediaStreamEventInit): Deleted.
2814         (WebCore::MediaStreamEvent::create): Deleted.
2815         * Modules/mediastream/MediaStreamEvent.h:
2816         * Modules/mediastream/MediaStreamTrackEvent.cpp:
2817         (WebCore::MediaStreamTrackEvent::createForBindings):
2818         (WebCore::MediaStreamTrackEventInit::MediaStreamTrackEventInit): Deleted.
2819         (WebCore::MediaStreamTrackEvent::create): Deleted.
2820         * Modules/mediastream/MediaStreamTrackEvent.h:
2821         * Modules/mediastream/RTCDTMFToneChangeEvent.cpp:
2822         (WebCore::RTCDTMFToneChangeEvent::createForBindings):
2823         (WebCore::RTCDTMFToneChangeEvent::create): Deleted.
2824         * Modules/mediastream/RTCDTMFToneChangeEvent.h:
2825         * Modules/mediastream/RTCDataChannelEvent.cpp:
2826         (WebCore::RTCDataChannelEvent::createForBindings):
2827         (WebCore::RTCDataChannelEvent::create): Deleted.
2828         * Modules/mediastream/RTCDataChannelEvent.h:
2829         * Modules/mediastream/RTCIceCandidateEvent.cpp:
2830         (WebCore::RTCIceCandidateEvent::createForBindings):
2831         (WebCore::RTCIceCandidateEvent::create): Deleted.
2832         * Modules/mediastream/RTCIceCandidateEvent.h:
2833         * Modules/mediastream/RTCTrackEvent.cpp:
2834         (WebCore::RTCTrackEvent::createForBindings):
2835         (WebCore::RTCTrackEventInit::RTCTrackEventInit): Deleted.
2836         (WebCore::RTCTrackEvent::create): Deleted.
2837         * Modules/mediastream/RTCTrackEvent.h:
2838         * Modules/speech/SpeechSynthesisEvent.cpp:
2839         (WebCore::SpeechSynthesisEvent::createForBindings):
2840         (WebCore::SpeechSynthesisEvent::create):
2841         (WebCore::SpeechSynthesisEvent::SpeechSynthesisEvent):
2842         * Modules/speech/SpeechSynthesisEvent.h:
2843         * Modules/webaudio/AudioProcessingEvent.cpp:
2844         (WebCore::AudioProcessingEvent::create): Deleted.
2845         * Modules/webaudio/AudioProcessingEvent.h:
2846         (WebCore::AudioProcessingEvent::create):
2847         (WebCore::AudioProcessingEvent::createForBindings):
2848         * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
2849         (WebCore::OfflineAudioCompletionEvent::createForBindings):
2850         (WebCore::OfflineAudioCompletionEvent::create): Deleted.
2851         * Modules/webaudio/OfflineAudioCompletionEvent.h:
2852         * Modules/websockets/CloseEvent.h:
2853         (WebCore::CloseEvent::create):
2854         (WebCore::CloseEvent::createForBindings):
2855         (WebCore::CloseEvent::CloseEvent):
2856         (WebCore::CloseEventInit::CloseEventInit): Deleted.
2857         * bindings/objc/DOM.mm:
2858         (-[DOMNode nextFocusNode]):
2859         (-[DOMNode previousFocusNode]):
2860         * bindings/scripts/CodeGeneratorJS.pm:
2861         (GenerateConstructorDefinition):
2862         * dom/AnimationEvent.cpp:
2863         (WebCore::AnimationEventInit::AnimationEventInit): Deleted.
2864         * dom/AnimationEvent.h:
2865         * dom/BeforeLoadEvent.h:
2866         (WebCore::BeforeLoadEventInit::BeforeLoadEventInit): Deleted.
2867         * dom/ClipboardEvent.h:
2868         * dom/CompositionEvent.cpp:
2869         (WebCore::CompositionEventInit::CompositionEventInit): Deleted.
2870         * dom/CompositionEvent.h:
2871         * dom/CustomEvent.cpp:
2872         (WebCore::CustomEventInit::CustomEventInit): Deleted.
2873         * dom/CustomEvent.h:
2874         * dom/DeviceMotionEvent.h:
2875         * dom/DeviceOrientationEvent.h:
2876         * dom/Document.cpp:
2877         (WebCore::Document::createEvent):
2878         * dom/Element.cpp:
2879         (WebCore::Element::dispatchMouseEvent):
2880         * dom/ErrorEvent.cpp:
2881         (WebCore::ErrorEventInit::ErrorEventInit): Deleted.
2882         * dom/ErrorEvent.h:
2883         * dom/Event.cpp:
2884         (WebCore::EventInit::EventInit): Deleted.
2885         * dom/Event.h:
2886         (WebCore::Event::createForBindings):
2887         (WebCore::Event::create): Deleted.
2888         * dom/FocusEvent.cpp:
2889         (WebCore::FocusEventInit::FocusEventInit): Deleted.
2890         * dom/FocusEvent.h:
2891         * dom/HashChangeEvent.h:
2892         (WebCore::HashChangeEventInit::HashChangeEventInit): Deleted.
2893         * dom/KeyboardEvent.cpp:
2894         (WebCore::KeyboardEvent::KeyboardEvent):
2895         (WebCore::KeyboardEventInit::KeyboardEventInit): Deleted.
2896         * dom/KeyboardEvent.h:
2897         * dom/MessageEvent.cpp:
2898         (WebCore::MessageEvent::MessageEvent):
2899         (WebCore::MessageEventInit::MessageEventInit): Deleted.
2900         * dom/MessageEvent.h:
2901         * dom/MouseEvent.cpp:
2902         (WebCore::MouseEvent::createForBindings):
2903         (WebCore::MouseEvent::create):
2904         (WebCore::MouseEvent::MouseEvent):
2905         (WebCore::MouseEvent::cloneFor):
2906         (WebCore::MouseEventInit::MouseEventInit): Deleted.
2907         * dom/MouseEvent.h:
2908         (WebCore::MouseEvent::createForBindings):
2909         (WebCore::MouseEvent::create): Deleted.
2910         * dom/MouseRelatedEvent.cpp:
2911         (WebCore::MouseRelatedEvent::MouseRelatedEvent):
2912         (WebCore::MouseRelatedEvent::init):
2913         * dom/MouseRelatedEvent.h:
2914         (WebCore::MouseRelatedEvent::screenX):
2915         (WebCore::MouseRelatedEvent::screenY):
2916         (WebCore::MouseRelatedEvent::screenLocation):
2917         (WebCore::MouseRelatedEvent::clientX):
2918         (WebCore::MouseRelatedEvent::clientY):
2919         (WebCore::MouseRelatedEvent::movementX):
2920         (WebCore::MouseRelatedEvent::movementY):
2921         (WebCore::MouseRelatedEvent::clientLocation):
2922         (WebCore::MouseRelatedEvent::isSimulated):
2923         (WebCore::MouseRelatedEvent::absoluteLocation):
2924         (WebCore::MouseRelatedEvent::setAbsoluteLocation):
2925         * dom/MutationEvent.h:
2926         * dom/OverflowEvent.cpp:
2927         (WebCore::OverflowEvent::OverflowEvent):
2928         (WebCore::OverflowEvent::initOverflowEvent):
2929         (WebCore::OverflowEventInit::OverflowEventInit): Deleted.
2930         * dom/OverflowEvent.h:
2931         * dom/PageTransitionEvent.cpp:
2932         (WebCore::PageTransitionEventInit::PageTransitionEventInit): Deleted.
2933         * dom/PageTransitionEvent.h:
2934         * dom/PopStateEvent.cpp:
2935         (WebCore::PopStateEvent::createForBindings):
2936         (WebCore::PopStateEventInit::PopStateEventInit): Deleted.
2937         (WebCore::PopStateEvent::PopStateEvent): Deleted.
2938         (WebCore::PopStateEvent::create): Deleted.
2939         * dom/PopStateEvent.h:
2940         * dom/ProgressEvent.cpp:
2941         (WebCore::ProgressEventInit::ProgressEventInit): Deleted.
2942         * dom/ProgressEvent.h:
2943         (WebCore::ProgressEvent::createForBindings):
2944         (WebCore::ProgressEvent::create): Deleted.
2945         * dom/SecurityPolicyViolationEvent.h:
2946         (WebCore::SecurityPolicyViolationEventInit::SecurityPolicyViolationEventInit): Deleted.
2947         * dom/TextEvent.cpp:
2948         (WebCore::TextEvent::createForBindings):
2949         (WebCore::TextEvent::create): Deleted.
2950         * dom/TextEvent.h:
2951         * dom/TouchEvent.h:
2952         * dom/TransitionEvent.cpp:
2953         (WebCore::TransitionEventInit::TransitionEventInit): Deleted.
2954         * dom/TransitionEvent.h:
2955         * dom/UIEvent.cpp:
2956         (WebCore::UIEventInit::UIEventInit): Deleted.
2957         * dom/UIEvent.h:
2958         (WebCore::UIEvent::createForBindings):
2959         (WebCore::UIEvent::create): Deleted.
2960         * dom/UIEventWithKeyState.h:
2961         (WebCore::UIEventWithKeyState::ctrlKey):
2962         (WebCore::UIEventWithKeyState::shiftKey):
2963         (WebCore::UIEventWithKeyState::altKey):
2964         (WebCore::UIEventWithKeyState::metaKey):
2965         (WebCore::UIEventWithKeyState::UIEventWithKeyState):
2966         * dom/WebKitAnimationEvent.cpp:
2967         (WebCore::WebKitAnimationEventInit::WebKitAnimationEventInit): Deleted.
2968         * dom/WebKitAnimationEvent.h:
2969         * dom/WebKitTransitionEvent.cpp:
2970         (WebCore::WebKitTransitionEventInit::WebKitTransitionEventInit): Deleted.
2971         * dom/WebKitTransitionEvent.h:
2972         * dom/WheelEvent.h:
2973         * html/HTMLMediaElement.cpp:
2974         (WebCore::HTMLMediaElement::mediaPlayerKeyAdded):
2975         (WebCore::HTMLMediaElement::mediaPlayerKeyError):
2976         (WebCore::HTMLMediaElement::mediaPlayerKeyMessage):
2977         (WebCore::HTMLMediaElement::mediaPlayerKeyNeeded):
2978         * html/MediaKeyEvent.cpp:
2979         (WebCore::MediaKeyEvent::MediaKeyEvent):
2980         (WebCore::MediaKeyEventInit::MediaKeyEventInit): Deleted.
2981         * html/MediaKeyEvent.h:
2982         * html/canvas/WebGLContextEvent.cpp:
2983         (WebCore::WebGLContextEventInit::WebGLContextEventInit): Deleted.
2984         * html/canvas/WebGLContextEvent.h:
2985         * html/track/TrackEvent.cpp:
2986         (WebCore::TrackEvent::TrackEvent):
2987         (WebCore::TrackEventInit::TrackEventInit): Deleted.
2988         * html/track/TrackEvent.h:
2989         * html/track/TrackListBase.cpp:
2990         (TrackListBase::scheduleTrackEvent):
2991         (TrackListBase::scheduleChangeEvent):
2992         * page/EventSource.cpp:
2993         (WebCore::EventSource::createMessageEvent):
2994         * page/csp/ContentSecurityPolicy.cpp:
2995         (WebCore::ContentSecurityPolicy::reportViolation):
2996         (WebCore::gatherSecurityPolicyViolationEventData): Deleted.
2997         * storage/StorageEvent.cpp:
2998         (WebCore::StorageEvent::createForBindings):
2999         (WebCore::StorageEventInit::StorageEventInit): Deleted.
3000         (WebCore::StorageEvent::create): Deleted.
3001         * storage/StorageEvent.h:
3002         * svg/SVGZoomEvent.h:
3003         (WebCore::SVGZoomEvent::createForBindings):
3004         (WebCore::SVGZoomEvent::create): Deleted.
3005         * xml/XMLHttpRequestProgressEvent.h:
3006         (WebCore::XMLHttpRequestProgressEvent::createForBindings):
3007         (WebCore::XMLHttpRequestProgressEvent::create): Deleted.
3008
3009 2016-02-10  Ryan Haddad  <ryanhaddad@apple.com>
3010
3011         Rebaselining bindings tests
3012
3013         Unreviewed test gardening.
3014
3015         No new tests needed.
3016
3017         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
3018         * bindings/scripts/test/JS/JSTestCallback.cpp:
3019         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
3020         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
3021         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
3022         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
3023         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
3024         * bindings/scripts/test/JS/JSTestException.cpp:
3025         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
3026         * bindings/scripts/test/JS/JSTestInterface.cpp:
3027         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
3028         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
3029         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
3030         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
3031         * bindings/scripts/test/JS/JSTestObj.cpp:
3032         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
3033         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
3034         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
3035         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
3036         * bindings/scripts/test/JS/JSattribute.cpp:
3037         * bindings/scripts/test/JS/JSreadonly.cpp:
3038
3039 2016-02-10  Konstantin Tokarev  <annulen@yandex.ru>
3040
3041         [cmake] Consolidate CMake code related to image decoders.
3042         https://bugs.webkit.org/show_bug.cgi?id=154074
3043
3044         Reviewed by Alex Christensen.
3045
3046         Common image decoder sources, includes and libs are moved to
3047         platform/ImageDecoders.cmake.
3048
3049         Also, added include directories of libjpeg and libpng to
3050         WebCore_SYSTEM_INCLUDE_DIRECTORIES.
3051
3052         No new tests needed.
3053
3054         * CMakeLists.txt: Moved common include paths to ImageDecoders.cmake.
3055         * PlatformEfl.cmake: Moved common sources and libs to ImageDecoders.cmake.
3056         * PlatformGTK.cmake: Ditto.
3057         * PlatformWinCairo.cmake: Moved common sources to ImageDecoders.cmake.
3058         * platform/ImageDecoders.cmake: Added.
3059
3060 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
3061
3062         CSSSegmentedFontFace does not need to be reference counted
3063         https://bugs.webkit.org/show_bug.cgi?id=154083
3064
3065         Reviewed by Antti Koivisto.
3066
3067         ...There is only ever a single reference to one.
3068
3069         No new tests because there is no behavior change.
3070
3071         * css/CSSFontSelector.cpp:
3072         (WebCore::CSSFontSelector::getFontFace):
3073         * css/CSSFontSelector.h:
3074         * css/CSSSegmentedFontFace.h:
3075         (WebCore::CSSSegmentedFontFace::create): Deleted.
3076
3077 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
3078
3079         FontCache's clients should use references instead of pointers
3080         https://bugs.webkit.org/show_bug.cgi?id=154085
3081
3082         Reviewed by Antti Koivisto.
3083
3084         They are never null.
3085
3086         No new tests because there is no behavior change.
3087
3088         * css/CSSFontSelector.cpp:
3089         (WebCore::CSSFontSelector::CSSFontSelector):
3090         (WebCore::CSSFontSelector::~CSSFontSelector):
3091         * platform/graphics/FontCache.cpp:
3092         (WebCore::FontCache::addClient):
3093         (WebCore::FontCache::removeClient):
3094         * platform/graphics/FontCache.h:
3095
3096 2016-02-10  Chris Dumez  <cdumez@apple.com>
3097
3098         [Web IDL] interface objects should be Function objects
3099         https://bugs.webkit.org/show_bug.cgi?id=154038
3100         <rdar://problem/24569358>
3101
3102         Reviewed by Geoffrey Garen.
3103
3104         interface objects should be Function objects as per Web IDL:
3105         - http://heycam.github.io/webidl/#interface-object
3106         - http://heycam.github.io/webidl/#es-interfaces
3107
3108         So window.Event should be a Function object for e.g. but in WebKit it
3109         is a regular EventConstructor JSObject.
3110         Firefox and Chrome match the specification.
3111
3112         Test: js/interface-objects.html
3113
3114         * bindings/js/JSDOMBinding.cpp:
3115         (WebCore::callThrowTypeError):
3116         (WebCore::DOMConstructorObject::getCallData):
3117         When calling the interface object as a function, we throw a TypeError
3118         with a message asking to use the 'new' operator to match the behavior
3119         of Firefox and Chrome.
3120
3121         * bindings/js/JSDOMBinding.h:
3122         Add JSC::TypeOfShouldCallGetCallData structure flag and implement
3123         getCallData() so that typeof returns "function", as per the
3124         specification and the behavior of other browsers.
3125
3126         (WebCore::DOMConstructorObject::className):
3127         Implement className() and return "Function" to match the specification and
3128         other browsers. Otherwise, it would fall back to using ClassInfo::className
3129         which os the function name and interface name (e.g. "Event").
3130
3131         * bindings/js/JSDOMConstructor.h:
3132         (WebCore::JSDOMConstructorNotConstructable::callThrowTypeError):
3133         (WebCore::JSDOMConstructorNotConstructable::getCallData):
3134         As per the specification, interfaces that do not have a [Constructor]
3135         should throw a TypeError when called as a function. Use the "Illegal
3136         constructor" error message to match Firefox and Chrome.
3137
3138         * bindings/js/JSDOMGlobalObject.h:
3139         (WebCore::getDOMConstructor):
3140         Instead of using objectPrototype as prototype for all DOM constructors,
3141         we now call the prototypeForStructure() static function that is
3142         generated for each bindings class. As per the Web IDL specification,
3143         The [[Prototype]] internal property of an interface object for a
3144         non-callback interface is determined as follows:
3145         1. If the interface inherits from some other interface, the value of
3146            [[Prototype]] is the interface object for that other interface.
3147         2. If the interface doesn't inherit from any other interface, the value
3148            of [[Prototype]] is %FunctionPrototype% ([ECMA-262], section 6.1.7.4).
3149
3150         * bindings/js/JSImageConstructor.cpp:
3151         (WebCore::JSImageConstructor::prototypeForStructure):
3152         Have the Image's interface object use HTMLElement's interface object
3153         as prototype as HTMLImageElement inherits HTMLElement.
3154
3155         * bindings/scripts/CodeGenerator.pm:
3156         (getInterfaceExtendedAttributesFromName):
3157         Add a utility function to cheaply retrieve an interface's IDL extended
3158         attributes without actually parsing the IDL. This is used to check if
3159         an interface's parent is marked as [NoInterfaceObject] currently.
3160
3161         * bindings/scripts/CodeGeneratorJS.pm:
3162         (GenerateHeader):
3163         (GenerateImplementation):
3164         (GenerateCallbackHeader):
3165         (GenerateCallbackImplementation):
3166         Mark JSGlobalObject* parameter as const as the implementation does not
3167         alter the globalObject.
3168
3169         (GenerateConstructorHelperMethods):
3170         - Generate prototypeForStructure() function for each bindings class that
3171           is not marked as [NoInterfaceObject] so getDOMConstructor() knows which
3172           prototype to use for the interface object / constructor when constructing
3173           it.
3174         - Use the interface name for the interface object, without the "Constructor"
3175           suffix, to match the behavior of Firefox and Chrome.
3176
3177         * bindings/scripts/test/*:
3178         Rebaseline bindings tests.
3179
3180 2016-02-10  Jer Noble  <jer.noble@apple.com>
3181
3182         [Mac] Graphical corruption in videos when enabling custom loading path
3183         https://bugs.webkit.org/show_bug.cgi?id=154044
3184
3185         Reviewed by Alex Christensen.
3186
3187         Revert the "Drive-by fix" in r196345 as it breaks the WebCoreNSURLSessionTests.BasicOperation API test.
3188
3189         * platform/network/cocoa/WebCoreNSURLSession.mm:
3190         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
3191
3192 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
3193
3194         CSSSegmentedFontFace does not need to be reference counted
3195         https://bugs.webkit.org/show_bug.cgi?id=154083
3196
3197         Reviewed by Antti Koivisto.
3198
3199         ...There is only ever a single reference to one.
3200
3201         No new tests because there is no behavior change.
3202
3203         * css/CSSFontSelector.cpp:
3204         (WebCore::CSSFontSelector::getFontFace):
3205         * css/CSSFontSelector.h:
3206         * css/CSSSegmentedFontFace.h:
3207         (WebCore::CSSSegmentedFontFace::create): Deleted.
3208
3209 2016-02-10  Antti Koivisto  <antti@apple.com>
3210
3211         Optimize style invalidation after class attribute change
3212         https://bugs.webkit.org/show_bug.cgi?id=154075
3213         rdar://problem/12526450
3214
3215         Reviewed by Andreas Kling.
3216
3217         Currently a class attribute change invalidates style for the entire element subtree for any class found in the
3218         active stylesheet set.
3219
3220         This patch optimizes class changes by building a new optimization structure called ancestorClassRules. It contains
3221         rules that have class selectors in the portion of the complex selector that matches ancestor elements. The sets
3222         of rules are hashes by the class name.
3223
3224         On class attribute change the existing StyleInvalidationAnalysis mechanism is used with ancestorClassRules to invalidate
3225         exactly those descendants that are affected by the addition or removal of the class name. This is fast because the CSS JIT
3226         makes selector matching cheap and the number of relevant rules is typically small.
3227
3228         This optimization is very effective on many dynamic pages. For example when focusing and unfocusing the web inspector it
3229         cuts down the number of resolved elements from ~1000 to ~50. Even in PLT it reduces the number of resolved elements by ~11%.
3230
3231         * css/DocumentRuleSets.cpp:
3232         (WebCore::DocumentRuleSets::collectFeatures):
3233         (WebCore::DocumentRuleSets::ancestorClassRules):
3234
3235             Create optimization RuleSets on-demand when there is an actual dynamic class change.
3236
3237         * css/DocumentRuleSets.h:
3238         (WebCore::DocumentRuleSets::features):
3239         (WebCore::DocumentRuleSets::sibling):
3240         (WebCore::DocumentRuleSets::uncommonAttribute):
3241         * css/ElementRuleCollector.cpp:
3242         (WebCore::ElementRuleCollector::ElementRuleCollector):
3243
3244             Add a new constructor that doesn't requires DocumentRuleSets. Only the user and author style is required.
3245
3246         (WebCore::ElementRuleCollector::matchAuthorRules):
3247         (WebCore::ElementRuleCollector::matchUserRules):
3248         * css/ElementRuleCollector.h:
3249         * css/RuleFeature.cpp:
3250         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
3251
3252             Collect class names that show up in the ancestor portion of the selector.
3253             Make this a member.
3254
3255         (WebCore::RuleFeatureSet::collectFeatures):
3256
3257             Move this code from RuleData.
3258             Add the rule to ancestorClassRules if needed.
3259
3260         (WebCore::RuleFeatureSet::add):
3261         (WebCore::RuleFeatureSet::clear):
3262         (WebCore::RuleFeatureSet::shrinkToFit):
3263         (WebCore::recursivelyCollectFeaturesFromSelector): Deleted.
3264         (WebCore::RuleFeatureSet::collectFeaturesFromSelector): Deleted.
3265         * css/RuleFeature.h:
3266         (WebCore::RuleFeature::RuleFeature):
3267         (WebCore::RuleFeatureSet::RuleFeatureSet): Deleted.
3268         * css/RuleSet.cpp:
3269         (WebCore::RuleData::RuleData):
3270         (WebCore::RuleSet::RuleSet):
3271         (WebCore::RuleSet::~RuleSet):
3272         (WebCore::RuleSet::addToRuleSet):
3273         (WebCore::RuleSet::addRule):
3274         (WebCore::RuleSet::addRulesFromSheet):
3275         (WebCore::collectFeaturesFromRuleData): Deleted.
3276         * css/RuleSet.h:
3277         (WebCore::RuleSet::tagRules):
3278         (WebCore::RuleSet::RuleSet): Deleted.
3279         * css/StyleInvalidationAnalysis.cpp:
3280         (WebCore::shouldDirtyAllStyle):
3281         (WebCore::StyleInvalidationAnalysis::StyleInvalidationAnalysis):
3282
3283             Add a new constructor that takes a ready made RuleSet instead of a stylesheet.
3284
3285         (WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):
3286         (WebCore::StyleInvalidationAnalysis::invalidateStyleForTree):
3287         (WebCore::StyleInvalidationAnalysis::invalidateStyle):
3288         (WebCore::StyleInvalidationAnalysis::invalidateStyle):
3289
3290             New function for invalidating a subtree instead of the whole document.
3291
3292         * css/StyleInvalidationAnalysis.h:
3293         (WebCore::StyleInvalidationAnalysis::dirtiesAllStyle):
3294         (WebCore::StyleInvalidationAnalysis::hasShadowPseudoElementRulesInAuthorSheet):
3295         * dom/Element.cpp:
3296         (WebCore::classStringHasClassName):
3297         (WebCore::collectClasses):
3298         (WebCore::computeClassChange):
3299
3300             Factor to return the changed classes.
3301
3302         (WebCore::invalidateStyleForClassChange):
3303
3304             First filter out classes that don't show up in stylesheets. If something remains invalidate the current
3305             element for inline style change (that is a style change that doesn't affect descendants).
3306
3307             Next check if there are any ancestorClassRules for the changed class. If so use the StyleInvalidationAnalysis
3308             to find any affected descendants and invalidate them with inline style change as well.
3309
3310         (WebCore::Element::classAttributeChanged):
3311
3312             Invalidate for removed classes before setting new attribute value, invalidate for added classes afterwards.
3313
3314         (WebCore::Element::absoluteLinkURL):
3315         (WebCore::checkSelectorForClassChange): Deleted.
3316         * dom/ElementData.h:
3317         (WebCore::ElementData::setClassNames):
3318         (WebCore::ElementData::classNames):
3319         (WebCore::ElementData::classNamesMemoryOffset):
3320         (WebCore::ElementData::clearClass): Deleted.
3321         (WebCore::ElementData::setClass): Deleted.
3322
3323 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
3324
3325         Addressing post-review comments after r196322
3326
3327         Unreviwed.
3328
3329         * css/CSSFontFaceSource.cpp:
3330         (WebCore::CSSFontFaceSource::font):
3331         * css/CSSFontFaceSource.h:
3332
3333 2016-02-10  Chris Dumez  <cdumez@apple.com>
3334
3335         Attributes on the Window instance should be configurable unless [Unforgeable]
3336         https://bugs.webkit.org/show_bug.cgi?id=153920
3337         <rdar://problem/24563211>
3338
3339         Reviewed by Darin Adler.
3340
3341         Attributes on the Window instance should be configurable unless [Unforgeable]:
3342         1. 'constructor' property:
3343            - http://www.w3.org/TR/WebIDL/#interface-prototype-object
3344         2. Constructor properties (e.g. window.Node):
3345            - http://www.w3.org/TR/WebIDL/#es-interfaces
3346         3. IDL attributes:
3347            - http://heycam.github.io/webidl/#es-attributes (configurable unless
3348              [Unforgeable], e.g. window.location)
3349
3350         Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
3351
3352         Test: fast/dom/Window/window-properties-configurable.html
3353
3354         * bindings/js/JSDOMWindowCustom.cpp:
3355         (WebCore::JSDOMWindow::getOwnPropertySlot):
3356         For known Window properties (i.e. properties in the static property table),
3357         if we have reified and this is same-origin access, then call
3358         Base::getOwnPropertySlot() to get the property from the local property
3359         storage. If we have not reified yet, or this is cross-origin access, query
3360         the static property table. This is to match the behavior of Firefox and
3361         Chrome which seem to keep returning the original properties upon cross
3362         origin access, even if those were deleted or redefined.
3363
3364         (WebCore::JSDOMWindow::put):
3365         The previous code used to call the static property setter for properties in
3366         the static table. However, this does not do the right thing if properties
3367         were reified. For example, deleting window.name and then trying to set it
3368         again would not work. Therefore, update this code to only do this if the
3369         properties have not been reified, similarly to what is done in
3370         JSObject::putInlineSlow().
3371
3372         * bindings/scripts/CodeGeneratorJS.pm:
3373         (ConstructorShouldBeOnInstance):
3374         Add a FIXME comment indicating that window.constructor should be on
3375         the prototype as per the Web IDL specification.
3376
3377         (GenerateAttributesHashTable):
3378         - Mark 'constructor' property as configurable for Window, as per the
3379           specification and consistently with other 'constructor' properties:
3380           http://www.w3.org/TR/WebIDL/#interface-prototype-object
3381         - Mark properties as configurable even though they are on the instance.
3382           Window has its properties on the instance as per the specification:
3383           1. http://heycam.github.io/webidl/#es-attributes
3384           2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
3385           However, these properties should be configurable as long as they are
3386           not marked as [Unforgeable], as per 1.
3387
3388         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
3389         * bindings/scripts/test/JS/JSTestException.cpp:
3390         * bindings/scripts/test/JS/JSTestObj.cpp:
3391         Rebaseline bindings tests.
3392
3393 2016-02-10  Brady Eidson  <beidson@apple.com>
3394
3395         Modern IDB: Ref cycle between IDBObjectStore and IDBTransaction.
3396         https://bugs.webkit.org/show_bug.cgi?id=154061
3397
3398         Reviewed by Alex Christensen.
3399
3400         No new tests (Currently untestable).
3401
3402         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
3403         (WebCore::IDBClient::IDBTransaction::transitionedToFinishing): Make sure the new state makes sense,
3404           set the new state, and then clear the set of referenced object stores which is no longer needed.
3405         (WebCore::IDBClient::IDBTransaction::abort):
3406         (WebCore::IDBClient::IDBTransaction::commit):
3407         * Modules/indexeddb/client/IDBTransactionImpl.h:
3408
3409 2016-02-10  Jer Noble  <jer.noble@apple.com>
3410
3411         REGRESSION(r195770): Use-after-free in ResourceLoaderOptions::cachingPolicy
3412         https://bugs.webkit.org/show_bug.cgi?id=153727
3413         <rdar://problem/24429886>
3414
3415         Reviewed by Darin Adler.
3416
3417         Follow-up after r195965. Only protect those parts of CachedResource::removeClient() which
3418         affect the MemoryCache when allowsCaching() is false.
3419
3420         * loader/cache/CachedResource.cpp:
3421         (WebCore::CachedResource::removeClient):
3422
3423 2016-02-10  Csaba Osztrogonác  <ossy@webkit.org>
3424
3425         Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
3426         https://bugs.webkit.org/show_bug.cgi?id=154035
3427
3428         Reviewed by Antti Koivisto.
3429
3430         * dom/ComposedTreeIterator.h:
3431         (WebCore::ComposedTreeIterator::Context::Context):
3432
3433 2016-02-09  Carlos Garcia Campos  <cgarcia@igalia.com>
3434
3435         [GTK] Toggle buttons are blurry with GTK+ 3.19
3436         https://bugs.webkit.org/show_bug.cgi?id=154007
3437
3438         Reviewed by Michael Catanzaro.
3439
3440         Use min-width/min-height style properties when GTK+ >= 3.19.7 to
3441         get the size of toggle buttons.
3442
3443         * rendering/RenderThemeGtk.cpp:
3444         (WebCore::setToggleSize):
3445         (WebCore::paintToggle):
3446
3447 2016-02-09  Aakash Jain  <aakash_jain@apple.com>
3448
3449         Headers that use WEBCORE_EXPORT should include PlatformExportMacros.h
3450         https://bugs.webkit.org/show_bug.cgi?id=146984
3451
3452         Reviewed by Alexey Proskuryakov.
3453
3454         * Modules/speech/SpeechSynthesis.h:
3455         * contentextensions/ContentExtensionError.h:
3456         * dom/DeviceOrientationClient.h:
3457         * platform/graphics/Color.h:
3458         * platform/ios/wak/WebCoreThread.h:
3459         * platform/network/CacheValidation.h:
3460         * platform/network/cf/CertificateInfo.h:
3461
3462 2016-02-09  Nan Wang  <n_wang@apple.com>
3463
3464         AX: Implement word related text marker functions using TextIterator
3465         https://bugs.webkit.org/show_bug.cgi?id=153939
3466         <rdar://problem/24269605>
3467
3468         Reviewed by Chris Fleizach.
3469
3470         Using CharacterOffset to implement word related text marker calls. Reused
3471         logic from previousBoundary and nextBoundary in VisibleUnits class.
3472
3473         Test: accessibility/mac/text-marker-word-nav.html
3474
3475         * accessibility/AXObjectCache.cpp:
3476         (WebCore::AXObjectCache::traverseToOffsetInRange):
3477         (WebCore::AXObjectCache::rangeForNodeContents):
3478         (WebCore::isReplacedNodeOrBR):
3479         (WebCore::characterOffsetsInOrder):
3480         (WebCore::resetNodeAndOffsetForReplacedNode):
3481         (WebCore::setRangeStartOrEndWithCharacterOffset):
3482         (WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):
3483         (WebCore::AXObjectCache::setTextMarkerDataWithCharacterOffset):
3484         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
3485         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
3486         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
3487         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
3488         (WebCore::AXObjectCache::previousNode):
3489         (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
3490         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
3491         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
3492         (WebCore::AXObjectCache::nextCharacterOffset):
3493         (WebCore::AXObjectCache::previousCharacterOffset):
3494         (WebCore::startWordBoundary):
3495         (WebCore::endWordBoundary):
3496         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
3497         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
3498         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
3499         (WebCore::AXObjectCache::nextWordEndCharacterOffset):
3500         (WebCore::AXObjectCache::leftWordRange):
3501         (WebCore::AXObjectCache::rightWordRange):
3502         (WebCore::characterForCharacterOffset):
3503         (WebCore::AXObjectCache::characterAfter):
3504         (WebCore::AXObjectCache::characterBefore):
3505         (WebCore::parentEditingBoundary):
3506         (WebCore::AXObjectCache::nextWordBoundary):
3507         (WebCore::AXObjectCache::previousWordBoundary):
3508         (WebCore::AXObjectCache::rootAXEditableElement):
3509         * accessibility/AXObjectCache.h:
3510         (WebCore::AXObjectCache::removeNodeForUse):
3511         (WebCore::AXObjectCache::isNodeInUse):
3512         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
3513         (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]):
3514         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]):
3515         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]):
3516         (textMarkerForCharacterOffset):
3517         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
3518         * editing/VisibleUnits.cpp:
3519         (WebCore::rightWordPosition):
3520         (WebCore::prepend):
3521         (WebCore::appendRepeatedCharacter):
3522         (WebCore::suffixLengthForRange):
3523         (WebCore::prefixLengthForRange):
3524         (WebCore::backwardSearchForBoundaryWithTextIterator):
3525         (WebCore::forwardSearchForBoundaryWithTextIterator):
3526         (WebCore::previousBoundary):
3527         (WebCore::nextBoundary):
3528         * editing/VisibleUnits.h:
3529
3530 2016-02-09  Daniel Bates  <dabates@apple.com>
3531
3532         CSP: Extract helper classes into their own files
3533         https://bugs.webkit.org/show_bug.cgi?id=154040
3534         <rdar://problem/24571189>
3535
3536         Reviewed by Brent Fulgham.
3537
3538         No functionality was changed. So, no new tests.
3539
3540         * CMakeLists.txt: Add files ContentSecurityPolicy{DirectiveList, MediaListDirective, Source, SourceList, SourceListDirective}.cpp.
3541         * WebCore.xcodeproj/project.pbxproj: Ditto.
3542         * page/csp/ContentSecurityPolicy.cpp: Clean up #includes. Include header ParsingUtilities.h so that we can remove our own
3543         variants of skip{Exactly, Until, While}(). Update code as necessary for class renames.
3544         (WebCore::skipExactly): Deleted; instead use the analogous function in ParsingUtilities.h.
3545         (WebCore::skipUntil): Deleted; instead use the analogous function in ParsingUtilities.h.
3546         (WebCore::skipWhile): Deleted; instead use the analogous function in ParsingUtilities.h.
3547         (WebCore::isSourceListNone): Moved to file ContentSecurityPolicySourceList.cpp.
3548         (WebCore::CSPSource): Deleted; moved implementation to files ContentSecurityPolicySource.{cpp, h}.
3549         (WebCore::CSPSourceList): Deleted; moved implementation to files ContentSecurityPolicySourceList.{cpp, h}.
3550         (WebCore::CSPDirective): Deleted; moved implementation to file ContentSecurityPolicyDirective.h.
3551         (WebCore::MediaListDirective): Deleted; moved implementation to files ContentSecurityPolicyMediaListDirective.{cpp, h}.
3552         (WebCore::SourceListDirective): Deleted; moved implementation to files ContentSecurityPolicySourceListDirective.{cpp, h}.
3553         (WebCore::CSPDirectiveList): Deleted; moved implementation to files ContentSecurityPolicyDirectiveList.{cpp, h}.
3554         * page/csp/ContentSecurityPolicy.h:
3555         * page/csp/ContentSecurityPolicyDirective.h: Added.
3556         * page/csp/ContentSecurityPolicyDirectiveList.cpp: Added; removed use of ternary operator where it made the code less readable.
3557         Updated code to make use of the functions defined in ParsingUtilities.h.
3558         (WebCore::isExperimentalDirectiveName): Moved from file ContentSecurityPolicy.cpp.
3559         (WebCore::isCSPDirectiveName): Ditto.
3560         (WebCore::isDirectiveNameCharacter): Ditto.
3561         (WebCore::isDirectiveValueCharacter): Ditto.
3562         (WebCore::isNotASCIISpace): Ditto.
3563         * page/csp/ContentSecurityPolicyDirectiveList.h: Added.
3564         * page/csp/ContentSecurityPolicyMediaListDirective.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
3565         (WebCore::isMediaTypeCharacter): Moved from file ContentSecurityPolicy.cpp.
3566         (WebCore::isNotASCIISpace): Ditto.
3567         * page/csp/ContentSecurityPolicyMediaListDirective.h: Added.
3568         * page/csp/ContentSecurityPolicySource.cpp: Added.
3569         * page/csp/ContentSecurityPolicySource.h: Added.
3570         * page/csp/ContentSecurityPolicySourceList.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
3571         (WebCore::isSourceCharacter): Moved from file ContentSecurityPolicy.cpp.
3572         (WebCore::isHostCharacter): Ditto.
3573         (WebCore::isPathComponentCharacter): Ditto.
3574         (WebCore::isSchemeContinuationCharacter): Ditto.
3575         (WebCore::isNotColonOrSlash): Ditto.
3576         (WebCore::isSourceListNone): Ditto.
3577         * page/csp/ContentSecurityPolicySourceList.h: Added.
3578         * page/csp/ContentSecurityPolicySourceListDirective.cpp: Added.
3579         * page/csp/ContentSecurityPolicySourceListDirective.h: Added.
3580
3581 2016-02-09  Brady Eidson  <beidson@apple.com>
3582
3583         Modern IDB: TransactionOperation objects leak.
3584         https://bugs.webkit.org/show_bug.cgi?id=154054
3585
3586         Reviewed by Alex Christensen.
3587
3588         No new tests (Currently untestable).
3589
3590         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
3591         (WebCore::IDBClient::IDBTransaction::abortOnServerAndCancelRequests): Remove the TransactionOperation from
3592           the map, as this operation doesn't complete "normally" like most others.
3593         (WebCore::IDBClient::IDBTransaction::commitOnServer): Ditto.
3594         
3595         * Modules/indexeddb/client/TransactionOperation.h:
3596         (WebCore::IDBClient::TransactionOperation::perform): Clear the m_performFunction after use,
3597           as it holds a lambda that holds a RefPtr to the IDBTransaction, as well as a self-ref.
3598         (WebCore::IDBClient::TransactionOperation::completed): Clear m_completeFunction for the same reasons.
3599
3600 2016-02-09  Jer Noble  <jer.noble@apple.com>
3601
3602         [Mac] Graphical corruption in videos when enabling custom loading path
3603         https://bugs.webkit.org/show_bug.cgi?id=154044
3604
3605         Reviewed by Alex Christensen.
3606
3607         The NSOperationQueue provided by AVFoundation from the AVAssetResourceLoader queue is not
3608         set to be a serial queue. So when adding dataReceived operations to that queue, there exists
3609         the possibility that some operations are handled before others, and the client will receieve
3610         data out of order.
3611
3612         A real NSURLSession object will only issue another operation when the first operation
3613         completes, so emulate this behavior in WebCoreNSURLSession by using a serial dispatch queue.
3614         The internal queue will enqueue an operation to the resource loader's queue, and block until
3615         that operation completes, thus ensuring ordering of the data (and other) operations.
3616
3617         * platform/network/cocoa/WebCoreNSURLSession.h:
3618         * platform/network/cocoa/WebCoreNSURLSession.mm:
3619         (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Initialize _internalQueue
3620         (-[WebCoreNSURLSession addDelegateOperation:]): Added utility method.
3621         (-[WebCoreNSURLSession taskCompleted:]): Call -addDelegateOperation:
3622         (-[WebCoreNSURLSession finishTasksAndInvalidate]): Ditto.
3623         (-[WebCoreNSURLSession resetWithCompletionHandler:]): Ditto.
3624         (-[WebCoreNSURLSession flushWithCompletionHandler:]): Ditto.
3625         (-[WebCoreNSURLSession getTasksWithCompletionHandler:]): Ditto.
3626         (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]): Ditto.
3627         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Ditto.
3628         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Ditto.
3629         (-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.
3630
3631         Drive-by fix:
3632         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Set countOfBytesReceived outside the operation,
3633             queue, matching NSURLSessionDataTask's behavior.
3634
3635 2016-02-09  Nan Wang  <n_wang@apple.com>
3636
3637         [iOS Simulator] accessibility/text-marker/text-marker-range-stale-node-crash.html crashing
3638         https://bugs.webkit.org/show_bug.cgi?id=154039
3639
3640         Reviewed by Chris Fleizach.
3641
3642         We are accessing the derefed node in the CharacterOffset object, we should create an empty
3643         CharacterOffset object if the node is not in use.
3644
3645         It's covered by the test accessibility/text-marker/text-marker-range-stale-node-crash.html.
3646
3647         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
3648         (-[WebAccessibilityTextMarker characterOffset]):
3649         (-[WebAccessibilityTextMarker isIgnored]):
3650
3651 2016-02-09  Myles C. Maxfield  <mmaxfield@apple.com>
3652
3653         Unreviewed build fix after r196322
3654
3655         Unreviewed.
3656
3657         * css/CSSFontFace.cpp:
3658         (WebCore::CSSFontFace::font):
3659
3660 2016-02-09  Zalan Bujtas  <zalan@apple.com>
3661
3662         Outline corners do not align properly for multiline inlines.
3663         https://bugs.webkit.org/show_bug.cgi?id=154025
3664
3665         Reviewed by David Hyatt.
3666
3667         Adjust border position when outline-offset > 0. This patch also
3668         removes integral pixelsnapping (drawLineForBoxSide takes care of
3669         device pixelsnapping). 
3670
3671         Test: fast/inline/outline-corners-with-offset.html
3672
3673         * rendering/RenderInline.cpp:
3674         (WebCore::RenderInline::paintOutlineForLine):
3675
3676 2016-02-09  Jer Noble  <jer.noble@apple.com>
3677
3678         [Mac] Adopt NSURLSession properties in AVAssetResourceLoader
3679
3680         Rubber-stamped by Eric Carlson;
3681
3682         Set the correct global variable from setAVFoundationNSURLSessionEnabled().
3683
3684         * page/Settings.cpp:
3685         (WebCore::Settings::setAVFoundationNSURLSessionEnabled):
3686
3687 2016-02-07  Gavin Barraclough  <barraclough@apple.com>
3688
3689         GetValueFunc/PutValueFunc should not take both slotBase and thisValue
3690         https://bugs.webkit.org/show_bug.cgi?id=154009
3691
3692         Reviewed by Geoff Garen.
3693
3694         In JavaScript there are two types of properties - regular value properties, and accessor properties.
3695         One difference between these is how they are reflected by getOwnPropertyDescriptor, and another is
3696         what object they operate on in the case of a prototype access. If you access a value property of a
3697         prototype object it return a value pertinent to the prototype, but in the case of a prototype object
3698         returning an accessor, then the accessor function is applied to the base object of the access.
3699
3700         JSC supports special 'custom' properties implemented as a c++ callback, and these custom properties
3701         can be used to implement either value- or accessor-like behavior. getOwnPropertyDescriptor behavior
3702         is selected via the CustomAccessor attribute. Value- or accessor-like object selection is current
3703         supported by passing both the slotBase and the thisValue to the callback,and hoping it uses the
3704         right one. This is probably inefficient, bug-prone, and leads to crazy like JSBoundSlotBaseFunction.
3705
3706         Instead, just pass one thisValue to the callback functions, consistent with CustomAccessor.
3707
3708         * bindings/js/JSDOMBinding.cpp:
3709         (WebCore::printErrorMessageForFrame):
3710         (WebCore::objectToStringFunctionGetter):
3711         * bindings/js/JSDOMBinding.h:
3712         (WebCore::propertyNameToString):
3713         (WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMObject>):
3714         (WebCore::nonCachingStaticFunctionGetter):
3715         * bindings/js/JSDOMWindowCustom.cpp:
3716         (WebCore::JSDOMWindow::visitAdditionalChildren):
3717         (WebCore::childFrameGetter):
3718         (WebCore::namedItemGetter):
3719         (WebCore::jsDOMWindowWebKit):
3720         (WebCore::jsDOMWindowIndexedDB):
3721             - add missing null check, in case indexDB acessor is applied to non-window object.
3722         * bindings/js/JSPluginElementFunctions.cpp:
3723         (WebCore::pluginScriptObject):
3724         (WebCore::pluginElementPropertyGetter):
3725         * bindings/js/JSPluginElementFunctions.h:
3726         * bindings/scripts/CodeGeneratorJS.pm:
3727         (GenerateHeader):
3728         (GenerateImplementation):
3729         * bridge/runtime_array.cpp:
3730         (JSC::RuntimeArray::destroy):
3731         (JSC::RuntimeArray::lengthGetter):
3732         * bridge/runtime_array.h:
3733         * bridge/runtime_method.cpp:
3734         (JSC::RuntimeMethod::finishCreation):
3735         (JSC::RuntimeMethod::lengthGetter):
3736         * bridge/runtime_method.h:
3737         * bridge/runtime_object.cpp:
3738         (JSC::Bindings::RuntimeObject::invalidate):
3739         (JSC::Bindings::RuntimeObject::fallbackObjectGetter):
3740         (JSC::Bindings::RuntimeObject::fieldGetter):
3741         (JSC::Bindings::RuntimeObject::methodGetter):
3742         * bridge/runtime_object.h:
3743             - Merged slotBase & thisValue to custom property callbacks.
3744
3745 2016-02-09  Jer Noble  <jer.noble@apple.com>
3746
3747         Build-fix; add Nullibility macros around previously un-macro'd class definitions.
3748
3749         * platform/spi/mac/AVFoundationSPI.h:
3750
3751 2016-02-04  Jer Noble  <jer.noble@apple.com>
3752
3753         [Mac] Adopt NSURLSession properties in AVAssetResourceLoader
3754         https://bugs.webkit.org/show_bug.cgi?id=153873
3755
3756         Reviewed by Eric Carlson.
3757
3758         Adopt a new AVAssetResourceLoader API allowing clients to specify a NSURLSession object to
3759         use for media loading, and control the use of this property with a new Setting.
3760
3761         * page/Settings.cpp:
3762         (WebCore::Settings::setAVFoundationNSURLSessionEnabled):
3763         * page/Settings.h:
3764         (WebCore::Settings::isAVFoundationNSURLSessionEnabled):
3765         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
3766         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
3767         * platform/spi/mac/AVFoundationSPI.h:
3768
3769 2016-02-09  Myles C. Maxfield  <mmaxfield@apple.com>
3770
3771         Decouple font creation from font loading
3772         https://bugs.webkit.org/show_bug.cgi?id=153414
3773
3774         Reviewed by Darin Adler.
3775
3776         Previously, CSSFontFaceSource never triggered a font download until that font was actually used. This means
3777         that the function which triggers the download also has the goal of returning a font to use. However,
3778         the CSS Font Loading JavaScript API requires being able to trigger a font download without this extra font
3779         creation overhead.
3780
3781         In addition, this patch adds an explicit (and enforced) state transition diagram. The diagram looks like
3782         this:
3783                             => Success
3784                           //
3785         Pending => Loading
3786                           \\
3787                             => Failure
3788
3789         Therefore, the API for CSSFontFaceSource has changed to expose the concept of these new states. This means
3790         that its user (CSSSegmentedFontFaceSource) has been updated to handle each possible state that its constituent
3791         CSSFontFaceSources may be in.
3792
3793         No new tests because there is no behavior change.
3794
3795         * css/CSSFontFace.cpp:
3796         (WebCore::CSSFontFace::allSourcesFailed): Renamed to make the name clearer.
3797         (WebCore::CSSFontFace::addedToSegmentedFontFace): Use references instead of pointers.
3798         (WebCore::CSSFontFace::removedFromSegmentedFontFace): Ditto.
3799         (WebCore::CSSFontFace::adoptSource): Renamed to make the name clearer.
3800         (WebCore::CSSFontFace::fontLoaded): Use references instead of pointers. Also, remove old dead code.
3801         (WebCore::CSSFontFace::font): Adapt to the new API of CSSFontFaceSource.
3802         (WebCore::CSSFontFace::isValid): Deleted.
3803         (WebCore::CSSFontFace::addSource): Deleted.
3804         (WebCore::CSSFontFace::notifyFontLoader): Deleted. Old dead code.
3805         (WebCore::CSSFontFace::notifyLoadingDone): Deleted. Old dead code.
3806         * css/CSSFontFace.h:
3807         (WebCore::CSSFontFace::create): Remove old dead code.
3808         (WebCore::CSSFontFace::CSSFontFace): Use references instead of pointers.
3809         (WebCore::CSSFontFace::loadState): Deleted. Remove old dead code.
3810         * css/CSSFontFaceSource.cpp:
3811         (WebCore::CSSFontFaceSource::setStatus): Enforce state transitions.
3812         (WebCore::CSSFontFaceSource::CSSFontFaceSource): Explicitly handle new state transitions.
3813         (WebCore::CSSFontFaceSource::fontLoaded): Update for new states.
3814         (WebCore::CSSFontFaceSource::load): Pulled out code from font().
3815         (WebCore::CSSFontFaceSource::font): Moved code into load().
3816         (WebCore::CSSFontFaceSource::isValid): Deleted.
3817         (WebCore::CSSFontFaceSource::isDecodeError): Deleted.
3818         (WebCore::CSSFontFaceSource::ensureFontData): Deleted.
3819         * css/CSSFontFaceSource.h: Much cleaner API.
3820         * css/CSSFontSelector.cpp:
3821         (WebCore::createFontFace): Migrate to references instead of pointers. This requires a little
3822         reorganization.
3823         (WebCore::registerLocalFontFacesForFamily): Update to new CSSFontFaceSource API.
3824         (WebCore::CSSFontSelector::addFontFaceRule): Ditto.
3825         (WebCore::CSSFontSelector::getFontFace): Ditto.
3826         * css/CSSSegmentedFontFace.cpp:
3827         (WebCore::CSSSegmentedFontFace::CSSSegmentedFontFace): Migrate to references instead of pointers.
3828         (WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace): Ditto.
3829         (WebCore::CSSSegmentedFontFace::fontLoaded): Remove old dead code.
3830         (WebCore::CSSSegmentedFontFace::appendFontFace): Cleanup.
3831         (WebCore::CSSSegmentedFontFace::fontRanges): Adopt to new API.
3832         (WebCore::CSSSegmentedFontFace::pruneTable): Deleted.
3833         (WebCore::CSSSegmentedFontFace::isLoading): Deleted. Old dead code.
3834         (WebCore::CSSSegmentedFontFace::checkFont): Deleted. Ditto.
3835         (WebCore::CSSSegmentedFontFace::loadFont): Deleted. Ditto.
3836         * css/CSSSegmentedFontFace.h:
3837         (WebCore::CSSSegmentedFontFace::create): Migrate to references instead of pointers.
3838         (WebCore::CSSSegmentedFontFace::fontSelector): Ditto.
3839         (WebCore::CSSSegmentedFontFace::LoadFontCallback::~LoadFontCallback): Deleted.
3840         * loader/cache/CachedFont.cpp:
3841         (WebCore::CachedFont::didAddClient): Migrate to references instead of pointers.
3842         (WebCore::CachedFont::checkNotify): Ditto.
3843         * loader/cache/CachedFontClient.h:
3844         (WebCore::CachedFontClient::fontLoaded): Ditto.
3845
3846 2016-02-09  Brady Eidson  <beidson@apple.com>
3847
3848         Modern IDB: IDBOpenDBRequests leak.
3849         https://bugs.webkit.org/show_bug.cgi?id=154032
3850
3851         Reviewed by Alex Christensen.
3852
3853         No new tests (Currently untestable).
3854
3855         * CMakeLists.txt:
3856         * WebCore.xcodeproj/project.pbxproj:
3857
3858         Add a simple Event subclass that holds a ref to an IDBRequest, to make sure that we
3859         drop the last ref to the request after its last event fires or is otherwise destroyed:
3860         * Modules/indexeddb/IDBRequestCompletionEvent.cpp: Added.
3861         (WebCore::IDBRequestCompletionEvent::IDBRequestCompletionEvent):
3862         * Modules/indexeddb/IDBRequestCompletionEvent.h: Added.
3863         (WebCore::IDBRequestCompletionEvent::create):
3864
3865         * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
3866         (WebCore::IDBClient::IDBOpenDBRequest::onError): IDBRequestCompletionEvent instead of Event.
3867         (WebCore::IDBClient::IDBOpenDBRequest::fireSuccessAfterVersionChangeCommit): Ditto.
3868         (WebCore::IDBClient::IDBOpenDBRequest::fireErrorAfterVersionChangeCompletion): Ditto.
3869         (WebCore::IDBClient::IDBOpenDBRequest::onSuccess): Ditto.
3870
3871         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
3872         (WebCore::IDBClient::IDBTransaction::dispatchEvent): After setting up the request's 
3873           completion event to fire, clear the back-ref to the request.
3874
3875 2016-02-09  Commit Queue  <commit-queue@webkit.org>
3876
3877         Unreviewed, rolling out r196286.
3878         https://bugs.webkit.org/show_bug.cgi?id=154026
3879
3880         Looks like 5% iOS PLT regression (Requested by kling on
3881         #webkit).
3882
3883         Reverted changeset:
3884
3885         "[iOS] Throw away some unlinked code when navigating to a new
3886         page."
3887         https://bugs.webkit.org/show_bug.cgi?id=154014
3888         http://trac.webkit.org/changeset/196286
3889
3890 2016-02-08  Chris Dumez  <cdumez@apple.com>
3891
3892         Attribute getters should not require an explicit 'this' value for Window properties
3893         https://bugs.webkit.org/show_bug.cgi?id=153968
3894
3895         Reviewed by Darin Adler.
3896
3897         Attribute getters should not require an explicit 'this' value for
3898         Window properties. This is because the Window interface is marked
3899         as [ImplicitThis]:
3900         - http://heycam.github.io/webidl/#ImplicitThis
3901         - https://www.w3.org/Bugs/Public/show_bug.cgi?id=29421
3902
3903         This matches the behavior of Firefox and the expectations of the W3C
3904         web-platform-tests.
3905
3906         No new tests, already covered by existing tests.
3907
3908         * bindings/scripts/CodeGeneratorJS.pm:
3909         In attribute getters of an interface marked as [ImplicitThis],
3910         if 'thisValue' is undefined or null, fall back to using the
3911         global object as 'thisValue'.
3912
3913         * bindings/scripts/IDLAttributes.txt:
3914         Add support for [ImplicitThis]:
3915         http://heycam.github.io/webidl/#ImplicitThis
3916
3917         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
3918         * bindings/scripts/test/JS/JSTestException.cpp:
3919         * bindings/scripts/test/JS/JSTestInterface.cpp:
3920         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
3921         * bindings/scripts/test/JS/JSTestNode.cpp:
3922         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
3923         * bindings/scripts/test/JS/JSTestObj.cpp:
3924         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
3925         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
3926         * bindings/scripts/test/JS/JSattribute.cpp:
3927         Rebaseline bindings tests.
3928
3929         * page/DOMWindow.idl:
3930         Mark Window as [ImplicitThis]:
3931         http://heycam.github.io/webidl/#ImplicitThis
3932
3933 2016-02-08  Nan Wang  <n_wang@apple.com>
3934
3935         AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
3936         https://bugs.webkit.org/show_bug.cgi?id=154018
3937
3938         Reviewed by Chris Fleizach.
3939
3940         Sometimes rangeForUnorderedCharacterOffsets call is accessing derefed node objects
3941         and leading to a crash. Fixed it by checking isNodeInUse before creating the CharacterOffset
3942         object.
3943
3944         Test: accessibility/text-marker/text-marker-range-stale-node-crash.html
3945
3946         * accessibility/AXObjectCache.cpp:
3947         (WebCore::AXObjectCache::visiblePositionForTextMarkerData):
3948         (WebCore::AXObjectCache::characterOffsetForTextMarkerData):
3949         (WebCore::AXObjectCache::traverseToOffsetInRange):
3950         * accessibility/AXObjectCache.h:
3951         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
3952         (-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
3953         (characterOffsetForTextMarker):
3954         (-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
3955         (textMarkerForVisiblePosition):
3956
3957 2016-02-08  Andreas Kling  <akling@apple.com>
3958
3959         [iOS] Throw away some unlinked code when navigating to a new page.
3960         <https://webkit.org/b/154014>
3961
3962         Reviewed by Gavin Barraclough.
3963
3964         Extended the mechanism introduced earlier to also throw away unlinked code
3965         that's only relevant to the page that we're navigating away from.
3966
3967         The new JSC::VM API is deleteAllCodeExceptCaches() and it does what it sounds
3968         like, deleting unlinked and linked code but leaving code caches alone.
3969
3970         This means that if the page we're navigating to wants to parse some of the
3971         same JS that the page we're leaving had on it, it might still be found in the
3972         JSC::CodeCache.
3973
3974         Doing a back navigation to a PageCache'd page may now incur some reparsing,
3975         just like leaving the app or tab would.
3976
3977         * bindings/js/GCController.cpp:
3978         (WebCore::GCController::deleteAllCodeExceptCaches):
3979         (WebCore::GCController::deleteAllLinkedCode): Deleted.
3980         * bindings/js/GCController.h:
3981         * loader/FrameLoader.cpp:
3982         (WebCore::FrameLoader::commitProvisionalLoad):
3983
3984 2016-02-08  Daniel Bates  <dabates@apple.com>
3985
3986         CSP connect-src directive should block redirects
39