Web Inspector: Search box doesn't allow CSS selectors anymore
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2012-05-11  Alexander Pavlov  <apavlov@chromium.org>
2
3         Web Inspector: Search box doesn't allow CSS selectors anymore
4         https://bugs.webkit.org/show_bug.cgi?id=86196
5
6         Reviewed by Pavel Feldman.
7
8         Refactoring in http://trac.webkit.org/changeset/99983 inadvertently removed the selector matching during
9         node search in the InspectorDOMAgent. This change re-introduces the Document::querySelectorAll() evaluation
10         for the user query.
11
12         * inspector/InspectorDOMAgent.cpp:
13         (WebCore::InspectorDOMAgent::performSearch):
14
15 2012-05-11  Sheriff Bot  <webkit.review.bot@gmail.com>
16
17         Unreviewed, rolling out r116527.
18         http://trac.webkit.org/changeset/116527
19         https://bugs.webkit.org/show_bug.cgi?id=86199
20
21         Causing crashes on ClusterFuzz (Requested by inferno-sec on
22         #webkit).
23
24         * rendering/RenderScrollbar.cpp:
25         (WebCore::RenderScrollbar::updateScrollbarPart):
26         * rendering/RenderScrollbarPart.h:
27
28 2012-05-11  Yoshifumi Inoue  <yosin@chromium.org>
29
30         [Forms] Move ValidityState methods implementation to another place
31         https://bugs.webkit.org/show_bug.cgi?id=86058
32
33         Reviewed by Kent Tamura.
34
35         This patch changes ValidityState class for limiting scope of
36         number/range input type related methods for introducing decimal
37         arithmetic.
38
39         Methods related to validation are moved from ValidateState to
40         input, select and textarea elements with virtual method based
41         dispatching via FormAssociateElement instead of tag name
42         dispatching so far for code simplification.
43
44         No new tests. This patch doesn't change behavior.
45
46         * html/FormAssociatedElement.cpp:
47         (WebCore::FormAssociatedElement::customError): Added. Called from ValidateState. Returns custom error mssage in member variable.
48         (WebCore::FormAssociatedElement::patternMismatch): Added.  Called from ValidateState. This is default implementation.
49         (WebCore::FormAssociatedElement::rangeOverflow): Added.  Called from ValidateState. This is default implementation.
50         (WebCore::FormAssociatedElement::rangeUnderflow): Added.  Called from ValidateState. This is default implementation.
51         (WebCore::FormAssociatedElement::stepMismatch): Added.  Called from ValidateState. This is default implementation.
52         (WebCore::FormAssociatedElement::tooLong): Added.  Called from ValidateState. This is default implementation.
53         (WebCore::FormAssociatedElement::typeMismatch): Added.  Called from ValidateState. This is default implementation.
54         (WebCore::FormAssociatedElement::valid): Added.  Called from ValidateState. This is default implementation.
55         (WebCore::FormAssociatedElement::valueMissing): Added.  Called from ValidateState. This is default implementation.
56         (WebCore::FormAssociatedElement::customValidationMessage): Added.  Called from ValidateState. This is default implementation.
57         (WebCore::FormAssociatedElement::validationMessage): Added.  Called from ValidateState. This is default implementation.
58         (WebCore::FormAssociatedElement::setCustomValidity): Added.  set custom error message.
59         * html/FormAssociatedElement.h:
60         (FormAssociatedElement): Added new instance value m_customValidationMessage.
61         * html/HTMLFormControlElement.cpp:
62         (WebCore::HTMLFormControlElement::setCustomValidity): Changed. Calls base class setCustomValidity.
63         * html/HTMLFormControlElement.h:
64         (HTMLFormControlElement):
65         * html/HTMLInputElement.cpp:
66         (WebCore::HTMLInputElement::isValidValue): Call m_inputType methods instead of HTMLInputElement's.
67         (WebCore::HTMLInputElement::tooLong): Call m_inputType methods instead of HTMLInputElement's.
68         (WebCore):
69         (WebCore::HTMLInputElement::typeMismatch): Move implementation to InputType.
70         (WebCore::HTMLInputElement::valueMissing):  Move implementation to InputType.
71         (WebCore::HTMLInputElement::patternMismatch): Move implementation to InputType.
72         (WebCore::HTMLInputElement::rangeUnderflow): Move implementation to InputType.
73         (WebCore::HTMLInputElement::rangeOverflow): Move implementation to InputType.
74         (WebCore::HTMLInputElement::validationMessage): Move implementation to InputType.
75         (WebCore::HTMLInputElement::stepMismatch): Move implementation to InputType.
76         (WebCore::HTMLInputElement::isInRange): Call m_inputType methods instead of HTMLInputElement's.
77         (WebCore::HTMLInputElement::isOutOfRange): Call m_inputType methods instead of HTMLInputElement's.
78         * html/HTMLInputElement.h:
79         (HTMLInputElement): Make tooLong method private.
80         * html/HTMLObjectElement.h: Add "virtual" and "OVERRIDE".
81         * html/HTMLSelectElement.cpp:
82         (WebCore::HTMLSelectElement::validationMessage): Added. Implementation for HTMLSelectElement.
83         (WebCore::HTMLSelectElement::valueMissing): Added. Implementation for HTMLSelectElement.
84         * html/HTMLSelectElement.h:
85         (HTMLSelectElement):  Added entries for newly added methods.
86         * html/HTMLTextAreaElement.cpp:
87         (WebCore::HTMLTextAreaElement::validationMessage): Added. Implementation for HTMLTextAreaElement.
88         (WebCore::HTMLTextAreaElement::valueMissing): Added. Implementation for HTMLTextAreaElement.
89         (WebCore::HTMLTextAreaElement::tooLong): Added. Implementation for HTMLTextAreaElement.
90         * html/HTMLTextAreaElement.h:
91         (HTMLTextAreaElement): Added entries for newly added methods. Change tooLong and valueMissing private.
92         * html/InputType.cpp:
93         (WebCore::InputType::stepMismatch): Change method signature.
94         (WebCore::InputType::alignValueForStep):  Changed for calling InputClass instead of HTMLINputElement.
95         (WebCore::InputType::stepUpFromRenderer):  Added. Moved from HTMLInputElement.
96         (WebCore::InputType::validationMessage): Added.  Moved from HTMLInputElement.
97         * html/InputType.h:
98         (InputType): Added entries for newly added methods and update methods signature.
99         * html/ValidityState.cpp: Move actual implementation to FormAssociatedElement and derived classes for localizing implementation change of elements and input types.
100         (WebCore::ValidityState::validationMessage): Changed to call FormAssociatedElement's method.
101         (WebCore::ValidityState::valueMissing): Changed to call FormAssociatedElement's method.
102         (WebCore::ValidityState::typeMismatch): Changed to call FormAssociatedElement's method.
103         (WebCore::ValidityState::patternMismatch): Changed to call FormAssociatedElement's method.
104         (WebCore::ValidityState::tooLong): Changed to call FormAssociatedElement's method.
105         (WebCore::ValidityState::rangeUnderflow): Changed to call FormAssociatedElement's method.
106         (WebCore::ValidityState::rangeOverflow): Changed to call FormAssociatedElement's method.
107         (WebCore::ValidityState::stepMismatch): Changed to call FormAssociatedElement's method.
108         (WebCore::ValidityState::customError): Changed to call FormAssociatedElement's method.
109         (WebCore::ValidityState::valid):
110         * html/ValidityState.h:
111         (ValidityState): Remove custom validation message related things.
112
113 2012-05-11  Kent Tamura  <tkent@chromium.org>
114
115         Fix a build error without SVG, introduced by tab-size support.
116
117         * css/StyleResolver.cpp:
118         (WebCore::StyleResolver::collectMatchingRulesForList):
119
120 2012-05-11  Shinya Kawanaka  <shinyak@chromium.org>
121
122         [Refactoring] Move Selection from DOMWindow to TreeScope.
123         https://bugs.webkit.org/show_bug.cgi?id=82699
124
125         Reviewed by Ryosuke Niwa.
126
127         Since ShadowRoot will also manage its own version of DOMSelection, we would like to
128         share the code among Document and DOMSelection. This patch moves DOMSelection from DOMWindow to TreeScope
129         so that ShadowRoot can also use it.
130
131         No new tests, should covered by existing tests.
132
133         * dom/Document.cpp:
134         (WebCore::Document::updateFocusAppearanceTimerFired):
135         * dom/Document.h:
136         (Document):
137         * dom/ShadowRoot.cpp:
138         (WebCore::ShadowRoot::selection):
139         * dom/TreeScope.cpp:
140         (WebCore::TreeScope::~TreeScope):
141         (WebCore::TreeScope::getSelection):
142         (WebCore):
143         * dom/TreeScope.h:
144         (WebCore):
145         (TreeScope):
146         * page/DOMSelection.cpp:
147         (WebCore::DOMSelection::DOMSelection):
148         (WebCore::DOMSelection::clearTreeScope):
149         (WebCore):
150         * page/DOMSelection.h:
151         (WebCore):
152         (WebCore::DOMSelection::create):
153         (DOMSelection):
154         * page/DOMWindow.cpp:
155         (WebCore::DOMWindow::~DOMWindow):
156         (WebCore::DOMWindow::clearDOMWindowProperties):
157         (WebCore::DOMWindow::getSelection):
158         * page/DOMWindow.h:
159         (DOMWindow):
160
161 2012-05-04  Yury Semikhatsky  <yurys@chromium.org>
162
163         Web Inspector: console should allow JS execution in the context of an isolated world
164         https://bugs.webkit.org/show_bug.cgi?id=85612
165
166         Reviewed by Pavel Feldman.
167
168         Added an option to select not only a frame but also isolated world in which
169         to perform evaluation of the code typed into the console.
170
171         Each execution context can be identified using it injected script id. We call it
172         execution context id in the protocol. Runtime agent is extended with an event that
173         is sent when new ExecutionContext is created. The event tracking can be enabled/disabled
174         using setReportExecutionContextCreation command.
175
176         * bindings/js/ScriptController.cpp:
177         (WebCore):
178         (WebCore::isolatedWorldToSecurityOriginMap):
179         * bindings/js/ScriptController.h:
180         (ScriptController):
181         * bindings/js/ScriptState.cpp:
182         (WebCore::isolatedWorldScriptState):
183         (WebCore):
184         * bindings/js/ScriptState.h:
185         (WebCore):
186         * bindings/v8/ScriptController.cpp:
187         (WebCore):
188         (WebCore::ScriptController::isolatedWorldToSecurityOriginMap):
189         * bindings/v8/ScriptController.h:
190         (ScriptController):
191         * bindings/v8/ScriptState.cpp:
192         (WebCore::isolatedWorldScriptState):
193         (WebCore):
194         * bindings/v8/ScriptState.h:
195         (WebCore):
196         * bindings/v8/V8IsolatedContext.cpp:
197         (WebCore::V8IsolatedContext::setSecurityOrigin):
198         * bindings/v8/V8Proxy.cpp:
199         (WebCore::V8Proxy::setIsolatedWorldSecurityOrigin):
200         (WebCore::V8Proxy::isolatedWorldContext):
201         (WebCore):
202         (WebCore::V8Proxy::isolatedWorldToSecurityOriginMap):
203         * bindings/v8/V8Proxy.h:
204         (V8Proxy):
205         * inspector/CodeGeneratorInspector.py:
206         (DomainNameFixes):
207         * inspector/Inspector.json:
208         * inspector/InspectorInstrumentation.cpp:
209         (WebCore::InspectorInstrumentation::didCreateIsolatedContextImpl):
210         (WebCore):
211         * inspector/InspectorInstrumentation.h:
212         (WebCore):
213         (InspectorInstrumentation):
214         (WebCore::InspectorInstrumentation::didCreateIsolatedContext):
215         * inspector/InspectorRuntimeAgent.cpp:
216         (WebCore::InspectorRuntimeAgent::evaluate):
217         * inspector/InspectorRuntimeAgent.h:
218         (InspectorRuntimeAgent):
219         * inspector/InstrumentingAgents.h:
220         (WebCore):
221         (WebCore::InstrumentingAgents::InstrumentingAgents):
222         (WebCore::InstrumentingAgents::pageRuntimeAgent):
223         (WebCore::InstrumentingAgents::setPageRuntimeAgent):
224         (InstrumentingAgents):
225         * inspector/PageRuntimeAgent.cpp:
226         (PageRuntimeAgentState):
227         (WebCore):
228         (WebCore::PageRuntimeAgent::PageRuntimeAgent):
229         (WebCore::PageRuntimeAgent::setFrontend):
230         (WebCore::PageRuntimeAgent::clearFrontend):
231         (WebCore::PageRuntimeAgent::restore):
232         (WebCore::PageRuntimeAgent::setReportExecutionContextCreation):
233         (WebCore::PageRuntimeAgent::didCreateExecutionContext):
234         (WebCore::PageRuntimeAgent::getScriptStateForEval):
235         * inspector/PageRuntimeAgent.h:
236         (WebCore):
237         (PageRuntimeAgent):
238         * inspector/WorkerRuntimeAgent.cpp:
239         (WebCore::WorkerRuntimeAgent::setReportExecutionContextCreation):
240         (WebCore::WorkerRuntimeAgent::getScriptStateForEval):
241         * inspector/WorkerRuntimeAgent.h:
242         (WorkerRuntimeAgent):
243         * inspector/front-end/ConsoleView.js:
244         (WebInspector.ConsoleView.prototype.get statusBarItems):
245         (WebInspector.ConsoleView.prototype.addContext):
246         (WebInspector.ConsoleView.prototype.removeContext):
247         (WebInspector.ConsoleView.prototype._updateIsolatedWorldSelector):
248         (WebInspector.ConsoleView.prototype._contextUpdated):
249         (WebInspector.ConsoleView.prototype._addedExecutionContext):
250         (WebInspector.ConsoleView.prototype._currentEvaluationContextId):
251         (WebInspector.ConsoleView.prototype._currentEvaluationContext):
252         (WebInspector.ConsoleView.prototype._currentIsolatedWorldId):
253         (WebInspector.ConsoleView.prototype.evalInInspectedWindow):
254         * inspector/front-end/ExtensionPanel.js:
255         (WebInspector.ExtensionSidebarPane.prototype.setExpression):
256         * inspector/front-end/ExtensionServer.js:
257         (WebInspector.ExtensionServer.prototype._onEvaluateOnInspectedPage):
258         * inspector/front-end/JavaScriptContextManager.js:
259         (WebInspector.JavaScriptContextManager):
260         (WebInspector.JavaScriptContextManager.prototype._didLoadCachedResources):
261         (WebInspector.JavaScriptContextManager.prototype.isolatedContextCreated):
262         (WebInspector.RuntimeDispatcher):
263         (WebInspector.RuntimeDispatcher.prototype.isolatedContextCreated):
264         (WebInspector.ExecutionContext):
265         (WebInspector.ExecutionContext.comparator):
266         (WebInspector.FrameEvaluationContext):
267         (WebInspector.FrameEvaluationContext.prototype._frameNavigated):
268         (WebInspector.FrameEvaluationContext.prototype._addExecutionContext):
269         (WebInspector.FrameEvaluationContext.prototype._ensureMainWorldContextAdded):
270         (WebInspector.FrameEvaluationContext.prototype.isolatedContexts):
271
272 2012-05-11  Andrey Kosyakov  <caseq@chromium.org>
273
274         Web Inspector: use div, not span as a parent element for ElementsTreeOutline in Audits panel
275         https://bugs.webkit.org/show_bug.cgi?id=86188
276
277         Reviewed by Yury Semikhatsky.
278
279         We need to use <div>, not <span> as a container for ElementsTreeOutline, as latter accesses its parent offsetWidth
280         within _treeElementFromEvent(), which returns 0 for inline elements.
281
282         * inspector/front-end/AuditFormatters.js:
283         (WebInspector.AuditFormatters.node.onNodeAvailable):
284         (WebInspector.AuditFormatters.node):
285
286 2012-05-11  Antti Koivisto  <antti@apple.com>
287
288         Inline Node::traverseNextNode
289         https://bugs.webkit.org/show_bug.cgi?id=85844
290
291         Reviewed by Ryosuke Niwa.
292         
293         Inline traverseNextNode and traverseNextSibling to reduce entry/exit overhead and allow better code generation
294         for many hot loops.
295
296         In this version only the firstChild()/nextSibling() tests are inlined and the ancestor traversal is not.
297         
298         Performance bots will tell if this was worthwhile.
299
300         * dom/ContainerNode.h:
301         (WebCore::Node::traverseNextNode):
302         (WebCore):
303         (WebCore::Node::traverseNextSibling):
304         * dom/Node.cpp:
305         (WebCore::Node::traverseNextAncestorSibling):
306         * dom/Node.h:
307         (Node):
308         * bindings/v8/RetainedDOMInfo.cpp:
309
310 2012-05-07  Yury Semikhatsky  <yurys@chromium.org>
311
312         Web Inspector: get rid of InspectorAgent::emitCommitLoadIfNeeded method
313         https://bugs.webkit.org/show_bug.cgi?id=85708
314
315         Reviewed by Pavel Feldman.
316
317         Instead of calling emitCommitLoadIfNeeded after all agents are restored
318         required actions are performed directly in the restore() methods.
319
320         * inspector/InspectorAgent.cpp:
321         * inspector/InspectorAgent.h:
322         (WebCore::InspectorAgent::didCommitLoadFired):
323         * inspector/InspectorController.cpp:
324         (WebCore::InspectorController::InspectorController):
325         (WebCore::InspectorController::restoreInspectorStateFromCookie):
326         * inspector/InspectorDatabaseAgent.cpp:
327         (WebCore::InspectorDatabaseAgent::restore):
328         * inspector/InspectorPageAgent.cpp:
329         (WebCore::InspectorPageAgent::create):
330         (WebCore::InspectorPageAgent::InspectorPageAgent):
331         (WebCore::InspectorPageAgent::restore):
332         * inspector/InspectorPageAgent.h:
333         (WebCore):
334         * inspector/InspectorResourceAgent.cpp:
335         (WebCore::InspectorResourceAgent::restore):
336
337 2012-05-10  Andrey Kosyakov  <caseq@chromium.org>
338
339         Web Inspector: [Extensions API] add audit formatters for remote objects and DOM elements
340         https://bugs.webkit.org/show_bug.cgi?id=86108
341
342         Reviewed by Pavel Feldman.
343
344        - added two new formatters to AuditResults object of webInspector.audits API;
345
346         * inspector/front-end/AuditFormatters.js:
347         (WebInspector.AuditFormatters.resourceLink):
348         (WebInspector.AuditFormatters.object.onEvaluate):
349         (WebInspector.AuditFormatters.object): format as a remote object property list;
350         (WebInspector.AuditFormatters.node.onNodeAvailable):
351         (WebInspector.AuditFormatters.node.onEvaluate):
352         (WebInspector.AuditFormatters.node): format as a DOM elements sub-tree;
353         (WebInspector.AuditFormatters.Utilities.evaluate): common expression evaluation logic for both new formatters;
354         * inspector/front-end/ExtensionAPI.js:
355         (injectedExtensionAPI.AuditResultImpl):
356         * inspector/front-end/auditsPanel.css:
357         (.audit-result-tree ol.outline-disclosure):
358         (.audit-result-tree .section .header):
359         (.audit-result-tree .section .header::before):
360
361 2012-05-11  Sheriff Bot  <webkit.review.bot@gmail.com>
362
363         Unreviewed, rolling out r116727.
364         http://trac.webkit.org/changeset/116727
365         https://bugs.webkit.org/show_bug.cgi?id=86181
366
367         Build error on Chromium-Android (Requested by tkent on
368         #webkit).
369
370         * platform/graphics/MediaPlayer.cpp:
371         (WebCore::MediaPlayer::enterFullscreen):
372         (WebCore):
373         * platform/graphics/MediaPlayer.h:
374         (MediaPlayer):
375         * platform/graphics/MediaPlayerPrivate.h:
376         (WebCore::MediaPlayerPrivateInterface::enterFullscreen):
377         (MediaPlayerPrivateInterface):
378
379 2012-05-11  Sheriff Bot  <webkit.review.bot@gmail.com>
380
381         Unreviewed, rolling out r116731.
382         http://trac.webkit.org/changeset/116731
383         https://bugs.webkit.org/show_bug.cgi?id=86178
384
385         Build failure on Chromium-mac (Requested by tkent on #webkit).
386
387         * platform/graphics/chromium/LayerRendererChromium.cpp:
388         (WebCore::LayerRendererChromium::create):
389         (WebCore::LayerRendererChromium::LayerRendererChromium):
390         (WebCore::LayerRendererChromium::initializeSharedObjects):
391         * platform/graphics/chromium/LayerRendererChromium.h:
392         (LayerRendererChromium):
393         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
394         (WebCore::CCLayerTreeHostImpl::initializeLayerRenderer):
395         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
396         (CCLayerTreeHostImpl):
397         * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
398         (UnthrottledTextureUploader):
399         (WebCore::UnthrottledTextureUploader::create):
400         (WebCore::UnthrottledTextureUploader::~UnthrottledTextureUploader):
401         (WebCore::UnthrottledTextureUploader::isBusy):
402         (WebCore::UnthrottledTextureUploader::beginUploads):
403         (WebCore::UnthrottledTextureUploader::endUploads):
404         (WebCore::UnthrottledTextureUploader::uploadTexture):
405         (WebCore::UnthrottledTextureUploader::UnthrottledTextureUploader):
406         (WebCore):
407         (WebCore::CCSingleThreadProxy::initializeLayerRenderer):
408         (WebCore::CCSingleThreadProxy::recreateContext):
409         * platform/graphics/chromium/cc/CCThreadProxy.cpp:
410         (WebCore):
411         (UnthrottledTextureUploader):
412         (WebCore::UnthrottledTextureUploader::create):
413         (WebCore::UnthrottledTextureUploader::~UnthrottledTextureUploader):
414         (WebCore::UnthrottledTextureUploader::isBusy):
415         (WebCore::UnthrottledTextureUploader::beginUploads):
416         (WebCore::UnthrottledTextureUploader::endUploads):
417         (WebCore::UnthrottledTextureUploader::uploadTexture):
418         (WebCore::UnthrottledTextureUploader::UnthrottledTextureUploader):
419         (WebCore::CCThreadProxy::initializeLayerRendererOnImplThread):
420         (WebCore::CCThreadProxy::recreateContextOnImplThread):
421
422 2012-05-10  David Reveman  <reveman@chromium.org>
423
424         [Chromium] Move instantiation of texture uploader to LayerRendererChromium.
425         https://bugs.webkit.org/show_bug.cgi?id=85893
426
427         Reviewed by Adrienne Walker.
428
429         Move instantiation of texture uploader to LayerRendererChromium and
430         allow CCProxy to decide between a throttled or unthrottled uploader
431         using a flag passed to the LayerRendererChromium constructor.
432
433         * platform/graphics/chromium/LayerRendererChromium.cpp:
434         (WebCore::LayerRendererChromium::create):
435         (WebCore::LayerRendererChromium::LayerRendererChromium):
436         (WebCore::LayerRendererChromium::initializeSharedObjects):
437         * platform/graphics/chromium/LayerRendererChromium.h:
438         (LayerRendererChromium):
439         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
440         (WebCore::CCLayerTreeHostImpl::initializeLayerRenderer):
441         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
442         (CCLayerTreeHostImpl):
443         * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
444         (WebCore::CCSingleThreadProxy::initializeLayerRenderer):
445         (WebCore::CCSingleThreadProxy::recreateContext):
446         * platform/graphics/chromium/cc/CCThreadProxy.cpp:
447         (WebCore::CCThreadProxy::initializeLayerRendererOnImplThread):
448         (WebCore::CCThreadProxy::recreateContextOnImplThread):
449
450 2012-05-10  MORITA Hajime  <morrita@google.com>
451
452         ElementShadow should minimize the usage of "ShadowRoot" name
453         https://bugs.webkit.org/show_bug.cgi?id=85970
454
455         Reviewed by Dimitri Glazkov.
456
457         This change cleans two out dated assumptions which brought in at
458         early stage of Shadow DOM implementation.
459
460         - Removed Element::hasShadowRoot(): shadow existence can be checked by Element::shadow().
461         - Made ElementShadow::removeAllShadowRoots() private: we no longer allow ShadowRoot removal.
462           It can only happens at the ElementShadow destruction.
463
464         Most of changes in element implementations are basically simple
465         replacement from hasShadowRoot() to shadow().
466
467         No new tests. Covered by existing tests.
468
469         * WebCore.exp.in:
470         * dom/ContainerNodeAlgorithms.h:
471         (WebCore::ChildFrameDisconnector::collectDescendant):
472         * dom/ComposedShadowTreeWalker.cpp:
473         (WebCore::ComposedShadowTreeWalker::traverseChild):
474         * dom/Document.cpp:
475         (WebCore::Document::buildAccessKeyMap):
476         * dom/Element.cpp:
477         (WebCore::Element::recalcStyle):
478         (WebCore::Element::ensureShadowRoot):
479         (WebCore::Element::childrenChanged):
480         * dom/Element.h:
481         (Element):
482         (WebCore::isShadowHost):
483         (WebCore):
484         * dom/ElementShadow.cpp:
485         (WebCore::ElementShadow::~ElementShadow):
486         (WebCore::ElementShadow::removeAllShadowRoots):
487         * dom/ElementShadow.h:
488         (ElementShadow):
489         (WebCore::ElementShadow::host):
490         * dom/EventDispatcher.cpp:
491         * dom/Node.cpp:
492         (WebCore::oldestShadowRootFor):
493         * dom/NodeRenderingContext.cpp:
494         (WebCore::NodeRenderingContext::NodeRenderingContext):
495         * dom/ShadowRoot.cpp:
496         (WebCore::ShadowRoot::create):
497         * html/ColorInputType.cpp:
498         (WebCore::ColorInputType::createShadowSubtree):
499         * html/FileInputType.cpp:
500         (WebCore::FileInputType::createShadowSubtree):
501         (WebCore::FileInputType::multipleAttributeChanged):
502         * html/HTMLDetailsElement.cpp:
503         (WebCore::HTMLDetailsElement::createShadowSubtree):
504         * html/HTMLInputElement.cpp:
505         (WebCore::HTMLInputElement::createShadowSubtree):
506         * html/HTMLKeygenElement.cpp:
507         (WebCore::HTMLKeygenElement::HTMLKeygenElement):
508         (WebCore::HTMLKeygenElement::shadowSelect):
509         * html/HTMLMediaElement.cpp:
510         (WebCore::HTMLMediaElement::hasMediaControls):
511         * html/HTMLMeterElement.cpp:
512         (WebCore::HTMLMeterElement::createShadowSubtree):
513         * html/HTMLProgressElement.cpp:
514         (WebCore::HTMLProgressElement::createShadowSubtree):
515         * html/HTMLSummaryElement.cpp:
516         (WebCore::HTMLSummaryElement::createShadowSubtree):
517         * html/HTMLTextAreaElement.cpp:
518         (WebCore::HTMLTextAreaElement::createShadowSubtree):
519         * html/InputType.cpp:
520         (WebCore::InputType::destroyShadowSubtree):
521         * html/RangeInputType.cpp:
522         (WebCore::RangeInputType::handleMouseDownEvent):
523         (WebCore::RangeInputType::createShadowSubtree):
524         * html/TextFieldInputType.cpp:
525         (WebCore::TextFieldInputType::createShadowSubtree):
526         * html/shadow/SliderThumbElement.cpp:
527         (WebCore::trackLimiterElementOf):
528         * inspector/InspectorDOMAgent.cpp:
529         (WebCore::InspectorDOMAgent::unbind):
530         (WebCore::InspectorDOMAgent::buildObjectForNode):
531         * page/FocusController.cpp:
532         (WebCore):
533         * rendering/RenderFileUploadControl.cpp:
534         (WebCore::RenderFileUploadControl::uploadButton):
535         * svg/SVGTRefElement.cpp:
536         (WebCore::SVGTRefElement::updateReferencedText):
537         (WebCore::SVGTRefElement::detachTarget):
538         * testing/Internals.cpp:
539         (WebCore::Internals::ensureShadowRoot):
540         (WebCore::Internals::youngestShadowRoot):
541         (WebCore::Internals::oldestShadowRoot):
542         * testing/Internals.h:
543         (Internals):
544         * testing/Internals.idl:
545
546 2012-05-10  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
547
548         Move resumeAnimations to use Internals interface
549         https://bugs.webkit.org/show_bug.cgi?id=86063
550
551         Reviewed by Alexey Proskuryakov.
552
553         Add resumeAnimations functions, because it is able to work in the
554         cross-port way through the Internals interface.
555
556         No new tests, since we are improving here the infra-structure for testing
557         a specific method.
558
559         * testing/Internals.cpp:
560         (WebCore::Internals::resumeAnimations):
561         (WebCore):
562         * testing/Internals.h:
563         (Internals):
564         * testing/Internals.idl:
565
566 2012-05-10  Min Qin  <qinmin@google.com>
567
568         split MediaPlayer::enterFullscreen into 2 seperate functions
569         https://bugs.webkit.org/show_bug.cgi?id=86052
570
571         Reviewed by Benjamin Poulain.
572
573         It is confusing that enterFullscreen returns a boolean while exitFullscreen does
574         not do the same. And ios does not need the return value.
575         So remove the return value on enterFullscreen and make a seperate canEnterFullscreen()
576         function for android.
577         No tests as there are no behavior change, just refactoring.
578
579         * platform/graphics/MediaPlayer.cpp:
580         (WebCore::MediaPlayer::enterFullscreen):
581         (WebCore):
582         (WebCore::MediaPlayer::canEnterFullscreen):
583         * platform/graphics/MediaPlayer.h:
584         (MediaPlayer):
585         * platform/graphics/MediaPlayerPrivate.h:
586         (WebCore::MediaPlayerPrivateInterface::enterFullscreen):
587         (MediaPlayerPrivateInterface):
588         (WebCore::MediaPlayerPrivateInterface::canEnterFullscreen):
589
590 2012-05-10  Sheriff Bot  <webkit.review.bot@gmail.com>
591
592         Unreviewed, rolling out r116715.
593         http://trac.webkit.org/changeset/116715
594         https://bugs.webkit.org/show_bug.cgi?id=86172
595
596         Broke http/tests/security/cross-frame-access-selection.html
597         (Requested by tkent on #webkit).
598
599         * dom/Document.cpp:
600         (WebCore):
601         (WebCore::Document::getSelection):
602         * dom/Document.h:
603         (Document):
604         * dom/ShadowRoot.cpp:
605         (WebCore::ShadowRoot::selection):
606         * dom/TreeScope.cpp:
607         (WebCore::TreeScope::~TreeScope):
608         * dom/TreeScope.h:
609         (WebCore):
610         (TreeScope):
611         * page/DOMSelection.cpp:
612         (WebCore::DOMSelection::DOMSelection):
613         * page/DOMSelection.h:
614         (WebCore):
615         (WebCore::DOMSelection::create):
616         (DOMSelection):
617         * page/DOMWindow.cpp:
618         (WebCore::DOMWindow::~DOMWindow):
619         (WebCore::DOMWindow::clearDOMWindowProperties):
620         (WebCore::DOMWindow::getSelection):
621         * page/DOMWindow.h:
622         (DOMWindow):
623
624 2012-05-10  Hajime Morrita  <morrita@google.com>
625
626         WebKit should support tab-size.
627         https://bugs.webkit.org/show_bug.cgi?id=52994
628
629         - Added boilerplate for "tab-size" CSS property.
630         - Added RenderStye::tabSize() as a RareInheritedData.
631         - Replaced TextRun::m_allowTabs into TextRun::m_tabSize.
632
633         Reviewed by Simon Fraser.
634
635         Tests: fast/css/tab-size-expected.html
636                fast/css/tab-size.html
637
638         * css/CSSComputedStyleDeclaration.cpp:
639         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
640         * css/CSSParser.cpp:
641         (WebCore::CSSParser::parseValue):
642         * css/CSSProperty.cpp:
643         (WebCore::CSSProperty::isInheritedProperty):
644         * css/CSSPropertyNames.in:
645         * css/CSSStyleSelector.cpp:
646         (WebCore::CSSStyleSelector::applyProperty):
647         * html/canvas/CanvasRenderingContext2D.cpp:
648         (WebCore::CanvasRenderingContext2D::drawTextInternal):
649         * platform/chromium/PopupListBox.cpp:
650         (WebCore::PopupListBox::paintRow):
651         * platform/graphics/Font.h:
652         (WebCore::Font::tabWidth):
653         * platform/graphics/TextRun.h:
654         (WebCore::TextRun::TextRun):
655         (WebCore::TextRun::allowTabs):
656         (WebCore::TextRun::tabSize):
657         (WebCore::TextRun::setTabSize):
658         * platform/graphics/WidthIterator.cpp:
659         (WebCore::WidthIterator::advance):
660         * platform/graphics/mac/ComplexTextController.cpp:
661         (WebCore::ComplexTextController::adjustGlyphsAndAdvances):
662         * platform/win/PopupMenuWin.cpp:
663         (WebCore::PopupMenuWin::paint):
664         * rendering/InlineTextBox.cpp:
665         (WebCore::InlineTextBox::constructTextRun):
666         * rendering/RenderBlock.cpp:
667         (WebCore::RenderBlock::constructTextRun):
668         * rendering/RenderBlockLineLayout.cpp:
669         (WebCore::textWidth):
670         (WebCore::tryHyphenating):
671         * rendering/RenderText.cpp:
672         (WebCore::RenderText::widthFromCache):
673         (WebCore::RenderText::computePreferredLogicalWidths):
674         (WebCore::RenderText::width):
675         * rendering/RenderText.h:
676         * rendering/style/RenderStyle.cpp:
677         (WebCore::RenderStyle::diff):
678         * rendering/style/RenderStyle.h:
679         (WebCore::RenderStyleBitfields::tabSize):
680         (WebCore::RenderStyleBitfields::collapsedTabSize):
681         (WebCore::RenderStyleBitfields::setTabSize):
682         (WebCore::RenderStyleBitfields::initialTabSize):
683         * rendering/style/StyleRareInheritedData.cpp:
684         (WebCore::StyleRareInheritedData::StyleRareInheritedData):
685         (WebCore::StyleRareInheritedData::operator==):
686         * rendering/style/StyleRareInheritedData.h:
687         * rendering/svg/SVGInlineTextBox.cpp:
688         (WebCore::SVGInlineTextBox::constructTextRun):
689         * rendering/svg/SVGTextMetrics.cpp:
690         (WebCore::constructTextRun):
691
692 2012-05-10  Antoine Labour  <piman@chromium.org>
693
694         Sync with impl thread when removing references to external textures
695         https://bugs.webkit.org/show_bug.cgi?id=86054
696
697         We want to ensure the client side is safe to release textures, so we
698         sync with the impl thread when:
699         - we change the texture (and we had one)
700         - the layer is removed from the tree (and we had a texture)
701         - the layer is destroyed (and we had a texture)
702
703         Reviewed by James Robinson.
704
705         Test: TextureLayerChromiumTest.
706
707         * platform/graphics/chromium/TextureLayerChromium.cpp:
708         (WebCore::TextureLayerChromium::~TextureLayerChromium):
709         (WebCore::TextureLayerChromium::setTextureId):
710         (WebCore::TextureLayerChromium::setLayerTreeHost):
711         (WebCore):
712         * platform/graphics/chromium/TextureLayerChromium.h:
713         (TextureLayerChromium):
714
715 2012-05-10  Kent Tamura  <tkent@chromium.org>
716
717         [Chromium] attempt to build fix for Chromium-mac.
718         r116697 introduced an override of a system function. It's intentional
719         and WebCoreTextFieldCell should be in the whitelist.
720
721         * WebCore.gyp/WebCore.gyp:
722
723 2012-05-10  Anders Carlsson  <andersca@apple.com>
724
725         PDF files won't scroll in Safari when using Adobe plug-in
726         https://bugs.webkit.org/show_bug.cgi?id=86167
727         <rdar://problem/11389719>
728
729         Reviewed by Sam Weinig.
730
731         * page/scrolling/ScrollingCoordinator.cpp:
732         (WebCore::computeNonFastScrollableRegion):
733         Loop over the frame view children looking for plug-in views that want wheel events
734         and add them to the non-fast scrollable region. Ideally, the plug-ins should be added
735         to the set of scrollable areas, but PluginView in WebKit2 is not a ScrollableArea yet.
736
737         * plugins/PluginViewBase.h:
738         (PluginViewBase):
739         (WebCore::PluginViewBase::wantsWheelEvents):
740
741 2012-05-10  Alexey Proskuryakov  <ap@apple.com>
742
743         Crash in 3rd party WebKit apps that disable cache at a wrong time
744         https://bugs.webkit.org/show_bug.cgi?id=86027
745         <rdar://problem/10615880>
746
747         Reviewed by Antti Koivisto.
748
749         Added an API test.
750
751         The fix is to use CachedResourceHandle throughout MemoryCache, which will certainly
752         keep the resource alive. Also removed earlier fixes.
753
754         * css/CSSImageSetValue.cpp: (WebCore::CSSImageSetValue::cachedImageSet):
755         * css/CSSImageValue.cpp: (WebCore::CSSImageValue::cachedImage):
756         * css/WebKitCSSShaderValue.cpp: (WebCore::WebKitCSSShaderValue::cachedShader):
757         * history/PageCache.cpp: (WebCore::PageCache::releaseAutoreleasedPagesNow):
758         * loader/ImageLoader.cpp: (WebCore::ImageLoader::updateFromElement):
759         * loader/TextTrackLoader.cpp: (WebCore::TextTrackLoader::load):
760         * loader/cache/CachedResourceLoader.cpp:
761         (WebCore::CachedResourceLoader::requestImage):
762         (WebCore::CachedResourceLoader::requestFont):
763         (WebCore::CachedResourceLoader::requestTextTrack):
764         (WebCore::CachedResourceLoader::requestShader):
765         (WebCore::CachedResourceLoader::requestCSSStyleSheet):
766         (WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
767         (WebCore::CachedResourceLoader::requestScript):
768         (WebCore::CachedResourceLoader::requestXSLStyleSheet):
769         (WebCore::CachedResourceLoader::requestSVGDocument):
770         (WebCore::CachedResourceLoader::requestLinkResource):
771         (WebCore::CachedResourceLoader::requestRawResource):
772         (WebCore::CachedResourceLoader::requestResource):
773         (WebCore::CachedResourceLoader::revalidateResource):
774         (WebCore::CachedResourceLoader::loadResource):
775         (WebCore::CachedResourceLoader::requestPreload):
776         * loader/cache/CachedResourceLoader.h: (CachedResourceLoader):
777         * loader/cache/MemoryCache.h: (WebCore::MemoryCache::setPruneEnabled):
778
779         * loader/cache/CachedResourceHandle.h:
780         (WebCore::CachedResourceHandle::CachedResourceHandle):
781         (WebCore::CachedResourceHandle::operator=):
782         Teach CachedResourceHandle how to make CachedResourceHandle<CachedResource> from
783         a handle to subclass.
784
785 2012-05-10  Tien-Ren Chen  <trchen@chromium.org>
786
787         Eliminate duplicated code for culled line box in RenderInline
788         https://bugs.webkit.org/show_bug.cgi?id=85725
789
790         This patch extracts the common part of culledInlineBoundingBox() /
791         culledInlineAbsoluteRects() / culledInlineAbsoluteQuads() to become a
792         template function generateCulledLineBoxRects(). The template function
793         accepts a new parameter, GeneratorContext functor, which will be
794         invoked everytime a new line box rect has been generated. The generated
795         rect will be in local coordinate. The functor will be responsible for
796         appropriate transformation, then appending to vector or union with
797         existing bounding box.
798
799         Reviewed by Eric Seidel.
800
801         No new tests. No change in behavior.
802
803         * rendering/RenderInline.cpp:
804         (WebCore):
805         (WebCore::RenderInline::generateLineBoxRects):
806         (WebCore::RenderInline::generateCulledLineBoxRects):
807         (WebCore::RenderInline::absoluteRects):
808         (WebCore::RenderInline::absoluteQuads):
809         (WebCore::RenderInline::linesBoundingBox):
810         (WebCore::RenderInline::culledInlineVisualOverflowBoundingBox):
811         (WebCore::RenderInline::addFocusRingRects):
812         * rendering/RenderInline.h:
813         (RenderInline):
814
815 2012-05-10  Abhishek Arya  <inferno@chromium.org>
816
817         Crash in swapInNodePreservingAttributesAndChildren.
818         https://bugs.webkit.org/show_bug.cgi?id=85197
819  
820         Reviewed by Ryosuke Niwa.
821  
822         Keep the children in a ref vector before adding them to newNode.
823         They can get destroyed due to mutation events.
824
825         No new tests because we don't have a reduction.
826
827         * editing/ReplaceNodeWithSpanCommand.cpp:
828         (WebCore::swapInNodePreservingAttributesAndChildren):
829
830 2012-05-10  Shinya Kawanaka  <shinyak@chromium.org>
831
832         [Refactoring] Move Selection from DOMWindow to TreeScope.
833         https://bugs.webkit.org/show_bug.cgi?id=82699
834
835         Reviewed by Ryosuke Niwa.
836
837         Since ShadowRoot will also manage its own version of DOMSelection, we would like to
838         share the code among Document and DOMSelection. This patch moves DOMSelection from DOMWindow to TreeScope
839         so that ShadowRoot can also use it.
840
841         No new tests, should covered by existing tests.
842
843         * dom/Document.cpp:
844         (WebCore::Document::updateFocusAppearanceTimerFired):
845         * dom/Document.h:
846         (Document):
847         * dom/ShadowRoot.cpp:
848         (WebCore::ShadowRoot::selection):
849         * do/mTreeScope.cpp:
850         (WebCore::TreeScope::~TreeScope):
851         (WebCore::TreeScope::getSelection):
852         (WebCore):
853         * dom/TreeScope.h:
854         (WebCore):
855         (TreeScope):
856         * page/DOMSelection.cpp:
857         (WebCore::DOMSelection::DOMSelection):
858         (WebCore::DOMSelection::clearTreeScope):
859         (WebCore):
860         * page/DOMSelection.h:
861         (WebCore):
862         (WebCore::DOMSelection::create):
863         (DOMSelection):
864         (WebCore::DOMSelection::frame):
865         * page/DOMWindow.cpp:
866         (WebCore::DOMWindow::~DOMWindow):
867         (WebCore::DOMWindow::clearDOMWindowProperties):
868         (WebCore::DOMWindow::getSelection):
869         * page/DOMWindow.h:
870         (DOMWindow):
871
872 2012-05-10  Kent Tamura  <tkent@chromium.org>
873
874         Unreviewed, rolling out r116594.
875         http://trac.webkit.org/changeset/116594
876         https://bugs.webkit.org/show_bug.cgi?id=86013
877
878         r116594 might have made some composition tests flaky.
879
880         * platform/graphics/chromium/LayerChromium.cpp:
881         (WebCore::LayerChromium::addAnimation):
882         * platform/graphics/chromium/cc/CCLayerAnimationController.cpp:
883         (WebCore::CCLayerAnimationController::pushNewAnimationsToImplThread):
884         * platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
885         (WebCore::CCLayerTreeHost::finishCommitOnImplThread):
886         (WebCore::CCLayerTreeHost::didBecomeInvisibleOnImplThread):
887         * platform/graphics/chromium/cc/CCLayerTreeHost.h:
888         (CCLayerTreeHost):
889         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
890         (WebCore::CCLayerTreeHostImpl::CCLayerTreeHostImpl):
891         * platform/graphics/chromium/cc/CCProxy.h:
892         (CCProxy):
893         * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
894         (WebCore::CCSingleThreadProxy::CCSingleThreadProxy):
895         (WebCore::CCSingleThreadProxy::doComposite):
896         * platform/graphics/chromium/cc/CCSingleThreadProxy.h:
897         (WebCore):
898         * platform/graphics/chromium/cc/CCThreadProxy.h:
899         (CCThreadProxy):
900
901 2012-05-10  Michael Nordman  <michaeln@google.com>
902
903         [chromium] DomStorage events handling needs TLC (2)
904         https://bugs.webkit.org/show_bug.cgi?id=85221
905         Alter the StorageArea virtual interface such that the mutators no longer
906         return old values. This is to allow implementations of the interface to operate
907         more asynchronously.
908
909         Reviewed by Adam Barth.
910
911         No new tests. Existing tests cover this.
912
913         * storage/StorageArea.h: Alter the interface so the mutators no longer return previous values
914         * storage/StorageAreaImpl.cpp:
915         (WebCore::StorageAreaImpl::disabledByPrivateBrowsingInFrame):  removed an unneeded PLATFORM(CHROMIUM) guard
916         (WebCore::StorageAreaImpl::setItem): no longer return the old value
917         (WebCore::StorageAreaImpl::removeItem): no longer return the old value
918         (WebCore::StorageAreaImpl::clear): no longer return whether something was cleared
919         * storage/StorageAreaImpl.h: match StorageArea's virtual interface
920
921 2012-05-10  Beth Dakin  <bdakin@apple.com>
922
923         https://bugs.webkit.org/show_bug.cgi?id=86158
924         Overlay scrollbars without layers never paint in overflow regions in 
925         tiled drawing mode
926         -and corresponding-
927         <rdar://problem/11289546>
928
929         Reviewed by Darin Adler.
930
931         RenderLayers paint scrollbars that do not have their own layers by 
932         running a second pass through the layer tree after the layer tree has 
933         painted. This ensures that the scrollbars always paint on top of 
934         content. However, this mechanism was relying on 
935         FrameView::paintContents() as a choke-point for all painting to 
936         trigger the second painting pass. That is not a reasonable choke-point 
937         in tiled drawing, so this patch adds similar code to 
938         RenderLayerBacking.
939
940         Only opt into the second painting pass for scrollbars that do not have 
941         their own layers.
942         * rendering/RenderLayer.cpp:
943         (WebCore::RenderLayer::paintOverflowControls):
944         
945         A layer that paints into its backing cannot return early here if it 
946         has overlay scrollbars to paint.
947         (WebCore::RenderLayer::paintLayer):
948         
949         This replicates code in FrameView::paintContents(). After painting the 
950         owning layer, do a second pass if there are overlay scrollbars to 
951         paint.
952         * rendering/RenderLayerBacking.cpp:
953         (WebCore::RenderLayerBacking::paintIntoLayer):
954
955 2012-05-10  Anders Carlsson  <andersca@apple.com>
956
957         Well, at least fixing the GTK+ build is something!
958
959         * platform/gtk/LocalizedStringsGtk.cpp:
960         (WebCore::insecurePluginVersionText):
961         (WebCore):
962
963 2012-05-10  Anders Carlsson  <andersca@apple.com>
964
965         Add insecurePluginVersionText stubs.
966
967         * platform/blackberry/LocalizedStringsBlackBerry.cpp:
968         (WebCore::insecurePluginVersionText):
969         (WebCore):
970         * platform/efl/LocalizedStringsEfl.cpp:
971         (WebCore::insecurePluginVersionText):
972         (WebCore):
973         * platform/qt/LocalizedStringsQt.cpp:
974         (WebCore::insecurePluginVersionText):
975         (WebCore):
976
977 2012-05-10  Sheriff Bot  <webkit.review.bot@gmail.com>
978
979         Unreviewed, rolling out r116677.
980         http://trac.webkit.org/changeset/116677
981         https://bugs.webkit.org/show_bug.cgi?id=86159
982
983         This patch causes linker error to some mac bots (Requested by
984         jianli_ on #webkit).
985
986         * WebCore.exp.in:
987         * dom/ContainerNode.h:
988         * dom/Node.cpp:
989         (WebCore::Node::traverseNextNode):
990         (WebCore::Node::traverseNextSibling):
991         * dom/Node.h:
992         (Node):
993
994 2012-05-10  Abhishek Arya  <inferno@chromium.org>
995
996         Crash in FontCache::releaseFontData due to infinite float size.
997         https://bugs.webkit.org/show_bug.cgi?id=86110
998
999         Reviewed by Andreas Kling.
1000
1001         New callers always forget to clamp the font size, which overflows
1002         to infinity on multiplication. It is best to clamp it at the end
1003         to avoid getting greater than std::numeric_limits<float>::max().
1004
1005         Test: fast/css/large-font-size-crash.html
1006
1007         * platform/graphics/FontDescription.h:
1008         (WebCore::FontDescription::setComputedSize):
1009         (WebCore::FontDescription::setSpecifiedSize):
1010
1011 2012-05-10  Beth Dakin  <bdakin@apple.com>
1012
1013         https://bugs.webkit.org/show_bug.cgi?id=82131
1014         [Mac] REGRESSION (r110480): Text field that specifies background-color 
1015         (or is auto-filled) gets un-themed border
1016         -and corresponding-
1017         <rdar://problem/11115221>
1018
1019         Reviewed by Maciej Stachowiak.
1020
1021         This change rolls out r110480 which is what caused styled text fields 
1022         to get the un-themed border, and it does a bunch of work to make sure 
1023         we get the pretty, new version of the NSTextField art whenever 
1024         possible. We do this differently for post-Lion OS's since there is now 
1025         a way to opt into it all the time. Lion and SnowLeopard can only use 
1026         the new art in HiDPI mode when the background color of the text field 
1027         is just white.
1028
1029         RenderThemeMac::textField() takes a boolean paramter used to determine 
1030         if the new gradient will be used.
1031         * rendering/RenderThemeMac.h:
1032         (RenderThemeMac):
1033         
1034         This is the post-Lion workaround. This code has no effect on Lion and 
1035         SnowLeopard. This allows up to opt into a version of [NSTextField drawWithFrame:] that will only draw the frame of the text field; without this, it will draw the frame and the background, which creates a number of problems with styled text fields and text fields in HiDPI. There is a less comprehesive workaround for Lion and SnowLeopard in place in RenderThemeMac::textField().
1036         * rendering/RenderThemeMac.mm:
1037         (-[WebCoreTextFieldCell _coreUIDrawOptionsWithFrame:inView:includeFocus:]):
1038         
1039         This is the roll-out of r110480.
1040         (WebCore::RenderThemeMac::isControlStyled):
1041         
1042         See the comments for a full explanation, but this is mostly code for 
1043         Lion and SnowLeopard to determine if we can opt into the new artwork.
1044         (WebCore::RenderThemeMac::paintTextField):
1045         (WebCore::RenderThemeMac::textField):
1046
1047 2012-05-10  Anders Carlsson  <andersca@apple.com>
1048
1049         WebKit1: Add a way to blacklist specific plug-ins/plug-in versions
1050         https://bugs.webkit.org/show_bug.cgi?id=86150
1051         <rdar://problem/9551196>
1052
1053         Reviewed by Sam Weinig.
1054
1055         * English.lproj/Localizable.strings:
1056         Update.
1057
1058         * loader/SubframeLoader.cpp:
1059         (WebCore::SubframeLoader::loadPlugin):
1060         It is possible that the client has already set the unavailability reason so don't try to set it twice.
1061
1062         * platform/LocalizedStrings.cpp:
1063         (WebCore::insecurePluginVersionText):
1064         * platform/LocalizedStrings.h:
1065         Add insecure plug-in version text.
1066
1067         * rendering/RenderEmbeddedObject.cpp:
1068         (WebCore::RenderEmbeddedObject::unavailablePluginReplacementText):
1069         * rendering/RenderEmbeddedObject.h:
1070         Add InsecurePluginVersion unavailability reason.
1071
1072 2012-05-10  Eric Seidel  <eric@webkit.org>
1073
1074         Make IFRAME_SEAMLESS child documents inherit styles from their parent iframe element
1075         https://bugs.webkit.org/show_bug.cgi?id=85940
1076
1077         Reviewed by Ojan Vafai.
1078
1079         The HTML5 <iframe seamless> spec says:
1080         In a CSS-supporting user agent: the user agent must, for the purpose of CSS property
1081         inheritance only, treat the root element of the active document of the iframe
1082         element's nested browsing context as being a child of the iframe element.
1083         (Thus inherited properties on the root element of the document in the
1084         iframe will inherit the computed values of those properties on the iframe
1085         element instead of taking their initial values.)
1086
1087         Initially I implemented this support to the letter of the spec. However, doing so I learned
1088         that WebKit has a RenderStyle for the Document Node, not just the root element of the document.
1089         In this RenderStyle on the Document, we add a bunch of per-document styles from settings
1090         including designMode.
1091
1092         This change makes StyleResolver::styleForDocument inherit style from the parent iframe's
1093         style, before applying any of these per-document styles.  This may or may not be correct
1094         depending on what behavior we want for rtl-ordering, page-zoom, locale, design mode, etc.
1095         For now, we continue to treat the iframe's document as independent in these regards, and
1096         the settings on that document override those inherited from the iframe.
1097
1098         Also, intially when making this work, I added redirects in recalcStyle and scheduleStyleRecalc
1099         from the child document to the parent document in the case of seamless (since the parent
1100         document effectively manages the style resolve and layout of the child in seamless mode).
1101         However, I was not able to find a test which depended on this code change, so in this final patch
1102         I have removed both of these modifications and replaced them with FIXMEs.  Based on discussions
1103         with Ojan and James Robinson, I believe both of those changes may eventually be wanted.
1104
1105         This change basically does 3 things:
1106         1.  Makes StyleResolver::styleForDocument inherit from the parent iframe.
1107         2.  Makes any recalcStyle calls on the iframe propogate down into the child document (HTMLIFrameElement::didRecalcStyle).
1108         3.  Makes Document::recalcStyle aware of the fact that the Document's style *can* change
1109             for reasons other than recalcStyle(Force).
1110
1111         I'm open to more testing suggestions, if reviewers have settings on the Document's style
1112         that you want to make sure we inherit from the parent iframe, or don't inherit, etc.
1113         I view this as a complete solution to this aspect of the current <iframe seamless> spec,
1114         but likely not the last code we will write for this aspect of the seamless feature. :)
1115
1116         Tested by fast/frames/seamlesss/seamless-css-cascade.html and seamless-designMode.html
1117
1118         * css/StyleResolver.cpp:
1119         (WebCore::StyleResolver::collectMatchingRulesForList):
1120         * dom/Document.cpp:
1121         (WebCore::Document::scheduleStyleRecalc):
1122         (WebCore::Document::recalcStyle):
1123         * html/HTMLIFrameElement.cpp:
1124         (WebCore::HTMLIFrameElement::HTMLIFrameElement):
1125         (WebCore::HTMLIFrameElement::didRecalcStyle):
1126         (WebCore):
1127         * html/HTMLIFrameElement.h:
1128         (HTMLIFrameElement):
1129
1130 2012-05-10  Julien Chaffraix  <jchaffraix@webkit.org>
1131
1132         Crash in computedCSSPadding* functions due to RenderImage::imageDimensionsChanged called during attachment
1133         https://bugs.webkit.org/show_bug.cgi?id=85912
1134
1135         Reviewed by Eric Seidel.
1136
1137         Tests: fast/images/link-body-content-imageDimensionChanged-crash.html
1138                fast/images/script-counter-imageDimensionChanged-crash.html
1139
1140         The bug comes from CSS generated images that could end up calling imageDimensionsChanged during attachment. As the
1141         rest of the code (e.g. computedCSSPadding*) would assumes that we are already inserted in the tree, we would crash.
1142
1143         The solution is to bail out in this case as newly inserted RenderObject will trigger layout later on and properly
1144         handle what we would be doing as part of imageDimensionChanged (the only exception being updating our intrinsic
1145         size which should be done as part of imageDimensionsChanged).
1146
1147         * rendering/RenderImage.cpp:
1148         (WebCore::RenderImage::imageDimensionsChanged):
1149
1150 2012-05-10  Adam Barth  <abarth@webkit.org>
1151
1152         ASSERT in BidiResolver<Iterator, Run>::commitExplicitEmbedding makes running debug builds annoying
1153         https://bugs.webkit.org/show_bug.cgi?id=86140
1154
1155         Reviewed by Eric Seidel.
1156
1157         The correct fix here is to resolve
1158         https://bugs.webkit.org/show_bug.cgi?id=76574, but in the mean time,
1159         this ASSERT is annoying.
1160
1161         * platform/text/BidiResolver.h:
1162         (WebCore::::commitExplicitEmbedding):
1163
1164 2012-05-10  Mark Pilgrim  <pilgrim@chromium.org>
1165
1166         [Chromium] Call addTraceEvent and getTraceCategoryEnabledFlag directly
1167         https://bugs.webkit.org/show_bug.cgi?id=85399
1168
1169         Reviewed by Adam Barth.
1170
1171         Part of a refactoring series. See tracking bug 82948.
1172
1173         * CMakeLists.txt:
1174         * GNUmakefile.list.am:
1175         * Target.pri:
1176         * WebCore.gypi:
1177         * WebCore.vcproj/WebCore.vcproj:
1178         * WebCore.xcodeproj/project.pbxproj:
1179         * platform/EventTracer.cpp: Added.
1180         (WebCore):
1181         (WebCore::EventTracer::getTraceCategoryEnabledFlag):
1182         (WebCore::EventTracer::addTraceEvent):
1183         * platform/EventTracer.h: Added.
1184         (WebCore):
1185         (EventTracer):
1186         * platform/chromium/EventTracerChromium.cpp: Added.
1187         (WebCore):
1188         (WebCore::EventTracer::getTraceCategoryEnabledFlag):
1189         (WebCore::EventTracer::addTraceEvent):
1190         * platform/chromium/PlatformSupport.h:
1191         * platform/chromium/TraceEvent.h:
1192
1193 2012-05-10  Adam Barth  <abarth@webkit.org>
1194
1195         ScrollView::fixedVisibleContentRect should be public
1196         https://bugs.webkit.org/show_bug.cgi?id=86147
1197
1198         Reviewed by Eric Seidel.
1199
1200         Some code in the WebKit layer of OS(ANDROID) uses this function. That
1201         could will be upstreamed in a later patch. For now, this patch just
1202         makes this function public so that we remove the diff to this file.
1203
1204         * platform/ScrollView.h:
1205         (WebCore::ScrollView::fixedVisibleContentRect):
1206         (WebCore::ScrollView::delegatesScrollingDidChange):
1207
1208 2012-05-10  Anders Carlsson  <andersca@apple.com>
1209
1210         Rename the missing plug-in indicator to the unavailable plug-in indicator
1211         https://bugs.webkit.org/show_bug.cgi?id=86136
1212
1213         Reviewed by Sam Weinig.
1214
1215         Since the indicator is shown for more than just missing plug-ins, generalize it and use a plug-in unavailability
1216         reason enum to make it easier to extend. Also, pass the unavailability reason to the ChromeClient member functions.
1217
1218         * WebCore.exp.in:
1219         * html/HTMLEmbedElement.cpp:
1220         (WebCore::HTMLEmbedElement::updateWidget):
1221         * html/HTMLObjectElement.cpp:
1222         (WebCore::HTMLObjectElement::updateWidget):
1223         * html/HTMLPlugInElement.cpp:
1224         (WebCore::HTMLPlugInElement::defaultEventHandler):
1225         * html/HTMLPlugInImageElement.cpp:
1226         (WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary):
1227         * loader/SubframeLoader.cpp:
1228         (WebCore::SubframeLoader::loadPlugin):
1229         * page/ChromeClient.h:
1230         (WebCore::ChromeClient::shouldUnavailablePluginMessageBeButton):
1231         (WebCore::ChromeClient::unavailablePluginButtonClicked):
1232         * page/FrameView.cpp:
1233         (WebCore::FrameView::updateWidget):
1234         * rendering/RenderEmbeddedObject.cpp:
1235         (WebCore::RenderEmbeddedObject::RenderEmbeddedObject):
1236         (WebCore::RenderEmbeddedObject::setPluginUnavailabilityReason):
1237         (WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):
1238         (WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsPressed):
1239         (WebCore::RenderEmbeddedObject::paint):
1240         (WebCore::RenderEmbeddedObject::paintReplaced):
1241         (WebCore::RenderEmbeddedObject::getReplacementTextGeometry):
1242         (WebCore::RenderEmbeddedObject::unavailablePluginReplacementText):
1243         (WebCore):
1244         (WebCore::RenderEmbeddedObject::isInUnavailablePluginIndicator):
1245         (WebCore::shouldUnavailablePluginMessageBeButton):
1246         (WebCore::RenderEmbeddedObject::handleUnavailablePluginIndicatorEvent):
1247         (WebCore::RenderEmbeddedObject::getCursor):
1248         * rendering/RenderEmbeddedObject.h:
1249         (RenderEmbeddedObject):
1250
1251 2012-05-10  Brady Eidson  <beidson@apple.com>
1252
1253         <rdar://problem/10972577> and https://bugs.webkit.org/show_bug.cgi?id=80170
1254         Contents of noscript elements turned into strings in WebArchives
1255
1256         Reviewed by Andy Estes.
1257
1258         There's a much deeper question about how innerHTML of <noscript> is expected to work in 
1259         both a scripting and non-scripting environment that we should pursue separately.
1260
1261         But for webarchives, we can solve this by filtering out the <noscript> elements completely 
1262         if scripting is enabled.
1263
1264         Test: webarchive/ignore-noscript-if-scripting-enabled.html
1265
1266         * WebCore.exp.in:
1267
1268         Add arguments to createMarkup and MarkupAccumulator methods to pass a Vector of QualifiedNames
1269         that should be filtered from the resulting markup:
1270         * editing/MarkupAccumulator.cpp:
1271         (WebCore::MarkupAccumulator::serializeNodes):
1272         (WebCore::MarkupAccumulator::serializeNodesWithNamespaces):
1273         * editing/MarkupAccumulator.h:
1274         * editing/markup.cpp:
1275         (WebCore::createMarkup):
1276         * editing/markup.h:
1277
1278         If scripting is enabled, add the noscriptTag to the tag names to filter:
1279         * loader/archive/cf/LegacyWebArchive.cpp:
1280         (WebCore::LegacyWebArchive::create):
1281
1282 2012-05-10  Abhishek Arya  <inferno@chromium.org>
1283
1284         Crash due to floats not removed from first-letter element.
1285         https://bugs.webkit.org/show_bug.cgi?id=86019
1286
1287         Reviewed by Julien Chaffraix.
1288
1289         Move clearing logic of a floating/positioned object from removeChild
1290         to removeChildNode. There are lot of places which use removeChildNode
1291         directly and hence the object is not removed from the floating or
1292         positioned objects list.
1293
1294         Test: fast/block/float/float-not-removed-from-first-letter.html
1295
1296         * rendering/RenderObject.cpp:
1297         (WebCore::RenderObject::removeChild):
1298         * rendering/RenderObjectChildList.cpp:
1299         (WebCore::RenderObjectChildList::removeChildNode):
1300
1301 2012-05-10  Andreas Kling  <kling@webkit.org>
1302
1303         Remove empty ElementAttributeData destructor.
1304         <http://webkit.org/b/86126>
1305
1306         Reviewed by Antti Koivisto.
1307
1308         * dom/ElementAttributeData.cpp:
1309         * dom/ElementAttributeData.h:
1310
1311 2012-05-10  Yury Semikhatsky  <yurys@chromium.org>
1312
1313         Web Inspector: heap snapshot comparison view is broken
1314         https://bugs.webkit.org/show_bug.cgi?id=86102
1315
1316         Reviewed by Pavel Feldman.
1317
1318         Pass HeapSnapshotProxy instead of undefined to the profile load callback. Added
1319         compiler annotations to avoid such errors in the future.
1320
1321         * inspector/front-end/HeapSnapshotView.js:
1322
1323 2012-05-10  Zan Dobersek  <zandobersek@gmail.com>
1324
1325         [GTK] ENABLE_IFRAME_SEAMLESS support
1326         https://bugs.webkit.org/show_bug.cgi?id=85843
1327
1328         Reviewed by Eric Seidel.
1329
1330         Export the ENABLE_IFRAME_SEAMLESS feature define when the feature is
1331         enabled.
1332
1333         No new tests - all the related tests should now be passing.
1334
1335         * GNUmakefile.am:
1336
1337 2012-05-10  Antti Koivisto  <antti@apple.com>
1338
1339         Inline Node::traverseNextNode
1340         https://bugs.webkit.org/show_bug.cgi?id=85844
1341
1342         Reviewed by Ryosuke Niwa.
1343         
1344         Inline traverseNextNode and traverseNextSibling to reduce entry/exit overhead and allow better code generation
1345         for many hot loops.
1346
1347         In this version only the firstChild()/nextSibling() tests are inlined and the ancestor traversal is not.
1348         
1349         Performance bots will tell if this was worthwhile.
1350
1351         * dom/ContainerNode.h:
1352         (WebCore::Node::traverseNextNode):
1353         (WebCore):
1354         (WebCore::Node::traverseNextSibling):
1355         * dom/Node.cpp:
1356         (WebCore::Node::traverseNextAncestorSibling):
1357         * dom/Node.h:
1358         (Node):
1359
1360 2012-05-10  Tommy Widenflycht  <tommyw@google.com>
1361
1362         MediaStream API: Fix MediaHints parsing
1363         https://bugs.webkit.org/show_bug.cgi?id=86098
1364
1365         Reviewed by Adam Barth.
1366
1367         Not currently testable. Working on a series of patches that will fix that.
1368
1369         * Modules/mediastream/PeerConnection00.cpp:
1370         (WebCore::PeerConnection00::createMediaHints):
1371
1372 2012-05-10  Tommy Widenflycht  <tommyw@google.com>
1373
1374         [chromium] MediaStream API: Fix the ExtraData functionality in WebMediaStreamDescriptor
1375         https://bugs.webkit.org/show_bug.cgi?id=86087
1376
1377         Reviewed by Adam Barth.
1378
1379         Not easy to test but I have added code that excercises this to WebUserMediaClientMock (in DumpRenderTree).
1380
1381         * platform/chromium/support/WebMediaStreamDescriptor.cpp:
1382         (WebKit::WebMediaStreamDescriptor::setExtraData):
1383
1384 2012-05-10  Pavel Feldman  <pfeldman@chromium.org>
1385
1386         Web Inspector: search title is shown beside the search field (not under) in the vertical mode.
1387         https://bugs.webkit.org/show_bug.cgi?id=86120
1388
1389         Reviewed by Yury Semikhatsky.
1390
1391         This change makes search title render as placeholder at all times.
1392         It also adjusts the size of the search field when navigation arrows appear.
1393
1394         * inspector/front-end/SearchController.js:
1395         (WebInspector.SearchController):
1396         (WebInspector.SearchController.prototype.updateSearchLabel):
1397         (WebInspector.SearchController.prototype._updateSearchNavigationButtonState):
1398         (WebInspector.SearchController.prototype._createSearchNavigationButton):
1399         * inspector/front-end/inspector.css:
1400         (#toolbar-search-item):
1401         (.with-navigation-buttons #search):
1402         (.toolbar-search-navigation-label):
1403         (.with-navigation-buttons .toolbar-search-navigation-label):
1404         * inspector/front-end/inspector.html:
1405
1406 2012-05-10  Varun Jain  <varunjain@google.com>
1407
1408         [chromium] Trigger context menu for long press gesture
1409         https://bugs.webkit.org/show_bug.cgi?id=85919
1410
1411         Reviewed by Adam Barth.
1412
1413         Test: fast/events/touch/gesture/context-menu-on-long-press.html
1414
1415         * page/EventHandler.cpp:
1416         (WebCore):
1417         (WebCore::EventHandler::sendContextMenuEventForGesture):
1418         * page/EventHandler.h:
1419         (EventHandler):
1420
1421 2012-05-10  Abhishek Arya  <inferno@chromium.org>
1422
1423         Crash in ApplyStyleCommand::joinChildTextNodes.
1424         https://bugs.webkit.org/show_bug.cgi?id=85939
1425
1426         Reviewed by Ryosuke Niwa.
1427
1428         Test: editing/style/apply-style-join-child-text-nodes-crash.html
1429
1430         * editing/ApplyStyleCommand.cpp:
1431         (WebCore::ApplyStyleCommand::applyRelativeFontStyleChange): add conditions
1432         to bail out if our start and end position nodes are removed due to 
1433         mutation events in joinChildTextNodes.
1434         (WebCore::ApplyStyleCommand::applyInlineStyle): this executes after
1435         applyRelativeFontStyleChange in ApplyStyleCommand::doApply. So, need
1436         to bail out if our start and end position nodes are removed due to
1437         mutation events.
1438         (WebCore::ApplyStyleCommand::joinChildTextNodes): hold all the children
1439         in a ref vector to prevent them from getting destroyed due to mutation events.
1440
1441 2012-05-10  Erik Arvidsson  <arv@chromium.org>
1442
1443         Unreviewed, rebaselined run-bindings-tests results.
1444
1445         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
1446         (WebCore::jsTestEventTargetPrototypeFunctionAddEventListener):
1447         (WebCore::jsTestEventTargetPrototypeFunctionRemoveEventListener):
1448         * bindings/scripts/test/JS/JSTestObj.cpp:
1449         (WebCore::jsTestObjPrototypeFunctionAddEventListener):
1450         (WebCore::jsTestObjPrototypeFunctionRemoveEventListener):
1451         * bindings/scripts/test/V8/V8TestException.cpp:
1452         (WebCore::V8TestException::wrapSlow):
1453         * bindings/scripts/test/V8/V8TestException.h:
1454         (WebCore::V8TestException::wrap):
1455
1456 2012-05-10  Abhishek Arya  <inferno@chromium.org>
1457
1458         Crash in InsertParagraphSeparatorCommand::doApply.
1459         https://bugs.webkit.org/show_bug.cgi?id=84995
1460
1461         Reviewed by Ryosuke Niwa.
1462
1463         Test: editing/inserting/insert-paragraph-seperator-crash.html
1464
1465         * editing/DeleteSelectionCommand.cpp:
1466         (WebCore::DeleteSelectionCommand::mergeParagraphs): no need of static cast, since
1467         type of enclosingBlock returned is already Element*.
1468         * editing/IndentOutdentCommand.cpp:
1469         (WebCore::IndentOutdentCommand::tryIndentingAsListItem): no need of static cast, since
1470         type of enclosingBlock returned is already Element*.
1471         * editing/InsertParagraphSeparatorCommand.cpp:
1472         (WebCore::InsertParagraphSeparatorCommand::doApply): RefPtr startBlock to guard against
1473         mutation events.
1474         * editing/htmlediting.cpp:
1475         (WebCore::enclosingBlock): make sure type of enclosingNode is an element before doing
1476         the static cast. This was already failing in a couple of layout tests. Also, isBlock
1477         check already exists in the function call to enclosingNodeOfType, so don't need it
1478         again on enclosingNode's renderer.
1479         * editing/htmlediting.h: 
1480         (WebCore):
1481
1482 2012-05-10  Allan Sandfeld Jensen  <allan.jensen@nokia.com>
1483
1484         TouchAdjustment doesn't correct for scroll-offsets.
1485         https://bugs.webkit.org/show_bug.cgi?id=86083
1486
1487         Reviewed by Kenneth Rohde Christiansen.
1488
1489         Already tested by: touchadjustment/scroll-delegation
1490
1491         * page/EventHandler.cpp:
1492         (WebCore::EventHandler::bestClickableNodeForTouchPoint):
1493         (WebCore::EventHandler::bestZoomableAreaForTouchPoint):
1494         * page/TouchAdjustment.cpp:
1495         (WebCore::TouchAdjustment::findNodeWithLowestDistanceMetric):
1496         * testing/Internals.cpp:
1497         (WebCore::Internals::bestZoomableAreaForTouchPoint):
1498
1499 2012-05-10  Konrad Piascik  <kpiascik@rim.com>
1500
1501         Fix typo in filename
1502         https://bugs.webkit.org/show_bug.cgi?id=86095
1503
1504         Reviewed by Andreas Kling.
1505
1506         * UseJSC.cmake:
1507
1508 2012-05-10  Stephen Chenney  <schenney@chromium.org>
1509
1510         SVG Filters allow invalid elements as children
1511         https://bugs.webkit.org/show_bug.cgi?id=83979
1512
1513         Reviewed by Nikolas Zimmermann.
1514
1515         According to the SVG spec, there are numerous restrictions on the
1516         content of nodes (that is, their children). Specific to this problem,
1517         SVGFilter elements may only contain SVGFilterPrimitive elements, and
1518         those may only contain animation related elements. This patch enforces
1519         the restriction on filters in the render tree, thus preventing us from
1520         having (for instance) content that is inside a filter yet filtered by
1521         the filter.
1522
1523         Manual test: ManualTests/bugzilla-83979.svg
1524
1525         * svg/SVGFilterElement.cpp:
1526         (WebCore::SVGFilterElement::childShouldCreateRenderer): Added to only allow renderers for fe* children
1527         (WebCore):
1528         * svg/SVGFilterElement.h:
1529         (SVGFilterElement):
1530         * svg/SVGFilterPrimitiveStandardAttributes.h: Do not allow any children at all for fe* elements.
1531         (SVGFilterPrimitiveStandardAttributes):
1532
1533 2012-05-10  Joe Thomas  <joethomas@motorola.com>
1534
1535         [CSS3 Backgrounds and Borders] Add background-size to the background shorthand
1536         https://bugs.webkit.org/show_bug.cgi?id=27577
1537
1538         Reviewed by Alexis Menard.
1539
1540         Added CSSPropertyBackgroundSize to the background shorthand propery. Added the logic for parsing background-size.
1541         bakground-size appears after background-position followed by a '/'.
1542         The specification related to this change is http://www.w3.org/TR/css3-background/#the-background
1543
1544         Tests: fast/backgrounds/background-shorthand-with-backgroundSize-style.html
1545                fast/backgrounds/size/backgroundSize-in-background-shorthand.html
1546
1547         * css/CSSComputedStyleDeclaration.cpp:
1548         (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
1549         (WebCore::CSSComputedStyleDeclaration::getBackgroundShorthandValue):
1550         (WebCore):
1551         * css/CSSComputedStyleDeclaration.h:
1552         (CSSComputedStyleDeclaration):
1553         * css/CSSParser.cpp:
1554         (WebCore::CSSParser::parseValue):
1555         (WebCore::CSSParser::parseFillShorthand):
1556         * css/StylePropertySet.cpp:
1557         (WebCore::StylePropertySet::getLayeredShorthandValue):
1558         * css/StylePropertyShorthand.cpp:
1559         (WebCore):
1560         (WebCore::backgroundShorthand):
1561
1562 2012-05-10  MORITA Hajime <morrita@google.com>
1563
1564         Node::InDetachFlag could be removed.
1565         https://bugs.webkit.org/show_bug.cgi?id=85963
1566
1567         Reviewed by Antti Koivisto.
1568
1569         Removed Node::inDetach() since it can never true
1570         on the only call site setFocusedNode().
1571
1572         No new test. Covered by existing tests.
1573
1574         * dom/Document.cpp:
1575         (WebCore::Document::setFocusedNode):
1576         * dom/Node.cpp:
1577         (WebCore::Node::detach):
1578         * dom/Node.h:
1579         (WebCore):
1580         (Node):
1581
1582 2012-05-10  Keishi Hattori  <keishi@webkit.org>
1583
1584         Crash in HTMLFormControlElement::m_fieldSetAncestor
1585         https://bugs.webkit.org/show_bug.cgi?id=86070
1586
1587         Reviewed by Kent Tamura.
1588
1589         No new tests.
1590
1591         The previous patch r115990 didn't completely resolve the crash (Bug 85453)
1592         We don't have a reproducible test case, so we are reverting to the old code for setting m_fieldSetAncestor.
1593
1594         * html/HTMLFormControlElement.cpp:
1595         (WebCore::HTMLFormControlElement::HTMLFormControlElement):
1596         (WebCore::HTMLFormControlElement::updateFieldSetAndLegendAncestor):
1597         (WebCore::HTMLFormControlElement::insertedInto): Set m_dataListAncestorState to Unknown because ancestor has changed. Call setNeedsWillValidateCheck because style might need to be updated.
1598         (WebCore::HTMLFormControlElement::removedFrom):
1599         (WebCore::HTMLFormControlElement::disabled):
1600         (WebCore::HTMLFormControlElement::recalcWillValidate):
1601         (WebCore::HTMLFormControlElement::willValidate):
1602         (WebCore::HTMLFormControlElement::setNeedsWillValidateCheck):
1603         * html/HTMLFormControlElement.h:
1604         (HTMLFormControlElement): Added m_dataListAncestorState.
1605
1606 2012-05-10  Sam D  <dsam2912@gmail.com>
1607
1608         Web Inspector: rename InspectorBackendStub.js to InspectorBackendCommands.js
1609         https://bugs.webkit.org/show_bug.cgi?id=72306
1610
1611         Changed name for InspectorBackendStub.js to
1612         InspectorBackendCommands.js
1613
1614         Reviewed by Yury Semikhatsky.
1615
1616         No new tests required. File name is changed.
1617
1618         * DerivedSources.pri:
1619         * GNUmakefile.am:
1620         * Target.pri:
1621         * WebCore.gyp/WebCore.gyp:
1622         * WebCore.gypi:
1623         * WebCore.vcproj/copyWebCoreResourceFiles.cmd:
1624         * WebCore.xcodeproj/project.pbxproj:
1625         * gyp/copy-inspector-resources.sh:
1626         * inspector/CodeGeneratorInspector.py:
1627         * inspector/front-end/InspectorBackendCommands.qrc: Added.
1628         * inspector/front-end/InspectorBackendStub.qrc: Removed.
1629         * inspector/front-end/inspector.html:
1630
1631 2012-05-10  Alexis Menard  <alexis.menard@openbossa.org>
1632
1633         [Qt] Avoid string conversions to construct a QUrl when using Qt5.
1634         https://bugs.webkit.org/show_bug.cgi?id=86006
1635
1636         Reviewed by Kenneth Rohde Christiansen.
1637
1638         In Qt5, the QUrl constructor can handle the string directly, even in UTF-16 because the
1639         constructor QUrl(QString) has been fixed. Unfortunately we still need to use the old
1640         code path when building with Qt4.
1641
1642         No new tests : it's a performance improvement which should be covered by tests.
1643
1644         * platform/qt/KURLQt.cpp:
1645         (WebCore::KURL::operator QUrl):
1646
1647 2012-05-10  Noel Gordon  <noel.gordon@gmail.com>
1648
1649         [chromium] REGRESSION(r107389) Visible line artifacts on some JPEG images
1650         https://bugs.webkit.org/show_bug.cgi?id=85772
1651
1652         Reviewed by Kent Tamura.
1653
1654         On some JPEG images, vertical and horizontal lines artifacts might appear in image
1655         regions with very high frequency color variation when using DCT_IFAST decodes. Use
1656         DCT_IFAST on small screen devices only (Chromium Android).
1657
1658         No new tests. Covered by existing tests.
1659
1660         * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
1661         (dctMethod): Permit DCT_IFAST decoding for Chromium Android only.
1662
1663 2012-05-10  Kenneth Rohde Christiansen  <kenneth@webkit.org>
1664
1665         [Qt] Implement fit-to-width behaviour
1666         https://bugs.webkit.org/show_bug.cgi?id=86085
1667
1668         Reviewed by Simon Hausmann.
1669
1670         Add a method to get the minimum scale factor that contains the content
1671         without showing any chrome background.
1672
1673         * dom/ViewportArguments.cpp:
1674         (WebCore::computeMinimumScaleFactorForContentContained):
1675         (WebCore):
1676         * dom/ViewportArguments.h:
1677         (WebCore):
1678
1679 2012-05-10  MORITA Hajime  <morrita@google.com>
1680
1681         Remove support for Node::willRemove()
1682         https://bugs.webkit.org/show_bug.cgi?id=55209
1683
1684         Reviewed by Ryosuke Niwa.
1685
1686         This change de-virtualizes Node::willRemove(), gains
1687         5% speedup on Dromaeo dom-modify.
1688
1689         Originally there were 5 willRemove() overrides:
1690         - Element
1691         - HTMLStyleElement
1692         - HTMLSourceElement
1693         - HTMLTrackElement
1694         - HTMLFrameOwnerElement
1695
1696         For first 4 items, this change moves their implementations to
1697         Node::removedFrom() overrides.
1698
1699         Then HTMLFrameOwnerElement is the only class which needs the
1700         notification.  Because it emits the "unload" event, it needs some
1701         notification _before_ its removal. To handle that, this change
1702         introduces ChildFrameDisconnector which collects
1703         corresponding decendant elements and disconnect their content frame.
1704
1705         Even though this approach doesn't kill pre-removal tree traversal
1706         completely, it's a bit more efficient due to the de-virtualization.
1707
1708         No new tests. Covered by existing test.
1709
1710         * dom/ContainerNode.cpp:
1711         (WebCore::willRemoveChild): Replaced willRemove() call with ChildFrameDisconnector.
1712         (WebCore::willRemoveChildren): Ditto.
1713         (WebCore::ContainerNode::disconnectDescendantFrames): Added. Used from FrameLoader to replace Document::willRemove() call.
1714         (WebCore):
1715         * dom/ContainerNode.h:
1716         (ContainerNode):
1717         * dom/ContainerNodeAlgorithms.cpp:
1718         (WebCore::ChildFrameDisconnector::collectDescendant):
1719         (WebCore):
1720         (WebCore::ChildFrameDisconnector::Target::disconnect):
1721         * dom/ContainerNodeAlgorithms.h:
1722         (ChildFrameDisconnector):
1723         (Target):
1724         (WebCore::ChildFrameDisconnector::Target::Target):
1725         (WebCore::ChildFrameDisconnector::Target::isValid):
1726         (WebCore):
1727         (WebCore::ChildFrameDisconnector::ChildFrameDisconnector):
1728         (WebCore::ChildFrameDisconnector::collectDescendant):
1729         (WebCore::ChildFrameDisconnector::disconnect):
1730         * dom/Element.cpp:
1731         (WebCore::Element::removedFrom):
1732         * dom/Element.h:
1733         * dom/ElementShadow.cpp:
1734         * dom/ElementShadow.h:
1735         (ElementShadow):
1736         * dom/Node.cpp:
1737         * dom/Node.h: Added IsFrameOwnerElement flag to de-virtualize IsFrameOwnerElement().
1738         (WebCore::Node::isFrameOwnerElement): De-virtualized.
1739         (Node):
1740         * html/HTMLElement.h:
1741         (HTMLElement):
1742         (WebCore::HTMLElement::HTMLElement):
1743         * html/HTMLFrameOwnerElement.cpp:
1744         (WebCore::HTMLFrameOwnerElement::HTMLFrameOwnerElement):
1745         (WebCore::HTMLFrameOwnerElement::disconnectContentFrame): Extracted from original willRemove().
1746         * html/HTMLFrameOwnerElement.h:
1747         (HTMLFrameOwnerElement):
1748         (WebCore::toFrameOwnerElement):
1749         (WebCore):
1750         * html/HTMLMediaElement.cpp:
1751         (WebCore::HTMLMediaElement::sourceWasRemoved): Renamed from sourceWillBeRemoved(), dealing with the timing change.
1752         * html/HTMLMediaElement.h:
1753         (HTMLMediaElement):
1754         (WebCore::isMediaElement):
1755         (WebCore):
1756         (WebCore::toMediaElement):
1757         * html/HTMLSourceElement.cpp:
1758         (WebCore::HTMLSourceElement::removedFrom): Moved some code from willRemove().
1759         * html/HTMLSourceElement.h:
1760         (HTMLSourceElement):
1761         * html/HTMLStyleElement.cpp:
1762         (WebCore::HTMLStyleElement::removedFrom):
1763         (WebCore):
1764         * html/HTMLStyleElement.h:
1765         (HTMLStyleElement):
1766         * html/HTMLTrackElement.cpp:
1767         (WebCore::HTMLTrackElement::removedFrom): Moved some code from willRemove().
1768         * html/HTMLTrackElement.h:
1769         (HTMLTrackElement):
1770         * loader/FrameLoader.cpp:
1771         (WebCore::FrameLoader::clear):
1772
1773 2012-05-10  Kinuko Yasuda  <kinuko@chromium.org>
1774
1775         Change the return type of Entry.toURL() back to String from KURL
1776         https://bugs.webkit.org/show_bug.cgi?id=85858
1777
1778         Reviewed by Ryosuke Niwa.
1779
1780         I once changed it from String to KURL in r116273 but it turned out that
1781         it involves implicit conversion and may incur extra overhead.
1782         This partly reverts r116273 while keeping some internal functions
1783         returning KURL as it's what we initially create as and is more
1784         convenient to operate on.
1785
1786         No new tests; no functional or visible changes.
1787
1788         * Modules/filesystem/EntryBase.cpp:
1789         (WebCore::EntryBase::toURL):
1790         * Modules/filesystem/EntryBase.h:
1791         (EntryBase):
1792
1793 2012-05-10  Alexander Pavlov  <apavlov@chromium.org>
1794
1795         Web Inspector: Autocomplete for CSS property values in the Styles pane behaving incorrectly
1796         https://bugs.webkit.org/show_bug.cgi?id=85784
1797
1798         Reviewed by Vsevolod Vlasov.
1799
1800         Before executing the number increment/decrement within CSS property value, the current word is checked
1801         for being a valid suggestion for the current property, and if it is, the numeric change is skipped
1802         in favor of the suggested property value switch by a suggest box.
1803
1804         * inspector/front-end/StylesSidebarPane.js:
1805
1806 2012-05-10  Abhishek Arya  <inferno@chromium.org>
1807
1808         Make DOMCharacterDataModified a scoped event (similar to r73690).
1809         https://bugs.webkit.org/show_bug.cgi?id=85920
1810
1811         Reviewed by Ryosuke Niwa.
1812
1813         DOMCharacterDataModified was missing in the list of already scoped
1814         DOM mutation events like DOMSubtreeModified, DOMNodeInserted, etc.
1815         It helps to delay event dispatches until the completion of each call
1816         of EditCommand::doApply. This has been useful in the past and helped to 
1817         prevent unexpected DOM tree mutations while the editing command is executing.
1818
1819         * dom/CharacterData.cpp:
1820         (WebCore::CharacterData::dispatchModifiedEvent):
1821
1822 2012-05-10  Alexandre Elias  <aelias@google.com>
1823
1824         Default to null value for HistoryItem::m_pageScaleFactor
1825         https://bugs.webkit.org/show_bug.cgi?id=84385
1826
1827         Reviewed by Adam Barth.
1828
1829         Previously, HistoryItem::m_pageScaleFactor defaulted to a value
1830         of 1, making it impossible to determine whether this value was never
1831         set, or intentionally set to 1.  This patch introduces a default value
1832         of 0 and makes restoreScrollPositionAndViewState not touch the page
1833         scale factor if this value is still present at time of reload.
1834
1835         This is a no-op change for common navigation scenarios.  The
1836         motivation for this change is the corner case of syncing history items
1837         from a desktop browser to a mobile device.  In that case, we need a
1838         way to specify that the history item does not contain a
1839         pageScaleFactor so that the mobile device does not display the page
1840         overly zoomed in.
1841
1842         No new tests.
1843
1844         * history/HistoryItem.cpp:
1845         (WebCore::HistoryItem::HistoryItem):
1846         * loader/HistoryController.cpp:
1847         (WebCore::HistoryController::restoreScrollPositionAndViewState):
1848
1849 2012-05-10  Csaba Osztrogon√°c  <ossy@webkit.org>
1850
1851         Use suitable viewport values when a Mobile DTD is used.
1852         https://bugs.webkit.org/show_bug.cgi?id=85425
1853
1854         Unreviewed debug buildfix after r116571.
1855
1856         * dom/Document.cpp:
1857         (WebCore::Document::setDocType):
1858
1859 2012-05-10  Yoshifumi Inoue  <yosin@chromium.org>
1860
1861         [Forms] Move step related methods to InputType class from HTMLInputElement class
1862         https://bugs.webkit.org/show_bug.cgi?id=85978
1863
1864         Reviewed by Kent Tamura.
1865
1866         This patch is part of re-factoring of HTMLInputElement.cpp for numeric input type.
1867         In this patch, we move implementation of getAllowedValueStep and stepUp/stepUpFromRenderer
1868         to InputType class because of these are for DateTime/Number/Range.
1869
1870         Following patches will change implementation of getAllowedValueStep to use StepRange and
1871         remove step related methods, defaultStep, stepScaleFactor, and so on.
1872
1873         No new tests. This patch should not change behavior.
1874
1875         * html/HTMLInputElement.cpp:
1876         (WebCore):
1877         (WebCore::HTMLInputElement::getAllowedValueStep):
1878         (WebCore::HTMLInputElement::stepUp):
1879         (WebCore::HTMLInputElement::stepDown):
1880         (WebCore::HTMLInputElement::stepUpFromRenderer):
1881         * html/HTMLInputElement.h:
1882         (HTMLInputElement):
1883         * html/InputType.cpp:
1884         (WebCore::InputType::applyStep):
1885         (WebCore):
1886         (WebCore::InputType::alignValueForStep):
1887         (WebCore::InputType::getAllowedValueStep):
1888         (WebCore::InputType::getAllowedValueStepWithDecimalPlaces):
1889         (WebCore::InputType::stepUp):
1890         (WebCore::InputType::stepUpFromRenderer):
1891         * html/InputType.h:
1892         (InputType):
1893
1894 2012-05-09  Kent Tamura  <tkent@chromium.org>
1895
1896         Calendar Picker: Fix a crash by changing input type.
1897         https://bugs.webkit.org/show_bug.cgi?id=86007
1898
1899         Reviewed by Hajime Morita.
1900
1901         Manual test: forms/calendar-picker-crash-by-type-change.html
1902
1903         * html/shadow/CalendarPickerElement.cpp:
1904         (WebCore::CalendarPickerElement::~CalendarPickerElement):
1905         Added. Make sure the popup is closed.
1906         * html/shadow/CalendarPickerElement.h:
1907         (CalendarPickerElement): Add declaration of the destructor.
1908
1909 2012-05-09  Gyuyoung Kim  <gyuyoung.kim@samsung.com>
1910
1911         Move suspendAnimations to use Internals interface.
1912         https://bugs.webkit.org/show_bug.cgi?id=85986
1913
1914         Reviewed by Ryosuke Niwa.
1915
1916         Add suspendAnimations functions, because it is able to work in the
1917         cross-port way through the Internals interface.
1918
1919         No new tests, since we are improving here the infra-structure for testing
1920         a specific method.
1921
1922         * testing/Internals.cpp:
1923         (WebCore::Internals::suspendAnimations):
1924         (WebCore):
1925         * testing/Internals.h:
1926         (Internals):
1927         * testing/Internals.idl:
1928
1929 2012-05-09  Charlie Reis  <creis@chromium.org>
1930
1931         Add dispatchMessageEventWithOriginCheck to DOMWindow
1932         https://bugs.webkit.org/show_bug.cgi?id=85815
1933
1934         Reviewed by Adam Barth.
1935
1936         Useful for ports that support cross-process postMessage.
1937         No new tests, since covered by existing postMessage tests.
1938
1939         * page/DOMWindow.cpp:
1940         (WebCore::DOMWindow::postMessageTimerFired):
1941         (WebCore):
1942         (WebCore::DOMWindow::dispatchMessageEventWithOriginCheck):
1943         * page/DOMWindow.h:
1944         (WebCore):
1945         (DOMWindow):
1946
1947 2012-05-09  Jason Liu  <jason.liu@torchmobile.com.cn>
1948
1949         [BlackBerry] Cookie parsing issue. If the cookie value provided was (") then the browser creates a session cookie instead.
1950         https://bugs.webkit.org/show_bug.cgi?id=85775
1951
1952         Reviewed by Rob Buis.
1953
1954         Make CookieParser::parseOneCookie handle (cookiename="cookievalue;expires=xxxx) correctly.
1955         This cookie's value is "cookievalue not "cookievalue;expires=xxxx.
1956
1957         Test: http/tests/cookies/single-quoted-value.html
1958
1959         * platform/blackberry/CookieParser.cpp:
1960         (WebCore::CookieParser::parseOneCookie):
1961
1962 2012-05-09  Raymond Liu  <raymond.liu@intel.com>
1963
1964         Add multi-channels support for CopyWithGainFrom in AudioBus
1965         https://bugs.webkit.org/show_bug.cgi?id=80675
1966
1967         Reviewed by Chris Rogers.
1968
1969         * platform/audio/AudioBus.cpp:
1970         (WebCore):
1971         (WebCore::AudioBus::AudioBus):
1972         (WebCore::AudioBus::copyWithGainFrom):
1973         * platform/audio/AudioBus.h:
1974         (AudioBus):
1975
1976 2012-05-09  Jessie Berlin  <jberlin@apple.com>
1977
1978         Crash using the new WKBundleDOMWindowExtensions APIs.
1979         https://bugs.webkit.org/show_bug.cgi?id=85888
1980
1981         Reviewed by Brady Eidson.
1982
1983         WKBundlePageWillDestroyGlobalObjectForDOMWindowExtensionCallback was only being invoked when
1984         the WKPage was destroyed, and then only for the child frames. In addition, the
1985         DOMWindowExtension was holding onto a destroyed DOMWindow and attempting to unregister from
1986         when the WK2 wrapper object was attempting to destroy the DOMWindowExtension.
1987
1988         The underlying issue here was that the DOMWindowProperties were getting disconnectFrame
1989         and willDetachPage called on them at the wrong times.
1990
1991         Rename DOMWindowProperty::disconnectFrame and reconnectFrame to disconnectFrameForPageCache
1992         and reconnectFrameFromPageCache for clarity.
1993
1994         Only invoke DOMWindowProperty::disconnectFrameForPageCache when the frame is going into the
1995         page cache.
1996
1997         In the cases where the DOMWindow is getting destroyed, the frame is being destroyed, or the
1998         DOMWindow is getting cleared because the frame is being navigated, invoke
1999         DOMWindowProperty::willDestroyGlobalObjectInFrame instead of disconnectFrame.
2000
2001         Invoke DOMWindowProperty::willDetachGlobalObjectFromFrame when a document is being detached
2002         because the frame has been detached (e.g. fast/storage/storage-detached-iframe.html) and
2003         won't be immediately destroyed.
2004
2005         Invoke DOMWindowProperty::willDestroyGlobalObjectInCachedFrame when a cached frame is
2006         being destroyed.
2007
2008         New WK2 API Test: DOMWindowExtensionNoCache.
2009
2010         * Modules/indexeddb/DOMWindowIndexedDatabase.cpp:
2011         (WebCore::DOMWindowIndexedDatabase::disconnectFrameForPageCache):
2012         Updated for disconnectFrame rename.
2013         (WebCore::DOMWindowIndexedDatabase::reconnectFrameFromPageCache):
2014         Updated for reconnectFrame rename.
2015         (WebCore::DOMWindowIndexedDatabase::willDestroyGlobalObjectInCachedFrame):
2016         Get rid of the suspended IDBFactory.
2017         (WebCore::DOMWindowIndexedDatabase::willDestroyGlobalObjectInFrame):
2018         Get rid of the IDBFactory.
2019         (WebCore::DOMWindowIndexedDatabase::willDetachGlobalObjectFromFrame):
2020         Ditto.
2021         * Modules/indexeddb/DOMWindowIndexedDatabase.h:
2022
2023         * dom/Document.cpp:
2024         (WebCore::Document::prepareForDestruction):
2025         Tell the DOMWindow before detaching the Document.
2026         * dom/Document.h:
2027
2028         * history/CachedFrame.cpp:
2029         (WebCore::CachedFrame::destroy):
2030         Tell the DOMWindow.
2031
2032         * loader/FrameLoader.cpp:
2033         (WebCore::FrameLoader::clear):
2034         Use Document::prepareForDestruction so that the DOMWindow is told about the main frame
2035         navigation before detaching the Document.
2036
2037         * loader/appcache/DOMApplicationCache.cpp:
2038         (WebCore::DOMApplicationCache::disconnectFrameForPageCache):
2039         Updated for the disconnectFrame rename.
2040         (WebCore::DOMApplicationCache::reconnectFrameFromPageCache):
2041         Updated for the reconnectFrame rename.
2042         (WebCore::DOMApplicationCache::willDestroyGlobalObjectInFrame):
2043         Cover the cases formerly covered by disconnectFrame (which was sometimes being called when
2044         called when the frame was destroyed).
2045         * loader/appcache/DOMApplicationCache.h:
2046
2047         * notifications/DOMWindowNotifications.cpp:
2048         (WebCore::DOMWindowNotifications::disconnectFrameForPageCache):
2049         Updated for the disconnectFrame rename.
2050         (WebCore::DOMWindowNotifications::reconnectFrameFromPageCache):
2051         Updated for the reconnectFrame rename.
2052         (WebCore::DOMWindowNotifications::willDestroyGlobalObjectInCachedFrame):
2053         Get rid of the suspended notification center.
2054         (WebCore::DOMWindowNotifications::willDestroyGlobalObjectInFrame):
2055         Get rid of the notification center.
2056         (WebCore::DOMWindowNotifications::willDetachGlobalObjectFromFrame):
2057         Do not allow use of the notification center by detached frames.
2058         * notifications/DOMWindowNotifications.h:
2059
2060         * page/DOMWindow.cpp:
2061         (WebCore::DOMWindow::clearDOMWindowProperties):
2062         Do not call disconnectDOMWindowProperties. It is now the responsibility of the callers to
2063         tell the DOMWindowProperties the correct cause of being cleared.
2064         (WebCore::DOMWindow::~DOMWindow):
2065         Make sure the DOMWindowProperties still know that the DOMWindow is going away.
2066         (WebCore::DOMWindow::frameDestroyed):
2067         Invoke willDestroyGlobalObjectInFrame on the DOMWindowProperties.
2068         (WebCore::DOMWindow::willDetachPage):
2069         It is no longer necessary to tell the DOMWindowProperties anything here.
2070         (WebCore::DOMWindow::willDestroyCachedFrame):
2071         Tell the DOMWindowProperties.
2072         (WebCore::DOMWindow::willDestroyDocumentInFrame):
2073         Ditto.
2074         (WebCore::DOMWindow::willDetachDocumentFromFrame):
2075         Ditto.
2076         (WebCore::DOMWindow::clear):
2077         Ditto.
2078         (WebCore::DOMWindow::disconnectDOMWindowProperties):
2079         Updated for the disconnectFrame rename.
2080         (WebCore::DOMWindow::reconnectDOMWindowProperties):
2081         Ditto.
2082         * page/DOMWindow.h:
2083
2084         * page/DOMWindowExtension.cpp:
2085         (WebCore::DOMWindowExtension::DOMWindowExtension):
2086         Move the responsibility for tracking the disconnected DOMWindow to DOMWindowProperty, since
2087         DOMWindowProperty will need it to unregister the property when a cached frame is destroyed.
2088         (WebCore::DOMWindowExtension::disconnectFrameForPageCache):
2089         Remove the code to check for disconnectFrame being called twice - it is now only called when
2090         a frame goes into the page cache.
2091         Let the DOMWindowProperty keep track of the disconnected DOMWindow.
2092         (WebCore::DOMWindowExtension::reconnectFrameFromPageCache):
2093         Let the DOMWindowProperty keep track of the disconnected DOMWindow.
2094         (WebCore::DOMWindowExtension::willDestroyGlobalObjectInCachedFrame):
2095         Dispatch the willDestroyGlobalObjectForDOMWindowExtension callback.
2096         (WebCore::DOMWindowExtension::willDestroyGlobalObjectInFrame):
2097         Ditto, but only if the callback hasn't already been sent because the frame has been detached.
2098         (WebCore::DOMWindowExtension::willDetachGlobalObjectFromFrame):
2099         Send the callback because nothing interesting can be done in the frame once it has been
2100         detached.
2101         * page/DOMWindowExtension.h:
2102
2103         * page/DOMWindowProperty.cpp:
2104         (WebCore::DOMWindowProperty::DOMWindowProperty):
2105         Keep track of the disconnected DOMWindow so it can be used to unregister the property when a
2106         cached frame is destroyed.
2107         (WebCore::DOMWindowProperty::~DOMWindowProperty):
2108         Also unregister the property when a DOMWindowProperty for a cached frame is destroyed.
2109         (WebCore::DOMWindowProperty::disconnectFrameForPageCache):
2110         Keep track of the disconnected DOMWindow.
2111         (WebCore::DOMWindowProperty::reconnectFrameFromPageCache):
2112         Ditto.
2113         (WebCore::DOMWindowProperty::willDestroyGlobalObjectInCachedFrame):
2114         Unregister the property from the disconnected DOMWindow.
2115         (WebCore::DOMWindowProperty::willDestroyGlobalObjectInFrame):
2116         Unregister the property from the DOMWindow and stop keeping track of the frame.
2117         (WebCore::DOMWindowProperty::willDetachGlobalObjectFromFrame):
2118         Do not set m_frame to 0 because detached frames still have access to the DOMWindow, even if
2119         they can't do anything meaningful with it.
2120         * page/DOMWindowProperty.h:
2121
2122         * page/Frame.cpp:
2123         (WebCore::Frame::setView):
2124         Tell the DOMWindow that the Document is being detached so it can tell the
2125         DOMWindowProperties.
2126
2127         * page/PointerLock.cpp:
2128         (WebCore::PointerLock::disconnectFrameForPageCache):
2129         Updated for disconnectFrame rename.
2130         (WebCore::PointerLock::willDestroyGlobalObjectInFrame):
2131         Cover the cases formerly covered by disconnectFrame (which was sometimes being called when
2132         called when the frame was destroyed).
2133         * page/PointerLock.h:
2134
2135 2012-05-09  Ian Vollick  <vollick@chromium.org>
2136
2137         [chromium] Ensure animations get ticked at least once when added.
2138         https://bugs.webkit.org/show_bug.cgi?id=86013
2139
2140         Reviewed by James Robinson.
2141
2142         Tested in
2143           CCLayerTreeHostTestTickAnimationWhileBackgrounded.runSingleThreaded
2144           CCLayerTreeHostTestAddAnimationWithTimingFunction.runSingleThreaded
2145           CCLayerTreeHostTestSynchronizeAnimationStartTimes.runSingleThreaded
2146           CCLayerTreeHostTestAnimationFinishedEvents.runSingleThreaded
2147
2148         * platform/graphics/chromium/LayerChromium.cpp:
2149         (WebCore::LayerChromium::addAnimation):
2150         * platform/graphics/chromium/cc/CCLayerAnimationController.cpp:
2151         (WebCore::CCLayerAnimationController::pushNewAnimationsToImplThread):
2152         * platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
2153         (WebCore::CCLayerTreeHost::finishCommitOnImplThread):
2154         (WebCore::CCLayerTreeHost::didAddAnimation):
2155         (WebCore):
2156         (WebCore::CCLayerTreeHost::didBecomeInvisibleOnImplThread):
2157         * platform/graphics/chromium/cc/CCLayerTreeHost.h:
2158         (CCLayerTreeHost):
2159         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
2160         (WebCore::CCLayerTreeHostImpl::CCLayerTreeHostImpl):
2161         * platform/graphics/chromium/cc/CCProxy.h:
2162         (CCProxy):
2163         * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
2164         (CCSingleThreadProxyAnimationTimer):
2165         (WebCore::CCSingleThreadProxyAnimationTimer::create):
2166         (WebCore::CCSingleThreadProxyAnimationTimer::CCSingleThreadProxyAnimationTimer):
2167         (WebCore):
2168         (WebCore::CCSingleThreadProxy::CCSingleThreadProxy):
2169         (WebCore::CCSingleThreadProxy::didAddAnimation):
2170         (WebCore::CCSingleThreadProxy::doComposite):
2171         * platform/graphics/chromium/cc/CCSingleThreadProxy.h:
2172         (WebCore):
2173         * platform/graphics/chromium/cc/CCThreadProxy.h:
2174
2175 2012-05-09  Adam Barth  <abarth@webkit.org>
2176
2177         Implement HTML Media Capture
2178         https://bugs.webkit.org/show_bug.cgi?id=85958
2179
2180         Reviewed by Eric Seidel.
2181
2182         This patch begins the implementation of
2183         http://www.w3.org/TR/html-media-capture/ by adding the capture
2184         attribute to HTMLInputElement.
2185
2186         Test: fast/forms/file/file-input-capture.html
2187
2188         * html/FileInputType.cpp:
2189         (WebCore::FileInputType::handleDOMActivateEvent):
2190         * html/HTMLAttributeNames.in:
2191         * html/HTMLInputElement.cpp:
2192         (WebCore):
2193         (WebCore::HTMLInputElement::capture):
2194         (WebCore::HTMLInputElement::setCapture):
2195         * html/HTMLInputElement.h:
2196         (HTMLInputElement):
2197         * html/HTMLInputElement.idl:
2198         * platform/FileChooser.h:
2199         (FileChooserSettings):
2200
2201 2012-05-09  Charles Wei  <charles.wei@torchmobile.com.cn>
2202
2203         [BlackBerry]  Refactor data scheme support
2204         https://bugs.webkit.org/show_bug.cgi?id=85938
2205
2206         Reviewed by Rob Buis.
2207
2208         We will create a DataStream in our platform repository,
2209         so that can be wrapped up by NetworkJob for webkit rendering,
2210         and by DownloadStream for downloading.
2211
2212         Refactor, no new tests.
2213
2214         * platform/network/blackberry/NetworkJob.cpp:
2215         (WebCore::NetworkJob::NetworkJob):
2216         (WebCore::NetworkJob::initialize):
2217         (WebCore::NetworkJob::cancelJob):
2218         (WebCore::NetworkJob::sendResponseIfNeeded):
2219         * platform/network/blackberry/NetworkJob.h:
2220         (NetworkJob):
2221         * platform/network/blackberry/NetworkManager.cpp:
2222         (WebCore::NetworkManager::startJob):
2223
2224 2012-05-09  Dana Jansens  <danakj@chromium.org>
2225
2226         [chromium] Don't draw when canDraw() is false
2227         https://bugs.webkit.org/show_bug.cgi?id=85829
2228
2229         Reviewed by Adrienne Walker.
2230
2231         This is based on the work of Daniel Sievers in bug
2232         https://bugs.webkit.org/show_bug.cgi?id=82680. When canDraw() is false,
2233         we should not call drawLayers() or prepareToDraw() in both Single- and
2234         Multi-Threaded mode.
2235
2236         drawLayers() is crashing in single threaded mode, and this attempts to
2237         prevent it from being called with invalid state. While making it behave
2238         properly in single-threaded mode, it seems appropriate to unrevert the
2239         parts of 82680 that made threaded mode behave similarly appropriately.
2240
2241         A single-threaded test is not included since LTHTests is unable to run
2242         in single-threaded mode at this time (pending work from Ian Vollick). So
2243         we test in threaded mode only with a note to include a single thread
2244         version.
2245
2246         Tests: CCLayerTreeHostTestCanDrawBlocksDrawing.runMultiThread
2247
2248         * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
2249         (WebCore::CCLayerTreeHostImpl::prepareToDraw):
2250         (WebCore::CCLayerTreeHostImpl::drawLayers):
2251         * platform/graphics/chromium/cc/CCSingleThreadProxy.cpp:
2252         (WebCore::CCSingleThreadProxy::doComposite):
2253         * platform/graphics/chromium/cc/CCThreadProxy.cpp:
2254         (WebCore::CCThreadProxy::scheduledActionDrawAndSwapInternal):
2255
2256 2012-05-09  Martin Robinson  <mrobinson@igalia.com>
2257
2258         [Cairo] GLContextGLX releases the context with an uninitialized display
2259         https://bugs.webkit.org/show_bug.cgi?id=86039
2260
2261         Reviewed by Philippe Normand.
2262
2263         No new tests. This does not change behavior on most machines, but has
2264         the potential to prevent a pretty nasty crash on others.
2265
2266         Use the shared display to release GLX contexts instead of the uninitialized
2267         m_display member.
2268
2269         * platform/graphics/glx/GLContextGLX.cpp:
2270         (WebCore::GLContextGLX::~GLContextGLX): Release the display with the shared
2271         display.
2272         * platform/graphics/glx/GLContextGLX.h:
2273         (GLContextGLX): Remove the m_display member.
2274
2275 2012-05-09  Tony Gentilcore  <tonyg@chromium.org>
2276
2277         Subresources loaded after a reload completes shouldn't be revalidated.
2278         https://bugs.webkit.org/show_bug.cgi?id=84614
2279
2280         Based on patch by Darin Fisher.
2281
2282         Reviewed by Darin Fisher.
2283
2284         Tests: http/tests/cache/loaded-from-cache-after-reload-within-iframe.html
2285                http/tests/cache/loaded-from-cache-after-reload.html
2286
2287         * loader/FrameLoader.cpp:
2288         (WebCore::FrameLoader::checkLoadCompleteForThisFrame): Reset m_loadType after the load completes.
2289
2290 2012-05-09  Erik Arvidsson  <arv@chromium.org>
2291
2292         [V8] Fix issue where V8BindingPerContextData could keep the context object alive
2293         https://bugs.webkit.org/show_bug.cgi?id=86036
2294
2295         Reviewed by Kentaro Hara.
2296
2297         This is a partial revert of http://trac.webkit.org/changeset/114320/. This keeps
2298         the layout tests that were introduced since it turns out that
2299         http://trac.webkit.org/changeset/114989 fixes the tests too.
2300
2301         Covered by: http/tests/security/isolatedWorld/context-destroy.html
2302
2303         * bindings/v8/V8IsolatedContext.cpp:
2304         (WebCore::V8IsolatedContext::destroy):
2305
2306 2012-05-09  Anders Carlsson  <andersca@apple.com>
2307
2308         Speed up some parts of TileCache drawing
2309         https://bugs.webkit.org/show_bug.cgi?id=86033
2310         <rdar://problem/10919373>
2311
2312         Reviewed by Sam Weinig.
2313
2314         * platform/graphics/ca/mac/TileCache.mm:
2315         (WebCore::TileCache::tileCoverageRect):
2316         If we can't have scrollbars, there's not much need to extend the tile coverage rect outside of the visible rect, since it's
2317         unlikely that we'll do any form of scrolling here.
2318
2319         (WebCore::TileCache::revalidateTiles):
2320         Don't update the tile layer frame if it's big enough to contain the tile size. Also, if there are no new tiles created,
2321         don't call platformCALayerDidCreateTiles since that will trigger an extra layer flush.
2322
2323 2012-05-09  Alexandre Elias  <aelias@google.com>
2324
2325         setPageScaleFactor should setScrollPosition if scale is unchanged
2326         https://bugs.webkit.org/show_bug.cgi?id=84400
2327
2328         Reviewed by Adam Barth.
2329
2330         Previously, setPageScaleFactor forgot about its "origin" argument if
2331         the page scale factor is unchanged.  This has proven undesirable in
2332         practice because, for example, a single pinch gesture may zoom in and
2333         back out to the original page scale factor, but at a different scroll
2334         offset.
2335
2336         New test case added to scale-and-scroll-body-expected.txt
2337
2338         * page/Page.cpp:
2339         (WebCore::Page::setPageScaleFactor):
2340
2341 2012-05-09  Hugo Parente Lima  <hugo.lima@openbossa.org>
2342
2343         Use suitable viewport values on XHTML-MP pages.
2344         https://bugs.webkit.org/show_bug.cgi?id=85425
2345
2346         Reviewed by Kenneth Rohde Christiansen.
2347
2348         Tests: fast/viewport/viewport-legacy-xhtmlmp-misplaced-doctype.html
2349                fast/viewport/viewport-legacy-xhtmlmp-ordering.html
2350                fast/viewport/viewport-legacy-xhtmlmp.html
2351
2352         Use device-width and device-height as viewport size on
2353         XHTML-MP pages if the use feature LEGACY_VIEWPORT_ADAPTION
2354         is set according as the non normative section of
2355         http://www.w3.org/TR/css-device-adapt/
2356
2357         * dom/Document.cpp:
2358         (WebCore::Document::setDocType):
2359
2360 2012-05-09  Beth Dakin  <bdakin@apple.com>
2361
2362         https://bugs.webkit.org/show_bug.cgi?id=86025
2363         RTL and vertical text documents do no scroll properly with the new 
2364         tiled scrolling model
2365         -and corresponding-
2366         <rdar://problem/11077589>
2367
2368         Reviewed by Dan Bernstein.
2369         
2370         Most of the fix here is just to teach the scrolling tree about the 
2371         scroll origin.
2372         * page/scrolling/ScrollingCoordinator.cpp:
2373         (WebCore::ScrollingCoordinator::frameViewLayoutUpdated):
2374         (WebCore::ScrollingCoordinator::setScrollParameters):
2375         * page/scrolling/ScrollingCoordinator.h:
2376         (ScrollParameters):
2377         * page/scrolling/ScrollingTreeNode.cpp:
2378         (WebCore::ScrollingTreeNode::update):
2379         * page/scrolling/ScrollingTreeNode.h:
2380         (WebCore::ScrollingTreeNode::scrollOrigin):
2381         (ScrollingTreeNode):
2382         * page/scrolling/ScrollingTreeState.cpp:
2383         (WebCore::ScrollingTreeState::setScrollOrigin):
2384         (WebCore):
2385         * page/scrolling/ScrollingTreeState.h:
2386         (WebCore::ScrollingTreeState::scrollOrigin):
2387         (ScrollingTreeState):
2388         * page/scrolling/mac/ScrollingTreeNodeMac.mm:
2389         (WebCore::ScrollingTreeNodeMac::scrollPosition):
2390         (WebCore::ScrollingTreeNodeMac::setScrollLayerPosition):
2391         (WebCore::ScrollingTreeNodeMac::minimumScrollPosition):
2392         (WebCore::ScrollingTreeNodeMac::maximumScrollPosition):
2393         * rendering/RenderLayerCompositor.cpp:
2394         (WebCore::RenderLayerCompositor::frameViewDidScroll):
2395
2396         Teaching the scrolling tree about the scroll origin revealed this pre-
2397         existing bug. layoutOverflowRect() is not the right rect to use since 
2398         it is not writing-mode savvy. unscaledDocumentRect() is the right rect 
2399         for the view's bounds.
2400         * rendering/RenderLayerBacking.cpp:
2401         (WebCore::RenderLayerBacking::updateCompositedBounds):
2402
2403 2012-05-09  Rob Buis  <rwlbuis@webkit.org>
2404
2405         Cleanup SVGElement.cpp
2406         https://bugs.webkit.org/show_bug.cgi?id=86004
2407
2408         Reviewed by Eric Seidel.
2409
2410         Remove unneeded includes. We do not need to check attr in SVGElement::attributeChanged,
2411         lower layers assume it is non-null and we do not call attributeChanged in SVG.
2412
2413         * svg/SVGElement.cpp:
2414         (WebCore::SVGElement::attributeChanged):
2415         (WebCore::SVGElement::isAnimatableAttribute):
2416
2417 2012-05-09  Jochen Eisinger  <jochen@chromium.org>
2418
2419         When creating a new page during a navigation, prime the initial document with the correct referrer policy
2420         https://bugs.webkit.org/show_bug.cgi?id=86001
2421
2422         Reviewed by Adam Barth.
2423
2424         Test: http/tests/security/referrer-policy-redirect-link.html
2425
2426         * dom/Document.h:
2427         (WebCore::Document::setReferrerPolicy):
2428         * loader/FrameLoader.cpp:
2429         (WebCore::FrameLoader::continueLoadAfterNewWindowPolicy):
2430
2431 2012-05-09  Alec Flett  <alecflett@chromium.org>
2432
2433         IndexedDB: call abort handler when there are problems committing
2434         https://bugs.webkit.org/show_bug.cgi?id=85841
2435
2436         Reviewed by Ojan Vafai.
2437
2438         No new tests. Every existing test that calls commit() is testing
2439         the success side of this, and this only throws when there are
2440         LevelDB errors, which is exactly what we're trying to diagnose
2441         with this patch.
2442
2443         * Modules/indexeddb/IDBBackingStore.h:
2444         (Transaction):
2445         * Modules/indexeddb/IDBLevelDBBackingStore.cpp:
2446         (WebCore::IDBLevelDBBackingStore::deleteDatabase):
2447         (WebCore::IDBLevelDBBackingStore::Transaction::commit):
2448         * Modules/indexeddb/IDBLevelDBBackingStore.h:
2449         (Transaction):
2450         * Modules/indexeddb/IDBTransactionBackendImpl.cpp:
2451         (WebCore::IDBTransactionBackendImpl::commit):
2452
2453 2012-05-09  Mark Pilgrim  <pilgrim@chromium.org>
2454
2455         [Chromium] Remove PlatformSupport::loadPlatformImageResource, call loadResource directly
2456         https://bugs.webkit.org/show_bug.cgi?id=84417
2457
2458         Reviewed by Adam Barth.
2459
2460         Part of a refactoring series. See tracking bug 82948.
2461
2462         * WebCore.gyp/WebCore.gyp:
2463         * WebCore.gypi:
2464         * platform/chromium/PlatformSupport.h:
2465         (PlatformSupport):
2466         * platform/graphics/chromium/ImageChromium.cpp:
2467         (WebCore::Image::loadPlatformResource):
2468         * platform/graphics/chromium/ImageChromiumMac.mm: Removed.
2469
2470 2012-05-09  Rob Buis  <rbuis@rim.com>
2471
2472         Remove some isSVGFoo methods
2473         https://bugs.webkit.org/show_bug.cgi?id=86009
2474
2475         Reviewed by Eric Seidel.
2476
2477         These are not used at the moment and were probably just copy and pasted from
2478         isSVGFoo methods in RenderObject.h.
2479
2480         * rendering/RenderObject.h:
2481         * rendering/svg/RenderSVGEllipse.h:
2482         (RenderSVGEllipse):
2483         * rendering/svg/RenderSVGRect.h:
2484         (RenderSVGRect):
2485         * rendering/svg/RenderSVGShape.h:
2486
2487 2012-05-09  Ian Vollick  <vollick@chromium.org>
2488
2489         [chromium] Add impl-thread support for fill-mode and direction css animation properties
2490         https://bugs.webkit.org/show_bug.cgi?id=77662
2491
2492         Reviewed by James Robinson.
2493
2494         Adds support for accelerating css animations with -webkit-animation-fill-mode,
2495         and -webkit-animation-direction properties.
2496
2497         Tested in:
2498           CCActiveAnimationTest.TrimTimeAlternating
2499           CCLayerAnimationControllerTest.createReversedAnimation
2500           CCLayerAnimationControllerTest.createAlternatingAnimation
2501           CCLayerAnimationControllerTest.createReversedAlternatingAnimation
2502
2503         * platform/graphics/chromium/cc/CCActiveAnimation.cpp:
2504         (WebCore::CCActiveAnimation::CCActiveAnimation):
2505         (WebCore::CCActiveAnimation::trimTimeToCurrentIteration):
2506         (WebCore::CCActiveAnimation::cloneForImplThread):
2507         * platform/graphics/chromium/cc/CCActiveAnimation.h:
2508         (CCActiveAnimation):
2509         (WebCore::CCActiveAnimation::alternatesDirection):
2510         (WebCore::CCActiveAnimation::setAlternatesDirection):
2511         * platform/graphics/chromium/cc/CCLayerAnimationController.cpp:
2512
2513 2012-05-09  Ken Buchanan  <kenrb@chromium.org>
2514
2515         Crash from removal of a line break object
2516         https://bugs.webkit.org/show_bug.cgi?id=85997
2517
2518         Reviewed by David Hyatt.
2519
2520         Regression from r115343. That replaced a call to setNeedsLayout()
2521         with a separate call that used a different bit during linebox
2522         invalidation after renderer child removal. There are special cases
2523         where layout isn't marked on parent nodes just from the removal, so
2524         line dirtying needs to explicitly mark ancestors for layout.
2525
2526         * rendering/RenderObject.h:
2527         (WebCore::RenderObject::setAncestorLineBoxDirty):
2528
2529 2012-05-09  Levi Weintraub  <leviw@chromium.org>
2530
2531         Fix performance regression for floats caused by LayoutUnit change
2532         https://bugs.webkit.org/show_bug.cgi?id=85834
2533
2534         Reviewed by Ojan Vafai.
2535
2536         Refactoring FractionalLayout types to alleviate performance issues. Explicitly
2537         inlining constructor and operator functions in FractionalLayoutUnit, as well as
2538         pixelSnappedIntSize and pixelSnappedIntRect (particularly hot code paths). Also
2539         further simplifying round and ceil functions when sub-pixel layout is not enabled.
2540
2541         pixelSnappedIntSize was the only function defined in FractionalLayoutSize.cpp,
2542         so it is removed.
2543
2544         No new tests. No change in functionality.
2545
2546         * CMakeLists.txt:
2547         * GNUmakefile.list.am:
2548         * Target.pri:
2549         * WebCore.gypi:
2550         * WebCore.vcproj/WebCore.vcproj:
2551         * WebCore.xcodeproj/project.pbxproj:
2552         * platform/FractionalLayoutUnit.h:
2553         (WebCore::FractionalLayoutUnit::FractionalLayoutUnit):
2554         (FractionalLayoutUnit):
2555         (WebCore::FractionalLayoutUnit::toInt):
2556         (WebCore::FractionalLayoutUnit::toFloat):
2557         (WebCore::FractionalLayoutUnit::toDouble):
2558         (WebCore::FractionalLayoutUnit::toUnsigned):
2559         (WebCore::FractionalLayoutUnit::operator int):
2560         (WebCore::FractionalLayoutUnit::operator unsigned):
2561         (WebCore::FractionalLayoutUnit::operator float):
2562         (WebCore::FractionalLayoutUnit::operator double):
2563         (WebCore::FractionalLayoutUnit::operator bool):
2564         (WebCore::FractionalLayoutUnit::ceil):
2565         (WebCore::FractionalLayoutUnit::round):
2566         * platform/graphics/FractionalLayoutRect.cpp:
2567         (WebCore):
2568         * platform/graphics/FractionalLayoutRect.h:
2569         (WebCore::FractionalLayoutRect::pixelSnappedSize):
2570         (WebCore::pixelSnappedIntRect):
2571         (WebCore):
2572         * platform/graphics/FractionalLayoutSize.cpp: Removed.
2573         * platform/graphics/FractionalLayoutSize.h:
2574         (WebCore):
2575         * rendering/LayoutTypes.h:
2576         (WebCore::pixelSnappedIntSize):
2577         (WebCore):
2578
2579 2012-05-09  Abhishek Arya  <inferno@chromium.org>
2580
2581         Crash in ReplaceSelectionCommand::performTrivialReplace
2582         https://bugs.webkit.org/show_bug.cgi?id=85943
2583
2584         Reviewed by Ryosuke Niwa.
2585
2586         RefPtr nodeAfterInsertionPos to guard against mutation events.
2587
2588         Test: editing/inserting/insert-html-crash.html
2589
2590         * editing/ReplaceSelectionCommand.cpp:
2591         (WebCore::ReplaceSelectionCommand::performTrivialReplace):
2592
2593 2012-05-03  Shawn Singh  <shawnsingh@chromium.org>
2594
2595         Hit testing is incorrect in some cases with perspective transforms
2596         https://bugs.webkit.org/show_bug.cgi?id=79136
2597
2598         Reviewed by Simon Fraser.
2599
2600         Tests: transforms/3d/hit-testing/coplanar-with-camera.html
2601                transforms/3d/hit-testing/perspective-clipped.html
2602
2603         * platform/graphics/transforms/TransformationMatrix.cpp:
2604         (WebCore::TransformationMatrix::projectPoint): Fix a
2605         divide-by-zero error so that values do not become Inf or Nan. Also
2606         fix an overflow error by using a large, but not-too-large constant
2607         to represent infinity.
2608
2609         (WebCore::TransformationMatrix::projectQuad): Fix an error where
2610         incorrect quads were being returned. Incorrect quads can occur
2611         when projectPoint clamped==true after returning.
2612
2613 2012-05-09  Caio Marcelo de Oliveira Filho  <caio.oliveira@openbossa.org>
2614
2615         Simplify CSSParser::parseSimpleLengthValue()
2616         https://bugs.webkit.org/show_bug.cgi?id=85910
2617
2618         Reviewed by Alexis Menard.
2619
2620         Various small improvements to this function, mainly:
2621         - Move the check if the property ID accepts a simple length as early as possible;
2622         - Remove the check for the characters{8,16} pointers since they'll be valid (we ASSERT that);
2623         - Use a template to avoid duplicate code for 8 and 16 bit characters.
2624
2625         * css/CSSParser.cpp:
2626         (WebCore):
2627         (WebCore::parseSimpleLength):
2628         (WebCore::parseSimpleLengthValue):
2629
2630 2012-05-09  Ami Fischman  <fischman@chromium.org>
2631
2632         [chromium] Support multiple buffered time ranges
2633         https://bugs.webkit.org/show_bug.cgi?id=85926
2634
2635         Reviewed by Eric Carlson.
2636
2637         Preserve existing rendering of a single rect even in the presence of multiple buffered regions.
2638
2639         No new tests as this change has no functional effects.
2640
2641         * rendering/RenderMediaControlsChromium.cpp:
2642         (WebCore::paintMediaSlider):
2643
2644 2012-05-09  Dana Jansens  <danakj@chromium.org>
2645
2646         Early-out and avoid any copying when possible for Region operations
2647         https://bugs.webkit.org/show_bug.cgi?id=85260
2648
2649         Reviewed by Anders Carlsson.
2650
2651         For an empty region, any intersection or subtraction will not modify
2652         the region, so we can simply return instead of creating a new Shape
2653         and replacing the current empty Shape.
2654
2655         When a region is united with a region it contains, the orignal
2656         containing region is the result. So, if A.unite(B) and A.contains(B)
2657         then A does not need to change at all and we can return without making
2658         a copy of A's shape. When A is a rect, we can do this test even more
2659         simply.
2660
2661         We also remove redundant checks from trySimpleOperation() methods, where
2662         the test is already done in the Region calling site.
2663
2664         This change improves the performance of the Region overlap testing for
2665         composited layers, and allows us to avoid unnecessary copies of the
2666         Region during unite. With a layout test (attached to bug #81087), that
2667         creates a Region from the union of 225 composited layers, as well as
2668         600 overlapping layers above them, this change decreases the running
2669         time of the test by 3.2% by avoiding a copy of the entire Region for
2670         each insertion that does not change the resulting Region.
2671
2672         Unit tests: RegionTest.unite
2673
2674         * platform/graphics/Region.cpp:
2675         (WebCore::Region::Shape::UnionOperation::trySimpleOperation):
2676         (WebCore::Region::Shape::IntersectOperation::trySimpleOperation):
2677         (WebCore::Region::Shape::SubtractOperation::trySimpleOperation):
2678         (WebCore::Region::intersect):
2679         (WebCore::Region::unite):
2680         (WebCore::Region::subtract):
2681         * platform/graphics/Region.h:
2682         (WebCore::Region::isRect):
2683         (WebCore::Region::Shape::isRect):
2684
2685 2012-05-09  Tommy Widenflycht  <tommyw@google.com>
2686
2687         MediaStream API: SessionDescription::addCandidate should not crash for malformed input
2688         https://bugs.webkit.org/show_bug.cgi?id=85988
2689
2690         Reviewed by Adam Barth.
2691
2692         Sending null would crash the browser. Added safeguards in both the bindings and the native code.
2693
2694         Test: fast/mediastream/SessionDescription.html
2695
2696         * Modules/mediastream/SessionDescription.cpp:
2697         (WebCore::SessionDescription::addCandidate):
2698         * Modules/mediastream/SessionDescription.h:
2699         (SessionDescription):
2700         * Modules/mediastream/SessionDescription.idl:
2701
2702 2012-05-09  Tommy Widenflycht  <tommyw@google.com>
2703
2704         MediaStream API: Adding the possibility of port specific information in MediaStreamDescriptor
2705         https://bugs.webkit.org/show_bug.cgi?id=85794
2706
2707         Reviewed by Adam Barth.
2708
2709         To facilitate for ports I have added an ExtraData field that can be used for whatever purpose is needed.
2710
2711         No behavioral changes.
2712
2713         * platform/chromium/support/WebMediaStreamDescriptor.cpp:
2714         (ExtraDataContainer):
2715         (WebKit::ExtraDataContainer::ExtraDataContainer):
2716         (WebKit::ExtraDataContainer::extraData):
2717         (WebKit):
2718         (WebKit::WebMediaStreamDescriptor::extraData):
2719         (WebKit::WebMediaStreamDescriptor::setExtraData):
2720         * platform/mediastream/MediaStreamDescriptor.h:
2721         (ExtraData):
2722         (WebCore::MediaStreamDescriptor::ExtraData::~ExtraData):
2723         (MediaStreamDescriptor):
2724         (WebCore::MediaStreamDescriptor::extraData):
2725         (WebCore::MediaStreamDescriptor::setExtraData):
2726
2727 2012-05-09  Takashi Sakamoto  <tasak@google.com>
2728
2729         Crash in WebCore::RenderBoxModelObject::paddingLeft
2730         https://bugs.webkit.org/show_bug.cgi?id=83889
2731
2732         Reviewed by Abhishek Arya.
2733
2734         RenderScrollbar creates RenderScrollbarPart without any parent
2735         renderers. However, if the scrollbar has percent padding styles,
2736         non-null parent renderer is required. So after creating/destroying
2737         RenderScrollbarPart instances, set owningRenderer(creating)/0
2738         (destroying) as its parent renderer.
2739
2740         Test: scrollbars/scrollbar-percent-padding-crash.html
2741               scrollbars/scrollbar-percent-padding-crash-expected.txt
2742
2743         * rendering/RenderScrollbar.cpp:
2744         (WebCore::RenderScrollbar::updateScrollbarPart):
2745         Added setParent after creating/destroying RenderScrollbarPart.
2746         * rendering/RenderScrollbarPart.cpp:
2747         Made RenderScollbar friend, because setParent is protected and
2748         RenderScrollbar is not inherited from class RenderObject.
2749
2750 2012-05-09  Takashi Sakamoto  <tasak@google.com>
2751
2752         ShadowRoot needs applyAuthorStyles
2753         https://bugs.webkit.org/show_bug.cgi?id=78472
2754
2755         Reviewed by Hajime Morita.
2756
2757         Implemented applyAuthorStyles attribute defined in the following spec:
2758         http://dvcs.w3.org/hg/webcomponents/raw-file/tip/spec/shadow/index.html#shadow-root-attributes
2759         Since applyAuthorSheets attribute has been already implemented,
2760         renamed all applyAuthorSheets to applyAuthorStyles and
2761         added applyAuthorStyles to ShadowRoot.idl.
2762         Currently, changing dynamically applyAuthorStyles doesn't work. I will fix this isse in bugs:84215: https://bugs.webkit.org/show_bug.cgi?id=84251
2763
2764         Test: fast/dom/shadow/shadow-root-applyAuthorStyles.html
2765               fast/dom/shadow/shadow-root-applyAuthorStyles-expected.html
2766
2767         * css/StyleResolver.cpp:
2768         (WebCore::StyleResolver::collectMatchingRulesForList):
2769         * dom/ShadowRoot.cpp:
2770         (WebCore::ShadowRoot::ShadowRoot):
2771         (WebCore::ShadowRoot::applyAuthorStyles):
2772         (WebCore::ShadowRoot::setApplyAuthorStyles):
2773         * dom/ShadowRoot.h:
2774         * dom/TreeScope.cpp:
2775         (WebCore::TreeScope::applyAuthorStyles):
2776         * dom/TreeScope.h:
2777         (TreeScope):
2778         Changed all applyAuthorSheets to applyAuthorSytles.
2779         (ShadowRoot):
2780         * dom/ShadowRoot.idl:
2781         Added a new attribute, boolean applyAuthorStyles.
2782
2783 2012-05-09  Yoshifumi Inoue  <yosin@chromium.org>
2784
2785         [Chromium][Forms] HTMLOptionsCollection doesn't have indexed properties on property enumeration
2786         https://bugs.webkit.org/show_bug.cgi?id=85937
2787
2788         Reviewed by Kentaro Hara.
2789
2790         This patch adds numeric indices to properties in enumeration to HTMLOptionsCollection V8 binding
2791         to changes Objects.keys in ECMAScript5 and for-in statement behavior for compatibility with
2792         Firefox 12, IE9, Opera 11, and Safari 5.
2793
2794         Test: fast/forms/select/options-indexed-properties.html
2795
2796         * bindings/scripts/CodeGeneratorV8.pm:
2797         (GenerateImplementationIndexer): Set $hasEnumerator true for interface HTMLOptionsCollection
2798
2799 2012-05-09  Shinya Kawanaka  <shinyak@chromium.org>
2800
2801         Position should be able to have ShadowRoot as a container.
2802         https://bugs.webkit.org/show_bug.cgi?id=82021
2803
2804         Reviewed by Ryosuke Niwa.
2805
2806         Since Position could not take a shadow root as a container node, pointing the direct children
2807         of a shadow root was difficult.
2808
2809         This patch makes it enabled, and fixes a lot of crashes caused by that limitation.
2810         Also, we confirm that ShadowRoot is not exposed to JavaScript layer.
2811
2812         Currently this change is only enabled if shadow dom flag is enabled, since we cannot
2813         prove this change does not destroy the existing behavior. However, this change is really required
2814         to fix other editing bugs in Shadow DOM. A bunch of patches and tests will be added to
2815         fix other editing bugs and they will check this patch does not break editing.
2816         We will also add a fuzzer to check the stability of editing in Shadow DOM later, and it will
2817         also help to confirm the patch will not break the editing.
2818
2819         Tests: editing/shadow/doubleclick-on-meter-in-shadow-crash.html
2820                editing/shadow/rightclick-on-meter-in-shadow-crash.html
2821                editing/shadow/shadow-selection-not-exported.html
2822
2823         * dom/Position.cpp:
2824         (WebCore::Position::Position):
2825         (WebCore::Position::containerNode):
2826         (WebCore::Position::parentAnchoredEquivalent):
2827         (WebCore::Position::previous):
2828         (WebCore::Position::next):
2829         (WebCore::Position::atStartOfTree):
2830         (WebCore::Position::atEndOfTree):
2831         (WebCore::Position::findParent):
2832         * dom/Position.h:
2833         (WebCore):
2834         (WebCore::positionInParentBeforeNode):
2835         (WebCore::positionInParentAfterNode):
2836
2837 2012-05-09  Zoltan Horvath  <zoltan@webkit.org>
2838
2839         [Qt] Build fix when using libpng version != 1.2
2840         https://bugs.webkit.org/show_bug.cgi?id=85614
2841
2842         Reviewed by Eric Seidel.
2843
2844         Don't enforce the version of libpng when passing the option to the linker.
2845
2846         No new tests, no intended functionality change.
2847
2848         * WebCore.pri:
2849
2850 2012-05-09  Oli Lan  <olilan@chromium.org>
2851
2852         Add identifying methods for date/time input types.
2853
2854         This patch adds methods isDateField(), isDateTimeField(), isDateTimeLocalField(),
2855         isMonthField(), isTimeField() and isWeekField() to InputType and the appropriate
2856         HTMLInputElement classes, to allow date/time input types to be identified.
2857
2858         The new methods match the existing methods for types such as email, search and number.
2859
2860         https://bugs.webkit.org/show_bug.cgi?id=78746
2861
2862         Reviewed by Kent Tamura.
2863
2864         A new test WebViewTest.TextInputType has been added in WebKit/chromium/tests that calls
2865         through to these methods via WebViewImpl.textInputType().
2866
2867         * html/DateInputType.cpp:
2868         (WebCore::DateInputType::isDateField):
2869         (WebCore):
2870         * html/DateInputType.h:
2871         (DateInputType):
2872         * html/DateTimeInputType.cpp:
2873         (WebCore::DateTimeInputType::isDateTimeField):
2874         (WebCore):
2875         * html/DateTimeInputType.h:
2876         (DateTimeInputType):
2877         * html/DateTimeLocalInputType.cpp:
2878         (WebCore::DateTimeLocalInputType::isDateTimeLocalField):
2879         (WebCore):
2880         * html/DateTimeLocalInputType.h:
2881         (DateTimeLocalInputType):
2882         * html/HTMLInputElement.cpp:
2883         (WebCore::HTMLInputElement::isDateField):
2884         (WebCore):
2885         (WebCore::HTMLInputElement::isDateTimeField):
2886         (WebCore::HTMLInputElement::isDateTimeLocalField):
2887         (WebCore::HTMLInputElement::isMonthField):
2888         (WebCore::HTMLInputElement::isTimeField):
2889         (WebCore::HTMLInputElement::isWeekField):
2890         * html/HTMLInputElement.h:
2891         (HTMLInputElement):
2892         * html/InputType.cpp:
2893         (WebCore::InputType::isDateField):
2894         (WebCore):
2895         (WebCore::InputType::isDateTimeField):
2896         (WebCore::InputType::isDateTimeLocalField):
2897         (WebCore::InputType::isMonthField):
2898         (WebCore::InputType::isTimeField):
2899         (WebCore::InputType::isWeekField):
2900         * html/InputType.h:
2901         (InputType):
2902         * html/MonthInputType.cpp:
2903         (WebCore::MonthInputType::isMonthField):
2904         (WebCore):
2905         * html/MonthInputType.h:
2906         (MonthInputType):
2907         * html/TimeInputType.cpp:
2908         (WebCore::TimeInputType::isTimeField):
2909         (WebCore):
2910         * html/TimeInputType.h:
2911         (TimeInputType):
2912         * html/WeekInputType.cpp:
2913         (WebCore::WeekInputType::isWeekField):
2914         (WebCore):
2915         * html/WeekInputType.h:
2916         (WeekInputType):
2917
2918 2012-05-09  Nikolas Zimmermann  <nzimmermann@rim.com>
2919
2920         REGRESSION(r105057): Infinite loop inside SVGTextLayoutEngine::currentLogicalCharacterMetrics
2921         https://bugs.webkit.org/show_bug.cgi?id=83405
2922
2923         Reviewed by Darin Adler.
2924
2925         Dynamically adding tspans carrying position information in the x/y/dx/dy/rotate lists is broken.
2926         To avoid mistakes like this in future, simplify the calling code in RenderSVGInlineText and centralize
2927         the managment of all caches (text positioning element cache / metrics map / layout attributes) in
2928         RenderSVGText. This avoids the hack in SVGRootInlineBox::computePerCharacterLayoutInformation() which
2929         called textRoot->rebuildLayoutAttributes(), which was used to fix previous security issues with this code.
2930         Instead correctly handle destruction of RenderSVGInlineText in RenderSVGText, keeping the m_layoutAttributes
2931         synchronized with the current state of the render tree. Fixes highcharts problems.
2932
2933         Tests: svg/text/add-tspan-position-bug.html
2934                svg/text/modify-tspan-position-bug.html
2935
2936         * rendering/svg/RenderSVGInline.cpp:
2937         (WebCore::RenderSVGInline::addChild):
2938         * rendering/svg/RenderSVGInlineText.cpp:
2939         (WebCore::RenderSVGInlineText::willBeDestroyed):
2940         (WebCore::RenderSVGInlineText::setTextInternal):
2941         (WebCore::RenderSVGInlineText::styleDidChange):
2942         * rendering/svg/RenderSVGText.cpp:
2943         (WebCore::recursiveUpdateMetrics):
2944         (WebCore::RenderSVGText::subtreeChildAdded):
2945         (WebCore::RenderSVGText::subtreeChildWillBeDestroyed):
2946         (WebCore::recursiveCollectLayoutAttributes):
2947         (WebCore::checkLayoutAttributesConsistency):
2948         (WebCore::RenderSVGText::subtreeChildWasDestroyed):
2949         (WebCore::RenderSVGText::subtreeStyleChanged):
2950         (WebCore::RenderSVGText::subtreeTextChanged):
2951         (WebCore::RenderSVGText::layout):
2952         (WebCore::RenderSVGText::addChild):
2953         (WebCore::RenderSVGText::rebuildAllLayoutAttributes):
2954         (WebCore::RenderSVGText::rebuildLayoutAttributes):
2955         * rendering/svg/RenderSVGText.h:
2956         (WebCore::RenderSVGText::layoutAttributes):
2957         * rendering/svg/SVGRootInlineBox.cpp:
2958         (WebCore::SVGRootInlineBox::computePerCharacterLayoutInformation):
2959         * rendering/svg/SVGTextLayoutAttributesBuilder.cpp:
2960         (WebCore::SVGTextLayoutAttributesBuilder::buildLayoutAttributes):
2961
2962 2012-05-08  Dongwoo Im  <dw.im@samsung.com>
2963
2964         NavigatorRegisterProtocolHandler can call ChromeClient directly.
2965         https://bugs.webkit.org/show_bug.cgi?id=85944
2966
2967         Reviewed by Adam Barth.
2968
2969         Covered by fast/dom/register-protocol-handler.html
2970
2971         * page/Chrome.cpp: Remove registerProtocolHandler function.
2972         * page/Chrome.h: Remove registerProtocolHandler prototype.
2973         (Chrome):
2974         * page/NavigatorRegisterProtocolHandler.cpp: Call ChromeClient::registerProtocolHandler directly.
2975         (WebCore::NavigatorRegisterProtocolHandler::registerProtocolHandler):
2976
2977 2012-05-08  Mario Sanchez Prada  <msanchez@igalia.com>
2978
2979         Coding style issues present in RenderFrameSet.cpp
2980         https://bugs.webkit.org/show_bug.cgi?id=85955
2981
2982         Reviewed by Eric Seidel.
2983
2984         Just fixed those coding style issues.
2985
2986         * rendering/RenderFrameSet.cpp:
2987         (WebCore::RenderFrameSet::GridAxis::resize):
2988         (WebCore::RenderFrameSet::layOutAxis):
2989         (WebCore::RenderFrameSet::continueResizing):
2990
2991 2012-05-08  Jon Lee  <jonlee@apple.com>
2992
2993         Unreviewed build fix.
2994
2995         * platform/mac/WebCoreSystemInterface.h:
2996
2997 2012-05-08  Jason Liu  <jason.liu@torchmobile.com.cn>
2998
2999         [BlackBerry] Auth credentials set in private mode are reused in public mode.
3000         https://bugs.webkit.org/show_bug.cgi?id=84697
3001
3002         Reviewed by Rob Buis.
3003
3004         Add setPrivateMode function for CredentialStorage.
3005
3006         Now, we only save credentials in memory and CredentialBackingStore isn't enabled.
3007         When we set private mode from on to off, we clear all these temporary credentials.
3008
3009         We have to change Private Browsing to test, so have to write a manual test case.
3010         Test: ManualTests/blackberry/http-auth-private-mode-changed.html
3011
3012         * network/CredentialStorage.cpp:
3013         (WebCore::CredentialStorage::setPrivateMode):
3014         (WebCore):
3015         * platform/network/CredentialStorage.h:
3016         (CredentialStorage):
3017
3018 2012-05-08  Rakesh KN  <rakesh.kn@motorola.com>
3019
3020         RadioNodeList support in HTMLFormElement::elements
3021         https://bugs.webkit.org/show_bug.cgi?id=81854
3022
3023         Reviewed by Ryosuke Niwa.
3024
3025         Implement RadioNodeList support spec'ed at
3026         http://www.whatwg.org/specs/web-apps/current-work/multipage/common-dom-interfaces.html#radionodelist
3027
3028         Test: fast/forms/form-collection-radio-node-list.html
3029
3030         * CMakeLists.txt:
3031         Added entries for new files.
3032         * DerivedSources.cpp: Ditto.
3033         * DerivedSources.make: Ditto.
3034         * DerivedSources.pri: Ditto.
3035         * GNUmakefile.list.am: Ditto.
3036         * Target.pri: Ditto.
3037         * WebCore.gypi: Ditto.
3038         * WebCore.vcproj/WebCore.vcproj: Ditto.
3039         * WebCore.xcodeproj/project.pbxproj: Ditto.
3040         * bindings/js/JSHTMLCollectionCustom.cpp:
3041         (WebCore::getNamedItems):
3042         Modified to create RadioNodeList object when FormControlCollection has more than
3043         one element of same name/id.
3044         * bindings/scripts/CodeGeneratorJS.pm:
3045         (GenerateImplementation):
3046         Added code to include Node.h and JSNode.h in JSRadioNodeElement.cpp.
3047         * bindings/v8/custom/V8HTMLCollectionCustom.cpp:
3048         (WebCore::getNamedItems):
3049         Modified to create RadioNodeList object when FormControlCollection has more than
3050         one element of same name/id.
3051         * dom/Node.cpp:
3052         (WebCore::Node::invalidateNodeListsCacheAfterAttributeChanged):
3053         Invalidate lists even for change in id, type, checked attributes.
3054         (WebCore::NodeListsNodeData::invalidateCachesThatDependOnAttributes):
3055         Invalidate radioNodeList cache.
3056         (WebCore::NodeListsNodeData::isEmpty):
3057         Changes for radioNodeList.
3058         (WebCore::Node::radioNodeList):
3059         Creates if needed a RadioNodeList and adds it to the cache.
3060         (WebCore::Node::removeCachedRadioNodeList):
3061         Removes a cached radioNodeList.
3062         * dom/Node.h: Ditto
3063         * dom/NodeRareData.h:
3064         (WebCore):
3065         (NodeListsNodeData):
3066         Added radioNodeList list.
3067         * html/CollectionType.h:
3068         Added new FormControls type.
3069         * html/HTMLCollection.cpp:
3070         (WebCore::HTMLCollection::shouldIncludeChildren):
3071         (WebCore::HTMLCollection::isAcceptableElement):
3072         Handle FormControls collection type.
3073         * html/HTMLFormCollection.cpp:
3074         (WebCore::HTMLFormCollection::HTMLFormCollection):
3075         Contruct collection of FormControls type.
3076         * html/RadioNodeList.cpp: Added.
3077         (WebCore):
3078         (WebCore::RadioNodeList::RadioNodeList):
3079         (WebCore::RadioNodeList::~RadioNodeList):
3080         (WebCore::toRadioButtonInputElement):
3081         (WebCore::RadioNodeList::value):
3082         (WebCore::RadioNodeList::setValue):
3083         (WebCore::RadioNodeList::nodeMatches):
3084         * html/RadioNodeList.h: Added.
3085         (WebCore):
3086         (RadioNodeList):
3087         (WebCore::RadioNodeList::create):
3088         RadioNodeList implementation.
3089         * html/RadioNodeList.idl: Added.
3090         Idl for generating RadioNodeList JS/V8 bindings.
3091
3092 2012-05-08  Benjamin Poulain  <bpoulain@apple.com>
3093
3094         [JSC] Regression: addEventListener() and removeEventListener() raise an exception on missing args
3095         https://bugs.webkit.org/show_bug.cgi?id=85928
3096
3097         Reviewed by Geoffrey Garen.
3098
3099         The functions addEventListener() and removeEventListener() raise an exception if there are missin arguments.
3100         This behavior breaks existing content.
3101
3102         This patch change the code generator of JavaScript core to have an exception for addEventListener() and removeEventListener().
3103         For those function, we do not raise an exception on missin argument.
3104
3105         This patch does not modify the V8 code generator because such exceptions are already in place there.
3106
3107         Tests: fast/dom/Window/window-legacy-event-listener.html
3108                fast/dom/XMLHttpRequest-legacy-event-listener.html
3109                fast/dom/node-legacy-event-listener.html
3110
3111         * bindings/scripts/CodeGeneratorJS.pm:
3112         (GenerateImplementation):
3113
3114 2012-05-08  Chris Rogers  <crogers@google.com>
3115
3116         AudioParam should directly be given context in create() method
3117         https://bugs.webkit.org/show_bug.cgi?id=85905
3118
3119         Reviewed by James Robinson.
3120
3121         No new tests.  This is a low-level re-factoring and is covered by existing tests.
3122
3123         * Modules/webaudio/AudioBufferSourceNode.cpp:
3124         (WebCore::AudioBufferSourceNode::AudioBufferSourceNode):
3125         * Modules/webaudio/AudioGain.h:
3126         (WebCore::AudioGain::create):
3127         (WebCore::AudioGain::AudioGain):
3128         * Modules/webaudio/AudioGainNode.cpp:
3129         (WebCore::AudioGainNode::AudioGainNode):
3130         * Modules/webaudio/AudioPannerNode.cpp:
3131         (WebCore::AudioPannerNode::AudioPannerNode):
3132         * Modules/webaudio/AudioParam.h:
3133         (WebCore::AudioParam::create):
3134         (AudioParam):
3135         (WebCore::AudioParam::AudioParam):
3136         * Modules/webaudio/BiquadFilterNode.cpp:
3137         (WebCore::BiquadFilterNode::BiquadFilterNode):
3138         * Modules/webaudio/BiquadProcessor.cpp:
3139         (WebCore::BiquadProcessor::BiquadProcessor):
3140         * Modules/webaudio/BiquadProcessor.h:
3141         * Modules/webaudio/DelayNode.cpp:
3142         (WebCore::DelayNode::DelayNode):
3143         * Modules/webaudio/DelayProcessor.cpp:
3144         (WebCore::DelayProcessor::DelayProcessor):
3145         * Modules/webaudio/DelayProcessor.h:
3146         (DelayProcessor):
3147         * Modules/webaudio/DynamicsCompressorNode.cpp:
3148         (WebCore::DynamicsCompressorNode::DynamicsCompressorNode):
3149         * Modules/webaudio/Oscillator.cpp:
3150         (WebCore::Oscillator::Oscillator):
3151
3152 2012-05-08  Dana Jansens  <danakj@chromium.org>
3153
3154         [chromium] Show borders for partial-draw-culled quads to visualize culling behaviour
3155         https://bugs.webkit.org/show_bug.cgi?id=85414
3156
3157         Reviewed by Adrienne Walker.
3158
3159         The borders are brown, and are only shown when the quad's visible rect
3160         is non-empty and is different from the quad's original rect.
3161
3162         Adds a flag to CCQuadCuller constructor, to enable showing debug borders
3163         around what it leaves after culling (when it culls anything in a quad
3164         at all).
3165
3166         * platform/graphics/chromium/cc/CCDrawQuad.h:
3167         (WebCore::CCDrawQuad::isDebugQuad):
3168         (WebCore::CCDrawQuad::sharedQuadState):
3169         (CCDrawQuad):
3170         * platform/graphics/chromium/cc/CCQuadCuller.cpp:
3171         (WebCore):
3172         (WebCore::CCQuadCuller::CCQuadCuller):
3173         (WebCore::appendQuadInternal):
3174         (WebCore::CCQuadCuller::append):
3175         (WebCore::CCQuadCuller::appendSurface):
3176         (WebCore::CCQuadCuller::appendReplica):
3177         * platform/graphics/chromium/cc/CCQuadCuller.h:
3178         (CCQuadCuller):
3179         * platform/graphics/chromium/cc/CCRenderPass.cpp:
3180         (WebCore::CCRenderPass::appendQuadsForLayer):
3181         (WebCore::CCRenderPass::appendQuadsForRenderSurfaceLayer):
3182
3183 2012-05-08  Julien Chaffraix  <jchaffraix@webkit.org>
3184
3185         Move RenderLayers z-index lists dirtying to post style change
3186         https://bugs.webkit.org/show_bug.cgi?id=85437
3187
3188         Reviewed by Darin Adler.
3189
3190         No expected change in behavior.
3191
3192         This change moves the z-order lists to RenderLayer::styleChanged. As part of this
3193         change, also added proper handling of stacking context transition. This enabled
3194         us to tighten more of the dirtyZOrderLists / clearZOrderLists code.
3195
3196         * rendering/RenderBoxModelObject.cpp:
3197         (WebCore::RenderBoxModelObject::styleWillChange):
3198         Removed this code, moved to updateStackingContextsAfterStyleChange.
3199
3200         * rendering/RenderLayer.cpp:
3201         (WebCore::RenderLayer::RenderLayer):
3202         Only stacking contexts start with dirty z-order lists.
3203
3204         (WebCore::RenderLayer::dirtyZOrderLists):
3205         Added an ASSERT.
3206
3207         (WebCore::RenderLayer::updateStackingContextsAfterStyleChange):
3208         Refactored the code to handle the transition between stacking context status.
3209
3210         (WebCore::RenderLayer::styleChanged):
3211         Added a call to updateStackingContextsAfterStyleChange.
3212
3213         * rendering/RenderLayer.h:
3214         (WebCore::RenderLayer::isStackingContext):
3215         Added a call to the next function.
3216
3217         (WebCore::RenderLayer::layerWithStyleIsStackingContext):
3218         Factored the isStackingContext logic here so that we can reuse it inside
3219         updateStackingContextsAfterStyleChange.
3220
3221         (WebCore::RenderLayer::clearZOrderLists):
3222         Added an ASSERT.
3223
3224 2012-05-08  Abhishek Arya  <inferno@chromium.org>
3225
3226         Crash due to owning renderer not removed from custom scrollbar.
3227         https://bugs.webkit.org/show_bug.cgi?id=80610
3228
3229         Reviewed by Eric Seidel.
3230
3231         Test: scrollbars/scrollbar-owning-renderer-crash.html
3232
3233         Changed RenderScrollbar to keep pointer to owning node, instead of the
3234         renderer. Renderer can get destroyed without informing the scrollbar, causing
3235         crashes later. Remove code from r94107 since it is not needed anymore and saves
3236         times when RenderBox is getting destroyed.
3237
3238         * page/FrameView.cpp:
3239         (WebCore::FrameView::createScrollbar): pass renderer's node.
3240         * page/FrameView.h:
3241         * rendering/RenderBox.cpp:
3242         (WebCore::RenderBox::willBeDestroyed): no longer need this. came originally from r94107.
3243         * rendering/RenderLayer.cpp:
3244         (WebCore::RenderLayer::createScrollbar): pass renderer's node.
3245         (WebCore::RenderLayer::destroyScrollbar): no longer need to clear owning renderer.
3246         * rendering/RenderListBox.cpp:
3247         (WebCore::RenderListBox::createScrollbar): pass renderer's node.
3248         * rendering/RenderMenuList.cpp:
3249         (WebCore::RenderMenuList::createScrollbar): pass renderer's node.
3250         * rendering/RenderScrollbar.cpp:
3251         (WebCore::RenderScrollbar::createCustomScrollbar): Store owner node instead of renderer.
3252         (WebCore::RenderScrollbar::RenderScrollbar): Store owner node instead of renderer.
3253         (WebCore::RenderScrollbar::owningRenderer): calculate owning renderer from owner node.
3254         * rendering/RenderScrollbar.h:
3255         (RenderScrollbar):
3256         * rendering/RenderTextControlSingleLine.cpp:
3257         (WebCore::RenderTextControlSingleLine::createScrollbar): pass renderer's node.
3258
3259 2012-05-08  Jon Lee  <jonlee@apple.com>
3260
3261         Safari warns that it needs to resend the form in an iFrame when going back
3262         https://bugs.webkit.org/show_bug.cgi?id=82658
3263         <rdar://problem/11292558>
3264
3265         Reviewed by Darin Adler.
3266
3267         Test: http/tests/loading/post-in-iframe-with-back-navigation.html
3268
3269         * WebCore.exp.in: Add _wkCFURLRequestAllowAllPostCaching.
3270         * platform/mac/WebCoreSystemInterface.h: Add wkCFURLRequestAllowAllPostCaching.
3271         * platform/mac/WebCoreSystemInterface.mm: Add wkCFURLRequestAllowAllPostCaching.
3272         * platform/network/cf/ResourceRequestCFNet.cpp:
3273         (WebCore::ResourceRequest::doUpdatePlatformRequest): Set the bit to cache all POST responses.
3274         * platform/network/mac/ResourceRequestMac.mm:
3275         (WebCore::ResourceRequest::doUpdatePlatformRequest): Set the bit to cache all POST responses.
3276
3277 2012-05-08  Dana Jansens  <danakj@chromium.org>
3278
3279         [chromium] Reflections with masks should not occlude
3280         https://bugs.webkit.org/show_bug.cgi?id=85927
3281
3282         Reviewed by James Robinson.
3283
3284         When a surface does not have a mask, we make both it and its reflection
3285         occlude the things below them. However, if the reflection has a mask
3286         applied to it, then we should not consider it as occluding.
3287
3288         Adds replicaHasMask() to the render surface classes so we can test if
3289         the mask is present.
3290
3291         Unit Tests: CCOcclusionTrackerTestReplicaWithMask
3292
3293         * platform/graphics/chromium/RenderSurfaceChromium.cpp:
3294         (WebCore::RenderSurfaceChromium::hasMask):
3295         This is unusued right now, but will allow us to remove a FIXME from
3296         CCOcclusionTracker::finishedTargetRenderSurface().
3297         (WebCore):
3298         (WebCore::RenderSurfaceChromium::replicaHasMask):
3299         * platform/graphics/chromium/RenderSurfaceChromium.h:
3300         (RenderSurfaceChromium):
3301         * platform/graphics/chromium/cc/CCOcclusionTracker.cpp:
3302         (WebCore::::leaveToTargetRenderSurface):
3303         * platform/graphics/chromium/cc/CCRenderSurface.cpp:
3304         (WebCore::CCRenderSurface::hasMask):
3305         This is unusued right now, but will allow us to remove a FIXME from
3306         CCOcclusionTracker::finishedTargetRenderSurface().
3307         (WebCore):
3308         (WebCore::CCRenderSurface::replicaHasMask):
3309         * platform/graphics/chromium/cc/CCRenderSurface.h:
3310         (CCRenderSurface):
3311
3312 2012-05-08  Eric Seidel  <eric@webkit.org>
3313
3314         Add stylesheet inheritance support to IFRAME_SEAMLESS
3315         https://bugs.webkit.org/show_bug.cgi?id=85914
3316
3317         Reviewed by Ojan Vafai.
3318
3319         This work is already guarded by IFRAME_SEAMLESS, as
3320         Document::shouldDisplaySeamlesslyWithParent always returns false
3321         when IFRAME_SEAMLESS is off.
3322
3323         This makes the child document use all author stylesheets from all parent documents,
3324         per the seamless spec:
3325         http://www.whatwg.org/specs/web-apps/current-work/#attr-iframe-seamless
3326
3327         This support is slightly inefficient as every time a sheet is added
3328         to a parent document, the child document must do a full style selector recalc.
3329         Normally author sheet additions have a fast-path which avoids the full selector recalc,
3330         but such is not possible in the seamless case as we're inserting the parents sheets
3331         earlier in the child's cascade (instead of just appending them to the end of the list).
3332
3333         The test covers both the static inheritance as well as addition of a stylesheet
3334         to the parent and testing that it caused a recalc of the child.
3335
3336         Covered by fast/frames/seamless/seamless-css-cascade.html
3337
3338         * css/StyleResolver.cpp:
3339         (WebCore::StyleResolver::StyleResolver):
3340         (WebCore::StyleResolver::addStylesheetsFromSeamlessParents):
3341         (WebCore):
3342         * css/StyleResolver.h:
3343         (StyleResolver):
3344         * dom/Document.cpp:
3345         (WebCore::Document::seamlessParentUpdatedStylesheets):
3346         (WebCore):
3347         (WebCore::Document::notifySeamlessChildDocumentsOfStylesheetUpdate):
3348         (WebCore::Document::updateActiveStylesheets):
3349         * dom/Document.h:
3350         (Document):
3351
3352 2012-05-08  Raphael Kubo da Costa  <rakuco@webkit.org>
3353
3354         [CMake] FindGStreamer: Fix the build with static WebCore.
3355         https://bugs.webkit.org/show_bug.cgi?id=85930
3356
3357         Reviewed by Daniel Bates.
3358
3359         No new tests, build fix.
3360
3361         Building WebCore statically was failing because files in
3362         WebCore/platform/gstreamer when ENABLE_VIDEO was set required
3363         gstreamer-base, which was not being linked to after r116453.
3364
3365         Fix that by looking for gstreamer-base, requiring and linking
3366         against it if GStreamer is used.
3367
3368         * PlatformEfl.cmake: Link to GSTREAMER_LIBRARIES and
3369         GSTREAMER_BASE_LIBRARIES, and include GSTREAMER_INCLUDE_DIRS and
3370         GSTREAMER_BASE_INCLUDE_DIRS.
3371
3372 2012-05-08  Raymond Toy  <rtoy@google.com>
3373
3374         JavaScriptAudioNode should not ASSERT if number of input channels is 0
3375         https://bugs.webkit.org/show_bug.cgi?id=85818
3376
3377         Reviewed by Eric Seidel.
3378
3379         Test: webaudio/javascriptaudionode-zero-input-channels.html
3380
3381         * Modules/webaudio/JavaScriptAudioNode.cpp:
3382         (WebCore::JavaScriptAudioNode::process): Update buffersAreGood.
3383         (WebCore::JavaScriptAudioNode::fireProcessEvent): Remove ASSERT.
3384
3385 2012-05-08  Dana Jansens  <danakj@chromium.org>
3386
3387         Region reads past end of spans
3388         https://bugs.webkit.org/show_bug.cgi?id=85909
3389
3390         Reviewed by Anders Carlsson.
3391
3392         Region currently checks aSpan == aSpanEnd as the indicator that
3393         we passed all the spans. When aSpan < aSpanEnd, it uses aSpan+1
3394         to find the height of the span.
3395
3396         If aSpan == aSpanEnd - 1, then aSpan+1 == aSpanEnd. This does not
3397         represent a valid span, since aSpanEnd is past the end of the
3398         array, not the last element in the array. The loop should terminate
3399         in this case.
3400
3401         Checking aSegment != aSegmentEnd is acceptable in the inner loop since
3402         it increments by two each time (segments come in pairs, while spans
3403         come in singles).
3404
3405         Test: RegionTest.ReadPastFullSpanVectorInIntersectsTest
3406
3407         * platform/graphics/Region.cpp:
3408         (WebCore::Region::Shape::compareShapes):
3409
3410 2012-05-08  Philip Rogers  <pdr@google.com>
3411
3412         Prevent crash in animated lists
3413         https://bugs.webkit.org/show_bug.cgi?id=85382
3414
3415         Reviewed by Nikolas Zimmermann.
3416
3417         Animated lists blindly assign the last list value to m_toAtEndOfDurationType
3418         in SVGAnimationElement::startedActiveInterval. If the last list value's length
3419         is larger or smaller than the animated "to" length, we crash.
3420
3421         This change prevents accessing values off the end of toAtEndOfDuration by adding
3422         a check for this case. It may seem inefficient to perform this check on every
3423         animation update but the "to" value can change (in cardinality) while animating.
3424
3425         I checked each of the other animation types (e.g., SVGAnimatedAngle,
3426         SVGAnimatedBoolean, etc.) and was only able to hit this style of crash
3427         in the three types modified in this change:
3428         SVGAnimatedLengthList, SVGAnimatedNumberList, and SVGAnimatedPointList.
3429
3430         Tests: svg/animations/animate-linear-discrete-additive-b-expected.svg
3431                svg/animations/animate-linear-discrete-additive-b.svg
3432                svg/animations/animate-linear-discrete-additive-c-expected.svg
3433                svg/animations/animate-linear-discrete-additive-c.svg
3434                svg/animations/animate-linear-discrete-additive-expected.svg
3435                svg/animations/animate-linear-discrete-additive.svg
3436                svg/animations/animate-list-crash.svg
3437
3438         * svg/SVGAnimatedLengthList.cpp:
3439         (WebCore::SVGAnimatedLengthListAnimator::calculateAnimatedValue):
3440         * svg/SVGAnimatedNumberList.cpp:
3441         (WebCore::SVGAnimatedNumberListAnimator::calculateAnimatedValue):
3442         * svg/SVGAnimatedPointList.cpp:
3443         (WebCore::SVGAnimatedPointListAnimator::calculateAnimatedValue):
3444
3445 2012-05-08  Rafael Weinstein  <rafaelw@chromium.org>
3446
3447         HTMLElementStack::hasOnlyHTMLElementsInScope is no longer called
3448         https://bugs.webkit.org/show_bug.cgi?id=85908
3449
3450         Reviewed by Eric Seidel.
3451
3452         This patch just removes the dead code.
3453
3454         No tests needed. Cleanup only.
3455
3456         * html/parser/HTMLElementStack.cpp:
3457         * html/parser/HTMLElementStack.h:
3458         (HTMLElementStack):
3459
3460 2012-05-08  W. James MacLean  <wjmaclean@chromium.org>
3461
3462         [chromium] Create LinkHighlightLayerChromium class to provide link-highlight preview animations for GraphicsLayerChromium.
3463         https://bugs.webkit.org/show_bug.cgi?id=85084
3464
3465         Reviewed by James Robinson.
3466
3467         Unit test provided.
3468
3469         Creates a layer delegate class to provide link highlight animations for link-preview feature.
3470         These are added to a GraphicsLayerChromium via provided methods. Moves dispensing of animation
3471         ids into a separate class.