Add a test for media control dropoff
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-11  Eric Carlson  <eric.carlson@apple.com>
2
3         Add a test for media control dropoff
4         https://bugs.webkit.org/show_bug.cgi?id=151287
5         <rdar://problem/23544666>
6
7         Reviewed by Antoine Quint.
8
9         Test: media/controls/inline-elements-dropoff-order.html
10
11         * Modules/mediacontrols/mediaControlsApple.js: Expose more state to testing.
12         * testing/InternalSettings.cpp:
13         (WebCore::InternalSettings::setAllowsAirPlayForMediaPlayback): Renamed from setWirelessPlaybackDisabled.
14         (WebCore::InternalSettings::setWirelessPlaybackDisabled): Deleted.
15         * testing/InternalSettings.h:
16         * testing/InternalSettings.idl:
17
18
19 2016-07-11  Philippe Normand  <pnormand@igalia.com>
20
21         [GStreamer][GL] crash within triggerRepaint
22         https://bugs.webkit.org/show_bug.cgi?id=159552
23
24         Reviewed by Xabier Rodriguez-Calvar.
25
26         Ensure the sizeChanged notification is emitted from the main
27         thread. When GStreamer-GL rendering is enabled the appsink draw
28         callbacks are fired in a non-main thread.
29
30         The WeakPtr support was moved to the player base class so that it
31         can be used there as well as in the MediaPlayerPrivateGStreamer
32         sub-class.
33
34         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
35         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
36         (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer): Deleted.
37         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
38         (WebCore::MediaPlayerPrivateGStreamer::createWeakPtr): Deleted.
39         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
40         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
41         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
42         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
43         (WebCore::MediaPlayerPrivateGStreamerBase::createWeakPtr):
44
45 2016-07-10  Chris Dumez  <cdumez@apple.com>
46
47         Setting document.title reuses <title>'s textnode child
48         https://bugs.webkit.org/show_bug.cgi?id=28864
49         <rdar://problem/7186473>
50
51         Reviewed by Benjamin Poulain.
52
53         Setting document.title should be equivalent to setting the 'textContent'
54         IDL attribute of the <title> element:
55         - https://html.spec.whatwg.org/multipage/dom.html#document.title
56
57         In particular, this means we should always create a new Text node and
58         replace all the <title>'s children with this new Node, as per:
59         - https://dom.spec.whatwg.org/#dom-node-textcontent
60
61         Previously, WebKit would in some cases reuse the existing <title>'s
62         Text node and merely update its data.
63
64         Firefox and Chrome behave as per the specification so this aligns our
65         behavior with other major browsers as well.
66
67         Test: fast/dom/title-setter-new-text-node.html
68
69         * dom/Document.cpp:
70         (WebCore::Document::setTitle):
71         - Call Node::setTextContent() instead of HTMLTitleElement::setText(),
72           as per the specification.
73         - Take an ExceptionCode parameter and pass it to Node::setTextContent()
74           as it may throw.
75
76         * dom/Document.h:
77         * dom/Document.idl:
78
79         * html/HTMLTitleElement.cpp:
80         (WebCore::HTMLTitleElement::setText):
81         Update implementation of HTMLTitleElement::setText() to call
82         setTextContent() as per the specification:
83         - https://html.spec.whatwg.org/multipage/semantics.html#dom-title-text
84
85         * html/HTMLTitleElement.h:
86         * html/HTMLTitleElement.idl:
87
88         * html/ImageDocument.cpp:
89         (WebCore::ImageDocument::finishedParsing):
90
91         * svg/SVGTitleElement.cpp:
92         * svg/SVGTitleElement.h:
93         Drop setText() setter which was duplicated from HTMLTitleElement::setText()
94         now that Document::setTitle() calls SVGTitleElement::setTextContent()
95         instead.
96
97 2016-07-10  Zalan Bujtas  <zalan@apple.com>
98
99         Fix LogicalSelectionOffsetCaches to work with detached render tree.
100         https://bugs.webkit.org/show_bug.cgi?id=159605
101         <rdar://problem/27248845>
102
103         Reviewed by Brent Fulgham.
104
105         When the renderer that is being destroyed is on a selection boundary,
106         we need to ensure that all its cached pointers across the selection code (e.g. SelectionSubtreeData)
107         are getting reset. In order to do that, we call clearSelection() on the RenderView.
108         One of the last steps of clearing selection is to collect the selection gaps. Selection gaps uses this
109         LogicalSelectionOffsetCaches helper class to collect selection information across blocks.
110         LogicalSelectionOffsetCaches normally operates on rooted renderers. However we need to ensure sure that
111         it can also handle renderers that are no longer part of the render tree.
112
113         Test: fast/text/selection-on-a-detached-tree.html
114
115         * rendering/LogicalSelectionOffsetCaches.h:
116         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::setBlock):
117         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalLeftSelectionOffset):
118         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalRightSelectionOffset):
119         * rendering/RenderBlock.cpp:
120         (WebCore::RenderBlock::logicalLeftSelectionOffset):
121         (WebCore::RenderBlock::logicalRightSelectionOffset):
122
123 2016-07-10  Chris Dumez  <cdumez@apple.com>
124
125         adoptNode() changes css class to lowercase for document loaded with XHR responseType = "document"
126         https://bugs.webkit.org/show_bug.cgi?id=159555
127         <rdar://problem/27252541>
128
129         Reviewed by Benjamin Poulain.
130
131         Follow-up on r203018 which was incomplete. We need to update ElementData's
132         m_classNames / m_idForStyleResolution when the source document is in strict
133         mode and the destination document is in quirks mode as well.
134
135         Test: fast/dom/Document/adoptNode-quirks-mismatch2.html
136
137         * dom/Element.cpp:
138         (WebCore::Element::didMoveToNewDocument):
139
140 2016-07-10  Sam Weinig  <sam@webkit.org>
141
142         Rename isEmojiModifier to isEmojiFitzpatrickModifier to better capture its function
143         https://bugs.webkit.org/show_bug.cgi?id=159610
144
145         Reviewed by Dan Bernstein.
146
147         * platform/graphics/FontCascade.cpp:
148         (WebCore::FontCascade::characterRangeCodePath):
149         * platform/graphics/mac/ComplexTextController.cpp:
150         (WebCore::advanceByCombiningCharacterSequence):
151         Update for rename.
152
153         * platform/text/CharacterProperties.h:
154         (WebCore::isEmojiGroupCandidate):
155         (WebCore::isEmojiFitzpatrickModifier):
156         (WebCore::isVariationSelector):
157         Rename isEmojiModifier -> isEmojiFitzpatrickModifier. Also add some comments
158         explaining what the characters these predicate act on to demystify them a bit.
159
160         * rendering/RenderText.cpp:
161         (WebCore::RenderText::previousOffsetForBackwardDeletion):
162         Update for rename and rename a related variable.
163
164 2016-07-10  Alex Christensen  <achristensen@webkit.org>
165
166         Fix client certificate authentication after r200463
167         https://bugs.webkit.org/show_bug.cgi?id=159574
168         <rdar://problem/26931006>
169
170         Reviewed by Sam Weinig.
171
172         No new tests.  We really need a test for this
173
174         * platform/network/cf/CertificateInfo.h:
175         (WebCore::CertificateInfo::CertificateInfo):
176         (WebCore::CertificateInfo::trust):
177         Make sure we only get the trust for Trust type CertificateInfos.  
178         If we mix up our types, we get unexpected nullptrs, which will cause authentication to fail.
179
180 2016-07-10  Myles C. Maxfield  <mmaxfield@apple.com>
181
182         Fix Windows build after r203038
183
184         Unreviewed.
185
186         * platform/text/TextAllInOne.cpp:
187
188 2016-07-10  Myles C. Maxfield  <mmaxfield@apple.com>
189
190         Move breaking iterator code to WTF
191         https://bugs.webkit.org/show_bug.cgi?id=159594
192
193         Reviewed by Alex Christensen.
194
195         This is in preparation for giving StringView a GraphemeClusters iterator.
196         Such an interator needs to be implemented on top of our breaking iterator
197         code.
198
199         No new tests because there is no behavior change.
200
201         * CMakeLists.txt:
202         * PlatformEfl.cmake:
203         * PlatformGTK.cmake:
204         * PlatformMac.cmake:
205         * PlatformWin.cmake:
206         * WebCore.xcodeproj/project.pbxproj:
207         * dom/CharacterData.cpp:
208         * editing/TextCheckingHelper.cpp:
209         * editing/TextIterator.cpp:
210         * editing/VisibleUnits.cpp:
211         * html/HTMLInputElement.cpp:
212         * html/HTMLTextAreaElement.cpp:
213         * html/InputType.cpp:
214         * html/TextFieldInputType.cpp:
215         * html/TextInputType.cpp:
216         * platform/LocalizedStrings.cpp:
217         * platform/graphics/StringTruncator.cpp:
218         * platform/graphics/cg/ColorCG.cpp:
219         (WTF::RetainPtr<CGColorRef>>::createValueForKey):
220         (WebCore::RetainPtr<CGColorRef>>::createValueForKey): Deleted.
221         * platform/graphics/mac/ComplexTextController.cpp:
222         * platform/text/LineBreakIteratorPoolICU.h:
223         (WebCore::LineBreakIteratorPool::LineBreakIteratorPool): Deleted.
224         (WebCore::LineBreakIteratorPool::sharedPool): Deleted.
225         (WebCore::LineBreakIteratorPool::makeLocaleWithBreakKeyword): Deleted.
226         (WebCore::LineBreakIteratorPool::take): Deleted.
227         (WebCore::LineBreakIteratorPool::put): Deleted.
228         * platform/text/TextBoundaries.cpp:
229         * platform/text/TextBreakIterator.cpp:
230         (WebCore::initializeIterator): Deleted.
231         (WebCore::initializeIteratorWithRules): Deleted.
232         (WebCore::setTextForIterator): Deleted.
233         (WebCore::setContextAwareTextForIterator): Deleted.
234         (WebCore::wordBreakIterator): Deleted.
235         (WebCore::sentenceBreakIterator): Deleted.
236         (WebCore::cursorMovementIterator): Deleted.
237         (WebCore::acquireLineBreakIterator): Deleted.
238         (WebCore::releaseLineBreakIterator): Deleted.
239         (WebCore::mapLineIteratorModeToRules): Deleted.
240         (WebCore::isCJKLocale): Deleted.
241         (WebCore::openLineBreakIterator): Deleted.
242         (WebCore::closeLineBreakIterator): Deleted.
243         (WebCore::compareAndSwapNonSharedCharacterBreakIterator): Deleted.
244         (WebCore::NonSharedCharacterBreakIterator::NonSharedCharacterBreakIterator): Deleted.
245         (WebCore::NonSharedCharacterBreakIterator::~NonSharedCharacterBreakIterator): Deleted.
246         (WebCore::textBreakFirst): Deleted.
247         (WebCore::textBreakLast): Deleted.
248         (WebCore::textBreakNext): Deleted.
249         (WebCore::textBreakPrevious): Deleted.
250         (WebCore::textBreakPreceding): Deleted.
251         (WebCore::textBreakFollowing): Deleted.
252         (WebCore::textBreakCurrent): Deleted.
253         (WebCore::isTextBreak): Deleted.
254         (WebCore::isWordTextBreak): Deleted.
255         (WebCore::numGraphemeClusters): Deleted.
256         (WebCore::numCharactersInGraphemeClusters): Deleted.
257         * platform/text/TextBreakIterator.h:
258         (WebCore::LazyLineBreakIterator::LazyLineBreakIterator): Deleted.
259         (WebCore::LazyLineBreakIterator::~LazyLineBreakIterator): Deleted.
260         (WebCore::LazyLineBreakIterator::string): Deleted.
261         (WebCore::LazyLineBreakIterator::isLooseCJKMode): Deleted.
262         (WebCore::LazyLineBreakIterator::lastCharacter): Deleted.
263         (WebCore::LazyLineBreakIterator::secondToLastCharacter): Deleted.
264         (WebCore::LazyLineBreakIterator::setPriorContext): Deleted.
265         (WebCore::LazyLineBreakIterator::updatePriorContext): Deleted.
266         (WebCore::LazyLineBreakIterator::resetPriorContext): Deleted.
267         (WebCore::LazyLineBreakIterator::priorContextLength): Deleted.
268         (WebCore::LazyLineBreakIterator::get): Deleted.
269         (WebCore::LazyLineBreakIterator::resetStringAndReleaseIterator): Deleted.
270         (WebCore::NonSharedCharacterBreakIterator::operator TextBreakIterator*): Deleted.
271         * platform/text/cf/HyphenationCF.cpp:
272         * platform/text/efl/TextBreakIteratorInternalICUEfl.cpp:
273         (WebCore::currentSearchLocaleID): Deleted.
274         (WebCore::currentTextBreakLocaleID): Deleted.
275         * platform/text/enchant/TextCheckerEnchant.cpp:
276         * platform/text/gtk/TextBreakIteratorInternalICUGtk.cpp:
277         (WebCore::currentSearchLocaleID): Deleted.
278         (WebCore::currentTextBreakLocaleID): Deleted.
279         * platform/text/icu/UTextProvider.cpp:
280         (WebCore::fixPointer): Deleted.
281         (WebCore::uTextCloneImpl): Deleted.
282         * platform/text/icu/UTextProvider.h:
283         (WebCore::uTextProviderContext): Deleted.
284         (WebCore::initializeContextAwareUTextProvider): Deleted.
285         (WebCore::uTextAccessPinIndex): Deleted.
286         (WebCore::uTextAccessInChunkOrOutOfRange): Deleted.
287         * platform/text/icu/UTextProviderLatin1.cpp:
288         (WebCore::uTextLatin1Clone): Deleted.
289         (WebCore::uTextLatin1NativeLength): Deleted.
290         (WebCore::uTextLatin1Access): Deleted.
291         (WebCore::uTextLatin1Extract): Deleted.
292         (WebCore::uTextLatin1MapOffsetToNative): Deleted.
293         (WebCore::uTextLatin1MapNativeIndexToUTF16): Deleted.
294         (WebCore::uTextLatin1Close): Deleted.
295         (WebCore::openLatin1UTextProvider): Deleted.
296         (WebCore::textLatin1ContextAwareGetCurrentContext): Deleted.
297         (WebCore::textLatin1ContextAwareMoveInPrimaryContext): Deleted.
298         (WebCore::textLatin1ContextAwareSwitchToPrimaryContext): Deleted.
299         (WebCore::textLatin1ContextAwareMoveInPriorContext): Deleted.
300         (WebCore::textLatin1ContextAwareSwitchToPriorContext): Deleted.
301         (WebCore::uTextLatin1ContextAwareClone): Deleted.
302         (WebCore::uTextLatin1ContextAwareNativeLength): Deleted.
303         (WebCore::uTextLatin1ContextAwareAccess): Deleted.
304         (WebCore::uTextLatin1ContextAwareExtract): Deleted.
305         (WebCore::uTextLatin1ContextAwareClose): Deleted.
306         (WebCore::openLatin1ContextAwareUTextProvider): Deleted.
307         * platform/text/icu/UTextProviderUTF16.cpp:
308         (WebCore::textUTF16ContextAwareGetCurrentContext): Deleted.
309         (WebCore::textUTF16ContextAwareMoveInPrimaryContext): Deleted.
310         (WebCore::textUTF16ContextAwareSwitchToPrimaryContext): Deleted.
311         (WebCore::textUTF16ContextAwareMoveInPriorContext): Deleted.
312         (WebCore::textUTF16ContextAwareSwitchToPriorContext): Deleted.
313         (WebCore::uTextUTF16ContextAwareClone): Deleted.
314         (WebCore::uTextUTF16ContextAwareNativeLength): Deleted.
315         (WebCore::uTextUTF16ContextAwareAccess): Deleted.
316         (WebCore::uTextUTF16ContextAwareExtract): Deleted.
317         (WebCore::uTextUTF16ContextAwareClose): Deleted.
318         (WebCore::openUTF16ContextAwareUTextProvider): Deleted.
319         * platform/text/mac/TextBoundaries.mm:
320         * platform/text/mac/TextBreakIteratorInternalICUMac.mm:
321         (WebCore::textBreakLocalePreference): Deleted.
322         (WebCore::topLanguagePreference): Deleted.
323         (WebCore::getLocale): Deleted.
324         (WebCore::getSearchLocale): Deleted.
325         (WebCore::currentSearchLocaleID): Deleted.
326         (WebCore::getTextBreakLocale): Deleted.
327         (WebCore::currentTextBreakLocaleID): Deleted.
328         * platform/text/win/TextBreakIteratorInternalICUWin.cpp:
329         (WebCore::currentSearchLocaleID): Deleted.
330         (WebCore::currentTextBreakLocaleID): Deleted.
331         * rendering/RenderBlock.cpp:
332         * rendering/RenderText.cpp:
333         * rendering/RenderText.h:
334         * rendering/SimpleLineLayoutTextFragmentIterator.h:
335         * rendering/break_lines.cpp:
336         * rendering/break_lines.h:
337         * rendering/line/LineBreaker.h:
338
339 2016-07-10  Yusuke Suzuki  <utatane.tea@gmail.com>
340
341         [GTK] Crash on https://diafygi.github.io/webcrypto-examples with ENABLE_SUBTLE_CRYPTO
342         https://bugs.webkit.org/show_bug.cgi?id=159189
343
344         Reviewed by Michael Catanzaro.
345
346         Currently, we explicitly release the pointers of std::unique_ptr<CryptoAlgorithm> and std::unique_ptr<CryptoAlgorithmParameters>,
347         and delete them in the asynchronously called lambdas. In GnuTLS version, callback function is accidentally called twice,
348         and it incurs the double free problem.
349         In SubtleCrypto code, we have the rule that we must not call failureCallback when the error code is filled in synchronous execution.
350         So we drop the failureCallback calling code in GnuTLS subtle crypto code.
351
352         But, rather than carefully handling un-smart-pointer-managed raw pointer's life time, we should use ref counted pointer for that.
353         Using the raw delete is error-prone.
354
355         This patch also changes CryptoAlgorithm and CryptoAlgorithmParameters to RefCounted. And use Ref and RefPtr instead.
356         The change eliminates the ad-hoc delete code. And now, the lambdas can be called multiple times since once the result of the promise
357         is resolved or rejected, subsequent resolve / reject calls are ignored.
358
359         And this patch also fixes the incorrect call to the lambda that is already WTFMoved.
360
361         While we can see several `return WTFMove(...)`, they are necessary since it uses implicit type conversions, like,
362         `Ref<A>` => `RefPtr<A>`, and `Ref<Derived>` => `Ref<Base>`.
363
364         * bindings/js/JSCryptoAlgorithmDictionary.cpp:
365         (WebCore::createAesCbcParams):
366         (WebCore::createAesKeyGenParams):
367         (WebCore::createHmacParams):
368         (WebCore::createHmacKeyParams):
369         (WebCore::createRsaKeyGenParams):
370         (WebCore::createRsaKeyParamsWithHash):
371         (WebCore::createRsaOaepParams):
372         (WebCore::createRsaSsaParams):
373         (WebCore::JSCryptoAlgorithmDictionary::createParametersForEncrypt):
374         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDecrypt):
375         (WebCore::JSCryptoAlgorithmDictionary::createParametersForSign):
376         (WebCore::JSCryptoAlgorithmDictionary::createParametersForVerify):
377         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDigest):
378         (WebCore::JSCryptoAlgorithmDictionary::createParametersForGenerateKey):
379         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveKey):
380         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveBits):
381         (WebCore::JSCryptoAlgorithmDictionary::createParametersForImportKey):
382         (WebCore::JSCryptoAlgorithmDictionary::createParametersForExportKey):
383         * bindings/js/JSCryptoAlgorithmDictionary.h:
384         * bindings/js/JSCryptoKeySerializationJWK.cpp:
385         (WebCore::createHMACParameters):
386         (WebCore::createRSAKeyParametersWithHash):
387         (WebCore::JSCryptoKeySerializationJWK::reconcileAlgorithm):
388         * bindings/js/JSCryptoKeySerializationJWK.h:
389         * bindings/js/JSSubtleCryptoCustom.cpp:
390         (WebCore::createAlgorithmFromJSValue):
391         (WebCore::importKey):
392         (WebCore::JSSubtleCrypto::importKey):
393         (WebCore::JSSubtleCrypto::wrapKey):
394         (WebCore::JSSubtleCrypto::unwrapKey):
395         * crypto/CryptoAlgorithm.h:
396         * crypto/CryptoAlgorithmParameters.h:
397         * crypto/CryptoAlgorithmRegistry.cpp:
398         (WebCore::CryptoAlgorithmRegistry::create):
399         * crypto/CryptoAlgorithmRegistry.h:
400         * crypto/CryptoKeySerialization.h:
401         * crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:
402         (WebCore::CryptoAlgorithmAES_CBC::create):
403         * crypto/algorithms/CryptoAlgorithmAES_CBC.h:
404         * crypto/algorithms/CryptoAlgorithmAES_KW.cpp:
405         (WebCore::CryptoAlgorithmAES_KW::create):
406         * crypto/algorithms/CryptoAlgorithmAES_KW.h:
407         * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
408         (WebCore::CryptoAlgorithmHMAC::create):
409         * crypto/algorithms/CryptoAlgorithmHMAC.h:
410         * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:
411         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::create):
412         * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.h:
413         * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
414         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::create):
415         * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
416         * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:
417         (WebCore::CryptoAlgorithmRSA_OAEP::create):
418         * crypto/algorithms/CryptoAlgorithmRSA_OAEP.h:
419         * crypto/algorithms/CryptoAlgorithmSHA1.cpp:
420         (WebCore::CryptoAlgorithmSHA1::create):
421         * crypto/algorithms/CryptoAlgorithmSHA1.h:
422         * crypto/algorithms/CryptoAlgorithmSHA224.cpp:
423         (WebCore::CryptoAlgorithmSHA224::create):
424         * crypto/algorithms/CryptoAlgorithmSHA224.h:
425         * crypto/algorithms/CryptoAlgorithmSHA256.cpp:
426         (WebCore::CryptoAlgorithmSHA256::create):
427         * crypto/algorithms/CryptoAlgorithmSHA256.h:
428         * crypto/algorithms/CryptoAlgorithmSHA384.cpp:
429         (WebCore::CryptoAlgorithmSHA384::create):
430         * crypto/algorithms/CryptoAlgorithmSHA384.h:
431         * crypto/algorithms/CryptoAlgorithmSHA512.cpp:
432         (WebCore::CryptoAlgorithmSHA512::create):
433         * crypto/algorithms/CryptoAlgorithmSHA512.h:
434         * crypto/gnutls/CryptoAlgorithmAES_CBCGnuTLS.cpp:
435         (WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
436         (WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):
437         * crypto/gnutls/CryptoAlgorithmAES_KWGnuTLS.cpp:
438         (WebCore::CryptoAlgorithmAES_KW::platformEncrypt):
439         (WebCore::CryptoAlgorithmAES_KW::platformDecrypt):
440         * crypto/gnutls/CryptoAlgorithmHMACGnuTLS.cpp:
441         (WebCore::CryptoAlgorithmHMAC::platformSign):
442         (WebCore::CryptoAlgorithmHMAC::platformVerify):
443         * crypto/gnutls/CryptoAlgorithmRSAES_PKCS1_v1_5GnuTLS.cpp:
444         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformEncrypt):
445         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformDecrypt):
446         * crypto/gnutls/CryptoAlgorithmRSASSA_PKCS1_v1_5GnuTLS.cpp:
447         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign):
448         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify):
449         * crypto/gnutls/CryptoAlgorithmRSA_OAEPGnuTLS.cpp:
450         (WebCore::CryptoAlgorithmRSA_OAEP::platformEncrypt):
451         (WebCore::CryptoAlgorithmRSA_OAEP::platformDecrypt):
452         * crypto/keys/CryptoKeySerializationRaw.cpp:
453         (WebCore::CryptoKeySerializationRaw::reconcileAlgorithm):
454         * crypto/keys/CryptoKeySerializationRaw.h:
455
456 2016-07-09  Antti Koivisto  <antti@apple.com>
457
458         REGRESSION (r202931): breaks release builds with ASSERT_WITH_SECURITY_IMPLICATION for fuzzing
459         https://bugs.webkit.org/show_bug.cgi?id=159599
460         rdar://problem/27248835
461
462         Reviewed by Chris Dumez.
463
464         Make RenderStyle::deletionHasBegun() available with ENABLE(SECURITY_ASSERTIONS)
465
466         * rendering/style/RenderStyle.cpp:
467         (WebCore::RenderStyle::~RenderStyle):
468         * rendering/style/RenderStyle.h:
469         (WebCore::RenderStyle::deletionHasBegun):
470
471 2016-07-09  Youenn Fablet  <youenn@apple.com>
472
473         Make use of PrivateIdentifier to simplify Fetch Headers built-in checks
474         https://bugs.webkit.org/show_bug.cgi?id=159554
475
476         Reviewed by Alex Christensen.
477
478         Test: fetch/header-constructor-overriden.html
479         Patch does not change visible behavior.
480
481         * Modules/fetch/FetchHeaders.idl: Adding PrivateIdentifier to the Headers constructor.
482         * Modules/fetch/FetchHeaders.js:
483         (initializeFetchHeaders): Checking directly with @Headers for improved clarity.
484         * Modules/fetch/FetchResponse.js: Using @Headers to check whether creating a Headers object or not before
485         passsing it to C++ FetchResponse initialize method.
486         (initializeFetchResponse):
487         * bindings/js/WebCoreBuiltinNames.h: Adding Headers private name.
488
489 2016-07-08  Chris Dumez  <cdumez@apple.com>
490
491         adoptNode() changes css class to lowercase for document loaded with XHR responseType = "document"
492         https://bugs.webkit.org/show_bug.cgi?id=159555
493         <rdar://problem/27252541>
494
495         Reviewed by Ryosuke Niwa.
496
497         When adopting an Element from another document which has a different quirks mode,
498         case-sensitivity for id and class attributes differs and we need to correctly
499         update members such as ElementData::m_classNames or ElementData::m_idForStyleResolution.
500
501         To address the issue, have Element override didMoveToNewDocument() and call
502         attributeChanged() for id and class attributes.
503
504         Test: fast/dom/Document/adoptNode-quirks-mismatch.html
505
506         * dom/Element.cpp:
507         (WebCore::Element::didMoveToNewDocument):
508         * dom/Element.h:
509
510 2016-07-08  Daniel Bates  <dabates@apple.com>
511
512         Cleanup: Remove use of PassRefPtr from class HTMLTableElement
513         https://bugs.webkit.org/show_bug.cgi?id=159587
514
515         Reviewed by Chris Dumez.
516
517         * html/HTMLTableElement.cpp:
518         (WebCore::HTMLTableElement::setCaption): Take a rvalue reference to a RefPtr instead of a PassRefPtr.
519         (WebCore::HTMLTableElement::setTHead): Take a rvalue reference to a RefPtr instead of a PassRefPtr. Also
520         fix a style nit; add curly braces around the for-loop body since its body is more than a single line.
521         (WebCore::HTMLTableElement::createTHead): Use Ref::copyRef() instead of Ref::ptr() to pass the instantiated
522         table section to better convey that we are passing a copy of the table section.
523         (WebCore::HTMLTableElement::createCaption): Ditto.
524         * html/HTMLTableElement.h:
525
526 2016-07-08  Daniel Bates  <dabates@apple.com>
527
528         Move shouldInheritSecurityOriginFromOwner() from URL to Document
529         https://bugs.webkit.org/show_bug.cgi?id=158987
530
531         Reviewed by Alex Christensen.
532
533         The URL class should not have knowledge of the concept of an origin or the semantics of origin
534         inheritance as these are higher level concepts. We should make URL::shouldInheritSecurityOriginFromOwner()
535         a static non-member, non-friend function of Document because its implements the origin semantics
536         for a Document object as described in section Origin of the HTML5 spec., <https://html.spec.whatwg.org/multipage/browsers.html#origin> (8 July 2016).
537         These semantics only apply to Documents.
538
539         No functionality changed. So, no new tests.
540
541         * dom/Document.cpp:
542         (WebCore::shouldInheritSecurityOriginFromOwner): Added.
543         (WebCore::Document::initSecurityContext): Modified to call WebCore::shouldInheritSecurityOriginFromOwner().
544         (WebCore::Document::initContentSecurityPolicy): Ditto.
545         * platform/URL.cpp:
546         (WebCore::URL::shouldInheritSecurityOriginFromOwner): Deleted.
547         * platform/URL.h:
548
549 2016-07-08  Daniel Bates  <dabates@apple.com>
550
551         Setting table.tFoot or calling table.createTFoot() should append HTML tfont element to the end of the table
552         https://bugs.webkit.org/show_bug.cgi?id=159583
553         <rdar://problem/27255292>
554
555         In HTMLTableElement::createTFoot() I inadvertently made use of WTFMove() to move the instantiated
556         HTMLTableSectionElement into the argument passed to setTFoot(). We should use Ref::copyRef() instead
557         because we want this function to return the instantiated table section.
558
559         * html/HTMLTableElement.cpp:
560         (WebCore::HTMLTableElement::createTFoot):
561
562 2016-07-08  Daniel Bates  <dabates@apple.com>
563
564         Setting table.tFoot or calling table.createTFoot() should append HTML tfont element to the end of the table
565         https://bugs.webkit.org/show_bug.cgi?id=159583
566         <rdar://problem/27255292>
567
568         Reviewed by Chris Dumez.
569
570         he HTML standard has long since been revised to describe that assignment to property table.tFoot
571         or invoking table.createTFoot() will append the HTML tfoot element to the end of the table. This
572         behavior is defined in <https://html.spec.whatwg.org/multipage/tables.html#dom-table-tfoot> (8 July 2016)
573         and <https://html.spec.whatwg.org/multipage/tables.html#dom-table-createtfoot> for the property
574         table.tFoot and table.createTFoot(), respectively. This change makes our behavior match the
575         behavior in Mozilla Firefox, Microsoft Edge, Microsoft Internet Explorer 8 and later.
576
577         * html/HTMLTableElement.cpp:
578         (WebCore::HTMLTableElement::setTFoot): Append <tfoot> to the end of the table. Use RefPtr<>&& instead of PassRefPtr.
579         (WebCore::HTMLTableElement::createTFoot): Use RefPtr<>&& instead of PassRefPtr.
580         * html/HTMLTableElement.h:
581
582 2016-07-08  Jer Noble  <jer.noble@apple.com>
583
584         Crash in layout test /media/video-buffered-range-contains-currentTime.html
585         https://bugs.webkit.org/show_bug.cgi?id=159109
586         <rdar://problem/26535750>
587
588         Reviewed by Alex Christensen.
589
590         Protect against _dataTasks being mutated and accessed on multiple simultaneous threads with a Lock.
591
592         * platform/network/cocoa/WebCoreNSURLSession.h:
593         * platform/network/cocoa/WebCoreNSURLSession.mm:
594         (-[WebCoreNSURLSession dealloc]):
595         (-[WebCoreNSURLSession taskCompleted:]):
596         (-[WebCoreNSURLSession finishTasksAndInvalidate]):
597         (-[WebCoreNSURLSession invalidateAndCancel]):
598         (-[WebCoreNSURLSession getTasksWithCompletionHandler:]):
599         (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]):
600         (-[WebCoreNSURLSession dataTaskWithRequest:]):
601         (-[WebCoreNSURLSession dataTaskWithURL:]):
602
603 2016-07-08  Jeremy Jones  <jeremyj@apple.com>
604
605         Prevent fullscreen video dimension state from being reset after configuring.
606         https://bugs.webkit.org/show_bug.cgi?id=159578
607
608         Reviewed by Jer Noble.
609
610         This change moves setVideoElement() to after setMediaElement(), since setMediaElement() resets the
611         mediaState, undoing the configuration done by setVideoElement().
612
613         This change is fragile, but minimal. The proper, more comprehinsive fix will come later from
614         https://bugs.webkit.org/show_bug.cgi?id=159580.
615
616         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
617         (WebVideoFullscreenControllerContext::setUpFullscreen):
618
619 2016-07-08  Andy Estes  <aestes@apple.com>
620
621         [Content Filtering] Load blocked pages more like other error pages are loaded
622         https://bugs.webkit.org/show_bug.cgi?id=159485
623         <rdar://problem/26014076>
624
625         Reviewed by Brady Eidson.
626
627         Content filter blocked pages were being loaded by cancelling the provisional load of the
628         page that was blocked and then scheduling a navigation to the content filter error page.
629         Some clients would not expect a new, Web process-initiated provisional navigation to start
630         after a cancellation, though, and this would put them in a bad state.
631         
632         This patch changes blocked page loading to behave more like loading other error pages.
633         Specifically:
634         1. didFailProvisionalLoad is dispatched with a new, non-cancellation error code.
635         2. The blocked page is loaded immediately after dispatching didFailProvisionalLoad, which
636            prevents FrameLoader from creating a new back-forward list item for the substitute data load.
637         3. A substitute data load initiated by the client for the blocked URL is ignored if
638            ContentFilter will display its own error page.
639         4. A file: URL is used instead of a custom scheme for the base URL of the blocked page,
640            since some clients expect this.
641
642         Updated existing tests to capture frame load delegate callbacks and the back forward list.
643         Added new API tests: ContentFiltering.LoadAlternate*.
644
645         * English.lproj/Localizable.strings: Added a WebKitErrorFrameLoadBlockedByContentFilter description.
646         * Resources/ContentFilterBlockedPage.html: Added.
647         * WebCore.xcodeproj/project.pbxproj: Added ContentFilterBlockedPage.html as a frameowrk resource.
648         * loader/ContentFilter.cpp:
649         (WebCore::ContentFilter::continueAfterWillSendRequest): Protected m_documentLoader,
650         since it might otherwise be deallocated inside ContentFilter::didDecide() if the load is blocked.
651         (WebCore::ContentFilter::stopFilteringMainResource): Only set m_state to Stopped if not
652         already Blocked, so that we don't forget this ContentFilter was blocked when calling
653         cancelMailResourceLoad() in didDecide().
654         (WebCore::ContentFilter::continueAfterResponseReceived): Protected m_documentLoader,
655         since it might otherwise be deallocated inside ContentFilter::didDecide() if the load is blocked.
656         (WebCore::ContentFilter::continueAfterDataReceived): Ditto.
657         (WebCore::ContentFilter::continueAfterNotifyFinished): Ditto.
658         (WebCore::ContentFilter::didDecide): Moved code from DocumentLoader::contentFilterDidBlock() to here.
659         Created a blockedByContentFilterError() and called cancelMainResourceLoad().
660         (WebCore::blockedPageURL): Returned a file: URL to ContentFilterBlockedPage.html in WebCore.framework.
661         (WebCore::ContentFilter::continueAfterSubstituteDataRequest): If the substitute data load
662         is for the same failingURL as the currently-displayed blocked page, ignore it.
663         (WebCore::ContentFilter::handleProvisionalLoadFailure): Load the blocked page if m_state is Blocked
664         and the ResourceError matches the error we used when previously calling cancelMainResourceLoad().
665         (WebCore::ContentFilter::unblockHandler): Deleted.
666         (WebCore::ContentFilter::replacementData): Deleted.
667         (WebCore::ContentFilter::unblockRequestDeniedScript): Deleted.
668         * loader/ContentFilter.h:
669         * loader/DocumentLoader.cpp:
670         (WebCore::DocumentLoader::contentFilter): Returned m_contentFilter.
671         (WebCore::DocumentLoader::installContentFilterUnblockHandler): Deleted.
672         (WebCore::DocumentLoader::contentFilterDidBlock): Deleted.
673         * loader/DocumentLoader.h:
674         * loader/EmptyClients.h: Added a default implementation of blockedByContentFilterError().
675         * loader/FrameLoader.cpp:
676         (WebCore::FrameLoader::load): If m_loadType was already RedirectWithLockedBackForwardList
677         and we are loading subsitute data for a failing URL, continue to use RedirectWithLockedBackForwardList.
678         This prevents a new back-forward list item from being created when loading a blocked page in a subframe.
679         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
680         Called ContentFilter::handleProvisionalLoadFailure() after dispatchDidFailProvisionalLoad().
681         (WebCore::FrameLoader::blockedByContentFilterError): Called FrameLoaderClient::blockedByContentFilterError().
682         * loader/FrameLoader.h:
683         * loader/FrameLoaderClient.h:
684         * loader/NavigationScheduler.cpp:
685         (WebCore::ScheduledSubstituteDataLoad::ScheduledSubstituteDataLoad): Deleted.
686         (WebCore::NavigationScheduler::scheduleSubstituteDataLoad): Deleted.
687         * loader/NavigationScheduler.h:
688         * loader/PolicyChecker.cpp:
689         (WebCore::PolicyChecker::checkNavigationPolicy): Ignored a substitute data load for a
690         failing URL if ContentFilter::continueAfterSubstituteDataRequest() returns false.
691
692 2016-07-08  Myles C. Maxfield  <mmaxfield@apple.com>
693
694         [Font Loading] The callback passed to document.fonts.ready should always be called
695         https://bugs.webkit.org/show_bug.cgi?id=158884
696
697         Reviewed by Dean Jackson.
698
699         The boolean was simply not being reset when loads start.
700
701         Test: fast/text/font-face-set-ready-fire.html
702
703         * css/FontFaceSet.cpp:
704         (WebCore::FontFaceSet::startedLoading):
705         * css/FontFaceSet.h:
706
707 2016-07-08  Commit Queue  <commit-queue@webkit.org>
708
709         Unreviewed, rolling out r202944.
710         https://bugs.webkit.org/show_bug.cgi?id=159570
711
712         caused some tests to crash under GuardMalloc (Requested by
713         estes on #webkit).
714
715         Reverted changeset:
716
717         "[Content Filtering] Load blocked pages more like other error
718         pages are loaded"
719         https://bugs.webkit.org/show_bug.cgi?id=159485
720         http://trac.webkit.org/changeset/202944
721
722 2016-07-08  Antti Koivisto  <antti@apple.com>
723
724         Regression(r201805): Crash with <use> resource that has Vary header
725         https://bugs.webkit.org/show_bug.cgi?id=159560
726         <rdar://problem/27034208>
727
728         Reviewed by Chris Dumez.
729
730         In some situations (SVG <use> element for example) we may try to load resources from frameless documents.
731         Such loads always fail. The new vary header verification code path tried to access the frame earlier without
732         null check.
733
734         Test: http/tests/cache/vary-frameless-document.html
735
736         * loader/cache/CachedResource.cpp:
737         (WebCore::CachedResource::failBeforeStarting):
738         (WebCore::addAdditionalRequestHeadersToRequest):
739
740             Null check frame.
741             Also move the resource type check here so all callers get the same behavior.
742
743         (WebCore::CachedResource::addAdditionalRequestHeaders):
744         (WebCore::CachedResource::load):
745         (WebCore::CachedResource::varyHeaderValuesMatch):
746
747 2016-07-08  Brady Eidson  <beidson@apple.com>
748
749         Clearing LocalStorage doesn't also delete -wal and -shm files.
750         <rdar://problem/27206772> and https://bugs.webkit.org/show_bug.cgi?id=159566
751
752         Reviewed by Brent Fulgham.
753         Also helpfully picked over by Andy "Never Forgets" Estes.
754
755         Covered by new API test.
756
757         * WebCore.xcodeproj/project.pbxproj:
758
759         * platform/sql/SQLiteFileSystem.h:
760
761 2016-07-08  Commit Queue  <commit-queue@webkit.org>
762
763         Unreviewed, rolling out r202945.
764         https://bugs.webkit.org/show_bug.cgi?id=159565
765
766         The test for this change is failing on all platforms.
767         (Requested by ryanhaddad on #webkit).
768
769         Reverted changeset:
770
771         "[Font Loading] The callback passed to document.fonts.ready
772         should always be called"
773         https://bugs.webkit.org/show_bug.cgi?id=158884
774         http://trac.webkit.org/changeset/202945
775
776 2016-07-08  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
777
778         ExecState should be passed by reference in JS bindings generator for custom constructors
779         https://bugs.webkit.org/show_bug.cgi?id=159357
780
781         Reviewed by Youenn Fablet.
782
783         Pass ExecState as a reference instead of pointer in JS bindings
784         code for custom constructors.
785
786         * bindings/js/JSAudioContextCustom.cpp:
787         (WebCore::constructJSAudioContext):
788         * bindings/js/JSBlobCustom.cpp:
789         (WebCore::constructJSBlob):
790         * bindings/js/JSDOMFormDataCustom.cpp:
791         (WebCore::constructJSDOMFormData):
792         (WebCore::JSDOMFormData::append):
793         * bindings/js/JSDataCueCustom.cpp:
794         (WebCore::constructJSDataCue):
795         * bindings/js/JSFileCustom.cpp:
796         (WebCore::constructJSFile):
797         * bindings/js/JSHTMLElementCustom.cpp:
798         (WebCore::constructJSHTMLElement):
799         * bindings/js/JSMediaSessionCustom.cpp:
800         (WebCore::constructJSMediaSession):
801         * bindings/js/JSMutationObserverCustom.cpp:
802         (WebCore::constructJSMutationObserver):
803         * bindings/js/JSReadableStreamPrivateConstructors.cpp:
804         (WebCore::constructJSReadableStreamController):
805         (WebCore::constructJSReadableStreamReader):
806         * bindings/js/JSWebKitPointCustom.cpp:
807         (WebCore::constructJSWebKitPoint):
808         * bindings/js/JSWorkerCustom.cpp:
809         (WebCore::constructJSWorker):
810         * bindings/scripts/CodeGeneratorJS.pm:
811         (GenerateHeader):
812         (GenerateConstructorDefinition):
813         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
814         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectConstructor::construct):
815         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
816
817 2016-07-08  Olivier Blin  <olivier.blin@softathome.com>
818
819         Expose crossOrigin attribute as a static property in HTMLMediaElement
820         https://bugs.webkit.org/show_bug.cgi?id=159459
821
822         Reviewed by Chris Dumez.
823
824         The crossOrigin attribute is already used for MediaResourceLoader
825         (r119742 and r175050), but it was not exposed as a static property.
826
827         This fixes VR360 support in Dailymotion, since it uses the "in"
828         operator to detect if crossOrigin is supported by the
829         HTMLVideoElement, in order to enable VR360.
830
831         No new tests, rebaselined existing tests, 150 WPT tests are fixed.
832
833         * html/HTMLMediaElement.cpp:
834         (WebCore::HTMLMediaElement::setCrossOrigin):
835         (WebCore::HTMLMediaElement::crossOrigin):
836         * html/HTMLMediaElement.h:
837         * html/HTMLMediaElement.idl:
838
839 2016-03-20  Frederic Wang  <fwang@igalia.com>
840
841         Use Fraction* parameters from the OpenType MATH table
842         https://bugs.webkit.org/show_bug.cgi?id=155639
843
844         Reviewed by Brent Fulgham.
845
846         We improve the RenderMathMLFraction so minimal vertical shifts and gaps
847         from the MATH table (or arbitrary fallback) are used for fractions.
848         We also change the interpretation of "thick" and "thin" linethickness values
849         to match Gecko's behavior and the one suggested in the MathML in HTML5 implementation note.
850
851         Test: imported/mathml-in-html5/mathml/presentation-markup/fractions/frac-parameters-1.html
852
853         * rendering/mathml/MathMLStyle.cpp:
854         (WebCore::MathMLStyle::updateStyleIfNeeded): set NeedsLayout after displaystyle change
855         so that dynamic MathML tests still work.
856         * rendering/mathml/RenderMathMLFraction.cpp:
857         (WebCore::RenderMathMLFraction::RenderMathMLFraction): Init LayoutUnit members to zero.
858         (WebCore::RenderMathMLFraction::updateFromElement):
859         Set new members for fraction gaps and shifts using Fraction* constants or some fallback
860         values. Change the interpretation of "thick" and "thin".
861         (WebCore::RenderMathMLFraction::layoutBlock): Use new constants affecting vertical
862         positions of numerator and denominator.
863         (WebCore::RenderMathMLFraction::paint): Use m_ascent to set the vertical position
864         of the fraction bar.
865         (WebCore::RenderMathMLFraction::firstLineBaseline): We just return m_ascent.
866         * rendering/mathml/RenderMathMLFraction.h: Make updateFromElement public so that
867         it can be used in MathMLStyle. Add LayoutUnit members for the ascent of the fraction
868         and for minimal shifts/gaps values.
869
870 2016-07-08  Frederic Wang  <fwang@igalia.com>
871
872         Use Radical* constants from the OpenType MATH table.
873         https://bugs.webkit.org/show_bug.cgi?id=155638
874
875         Reviewed by Brent Fulgham.
876
877         Test: mathml/mathml-in-html5/root-parameters-1.html
878
879         We make the radical vertical gap depends on displaystyle.
880         This is the only remaining step to use all the Radical* constants from the MATH table.
881         We also introduce a ruleThicknessFallback function for future use.
882
883         * rendering/mathml/RenderMathMLBlock.h:
884         (WebCore::RenderMathMLBlock::ruleThicknessFallback): Add this helper function since that
885         calculation is used in several places.
886         * rendering/mathml/RenderMathMLRoot.cpp:
887         (WebCore::RenderMathMLRoot::updateStyle): Reorganize the way we set constant parameters,
888         add more comments and take into account the displaystyle for the vertical gap.
889
890 2016-07-08  Commit Queue  <commit-queue@webkit.org>
891
892         Unreviewed, rolling out r202967.
893         https://bugs.webkit.org/show_bug.cgi?id=159556
894
895         This patch caused crashes in https tests on Windows (Requested
896         by perarne on #webkit).
897
898         Reverted changeset:
899
900         "[Win] The test http/tests/security/contentSecurityPolicy
901         /upgrade-insecure-requests/basic-upgrade.https.html is
902         failing."
903         https://bugs.webkit.org/show_bug.cgi?id=159510
904         http://trac.webkit.org/changeset/202967
905
906 2016-07-08  Youenn Fablet  <youenn@apple.com>
907
908         Generate WebCore builtin wrapper files
909         https://bugs.webkit.org/show_bug.cgi?id=159461
910
911         Reviewed by Brian Burg.
912
913         No change of behavior.
914
915         Updating build system to handle new built-in generators without modifying WebCoreJSBuiltins* files.
916         The generator is now passed all built-ins at once so that wrapper files can be generated.
917         Removing WebCoreJSBuiltins* checked-in wrapper files.
918
919         * CMakeLists.txt:
920         * DerivedSources.make:
921         * WebCore.xcodeproj/project.pbxproj:
922         * bindings/js/JSDOMGlobalObject.cpp:
923         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
924         * bindings/js/JSDOMGlobalObject.h:
925         * bindings/js/WebCoreJSBuiltinInternals.cpp: Removed.
926         * bindings/js/WebCoreJSBuiltinInternals.h: Removed.
927         * bindings/js/WebCoreJSBuiltins.cpp: Removed.
928         * bindings/js/WebCoreJSBuiltins.h: Removed.
929
930 2016-07-08  Manuel Rego Casasnovas  <rego@igalia.com>
931
932         [css-grid] Inline size is never indefinite during layout
933         https://bugs.webkit.org/show_bug.cgi?id=159253
934
935         Reviewed by Sergio Villar Senin.
936
937         The issue is that the inline size of the grid container
938         is only indefinite while we're computing the intrinsic sizes.
939         During layout we should be able to resolve the percentage tracks
940         against that size. This makes Grid Layout compatible with regular blocks
941         regarding how inline percentages are resolved.
942
943         The patch passes the SizingOperation enum to RenderGrid::gridTrackSize().
944         That way we can know if we're computing the intrinsic sizes or not.
945
946         Test: fast/css-grid-layout/grid-container-percentage-columns.html
947
948         * rendering/RenderGrid.cpp:
949         (WebCore::RenderGrid::computeTrackSizesForDirection):
950         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
951         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
952         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
953         (WebCore::RenderGrid::gridTrackSize):
954         (WebCore::RenderGrid::minSizeForChild):
955         (WebCore::RenderGrid::spanningItemCrossesFlexibleSizedTracks):
956         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
957         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
958         (WebCore::RenderGrid::tracksAreWiderThanMinTrackBreadth):
959         (WebCore::RenderGrid::rawGridTrackSize): Deleted.
960         * rendering/RenderGrid.h:
961
962 2016-07-08  Frederic Wang  <fwang@igalia.com>
963
964         Use OpenType MATH constant AxisHeight.
965         https://bugs.webkit.org/show_bug.cgi?id=133567
966
967         Reviewed by Brent Fulgham.
968
969         We make RenderMathMLOperator and RenderMathMLTable use the OpenType MATH constant AxisHeight.
970         These are the only remaining cases to handle since RenderMathMLFraction already uses that constant.
971
972         Tests: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
973               imported/mathml-in-html5/mathml/presentation-markup/tables/table-axis-height.html
974
975         * rendering/mathml/RenderMathMLBlock.cpp: Make RenderMathMLTable use the math axis
976         for its vertical alignment and update a bit the comments.
977         (WebCore::axisHeight): Move the code in a static function that can be called by
978         RenderMathMLBlock and RenderMathMLTable.
979         (WebCore::RenderMathMLBlock::mathAxisHeight): Use axisHeight.
980         (WebCore::RenderMathMLTable::firstLineBaseline): Ditto.
981         * rendering/mathml/RenderMathMLOperator.cpp:
982         (WebCore::RenderMathMLOperator::stretchTo):
983
984 2016-07-08  Manuel Rego Casasnovas  <rego@igalia.com>
985
986         [css-grid] Disallow repeat() in grid-template shorthand
987         https://bugs.webkit.org/show_bug.cgi?id=159200
988
989         Reviewed by Sergio Villar Senin.
990
991         As discussed on www-style, "repeat()" notation shouldn't be allowed
992         in the ASCII branch of the grid-template shorthand.
993         https://lists.w3.org/Archives/Public/www-style/2016May/0193.html
994
995         The patch uses an enum to invalidate "repeat()" when parsing
996         the grid-template shorthand.
997
998         Test: fast/css-grid-layout/grid-template-shorthand-get-set.html
999
1000         * css/CSSParser.cpp:
1001         (WebCore::CSSParser::parseGridTemplateColumns): Add enum.
1002         (WebCore::CSSParser::parseGridTemplateRowsAndAreasAndColumns): Pass "DisallowRepeat"
1003         when calling parseGridTemplateColumns().
1004         (WebCore::CSSParser::parseGridTrackList): Use enum to allow/disallow repeat.
1005         * css/CSSParser.h: Define the new enum and modify method signatures to use it,
1006         setting it to "AllowRepeat" by default.
1007
1008 2016-07-08  Frederic Wang  <fwang@igalia.com>
1009
1010         Add support for movablelimits.
1011         https://bugs.webkit.org/show_bug.cgi?id=155542
1012
1013         Reviewed by Brent Fulgham.
1014
1015         Tests: mathml/presentation/displaystyle-1.html
1016                mathml/presentation/displaystyle-2.html
1017                mathml/presentation/displaystyle-3.html
1018                mathml/presentation/mo-movablelimits-default.html
1019                mathml/presentation/mo-movablelimits-dynamic.html
1020                mathml/presentation/mo-movablelimits.html
1021
1022         * mathml/MathMLTextElement.cpp:
1023         (WebCore::MathMLTextElement::parseAttribute): Take into account change of movablelimits.
1024         * rendering/mathml/MathMLOperatorDictionary.h: Remove FIXME comment.
1025         * rendering/mathml/MathMLStyle.cpp:
1026         (WebCore::MathMLStyle::updateStyleIfNeeded): Force relayout and width computation when a
1027         displaystyle value change.
1028         * rendering/mathml/RenderMathMLOperator.h:
1029         (WebCore::RenderMathMLOperator::shouldMoveLimits): Helper function to test if the operator
1030         should have his limits moved when used as a base of munder/mover/munderover.
1031         * rendering/mathml/RenderMathMLScripts.cpp: Allow munderover/munder/mover elements to use
1032         this class and take the same behavior as the corresponding msubsup/msub/sup except for
1033         the *scriptshift attributes.
1034         (WebCore::RenderMathMLScripts::RenderMathMLScripts):
1035         (WebCore::RenderMathMLScripts::getBaseAndScripts):
1036         (WebCore::RenderMathMLScripts::computePreferredLogicalWidths):
1037         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
1038         (WebCore::RenderMathMLScripts::layoutBlock):
1039         * rendering/mathml/RenderMathMLScripts.h: Allow some members to be accessible/overridden
1040         by RenderMathMLUnderOver and add munderover/munder/mover in the kind.
1041         * rendering/mathml/RenderMathMLUnderOver.cpp:
1042         (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver): We use the code from
1043         RenderMathMLScripts to initialize m_kind.
1044         (WebCore::RenderMathMLUnderOver::shouldMoveLimits): New function to determine if the base
1045         should move its limits.
1046         (WebCore::RenderMathMLUnderOver::computePreferredLogicalWidths): We use the code from
1047         RenderMathMLScripts when the base should move its limits.
1048         (WebCore::RenderMathMLUnderOver::layoutBlock): We use the code from RenderMathMLScripts when
1049         the base should move its limits. Also improve the early return for invalid markup.
1050         (WebCore::RenderMathMLUnderOver::unembellishedOperator): Deleted. We use the code from RenderMathMLScripts.
1051         (WebCore::RenderMathMLUnderOver::firstLineBaseline): Deleted. We use the code from RenderMathMLScripts.
1052         * rendering/mathml/RenderMathMLUnderOver.h: We now inherit from RenderMathMLScripts and can
1053         just remove members that exist in the parent. We define shouldMoveLimits() to determine
1054         when the layout should be done the same as RenderMathMLScripts. For now, we try and be
1055         safe with the rest of the code by continuing to claim that we are not a RenderMathMLScripts.
1056
1057 2016-07-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1058
1059         Clean up PassRefPtr in Modules/webaudio
1060         https://bugs.webkit.org/show_bug.cgi?id=159540
1061
1062         Reviewed by Alex Christensen.
1063
1064         Purge PassRefPtr in webaudio directory.
1065
1066         No new tests, no behavior changes.
1067
1068         * Modules/webaudio/AsyncAudioDecoder.h:
1069         * Modules/webaudio/AudioBasicProcessorNode.h:
1070         * Modules/webaudio/AudioBuffer.h:
1071         * Modules/webaudio/AudioBufferSourceNode.h:
1072         * Modules/webaudio/AudioListener.h:
1073         * Modules/webaudio/AudioParam.h:
1074         * Modules/webaudio/AudioParamTimeline.h:
1075         (WebCore::AudioParamTimeline::ParamEvent::ParamEvent):
1076         * Modules/webaudio/AudioProcessingEvent.cpp:
1077         (WebCore::AudioProcessingEvent::AudioProcessingEvent):
1078         * Modules/webaudio/AudioProcessingEvent.h:
1079         (WebCore::AudioProcessingEvent::create):
1080         * Modules/webaudio/ChannelMergerNode.h:
1081         * Modules/webaudio/ChannelSplitterNode.h:
1082         * Modules/webaudio/GainNode.h:
1083         * Modules/webaudio/MediaElementAudioSourceNode.h:
1084         * Modules/webaudio/MediaStreamAudioDestinationNode.h:
1085         * Modules/webaudio/MediaStreamAudioSource.cpp:
1086         (WebCore::MediaStreamAudioSource::addAudioConsumer):
1087         * Modules/webaudio/MediaStreamAudioSource.h:
1088         * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
1089         (WebCore::OfflineAudioCompletionEvent::create):
1090         (WebCore::OfflineAudioCompletionEvent::OfflineAudioCompletionEvent):
1091         * Modules/webaudio/OfflineAudioCompletionEvent.h:
1092         * Modules/webaudio/OfflineAudioDestinationNode.h:
1093         * Modules/webaudio/OscillatorNode.h:
1094         * Modules/webaudio/PeriodicWave.h:
1095         * Modules/webaudio/ScriptProcessorNode.h:
1096
1097 2016-07-07  Per Arne Vollan  <pvollan@apple.com>
1098
1099         [Win] The test http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade.https.html is failing.
1100         https://bugs.webkit.org/show_bug.cgi?id=159510
1101
1102         Reviewed by Brent Fulgham.
1103
1104         On Windows, validate certificate chain even when any https certificate is allowed.
1105
1106         * platform/network/cf/ResourceHandleCFNet.cpp:
1107         (WebCore::ResourceHandle::createCFURLConnection):
1108
1109 2016-07-07  Frederic Wang  <fwang@igalia.com>
1110
1111         Bug 155792 - Basic implementation of mpadded
1112         https://bugs.webkit.org/show_bug.cgi?id=155792
1113
1114         Reviewed by Brent Fulgham.
1115
1116         We implement a basic support for the mpadded element.
1117         We support most of the attribute values except pseudo-units or negative values.
1118
1119         Tests: mathml/presentation/mpadded-1-2.html
1120                mathml/presentation/mpadded-1.html
1121                mathml/presentation/mpadded-2.html
1122                mathml/presentation/mpadded-3.html
1123                mathml/presentation/mpadded-unsupported-values.html
1124                mathml/presentation/mpadded-dynamic.html
1125
1126         * CMakeLists.txt: Add RenderMathMLPadded to the build system.
1127         * WebCore.xcodeproj/project.pbxproj: Ditto.
1128         * mathml/MathMLInlineContainerElement.cpp:
1129         (WebCore::MathMLInlineContainerElement::createElementRenderer): Create the renderer
1130         for mpadded.
1131         * mathml/mathattrs.in: Add voffset attribute.
1132         * mathml/mathtags.in: Make mpadded use MathMLInlineContainerElement.
1133         * rendering/RenderObject.h:
1134         (WebCore::RenderObject::isRenderMathMLPadded): Define isRenderMathMLPadded.
1135         * rendering/mathml/RenderMathMLPadded.cpp: Added.
1136         We do a simple implementation by overriding the behavior of RenderMathMLRow and forcing
1137         relayout after attribute or style change.
1138         (WebCore::RenderMathMLPadded::RenderMathMLPadded):
1139         (WebCore::RenderMathMLPadded::computePreferredLogicalWidths):
1140         (WebCore::RenderMathMLPadded::layoutBlock):
1141         (WebCore::RenderMathMLPadded::updateFromElement):
1142         (WebCore::RenderMathMLPadded::styleDidChange):
1143         (WebCore::RenderMathMLPadded::firstLineBaseline):
1144         * rendering/mathml/RenderMathMLPadded.h: Added.
1145
1146 2016-07-07  Frederic Wang  <fwang@igalia.com>
1147
1148         Move MathML-specific code into a separate accessibility class
1149         https://bugs.webkit.org/show_bug.cgi?id=159213
1150
1151         Reviewed by Chris Fleizach.
1152
1153         Currently, MathML accessibility is completely handled in the generic AccessibilityRenderObject
1154         and it's sometimes messy and unconvenient. Hence we move most of the MathML-specific code
1155         into a separate AccessibilityMathMLElement class to facilitate future work and maintenance.
1156
1157         No new tests, already covered by existing tests.
1158
1159         * CMakeLists.txt: Add new AccessibilityMathMLElement module.
1160         * WebCore.xcodeproj/project.pbxproj: Ditto.
1161         * accessibility/AccessibilityAllInOne.cpp: Ditto.
1162         * accessibility/AXObjectCache.cpp: Add MathML headers and create AccessibilityMathMLElement.
1163         (WebCore::createFromRenderer): Create AccessibilityMathMLElement for MathML elements and
1164         anonymous operators created by the mfenced element.
1165         * accessibility/AccessibilityMathMLElement.cpp: Added. This class handles all the MathML
1166         elements as well as the anonymous operators created by the mfenced element. A boolean is
1167         passed to the constructor to indicate whether we are in the latter case.
1168         (WebCore::AccessibilityMathMLElement::AccessibilityMathMLElement):
1169         (WebCore::AccessibilityMathMLElement::~AccessibilityMathMLElement):
1170         (WebCore::AccessibilityMathMLElement::create):
1171         (WebCore::AccessibilityMathMLElement::determineAccessibilityRole): Move handling of specific
1172         MathElementRole and DocumentMathRole here.
1173         (WebCore::AccessibilityMathMLElement::textUnderElement): Move retrieval of text from the
1174         anonymous operators here.
1175         (WebCore::AccessibilityMathMLElement::stringValue): Ditto.
1176         (WebCore::AccessibilityMathMLElement::isIgnoredElementWithinMathTree): Move the determination
1177         of ignored math elements here.
1178         (WebCore::AccessibilityMathMLElement::isMathFraction): Moved from AccessibilityRenderObject.
1179         (WebCore::AccessibilityMathMLElement::isMathFenced): Ditto.
1180         (WebCore::AccessibilityMathMLElement::isMathSubscriptSuperscript): Ditto.
1181         (WebCore::AccessibilityMathMLElement::isMathRow): Ditto.
1182         (WebCore::AccessibilityMathMLElement::isMathUnderOver): Ditto.
1183         (WebCore::AccessibilityMathMLElement::isMathSquareRoot): Ditto.
1184         (WebCore::AccessibilityMathMLElement::isMathToken): Ditto.
1185         (WebCore::AccessibilityMathMLElement::isMathRoot): Ditto.
1186         (WebCore::AccessibilityMathMLElement::isMathOperator): Ditto.
1187         (WebCore::AccessibilityMathMLElement::isAnonymousMathOperator): Move the determination of
1188         anonymous operators here. We now just return the boolean passed at creation time.
1189         (WebCore::AccessibilityMathMLElement::isMathFenceOperator): Moved from
1190         AccessibilityRenderObject.
1191         (WebCore::AccessibilityMathMLElement::isMathSeparatorOperator): Ditto.
1192         (WebCore::AccessibilityMathMLElement::isMathText): Ditto.
1193         (WebCore::AccessibilityMathMLElement::isMathNumber): Ditto.
1194         (WebCore::AccessibilityMathMLElement::isMathIdentifier): Ditto.
1195         (WebCore::AccessibilityMathMLElement::isMathMultiscript): Ditto.
1196         (WebCore::AccessibilityMathMLElement::isMathTable): Ditto.
1197         (WebCore::AccessibilityMathMLElement::isMathTableRow): Ditto.
1198         (WebCore::AccessibilityMathMLElement::isMathTableCell): Ditto.
1199         (WebCore::AccessibilityMathMLElement::isMathScriptObject): Ditto.
1200         (WebCore::AccessibilityMathMLElement::isMathMultiscriptObject): Ditto.
1201         (WebCore::AccessibilityMathMLElement::mathRadicandObject): Ditto.
1202         (WebCore::AccessibilityMathMLElement::mathRootIndexObject): Ditto.
1203         (WebCore::AccessibilityMathMLElement::mathNumeratorObject): Ditto.
1204         (WebCore::AccessibilityMathMLElement::mathDenominatorObject): Ditto.
1205         (WebCore::AccessibilityMathMLElement::mathUnderObject): Ditto.
1206         (WebCore::AccessibilityMathMLElement::mathOverObject): Ditto.
1207         (WebCore::AccessibilityMathMLElement::mathBaseObject): Ditto.
1208         (WebCore::AccessibilityMathMLElement::mathSubscriptObject): Ditto.
1209         (WebCore::AccessibilityMathMLElement::mathSuperscriptObject): Ditto.
1210         (WebCore::AccessibilityMathMLElement::mathFencedOpenString): Ditto.
1211         (WebCore::AccessibilityMathMLElement::mathFencedCloseString): Ditto.
1212         (WebCore::AccessibilityMathMLElement::mathPrescripts): Ditto.
1213         (WebCore::AccessibilityMathMLElement::mathPostscripts): Ditto.
1214         (WebCore::AccessibilityMathMLElement::mathLineThickness): Ditto.
1215         * accessibility/AccessibilityMathMLElement.h: Added.
1216         * accessibility/AccessibilityRenderObject.cpp:
1217         (WebCore::AccessibilityRenderObject::isIgnoredElementWithinMathTree): The cases of
1218         AccessibilityMathMLElement objects are now handled in the derived class. We remove the case
1219         of text node since the MathML code no longer creates anonymous text nodes after r202420.
1220         Anonymous block inserted into RenderMathMLBlocks to honor CSS rules are not AccessibilityMathMLElements
1221         and it does not seem safe to modify AXObjectCache::createFromRenderer to force that. Hence
1222         we still need to be handle them here.
1223         (WebCore::AccessibilityRenderObject::textUnderElement): This code is moved into AccessibilityMathMLElement.
1224         (WebCore::AccessibilityRenderObject::stringValue): Ditto.
1225         (WebCore::AccessibilityRenderObject::determineAccessibilityRole): Ditto.
1226         (WebCore::AccessibilityRenderObject::isMathElement): Deleted.
1227         (WebCore::AccessibilityRenderObject::isMathFraction): Deleted.
1228         (WebCore::AccessibilityRenderObject::isMathFenced): Deleted.
1229         (WebCore::AccessibilityRenderObject::isMathSubscriptSuperscript): Deleted.
1230         (WebCore::AccessibilityRenderObject::isMathRow): Deleted.
1231         (WebCore::AccessibilityRenderObject::isMathUnderOver): Deleted.
1232         (WebCore::AccessibilityRenderObject::isMathSquareRoot): Deleted.
1233         (WebCore::AccessibilityRenderObject::isMathToken): Deleted.
1234         (WebCore::AccessibilityRenderObject::isMathRoot): Deleted.
1235         (WebCore::AccessibilityRenderObject::isMathOperator): Deleted.
1236         (WebCore::AccessibilityRenderObject::isAnonymousMathOperator): Deleted.
1237         (WebCore::AccessibilityRenderObject::isMathFenceOperator): Deleted.
1238         (WebCore::AccessibilityRenderObject::isMathSeparatorOperator): Deleted.
1239         (WebCore::AccessibilityRenderObject::isMathText): Deleted.
1240         (WebCore::AccessibilityRenderObject::isMathNumber): Deleted.
1241         (WebCore::AccessibilityRenderObject::isMathIdentifier): Deleted.
1242         (WebCore::AccessibilityRenderObject::isMathMultiscript): Deleted.
1243         (WebCore::AccessibilityRenderObject::isMathTable): Deleted.
1244         (WebCore::AccessibilityRenderObject::isMathTableRow): Deleted.
1245         (WebCore::AccessibilityRenderObject::isMathTableCell): Deleted.
1246         (WebCore::AccessibilityRenderObject::isMathScriptObject): Deleted.
1247         (WebCore::AccessibilityRenderObject::isMathMultiscriptObject): Deleted.
1248         (WebCore::AccessibilityRenderObject::mathRadicandObject): Deleted.
1249         (WebCore::AccessibilityRenderObject::mathRootIndexObject): Deleted.
1250         (WebCore::AccessibilityRenderObject::mathNumeratorObject): Deleted.
1251         (WebCore::AccessibilityRenderObject::mathDenominatorObject): Deleted.
1252         (WebCore::AccessibilityRenderObject::mathUnderObject): Deleted.
1253         (WebCore::AccessibilityRenderObject::mathOverObject): Deleted.
1254         (WebCore::AccessibilityRenderObject::mathBaseObject): Deleted.
1255         (WebCore::AccessibilityRenderObject::mathSubscriptObject): Deleted.
1256         (WebCore::AccessibilityRenderObject::mathSuperscriptObject): Deleted.
1257         (WebCore::AccessibilityRenderObject::mathFencedOpenString): Deleted.
1258         (WebCore::AccessibilityRenderObject::mathFencedCloseString): Deleted.
1259         (WebCore::AccessibilityRenderObject::mathPrescripts): Deleted.
1260         (WebCore::AccessibilityRenderObject::mathPostscripts): Deleted.
1261         (WebCore::AccessibilityRenderObject::mathLineThickness): Deleted.
1262         * accessibility/AccessibilityRenderObject.h: Remove declarations of functions that are now
1263         overridden in AccessibilityMathMLElement. Make isIgnoredElementWithinMathTree virtual so that
1264         it can be reimplemented in AccessibilityMathMLElement.
1265
1266 2016-07-07  Frederic Wang  <fwang@igalia.com>
1267
1268         Implement an internal style property for displaystyle.
1269         https://bugs.webkit.org/show_bug.cgi?id=133845
1270
1271         Reviewed by Brent Fulgham.
1272
1273         Tests: mathml/opentype/large-operators-displaystyle-dynamic.html
1274                mathml/opentype/large-operators-displaystyle.html
1275
1276         This is based on a patch by Alejandro G. Castro <alex@igalia.com>
1277
1278         * CMakeLists.txt: Add MathMLStyle to the build system.
1279         * WebCore.xcodeproj/project.pbxproj: ditto.
1280         * mathml/MathMLInlineContainerElement.cpp:
1281         (WebCore::MathMLInlineContainerElement::parseAttribute): Resolve the mathml style when the
1282         displaystyle attribute changes on the mtable or mstyle elements.
1283         * mathml/MathMLInlineContainerElement.h: Define parseAttribute.
1284         * mathml/MathMLMathElement.cpp:
1285         (WebCore::MathMLMathElement::MathMLMathElement): Indicate that we have custom style.
1286         (WebCore::MathMLMathElement::parseAttribute): Resolve the mathml style when the display or
1287         displaystyle attributes change on the math element.
1288         (WebCore::MathMLMathElement::didAttachRenderers): Resolve the mathml style when one
1289         renderer is attached.
1290         * mathml/MathMLMathElement.h: Declare parseAttribute and didAttachRenderers.
1291         * mathml/mathattrs.in: Declare the display and displaystyle attributes.
1292         * rendering/mathml/MathMLStyle.cpp: Added.
1293         (WebCore::MathMLStyle::MathMLStyle): New class to handle custom MathML style.
1294         (WebCore::MathMLStyle::create):
1295         (WebCore::MathMLStyle::setDisplayStyle): Helper function to take the displaystyle from
1296         the specified rendered.
1297         (WebCore::MathMLStyle::resolveMathMLStyleTree): Helper function to resolve the custom
1298         MathML style in renderer subtree.
1299         (WebCore::MathMLStyle::getMathMLParentNode): Helper function to get a MathML ancestor of
1300         the specified renderer.
1301         (WebCore::MathMLStyle::updateStyleIfNeeded): Helper function to update the style of the
1302         specified renderer if needed.
1303         (WebCore::MathMLStyle::resolveMathMLStyle): Resolve the MathML style of a given renderer.
1304         For displaystyle, we inherit the value of the parent except for the cases mentioned in the
1305         MathML recommendation.
1306         * rendering/mathml/MathMLStyle.h: New class header for custom MathML style.
1307         Only displaystyle is supported for now.
1308         * rendering/mathml/RenderMathMLBlock.cpp: Add a member and getter for custom MathML style.
1309         (WebCore::RenderMathMLBlock::RenderMathMLBlock):
1310         * rendering/mathml/RenderMathMLBlock.h: ditto.
1311         (WebCore::RenderMathMLBlock::mathMLStyle):
1312         * rendering/mathml/RenderMathMLMath.h: Add definition to use the syntax is<RenderMathMLMath>.
1313         * rendering/mathml/RenderMathMLOperator.h:
1314         (WebCore::RenderMathMLOperator::isLargeOperatorInDisplayStyle): Do not rerturn true when
1315         the operator is not in displaystyle.
1316         * rendering/mathml/RenderMathMLRoot.h: Make updateStyle public, so that it can be called
1317         by MathMLStyle::updateStyleIfNeeded.
1318         * rendering/mathml/RenderMathMLUnderOver.h: Add definition to use the syntax
1319         is<RenderMathMLUnderOver>.
1320
1321 2016-07-07  Ryosuke Niwa  <rniwa@webkit.org>
1322
1323         Replace scoped flag in Event by composed flag
1324         https://bugs.webkit.org/show_bug.cgi?id=158415
1325
1326         Reviewed by Chris Dumez.
1327
1328         Replace `scoped` flag with `composed` flag and negate its meaning per the latest spec:
1329         https://dom.spec.whatwg.org/#dom-event-composed
1330         https://github.com/w3c/webcomponents/issues/513
1331
1332         In the old spec, every event was assumed to be "composed" (crosses shadow boundaries)
1333         by default and there was `scoped` flag which prevented the event from crossing bondaries,
1334         and there was a handful of events for which `scoped` was set true when dispatched by UA.
1335
1336         In the new spec, every event is assumed to be "scoped" and a handful of user-initiated
1337         events set `composed` flag to true, which is also exposed in EventInit dictionary.
1338         `relatedTargetScoped` flag has been removed. New behavior is identical to when this flag
1339         was set to true.
1340
1341         No new tests since existing tests are updated to test the new flag and behavior.
1342
1343         * dom/CompositionEvent.cpp:
1344         (WebCore::CompositionEvent::isCompositionEvent): Added.
1345         * dom/CompositionEvent.h:
1346         * dom/Event.cpp:
1347         (WebCore::Event::Event): Initialize m_composed. Also re-ordered m_type and m_isInitialized
1348         for better packing.
1349         (WebCore::Event::composed): Renamed from Event::composed. We return true whenever composed
1350         is set to true in EventInit, or the engine is dispatching an user-initiated event listed in:
1351         https://github.com/w3c/webcomponents/issues/513#issuecomment-224183937
1352         as well as keypress, cut, paste, and, copy as discussed in:
1353         https://github.com/w3c/webcomponents/issues/513#issuecomment-230988170
1354         (WebCore::Event::isCompositionEvent): Added.
1355         * dom/Event.h:
1356         (WebCore::Event::composed): Added.
1357         (WebCore::Event::scoped): Deleted.
1358         (WebCore::Event::relatedTargetScoped): Deleted.
1359         (WebCore::Event): Reordered m_type and m_isInitialized for better packing. Added m_composed
1360         and removed m_scoped and m_relatedTargetScoped.
1361         * dom/Event.idl:
1362         * dom/EventPath.cpp:
1363         (WebCore::shouldEventCrossShadowBoundary): Returns true if the event did not originate from
1364         a shadow tree (this event entered the current shadow tree via a slot so we need to proceed with
1365         the normal bubble path outside the shadow tree) or composed flag is set true.
1366         (WebCore::EventPath::EventPath): m_event no longer exists, which was only used to get the value
1367         of relatedTargetScoped which has been removed.
1368         (WebCore::EventPath::setRelatedTarget): Behave as if relatedTargetScoped is always set true
1369         since the flag has been removed.
1370         * dom/EventPath.h:
1371         * dom/FocusEvent.cpp:
1372         (WebCore::FocusEvent::relatedTargetScoped): Deleted.
1373         * dom/FocusEvent.h:
1374         * dom/MouseEvent.cpp:
1375         (WebCore::MouseEvent::relatedTargetScoped): Deleted.
1376         * dom/MouseEvent.h:
1377
1378 2016-07-07  Chris Dumez  <cdumez@apple.com>
1379
1380         tdody.deleteRow(-1) and tr.deleteCell(-1) should not throw when there are no rows / cells
1381         https://bugs.webkit.org/show_bug.cgi?id=159527
1382         <rdar://problem/27232261>
1383
1384         Reviewed by Alex Christensen.
1385
1386         tdody.deleteRow(-1) and tr.deleteCell(-1) should not throw when there
1387         are no rows / cells:
1388         - https://html.spec.whatwg.org/multipage/tables.html#dom-tbody-deleterow
1389         - https://html.spec.whatwg.org/multipage/tables.html#dom-tr-deletecell
1390
1391         Firefox and Chrome do not throw but WebKit was throwing.
1392
1393         No new tests, rebaselined existing tests.
1394
1395         * html/HTMLTableRowElement.cpp:
1396         (WebCore::HTMLTableRowElement::deleteCell):
1397         * html/HTMLTableSectionElement.cpp:
1398         (WebCore::HTMLTableSectionElement::deleteRow):
1399
1400 2016-07-07  Chris Dumez  <cdumez@apple.com>
1401
1402         HTMLTitleElement.text should only account for direct children Text nodes
1403         https://bugs.webkit.org/show_bug.cgi?id=159536
1404
1405         Reviewed by Ryosuke Niwa.
1406
1407         HTMLTitleElement.text should only account for direct children Text nodes:
1408         - https://html.spec.whatwg.org/multipage/semantics.html#dom-title-text
1409         - https://html.spec.whatwg.org/multipage/infrastructure.html#child-text-content
1410
1411         Firefox and Chrome match the specification. However, WebKit accounted for all
1412         Text nodes that are descendants, not just children. This patch aligns our
1413         behavior with the specification and other browsers.
1414
1415         No new tests, rebaselined existing tests.
1416
1417         * html/HTMLTitleElement.cpp:
1418         (WebCore::HTMLTitleElement::text):
1419
1420 2016-07-07  Dean Jackson  <dino@apple.com>
1421
1422         REGRESSION(r200769): animations are no longer overridden
1423         https://bugs.webkit.org/show_bug.cgi?id=159450
1424         <rdar://problem/27120570>
1425
1426         Reviewed by Zalan Bujtas.
1427
1428         The change in r200769 removed a lot of the prefixing variant
1429         handling, but unfortunately we can't be completely rid
1430         of it until we alias the prefixed transitions and animations
1431         to the non-prefixed form. For example, setting the prefixed
1432         shorthand has to reset the non-prefixed longhands.
1433
1434         The fix was to explicitly call the variant forms when
1435         parsing such longhands, and make sure that MutableStyleProperties
1436         removes all prefixed variants when removing shorthands.
1437
1438         The existing test was amended to cover this case:
1439         fast/css/shorthand-omitted-initial-value-overrides-shorthand.html
1440
1441         * css/CSSParser.cpp:
1442         (WebCore::CSSParser::parseAnimationShorthand):
1443         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
1444         (WebCore::CSSParser::parseTransitionShorthand):
1445         * css/CSSParser.h:
1446         * css/StyleProperties.cpp:
1447         (WebCore::MutableStyleProperties::removeShorthandProperty):
1448
1449 2016-07-07  Alex Christensen  <achristensen@webkit.org>
1450
1451         Fix CMake build.
1452
1453         * PlatformMac.cmake:
1454
1455 2016-07-07  Alex Christensen  <achristensen@webkit.org>
1456
1457         Fix CMake build.
1458
1459         * PlatformMac.cmake:
1460
1461 2016-07-07  Myles C. Maxfield  <mmaxfield@apple.com> and Frédéric Wang  <fred.wang@free.fr>
1462
1463         [Font Loading] The callback passed to document.fonts.ready should always be called
1464         https://bugs.webkit.org/show_bug.cgi?id=158884
1465
1466         Reviewed by Dean Jackson.
1467
1468         The boolean was simply not being reset when loads start.
1469
1470         Test: fast/text/font-face-set-ready-fire.html
1471
1472         * css/FontFaceSet.cpp:
1473         (WebCore::FontFaceSet::startedLoading):
1474         * css/FontFaceSet.h:
1475
1476 2016-07-07  Andy Estes  <aestes@apple.com>
1477
1478         [Content Filtering] Load blocked pages more like other error pages are loaded
1479         https://bugs.webkit.org/show_bug.cgi?id=159485
1480         <rdar://problem/26014076>
1481
1482         Reviewed by Brady Eidson.
1483
1484         Content filter blocked pages were being loaded by cancelling the provisional load of the
1485         page that was blocked and then scheduling a navigation to the content filter error page.
1486         Some clients would not expect a new, Web process-initiated provisional navigation to start
1487         after a cancellation, though, and this would put them in a bad state.
1488         
1489         This patch changes blocked page loading to behave more like loading other error pages.
1490         Specifically:
1491         1. didFailProvisionalLoad is dispatched with a new, non-cancellation error code.
1492         2. The blocked page is loaded immediately after dispatching didFailProvisionalLoad, which
1493            prevents FrameLoader from creating a new back-forward list item for the substitute data load.
1494         3. A substitute data load initiated by the client for the blocked URL is ignored if
1495            ContentFilter will display its own error page.
1496         4. A file: URL is used instead of a custom scheme for the base URL of the blocked page,
1497            since some clients expect this.
1498
1499         Updated existing tests to capture frame load delegate callbacks and the back forward list.
1500         Added new API tests: ContentFiltering.LoadAlternate*.
1501
1502         * English.lproj/Localizable.strings: Added a WebKitErrorFrameLoadBlockedByContentFilter description.
1503         * Resources/ContentFilterBlockedPage.html: Added.
1504         * WebCore.xcodeproj/project.pbxproj: Added ContentFilterBlockedPage.html as a frameowrk resource.
1505         * loader/ContentFilter.cpp:
1506         (WebCore::ContentFilter::stopFilteringMainResource): Only set m_state to Stopped if not
1507         already Blocked, so that we don't forget this ContentFilter was blocked when calling
1508         cancelMailResourceLoad() in didDecide().
1509         (WebCore::ContentFilter::didDecide): Moved code from DocumentLoader::contentFilterDidBlock() to here.
1510         Created a blockedByContentFilterError() and called cancelMainResourceLoad().
1511         (WebCore::blockedPageURL): Returned a file: URL to ContentFilterBlockedPage.html in WebCore.framework.
1512         (WebCore::ContentFilter::continueAfterSubstituteDataRequest): If the substitute data load
1513         is for the same failingURL as the currently-displayed blocked page, ignore it.
1514         (WebCore::ContentFilter::handleProvisionalLoadFailure): Load the blocked page if m_state is Blocked
1515         and the ResourceError matches the error we used when previously calling cancelMainResourceLoad().
1516         (WebCore::ContentFilter::unblockHandler): Deleted.
1517         (WebCore::ContentFilter::replacementData): Deleted.
1518         (WebCore::ContentFilter::unblockRequestDeniedScript): Deleted.
1519         * loader/ContentFilter.h:
1520         * loader/DocumentLoader.cpp:
1521         (WebCore::DocumentLoader::contentFilter): Returned m_contentFilter.
1522         (WebCore::DocumentLoader::installContentFilterUnblockHandler): Deleted.
1523         (WebCore::DocumentLoader::contentFilterDidBlock): Deleted.
1524         * loader/DocumentLoader.h:
1525         * loader/EmptyClients.h: Added a default implementation of blockedByContentFilterError().
1526         * loader/FrameLoader.cpp:
1527         (WebCore::FrameLoader::load): If m_loadType was already RedirectWithLockedBackForwardList
1528         and we are loading subsitute data for a failing URL, continue to use RedirectWithLockedBackForwardList.
1529         This prevents a new back-forward list item from being created when loading a blocked page in a subframe.
1530         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
1531         Called ContentFilter::handleProvisionalLoadFailure() after dispatchDidFailProvisionalLoad().
1532         (WebCore::FrameLoader::blockedByContentFilterError): Called FrameLoaderClient::blockedByContentFilterError().
1533         * loader/FrameLoader.h:
1534         * loader/FrameLoaderClient.h:
1535         * loader/NavigationScheduler.cpp:
1536         (WebCore::ScheduledSubstituteDataLoad::ScheduledSubstituteDataLoad): Deleted.
1537         (WebCore::NavigationScheduler::scheduleSubstituteDataLoad): Deleted.
1538         * loader/NavigationScheduler.h:
1539         * loader/PolicyChecker.cpp:
1540         (WebCore::PolicyChecker::checkNavigationPolicy): Ignored a substitute data load for a
1541         failing URL if ContentFilter::continueAfterSubstituteDataRequest() returns false.
1542
1543 2016-07-07  Chris Dumez  <cdumez@apple.com>
1544
1545         td / th should be exposed as HTMLTableCellElement objects
1546         https://bugs.webkit.org/show_bug.cgi?id=159518
1547         <rdar://problem/27225436>
1548
1549         Reviewed by Ryosuke Niwa.
1550
1551         td / th should be exposed as HTMLTableCellElement objects:
1552         - https://html.spec.whatwg.org/multipage/tables.html#the-td-element
1553         - https://html.spec.whatwg.org/multipage/tables.html#the-th-element
1554
1555         We were using HTMLTableDataCellElement / HTMLTableHeaderCellElement
1556         sub-types.
1557
1558         Firefox and Chrome match the current specification.
1559
1560         We actually introduced these types recently via Bug 148859 to align
1561         with an older version of the HTML specification. However, it seems the
1562         specification has been updated to match Firefox / Chrome in the mean
1563         time.
1564
1565         Since we have not shipped those subtypes yet, the compatibility risk is
1566         low.
1567
1568         No new tests, rebaselined existing tests.
1569
1570         * CMakeLists.txt:
1571         * DerivedSources.cpp:
1572         * DerivedSources.make:
1573         * WebCore.xcodeproj/project.pbxproj:
1574         * html/HTMLElementsAllInOne.cpp:
1575         * html/HTMLTableCellElement.cpp:
1576         (WebCore::HTMLTableCellElement::create):
1577         (WebCore::HTMLTableCellElement::scope):
1578         (WebCore::HTMLTableCellElement::setScope):
1579         (WebCore::HTMLTableCellElement::setRowSpanForBindings): Deleted.
1580         * html/HTMLTableCellElement.h:
1581         * html/HTMLTableCellElement.idl:
1582         * html/HTMLTableDataCellElement.h: Removed.
1583         * html/HTMLTableDataCellElement.idl: Removed.
1584         * html/HTMLTableHeaderCellElement.cpp: Removed.
1585         * html/HTMLTableHeaderCellElement.h: Removed.
1586         * html/HTMLTableHeaderCellElement.idl: Removed.
1587         * html/HTMLTableRowElement.cpp:
1588         (WebCore::HTMLTableRowElement::insertCell):
1589         * html/HTMLTagNames.in:
1590
1591 2016-07-07  Brady Eidson  <beidson@apple.com>
1592
1593         Modern IDB: When IDBDatabase objects are garbage collected, they don't close their server connection.
1594         <rdar://problem/25910345> and https://bugs.webkit.org/show_bug.cgi?id=159523
1595
1596         Reviewed by Alex Christensen.
1597
1598         Tests: storage/indexeddb/modern/gc-closes-database-private.html
1599                storage/indexeddb/modern/gc-closes-database.html
1600
1601         * Modules/indexeddb/IDBDatabase.cpp:
1602         (WebCore::IDBDatabase::IDBDatabase): New logging.
1603         (WebCore::IDBDatabase::~IDBDatabase): Close server connection.
1604         (WebCore::IDBDatabase::fireVersionChangeEvent): New logging.
1605         (WebCore::IDBDatabase::dispatchEvent): New logging.
1606
1607         * Modules/indexeddb/client/IDBConnectionToServer.cpp:
1608         (WebCore::IDBClient::IDBConnectionToServer::openDatabase): New logging.
1609
1610 2016-07-07  Frederic Wang  <fwang@igalia.com>
1611
1612         Refactor layout functions to avoid using flexbox in MathML
1613         https://bugs.webkit.org/show_bug.cgi?id=153991
1614
1615         Reviewed by Brent Fulgham.
1616
1617         No new tests, already covered by existing tests.
1618
1619         * css/mathml.css:
1620         (math): Change inline mathematical formulas from inline-flex to inline.
1621         (math[display="block"]): Change display mathematical formulas from flex to block and
1622         remove flexbox property justify-content.
1623         (ms, mspace, mtext, mi, mn, mo, mrow, mfenced, mfrac, msub, msup, msubsup, mmultiscripts,
1624          mprescripts, none, munder, mover, munderover, msqrt, mroot, merror, mphantom, mstyle)
1625          menclose, semantics, mpadded, maction): In order to render properly, all children of the
1626          classes derived from RenderMathMLBlock must now be block-level. So we add more elements in
1627          this list and update the display property.
1628         (mtd > *): However, we use inline-block for children of the cell so that the text-align
1629          property is taken into account.
1630         * rendering/RenderBox.cpp:
1631         (WebCore::RenderBox::computeLogicalWidthInRegion): Add a special case for RenderMathMLBlock
1632         to preserve the old behavior.
1633         (WebCore::RenderBox::sizesLogicalWidthToFitContent): Ditto.
1634         * rendering/RenderFlexibleBox.h: No need to override layoutBlock anymore.
1635         * rendering/mathml/RenderMathMLBlock.cpp: Include LayoutRepainter header for use in layoutBlock.
1636         (WebCore::RenderMathMLBlock::RenderMathMLBlock): Inherit from RenderBlock and ensure that
1637         our children are block-level.
1638         (WebCore::RenderMathMLBlock::~RenderMathMLBlock): Added.
1639         (WebCore::RenderMathMLBlock::baselinePosition): If the baselinefirstLineBaseline() is
1640         undefined, just returns 0.
1641         (WebCore::RenderMathMLBlock::paint): Call RenderBlock::paint.
1642         (WebCore::RenderMathMLBlock::layoutItems): Implement a simplified version of
1643         RenderFlexibleBox::layoutItems where we assume horizontal layout for all children.
1644         (WebCore::RenderMathMLBlock::layoutBlock): Add a basic implementation based on
1645         RenderFlexibleBox::layoutBlock.
1646         (WebCore::RenderMathMLBlock::renderName): Deleted. There is now a simple implementation in the header.
1647         * rendering/mathml/RenderMathMLBlock.h: Use RenderBlock instead of RenderFlexibleBox and
1648         define layout functions. Define avoidsFloats and canDropAnonymousBlockChild to preserve
1649         the old behavior and remove isFlexibleBoxImpl.
1650         * rendering/mathml/RenderMathMLFenced.cpp:
1651         (WebCore::RenderMathMLFenced::createMathMLOperator): Use block for anonymous RenderMathMLOperator.
1652         * rendering/mathml/RenderMathMLRow.cpp:
1653         (WebCore::RenderMathMLRow::layoutRowItems): No need to handle the flexbox case anymore.
1654         (WebCore::RenderMathMLRow::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
1655         * rendering/mathml/RenderMathMLRow.h:
1656         * rendering/mathml/RenderMathMLFraction.cpp:
1657         (WebCore::RenderMathMLFraction::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
1658         * rendering/mathml/RenderMathMLFraction.h:
1659         * rendering/mathml/RenderMathMLRoot.cpp:
1660         (WebCore::RenderMathMLRoot::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
1661         * rendering/mathml/RenderMathMLRoot.h:
1662         * rendering/mathml/RenderMathMLScripts.cpp:
1663         (WebCore::RenderMathMLScripts::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
1664         * rendering/mathml/RenderMathMLScripts.h:
1665         * rendering/mathml/RenderMathMLUnderOver.cpp:
1666         (WebCore::RenderMathMLUnderOver::paintChildren): Deleted. We now just use RenderBlock::paintChildren.
1667         * rendering/mathml/RenderMathMLUnderOver.h:
1668
1669 2016-07-07  Antti Koivisto  <antti@apple.com>
1670
1671         REGRESSION (r199054): CrashTracer: [USER] parseWebKit at WebCore: WebCore::RenderBlockFlow::checkFloatsInCleanLine + 107
1672         https://bugs.webkit.org/show_bug.cgi?id=159519
1673
1674         Reviewed by Zalan Bujtas.
1675
1676         Test: fast/inline/trailing-floats-inline-crash.html
1677
1678         * rendering/RenderBlockLineLayout.cpp:
1679         (WebCore::RenderBlockFlow::checkFloatsInCleanLine):
1680
1681             Use the existing deletionHasBegun bit in RenderStyle to assert against this reliably.
1682
1683         * rendering/RenderLineBoxList.cpp:
1684         (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild):
1685
1686             In some cases a special TrailingFloatsRootInlineBox may be added as the last root linebox of a flow.
1687             If it is combined with br the existing invalidation that invalidates the next and previous line may
1688             not be sufficient. Test for this case and invalidate the TrailingFloatsRootInlineBox too if it exists.
1689
1690         * rendering/RootInlineBox.h:
1691         (WebCore::RootInlineBox::isTrailingFloatsRootInlineBox):
1692         * rendering/TrailingFloatsRootInlineBox.h:
1693         * rendering/style/RenderStyle.h:
1694         (WebCore::RenderStyle::deletionHasBegun):
1695
1696             Expose the bit in debug.
1697
1698 2016-07-07  Alex Christensen  <achristensen@webkit.org>
1699
1700         Use SocketProvider to create WebSocketChannels
1701         https://bugs.webkit.org/show_bug.cgi?id=158776
1702
1703         Reviewed by Brent Fulgham.
1704
1705         This patch should have no change in behavior except making an InvalidStateError in
1706         conditions where we should not be able to do networking, like in a detached frame.
1707         It just replaces ThreadableWebSocketChannel::create with SocketProvider::createWebSocketChannel
1708         which does the same thing as ThreadableWebSocketChannel::create for Mac and 
1709         Windows WebKit1.  The WebKit2 implementation is the same right now, but it will
1710         be replaced by a proxy that will do the WebSocket operations in the NetworkProcess.
1711
1712         * Modules/websockets/ThreadableWebSocketChannel.cpp: Removed.
1713         * Modules/websockets/ThreadableWebSocketChannel.h:
1714         (WebCore::ThreadableWebSocketChannel::ThreadableWebSocketChannel):
1715         * Modules/websockets/WebSocket.cpp:
1716         (WebCore::WebSocket::connect):
1717         * Modules/websockets/WebSocketChannel.h:
1718         * Modules/websockets/WorkerThreadableWebSocketChannel.h:
1719         * WebCore.xcodeproj/project.pbxproj:
1720         * dom/Document.cpp:
1721         (WebCore::Document::idbConnectionProxy):
1722         (WebCore::Document::socketProvider):
1723         (WebCore::Document::canNavigate):
1724         * dom/Document.h:
1725         (WebCore::Document::notifyRemovePendingSheetIfNeeded):
1726         * dom/ScriptExecutionContext.h:
1727         * inspector/InspectorOverlay.cpp:
1728         (WebCore::InspectorOverlay::overlayPage):
1729         * loader/EmptyClients.cpp:
1730         (WebCore::EmptyEditorClient::registerRedoStep):
1731         (WebCore::EmptySocketProvider::createWebSocketChannel):
1732         * loader/EmptyClients.h:
1733         * page/Page.h:
1734         * page/PageConfiguration.cpp:
1735         (WebCore::PageConfiguration::PageConfiguration):
1736         * page/PageConfiguration.h:
1737         * page/SocketProvider.h:
1738         (WebCore::SocketProvider::~SocketProvider):
1739         * svg/graphics/SVGImage.cpp:
1740         (WebCore::SVGImage::dataChanged):
1741         * workers/DedicatedWorkerGlobalScope.cpp:
1742         (WebCore::DedicatedWorkerGlobalScope::create):
1743         (WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope):
1744         * workers/DedicatedWorkerGlobalScope.h:
1745         * workers/DedicatedWorkerThread.cpp:
1746         (WebCore::DedicatedWorkerThread::DedicatedWorkerThread):
1747         (WebCore::DedicatedWorkerThread::createWorkerGlobalScope):
1748         (WebCore::DedicatedWorkerThread::runEventLoop):
1749         * workers/DedicatedWorkerThread.h:
1750         * workers/WorkerGlobalScope.cpp:
1751         (WebCore::WorkerGlobalScope::WorkerGlobalScope):
1752         (WebCore::WorkerGlobalScope::disableEval):
1753         (WebCore::WorkerGlobalScope::socketProvider):
1754         (WebCore::WorkerGlobalScope::idbConnectionProxy):
1755         * workers/WorkerGlobalScope.h:
1756         (WebCore::WorkerGlobalScope::script):
1757         * workers/WorkerMessagingProxy.cpp:
1758         (WebCore::WorkerMessagingProxy::startWorkerGlobalScope):
1759         * workers/WorkerThread.cpp:
1760         (WebCore::WorkerThreadStartupData::WorkerThreadStartupData):
1761         (WebCore::WorkerThread::WorkerThread):
1762         (WebCore::WorkerThread::idbConnectionProxy):
1763         (WebCore::WorkerThread::socketProvider):
1764         * workers/WorkerThread.h:
1765         (WebCore::WorkerThread::workerGlobalScope):
1766
1767 2016-07-07  Commit Queue  <commit-queue@webkit.org>
1768
1769         Unreviewed, rolling out r202905 and r202911.
1770         https://bugs.webkit.org/show_bug.cgi?id=159522
1771
1772         This test is fails on El Capitan and Sierra WK1 (Requested by
1773         ryanhaddad on #webkit).
1774
1775         Reverted changesets:
1776
1777         "Add a test for media control dropoff"
1778         https://bugs.webkit.org/show_bug.cgi?id=151287
1779         http://trac.webkit.org/changeset/202905
1780
1781         "Add a test for media control dropoff"
1782         https://bugs.webkit.org/show_bug.cgi?id=151287
1783         http://trac.webkit.org/changeset/202911
1784
1785 2016-07-07  Antoine Quint  <graouts@apple.com>
1786
1787         <img> with a wide gamut PDF does not display using a wide gamut color space
1788         https://bugs.webkit.org/show_bug.cgi?id=158983
1789         <rdar://problem/25720247>
1790
1791         Reviewed by Dean Jackson.
1792
1793         Calls to ImageBuffer::createCompatibleBuffer() that do not provide an explicit
1794         color space will now infer the color space from the provided graphics context
1795         on platforms using CG. The method signature that takes in a GraphicsContext
1796         without a color space is now split into a CG-specified implementation and a
1797         Cairo one to avoid having diverging platform code in ImageBuffer.cpp.
1798
1799         Some call sites need to provide an explicit color space still, so we add a new
1800         ImageBuffer::createCompatibleBuffer() that allows for that while inferring
1801         sizing and scaling from a GraphicsContext.
1802         
1803         All signatures of ImageBuffer::createCompatibleBuffer() are losing the
1804         hasAlpha parameter which was always ignored. All call sites that were using
1805         hasAlpha have been updated.
1806
1807         In addition, we make all the IOSurface and IOSurfacePool code, which is
1808         CG-specific, use the plaform-specific type CGColorSpaceRef instead of ColorSpace
1809         so that we may pick up on the color space copied over from the graphics context
1810         in the CG-specific implementation of ImageBuffer::createCompatibleBuffer().
1811
1812         * html/canvas/CanvasRenderingContext2D.cpp:
1813         (WebCore::CanvasRenderingContext2D::drawTextInternal):
1814         * platform/graphics/BitmapImage.cpp:
1815         (WebCore::BitmapImage::drawPattern):
1816         * platform/graphics/GradientImage.cpp:
1817         (WebCore::GradientImage::drawPattern):
1818         * platform/graphics/ImageBuffer.cpp:
1819         (WebCore::ImageBuffer::createCompatibleBuffer):
1820         * platform/graphics/ImageBuffer.h:
1821         * platform/graphics/NamedImageGeneratedImage.cpp:
1822         (WebCore::NamedImageGeneratedImage::drawPattern):
1823         * platform/graphics/cairo/ImageBufferCairo.cpp:
1824         (WebCore::ImageBuffer::createCompatibleBuffer):
1825         * platform/graphics/cg/IOSurfacePool.cpp:
1826         (WebCore::surfaceMatchesParameters):
1827         (WebCore::IOSurfacePool::takeSurface):
1828         * platform/graphics/cg/IOSurfacePool.h:
1829         * platform/graphics/cg/ImageBufferCG.cpp:
1830         (WebCore::ImageBuffer::createCompatibleBuffer):
1831         (WebCore::ImageBuffer::ImageBuffer):
1832         * platform/graphics/cocoa/IOSurface.h:
1833         * platform/graphics/cocoa/IOSurface.mm:
1834         (WebCore::IOSurface::surfaceFromPool):
1835         (WebCore::IOSurface::create):
1836         (WebCore::IOSurface::createFromSendRight):
1837         (WebCore::IOSurface::createFromSurface):
1838         (WebCore::IOSurface::createFromImage):
1839         (WebCore::IOSurface::IOSurface):
1840         (WebCore::IOSurface::ensurePlatformContext):
1841         * platform/mac/ThemeMac.mm:
1842         (WebCore::ThemeMac::drawCellOrFocusRingWithViewIntoContext):
1843         * platform/spi/cg/CoreGraphicsSPI.h:
1844         * rendering/RenderBoxModelObject.cpp:
1845         (WebCore::RenderBoxModelObject::paintFillLayerExtended):
1846         * rendering/RenderThemeMac.mm:
1847         (WebCore::RenderThemeMac::paintProgressBar):
1848         * rendering/svg/SVGRenderingContext.cpp:
1849         (WebCore::SVGRenderingContext::bufferForeground):
1850         * svg/graphics/SVGImage.cpp:
1851         (WebCore::SVGImage::drawPatternForContainer):
1852
1853 2016-07-07  Beth Dakin  <bdakin@apple.com>
1854
1855         All fullscreen videos should be able the control the controls manager
1856         https://bugs.webkit.org/show_bug.cgi?id=159496
1857         -and corresponding-
1858         rdar://problem/27009446
1859
1860         Reviewed by Eric Carlson.
1861
1862         * html/HTMLMediaElement.cpp:
1863         (WebCore::HTMLMediaElement::fullscreenModeChanged):
1864         * html/MediaElementSession.cpp:
1865         (WebCore::MediaElementSession::canControlControlsManager):
1866
1867 2016-07-07  Jer Noble  <jer.noble@apple.com>
1868
1869         Crash due to HTMLMediaElement at JavaScriptCore: JSC::JSLockHolder::JSLockHolder
1870         https://bugs.webkit.org/show_bug.cgi?id=159517
1871         <rdar://problem/27221109>
1872
1873         Reviewed by Eric Carlson.
1874
1875         When WebKit on iOS gets a notification that the UIProcess has been backgrounded, it sends an
1876         interruption event to the WebProcess to pause any playing HTMLMediaElements. When the
1877         elements which get this interruption have pending promises created during a previous call to
1878         play(), these promises get rejected.
1879
1880         However, if the HTMLMediaElement's document has already been destroyed, the pending Promises
1881         are in an inconsistent state: their script execution context (the document) has been
1882         destroyed, leading to the crash in JSLockHolder.
1883
1884         When HTMLMediaElement is notified that its ScriptExecutionContext has been destroyed, also
1885         clear the list of pending Promises.
1886
1887         * html/HTMLMediaElement.cpp:
1888         (WebCore::HTMLMediaElement::contextDestroyed):
1889
1890 2016-07-05  Jer Noble  <jer.noble@apple.com>
1891
1892         Facebook videos without audio tracks will sometimes cause playback controls to appear.
1893         https://bugs.webkit.org/show_bug.cgi?id=159437
1894
1895         Reviewed by Eric Carlson.
1896
1897         Because updatePlaybackControlsManager() will cause the session manager to walk through all
1898         the outstanding sessions asking if it canControlControlsManager(), some sessions will say
1899         they can control the controls manager if we are currently processing a user gesture. This is
1900         obviously not intended (there may be a user gesture to un-mute video 1, but an unrelated
1901         video 2 should not be allowed to use that use gesture to fulfill its own requirements.)
1902
1903         So in those situations where conditions may have changed and updatePlaybackControlsManager()
1904         needs to be called, instead schedule the update for the next run loop.
1905         
1906         * html/HTMLMediaElement.cpp:
1907         (WebCore::HTMLMediaElement::setMuted):
1908         (WebCore::HTMLMediaElement::layoutSizeChanged):
1909         (WebCore::HTMLMediaElement::updatePlayState):
1910         (WebCore::HTMLMediaElement::createMediaPlayer):
1911         (WebCore::HTMLMediaElement::scheduleUpdatePlaybackControlsManager):
1912         * html/HTMLMediaElement.h:
1913
1914 2016-07-07  Jer Noble  <jer.noble@apple.com>
1915
1916         Unreviewed build fix after r202908. Fix the webPlaybackSessionInterfaceMac @property.
1917
1918         * platform/mac/WebPlaybackControlsManager.h:
1919         * platform/mac/WebPlaybackControlsManager.mm:
1920
1921 2016-07-07  Youenn Fablet  <youenn@apple.com>
1922
1923         [Fetch API] Response constructor should throw in case of bad reason phrase
1924         https://bugs.webkit.org/show_bug.cgi?id=159508
1925
1926         Reviewed by Alex Christensen.
1927
1928         Covered by rebased test.
1929
1930         * Modules/fetch/FetchResponse.cpp:
1931         (WebCore::FetchResponse::initializeWith): Validating reason phrase with new routine.
1932         Throwing a TypeError in case of error.
1933         * platform/network/HTTPParsers.cpp:
1934         (WebCore::isValidReasonPhrase): Added to validate reason phrase according
1935         https://tools.ietf.org/html/rfc7230#section-3.1.2
1936         * platform/network/HTTPParsers.h:
1937
1938 2016-07-07  Youenn Fablet  <youenn@apple.com>
1939
1940         [Fetch API] Response.redirect should throw a RangeError in case of bad status code
1941         https://bugs.webkit.org/show_bug.cgi?id=159507
1942
1943         Reviewed by Alex Christensen.
1944
1945         Covered by rebased test.
1946
1947         * Modules/fetch/FetchResponse.cpp:
1948         (WebCore::FetchResponse::redirect): Throw a RangeError in case of bad status.
1949
1950 2016-07-05  Jer Noble  <jer.noble@apple.com>
1951
1952         Ownership between WebPlaybackSessionInterfaceMac and WebPlaybackControlsManager is backwards.
1953         https://bugs.webkit.org/show_bug.cgi?id=159441
1954
1955         Reviewed by Eric Carlson.
1956
1957         The WebPlaybackControlsManager should own the WebPlaybackSessionInterfaceMac, and not
1958         vice versa.
1959
1960         * platform/mac/WebPlaybackControlsManager.h:
1961         * platform/mac/WebPlaybackControlsManager.mm:
1962         (-[WebPlaybackControlsManager webPlaybackSessionInterfaceMac]):
1963         (-[WebPlaybackControlsManager setWebPlaybackSessionInterfaceMac:]):
1964         * platform/mac/WebPlaybackSessionInterfaceMac.h:
1965         * platform/mac/WebPlaybackSessionInterfaceMac.mm:
1966         (WebCore::WebPlaybackSessionInterfaceMac::playBackControlsManager):
1967
1968 2016-07-07  Eric Carlson  <eric.carlson@apple.com>
1969
1970         Add a test for media control dropoff
1971         https://bugs.webkit.org/show_bug.cgi?id=151287
1972         <rdar://problem/23544666>
1973
1974         Reviewed by Antoine Quint.
1975
1976         Test: media/controls/inline-elements-dropoff-order.html
1977
1978         * Modules/mediacontrols/mediaControlsApple.js: Expose more state to testing.
1979
1980 2016-07-07  Miguel Gomez  <magomez@igalia.com>
1981
1982         [GTK] Painting a video into a canvas doesn't work when accelerated compositing is enabled
1983         https://bugs.webkit.org/show_bug.cgi?id=159405
1984
1985         Reviewed by Xabier Rodriguez-Calvar.
1986
1987         Implement video frame painting to the canvas when accelerated compositing is enabled.
1988
1989         Already covered by existent tests.
1990
1991         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1992         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
1993         Replace custom enumeration for the video rotation with the ImageOrientation class.
1994         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1995         (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
1996         Replace the orientation value comparison with ImageOrientation::usesWidthAsHeight().
1997         (WebCore::MediaPlayerPrivateGStreamerBase::paint):
1998         Perform the frame painting taking into account the video orientation tag.
1999         (WebCore::MediaPlayerPrivateGStreamerBase::nativeImageForCurrentTime):
2000         Rotate the native image before returning it.
2001         (WebCore::MediaPlayerPrivateGStreamerBase::setVideoSourceOrientation):
2002         Replace custom enumeration for the video rotation with the ImageOrientation class.
2003         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase): Deleted.
2004         Remove orientation initialization.
2005         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
2006         Remove custom enumeration for the video orientation.
2007
2008 2016-07-07  Philippe Normand  <pnormand@igalia.com>
2009
2010         [GStreamer][GL] switch to appsink
2011         https://bugs.webkit.org/show_bug.cgi?id=159466
2012
2013         Reviewed by Carlos Garcia Campos.
2014
2015         Fakesink is mostly used for tests. Appsink provides the same
2016         functionality and is actually meant to be used on application
2017         side.
2018
2019         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2020         (WebCore::MediaPlayerPrivateGStreamerBase::~MediaPlayerPrivateGStreamerBase):
2021         (WebCore::newSampleCallback):
2022         (WebCore::newPrerollCallback):
2023         (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):
2024         (WebCore::MediaPlayerPrivateGStreamerBase::drawCallback): Deleted.
2025         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
2026
2027 2016-07-06  Chris Dumez  <cdumez@apple.com>
2028
2029         Document.title setter does not work for SVG documents
2030         https://bugs.webkit.org/show_bug.cgi?id=159503
2031         <rdar://problem/27212313>
2032
2033         Reviewed by Ryosuke Niwa.
2034
2035         Document.title setter should work for SVG documents:
2036         - https://html.spec.whatwg.org/multipage/dom.html#document.title
2037
2038         This patch aligns our behavior with the specification
2039         and with Firefox / Chrome.
2040
2041         No new tests, rebaselined existing test.
2042
2043         * dom/Document.cpp:
2044         (WebCore::Document::setTitle):
2045         - Reverse the if conditions for clarity.
2046         - If the document element is an SVG svg element, create a
2047           SVGTitleElement and insert it as first child of the
2048           document element.
2049         - Call SVGTitleElement::setText() instead of
2050           HTMLTitleElement::setText() at the end of the method if
2051           m_titleElement is a SVGTitleElement.
2052
2053         (WebCore::Document::updateTitleElement):
2054         - If document element is an SVG svg element, use the first
2055           child of the document element that is a SVGTitleElement.
2056
2057         * svg/SVGTitleElement.cpp:
2058         (WebCore::SVGTitleElement::setText):
2059         * svg/SVGTitleElement.h:
2060         Add SVGTitleElement::setText() method that does the same
2061         thing as HTMLTitleElement::setText().
2062
2063 2016-07-06  Chris Dumez  <cdumez@apple.com>
2064
2065         Align Document.body setter with the HTML specification
2066         https://bugs.webkit.org/show_bug.cgi?id=159490
2067
2068         Reviewed by Alex Christensen.
2069
2070         Align Document.body setter with the HTML specification:
2071         - https://html.spec.whatwg.org/multipage/dom.html#dom-document-body
2072
2073         In particular, the following web-exposed changes were made:
2074         - It is now possible to set document.body to a frameset element.
2075         - We no longer call importNode() on the passed in body. Therefore,
2076           if the body comes from another document, its will be adopted /
2077           transferred rather than cloned.
2078
2079         Both changes match the behavior of Firefox and Chrome.
2080
2081         No new tests, updated / rebaselined existing tests.
2082
2083         * dom/Document.cpp:
2084         (WebCore::Document::setBodyOrFrameset):
2085
2086 2016-07-06  Brady Eidson  <beidson@apple.com>
2087
2088         Fix my bogus json I landed earlier today.
2089
2090         * features.json:
2091
2092 2016-07-06  Benjamin Poulain  <bpoulain@apple.com>
2093
2094         [JSC] Unify how we throw TypeError from C++
2095         https://bugs.webkit.org/show_bug.cgi?id=159500
2096
2097         Reviewed by Saam Barati.
2098
2099         * bindings/js/JSBiquadFilterNodeCustom.cpp:
2100         (WebCore::JSBiquadFilterNode::setType):
2101         * bindings/js/JSBlobCustom.cpp:
2102         (WebCore::constructJSBlob):
2103         * bindings/js/JSCryptoKeySerializationJWK.cpp:
2104         (WebCore::getBigIntegerVectorFromJSON):
2105         (WebCore::JSCryptoKeySerializationJWK::JSCryptoKeySerializationJWK):
2106         (WebCore::tryJWKKeyOpsValue):
2107         (WebCore::JSCryptoKeySerializationJWK::reconcileUsages):
2108         (WebCore::JSCryptoKeySerializationJWK::keyDataOctetSequence):
2109         (WebCore::JSCryptoKeySerializationJWK::keyDataRSAComponents):
2110         (WebCore::JSCryptoKeySerializationJWK::keyData):
2111         (WebCore::addJWKAlgorithmToJSON):
2112         (WebCore::JSCryptoKeySerializationJWK::serialize):
2113         * bindings/js/JSCryptoOperationData.cpp:
2114         (WebCore::cryptoOperationDataFromJSValue):
2115         * bindings/js/JSDOMBinding.cpp:
2116         (WebCore::enforceRange):
2117         (WebCore::throwTypeError):
2118         (WebCore::throwArgumentMustBeEnumError):
2119         (WebCore::throwArgumentMustBeFunctionError):
2120         (WebCore::throwArgumentTypeError):
2121         (WebCore::throwArrayElementTypeError):
2122         (WebCore::throwGetterTypeError):
2123         (WebCore::throwThisTypeError):
2124         * bindings/js/JSDataCueCustom.cpp:
2125         (WebCore::constructJSDataCue):
2126         * bindings/js/JSDocumentCustom.cpp:
2127         (WebCore::JSDocument::defineElement):
2128         * bindings/js/JSFileCustom.cpp:
2129         (WebCore::constructJSFile):
2130         * bindings/js/JSModuleLoader.cpp:
2131         (WebCore::JSModuleLoader::evaluate):
2132         * bindings/js/JSMutationObserverCustom.cpp:
2133         (WebCore::constructJSMutationObserver):
2134         * bindings/js/JSOscillatorNodeCustom.cpp:
2135         (WebCore::JSOscillatorNode::setType):
2136         * bindings/js/JSPannerNodeCustom.cpp:
2137         (WebCore::JSPannerNode::setPanningModel):
2138         (WebCore::JSPannerNode::setDistanceModel):
2139         * bindings/js/JSReadableStreamPrivateConstructors.cpp:
2140         (WebCore::constructJSReadableStreamController):
2141         (WebCore::constructJSReadableStreamReader):
2142         * bindings/js/JSSubtleCryptoCustom.cpp:
2143         (WebCore::cryptoKeyFormatFromJSValue):
2144         (WebCore::importKey):
2145         (WebCore::exportKey):
2146         * bindings/js/ReadableStreamController.cpp:
2147         (WebCore::ReadableStreamController::invoke):
2148         * bindings/js/SerializedScriptValue.cpp:
2149         (WebCore::CloneDeserializer::throwValidationError):
2150         (WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
2151         * bridge/c/c_instance.cpp:
2152         (JSC::Bindings::CInstance::invokeMethod):
2153         * bridge/objc/objc_instance.mm:
2154         (ObjcInstance::invokeMethod):
2155         * bridge/objc/objc_runtime.mm:
2156         (JSC::Bindings::ObjcArray::setValueAt):
2157
2158 2016-07-06  Tim Horton  <timothy_horton@apple.com>
2159
2160         Email from June 1st containing text 'Today @ 7:10PM' is linkified, but shouldn't be
2161         https://bugs.webkit.org/show_bug.cgi?id=159498
2162         <rdar://problem/26719903>
2163
2164         Reviewed by Sam Weinig.
2165
2166         New API test: WebKit2.DataDetectionReferenceDate
2167
2168         * editing/cocoa/DataDetection.h:
2169         * editing/cocoa/DataDetection.mm:
2170         (WebCore::DataDetection::detectContentInRange):
2171         Extract the reference date from the DataDetectors context dictionary if it exists,
2172         and pass it along to DataDetectors.
2173
2174         * loader/FrameLoader.cpp:
2175         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
2176         * loader/FrameLoaderClient.h:
2177         Plumb the DataDetectors context dictionary through from WebPage.
2178
2179 2016-07-06  Chris Dumez  <cdumez@apple.com>
2180
2181         [WK2][Cocoa] Disable ResourceResponse lazy initialization
2182         https://bugs.webkit.org/show_bug.cgi?id=159497
2183         <rdar://problem/27209066>
2184
2185         Reviewed by Alex Christensen.
2186
2187         Add method to Cocoa's ResponseResponse header to disable
2188         lazy initialization.
2189
2190         * platform/network/cf/ResourceResponse.h:
2191         * platform/network/cocoa/ResourceResponseCocoa.mm:
2192         (WebCore::ResourceResponse::disableLazyInitialization):
2193
2194 2016-07-06  Brent Fulgham  <bfulgham@apple.com>
2195
2196         Return values of JSArray::createUninitialized (and related) are not consistently checked for nullptr
2197         https://bugs.webkit.org/show_bug.cgi?id=159495
2198         <rdar://problem/26075433>
2199
2200         Reviewed by Dean Jackson.
2201
2202         Test: fast/canvas/canvas-getImageData-invalid-result-buffer-crash.html
2203
2204         * html/ImageData.cpp:
2205         (WebCore::ImageData::ImageData): Assert at construction if we could not create a valid
2206         buffer.
2207         * platform/SharedBuffer.cpp:
2208         (WebCore::SharedBuffer::createArrayBuffer): Check for a null buffer before using it.
2209         * platform/graphics/cg/ImageBufferDataCG.cpp:
2210         (WebCore::ImageBufferData::getData): Ditto.
2211         * platform/graphics/filters/FEGaussianBlur.cpp:
2212         (WebCore::FEGaussianBlur::platformApplySoftware): Ditto.
2213         * platform/graphics/filters/FilterEffect.cpp:
2214         (WebCore::FilterEffect::copyImageBytes): Ditto.
2215         (WebCore::FilterEffect::copyUnmultipliedImage): Ditto.
2216         (WebCore::FilterEffect::copyPremultipliedImage): Ditto.
2217
2218 2016-07-06  Chris Dumez  <cdumez@apple.com>
2219
2220         Document.body should return the first child of the html element that is either a body / frameset element
2221         https://bugs.webkit.org/show_bug.cgi?id=159488
2222
2223         Reviewed by Ryosuke Niwa.
2224
2225         Document.body should return the first child of the html element that is
2226         either a body / frameset element:
2227         - https://html.spec.whatwg.org/multipage/dom.html#dom-document-body
2228         - https://html.spec.whatwg.org/multipage/dom.html#the-body-element-2
2229
2230         We used the first child of the *document* element that is either a
2231         body / frameset element, even if the document element is not an html
2232         element.
2233
2234         Firefox and Chrome match the specification.
2235
2236         Test: imported/w3c/web-platform-tests/html/dom/documents/dom-tree-accessors/Document.body.html
2237
2238         * dom/Document.cpp:
2239         (WebCore::Document::bodyOrFrameset):
2240
2241 2016-07-06  Dean Jackson  <dino@apple.com>
2242
2243         Adopt new PiP glyph
2244         https://bugs.webkit.org/show_bug.cgi?id=159494
2245         <rdar://problem/27061084>
2246
2247         Reviewed by Ada Chan.
2248
2249         We got new artwork for Picture-in-Picture on macOS from
2250         our designers.
2251
2252         * Modules/mediacontrols/mediaControlsApple.css:
2253         (video::-webkit-media-controls-panel .picture-in-picture-button):
2254         (video::-webkit-media-controls-panel .picture-in-picture-button.return-from-picture-in-picture):
2255
2256 2016-07-06  Commit Queue  <commit-queue@webkit.org>
2257
2258         Unreviewed, rolling out r202867.
2259         https://bugs.webkit.org/show_bug.cgi?id=159491
2260
2261         This change caused an existing LayoutTest to crash on ios-
2262         simulator (Requested by ryanhaddad on #webkit).
2263
2264         Reverted changeset:
2265
2266         "<img> with a wide gamut PDF does not display using a wide
2267         gamut color space"
2268         https://bugs.webkit.org/show_bug.cgi?id=158983
2269         http://trac.webkit.org/changeset/202867
2270
2271 2016-07-06  Chris Dumez  <cdumez@apple.com>
2272
2273         [ShadowDOM] assignedSlot property should be on Text, not CharacterData
2274         https://bugs.webkit.org/show_bug.cgi?id=159482
2275         <rdar://problem/27201687>
2276
2277         Reviewed by Ryosuke Niwa.
2278
2279         assignedSlot property should be on Text, not CharacterData as per:
2280         - https://dom.spec.whatwg.org/#mixin-slotable
2281
2282         Align with the latest specification.
2283
2284         No new tests, rebaselined existing test.
2285
2286         * CMakeLists.txt:
2287         * DerivedSources.make:
2288         * WebCore.xcodeproj/project.pbxproj:
2289         * dom/Element.idl:
2290         * dom/NonDocumentTypeChildNode.idl:
2291         * dom/Slotable.idl: Copied from Source/WebCore/dom/NonDocumentTypeChildNode.idl.
2292         * dom/Text.idl:
2293
2294 2016-07-06  Jeremy Jones  <jeremyj@apple.com>
2295
2296         Do not animate video fullscreen exit when page has navigated away.
2297         https://bugs.webkit.org/show_bug.cgi?id=159479
2298
2299         Reviewed by Eric Carlson.
2300
2301         No new tests there is no effect on the DOM. The only effect is to video fullscreen window animation.
2302
2303         When the page has been navigated away, the fullscreen or picture-in-picture window should
2304         not animate back inline in the page, since the page has already navigated to a new page.
2305         Instead exit the fullscreen mode without animating.
2306
2307         * html/HTMLMediaElement.cpp:
2308         (WebCore::HTMLMediaElement::exitFullscreen):
2309
2310 2016-07-06  Jeremy Jones  <jeremyj@apple.com>
2311
2312         Signal that media element is prepared for inline when being stopped since script won't be able to.
2313         https://bugs.webkit.org/show_bug.cgi?id=159163
2314         rdar://problem/26844557
2315
2316         Reviewed by Jer Noble.
2317
2318         No new tests since this don't change behavior in the DOM. It prevents a race that could cause 
2319         fullscreen and picture in picture to fail to tear down completely.
2320   
2321         When an element exits a fullscreen mode and is immediately removed from the DOM by the page, 
2322         its JavaScript stops running. The fullscreen code is then blocked waiting for JS to signal 
2323         that it has updated its state in preparation for inline mode. This change explicitly signals
2324         this since JS wont be able to.
2325
2326         Additionally, when going from PiP back to inline, don't go through fullscreen first, when the 
2327         request comes from the DOM. This was causing the presentation mode to become confused. The
2328         page requests inline. PiP would exit back to fullscreen and set the presentation mode to
2329         fullscreen. Then it would exit fullscreen back to inline, but the DOM still had the wrong
2330         presentation mode. Skipping this removes an unnecessary step in the animation and keeps the
2331         presentation mode state consistent.
2332
2333         * html/HTMLMediaElement.cpp:
2334         (WebCore::HTMLMediaElement::stopWithoutDestroyingMediaPlayer):
2335         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm: Set prepared for inline.
2336         (WebVideoFullscreenInterfaceAVKit::exitFullscreen): Return directly to inlne.
2337
2338 2016-07-06  Chris Dumez  <cdumez@apple.com>
2339
2340         Add support for Node.isConnected
2341         https://bugs.webkit.org/show_bug.cgi?id=159474
2342         <rdar://problem/27197947>
2343
2344         Reviewed by Ryosuke Niwa.
2345
2346         Add support for Node.isConnected as per:
2347         - https://dom.spec.whatwg.org/#dom-node-isconnected
2348
2349         Chrome already supports this.
2350
2351         Test: imported/w3c/web-platform-tests/dom/nodes/Node-isConnected.html
2352
2353         * dom/Node.idl:
2354
2355 2016-07-06  Brady Eidson  <beidson@apple.com>
2356
2357         Update IndexedDB's status on the feature page (How had we not done this already?)
2358
2359         Rubberstamped by Sam Weinig.
2360
2361         * features.json:
2362
2363 2016-07-06  Antoine Quint  <graouts@apple.com>
2364
2365         <img> with a wide gamut PDF does not display using a wide gamut color space
2366         https://bugs.webkit.org/show_bug.cgi?id=158983
2367         <rdar://problem/25720247>
2368
2369         Reviewed by Tim Horton.
2370
2371         Calls to ImageBuffer::createCompatibleBuffer() that do not provide an explicit
2372         color space will now infer the color space from the provided graphics context
2373         on platforms using CG. The method signature that takes in a GraphicsContext
2374         without a color space is now split into a CG-specified implementation and a
2375         Cairo one to avoid having diverging platform code in ImageBuffer.cpp.
2376
2377         Some call sites need to provide an explicit color space still, so we add a new
2378         ImageBuffer::createCompatibleBuffer() that allows for that while inferring
2379         sizing and scaling from a GraphicsContext.
2380         
2381         All signatures of ImageBuffer::createCompatibleBuffer() are losing the
2382         hasAlpha parameter which was always ignored. All call sites that were using
2383         hasAlpha have been updated.
2384
2385         In addition, we make all the IOSurface and IOSurfacePool code, which is
2386         CG-specific, use the plaform-specific type CGColorSpaceRef instead of ColorSpace
2387         so that we may pick up on the color space copied over from the graphics context
2388         in the CG-specific implementation of ImageBuffer::createCompatibleBuffer().
2389
2390         * html/canvas/CanvasRenderingContext2D.cpp:
2391         (WebCore::CanvasRenderingContext2D::drawTextInternal):
2392         * platform/graphics/GradientImage.cpp:
2393         (WebCore::GradientImage::drawPattern):
2394         * platform/graphics/ImageBuffer.cpp:
2395         (WebCore::ImageBuffer::createCompatibleBuffer):
2396         * platform/graphics/ImageBuffer.h:
2397         * platform/graphics/NamedImageGeneratedImage.cpp:
2398         (WebCore::NamedImageGeneratedImage::drawPattern):
2399         * platform/graphics/cairo/ImageBufferCairo.cpp:
2400         (WebCore::ImageBuffer::createCompatibleBuffer):
2401         * platform/graphics/cg/IOSurfacePool.cpp:
2402         (WebCore::surfaceMatchesParameters):
2403         (WebCore::IOSurfacePool::takeSurface):
2404         * platform/graphics/cg/IOSurfacePool.h:
2405         * platform/graphics/cg/ImageBufferCG.cpp:
2406         (WebCore::ImageBuffer::createCompatibleBuffer):
2407         (WebCore::ImageBuffer::ImageBuffer):
2408         * platform/graphics/cocoa/IOSurface.h:
2409         * platform/graphics/cocoa/IOSurface.mm:
2410         (WebCore::IOSurface::surfaceFromPool):
2411         (WebCore::IOSurface::create):
2412         (WebCore::IOSurface::createFromSendRight):
2413         (WebCore::IOSurface::createFromSurface):
2414         (WebCore::IOSurface::createFromImage):
2415         (WebCore::IOSurface::IOSurface):
2416         (WebCore::IOSurface::ensurePlatformContext):
2417         * platform/mac/ThemeMac.mm:
2418         (WebCore::ThemeMac::drawCellOrFocusRingWithViewIntoContext):
2419         * platform/spi/cg/CoreGraphicsSPI.h:
2420         * rendering/RenderBoxModelObject.cpp:
2421         (WebCore::RenderBoxModelObject::paintFillLayerExtended):
2422         * rendering/RenderThemeMac.mm:
2423         (WebCore::RenderThemeMac::paintProgressBar):
2424         * rendering/svg/SVGRenderingContext.cpp:
2425         (WebCore::SVGRenderingContext::bufferForeground):
2426         * svg/graphics/SVGImage.cpp:
2427         (WebCore::SVGImage::drawPatternForContainer):
2428
2429 2016-07-06  Tim Horton  <timothy_horton@apple.com>
2430
2431         Long spin editing text at top of message containing Reader version of web page with many GIFs
2432         https://bugs.webkit.org/show_bug.cgi?id=159444
2433         <rdar://problem/26790386>
2434
2435         Reviewed by Sam Weinig.
2436
2437         * editing/cocoa/HTMLConverter.mm:
2438         (fileWrapperForElement):
2439         Instead of looking up the image's data in the cache by URL, just use the
2440         CachedImage on the HTMLImageElement. There are situations (which seem to involve
2441         cloning the DOM then having the cloned DOM get garbage collected) where the image
2442         can be removed from the cache, but still be live in the document.
2443
2444 2016-07-06  Brady Eidson  <beidson@apple.com>
2445
2446         Hold RefPtr<>'s to UniqueIDBDatabases while performing user delete.
2447         https://bugs.webkit.org/show_bug.cgi?id=159471
2448
2449         Reviewed by Brent Fulgham.
2450
2451         * Modules/indexeddb/server/IDBServer.cpp:
2452         (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesModifiedSince):
2453         (WebCore::IDBServer::IDBServer::closeAndDeleteDatabasesForOrigins):
2454
2455 2016-07-06  Commit Queue  <commit-queue@webkit.org>
2456
2457         Unreviewed, rolling out r202725.
2458         https://bugs.webkit.org/show_bug.cgi?id=159473
2459
2460         didn't reduce coreui memory usage (Requested by kling on
2461         #webkit).
2462
2463         Reverted changeset:
2464
2465         "[Mac] Get rid of the old timey rubber-banding linen pattern."
2466         https://bugs.webkit.org/show_bug.cgi?id=159329
2467         http://trac.webkit.org/changeset/202725
2468
2469 2016-07-06  Philippe Normand  <pnormand@igalia.com>
2470
2471         [GStreamer] duration query improvements
2472         https://bugs.webkit.org/show_bug.cgi?id=159458
2473
2474         Reviewed by Carlos Garcia Campos.
2475
2476         Currently the player caches the result of the duration query but
2477         this is overkill because it's cached by playbin already. The only
2478         time where the player needs to cache the duration is when EOS was
2479         reached because in that situation the query would fail.
2480
2481         No new tests, existing media tests cover this patch.
2482
2483         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2484         (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer): Member variables update.
2485         (WebCore::MediaPlayerPrivateGStreamer::load): Stop the fill timer
2486         before loading a new URL, the same player can be used for
2487         different assets.
2488         (WebCore::MediaPlayerPrivateGStreamer::playbackPosition): Perform
2489         a duration query, the duration value is no longer locally cached.
2490         (WebCore::MediaPlayerPrivateGStreamer::duration): Return cached value only after EOS was reached.
2491         (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired): Perform
2492         a duration query, the duration value is no longer locally cached.
2493         (WebCore::MediaPlayerPrivateGStreamer::maxTimeSeekable): Ditto.
2494         (WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded): Ditto.
2495         (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress): Ditto.
2496         (WebCore::MediaPlayerPrivateGStreamer::updateStates): Remove duration caching support.
2497         (WebCore::MediaPlayerPrivateGStreamer::didEnd): Ditto.
2498         (WebCore::MediaPlayerPrivateGStreamer::durationChanged): Ditto.
2499         (WebCore::MediaPlayerPrivateGStreamer::cacheDuration): Deleted.
2500         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
2501
2502 2016-07-06  Manuel Rego Casasnovas  <rego@igalia.com>
2503
2504         [css-grid] Height percentages are not properly resolved for item's children
2505         https://bugs.webkit.org/show_bug.cgi?id=159258
2506
2507         Reviewed by Sergio Villar Senin.
2508
2509         When grid items are vertically stretched (default behavior)
2510         they store their height on RenderBox::overrideLogicalContentHeight().
2511         In order to resolve the percentage height on the grid item's children
2512         we need to use that size.
2513
2514         Test: fast/css-grid-layout/percent-resolution-grid-item-children.html
2515
2516         * rendering/RenderBox.cpp:
2517         (WebCore::RenderBox::computePercentageLogicalHeight):
2518
2519 2016-07-06  Zan Dobersek  <zdobersek@igalia.com>
2520
2521         [GTK] Better guard TextureMapper header and CMake includes
2522         https://bugs.webkit.org/show_bug.cgi?id=159415
2523
2524         Reviewed by Carlos Garcia Campos.
2525
2526         * PlatformGTK.cmake: Only include TextureMapper.cmake if USE_TEXTURE_MAPPER is enabled.
2527         * platform/graphics/GraphicsContext3DPrivate.h: Guard texmap header inclusions with USE(TEXTURE_MAPPER).
2528         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h: Ditto, but wrap it around
2529         the existing USE(TEXTURE_MAPPER_GL) block.
2530
2531 2016-07-05  Olivier Blin  <olivier.blin@softathome.com>
2532
2533         [GStreamer] Do not build MediaPlayerPrivateGStreamerOwr when VIDEO is disabled
2534         https://bugs.webkit.org/show_bug.cgi?id=159425
2535
2536         Reviewed by Philippe Normand.
2537
2538         MediaPlayer backends are useful and can be built only when VIDEO is enabled.
2539
2540         No new tests, behavior is unchanged.
2541
2542         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
2543         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.h:
2544
2545 2016-07-05  Per Arne Vollan  <pvollan@apple.com>
2546
2547         [Win] Layout Test http/tests/security/contentSecurityPolicy/source-list-parsing-10.html is failing
2548         https://bugs.webkit.org/show_bug.cgi?id=147646
2549
2550         Reviewed by Brent Fulgham.
2551
2552         Fix build error when CSP_NEXT is disabled.
2553
2554         * DerivedSources.cpp:
2555
2556 2016-07-05  David Kilzer  <ddkilzer@apple.com>
2557
2558         Throw exceptions for invalid number of channels for ConvolverNode
2559         <https://webkit.org/b/159238>
2560
2561         Reviewed by Brent Fulgham.
2562
2563         Fix based on a Blink change (patch by <rtoy@chromium.org>):
2564         <https://chromium.googlesource.com/chromium/src.git/+/0cc26bbb7175aec77910d0b47faf9f8c8a640fe5>
2565
2566         Also includes a related fix for ReverbConvolverStage (patch by <rtoy@chromium.org>):
2567         <https://src.chromium.org/viewvc/blink?revision=157832&view=revision>
2568
2569         Test: webaudio/convolver-channels.html
2570
2571         * Modules/webaudio/ConvolverNode.cpp:
2572         (WebCore::ConvolverNode::setBuffer): Throw an exception for
2573         anything but 1, 2 or 4 channels.
2574         * platform/audio/ReverbConvolverStage.cpp:
2575         (WebCore::ReverbConvolverStage::ReverbConvolverStage): Don't read past the end of
2576         the impulseResponse array.
2577
2578 2016-07-05  Johan K. Jensen  <jj@johanjensen.dk>
2579
2580         Web Inspector: Sending XHR with UTF8 encoded data shows garbled data in Resource sidebar
2581         https://bugs.webkit.org/show_bug.cgi?id=159358
2582
2583         Reviewed by Joseph Pecoraro.
2584
2585         Test: http/tests/inspector/network/xhr-request-data-encoded-correctly.html
2586
2587         * inspector/InspectorNetworkAgent.cpp:
2588         (WebCore::buildObjectForResourceRequest):
2589         * inspector/NetworkResourcesData.cpp:
2590         (WebCore::NetworkResourcesData::setResourceContent):
2591
2592 2016-07-05  Chris Fleizach  <cfleizach@apple.com>
2593
2594         AX: Image attachment in email does not show up in AX tree
2595         https://bugs.webkit.org/show_bug.cgi?id=159422
2596
2597         Reviewed by Joanmarie Diggs.
2598
2599         When an image loads after the accessibility tree has already been created, the ignored status
2600         of that image does not get updated.
2601
2602         Test: accessibility/image-load-on-delay.html
2603
2604         * rendering/RenderImage.cpp:
2605         (WebCore::RenderImage::imageChanged):
2606
2607 2016-07-05  Alex Christensen  <achristensen@webkit.org>
2608
2609         Fix Windows build.
2610         https://bugs.webkit.org/show_bug.cgi?id=159103
2611
2612         * Modules/indexeddb/IDBActiveDOMObject.h:
2613         (WebCore::IDBActiveDOMObject::callFunctionOnOriginThread):
2614         WTF.
2615
2616 2016-07-05  Enrica Casucci  <enrica@apple.com>
2617
2618         HTMLAttachment elements don't receive clicks after the first on iOS.
2619         https://bugs.webkit.org/show_bug.cgi?id=159310
2620         rdar://problem/25776940
2621
2622         Reviewed by Tim Horton.
2623
2624         shouldSelectOnMouseDown() now returns false on iOS.
2625
2626         * html/HTMLAttachmentElement.h:
2627
2628 2016-07-05  Brady Eidson  <beidson@apple.com>
2629
2630         IDBDatabase can null deref its ScriptExecutionContext inside connectionToServerLost.
2631         <rdar://problem/27169924> and https://bugs.webkit.org/show_bug.cgi?id=159432
2632
2633         Reviewed by Alex Christensen.
2634
2635         No new tests (Targeted test not possible, covered peripherally by all IDB tests).
2636
2637         * Modules/indexeddb/IDBActiveDOMObject.h:
2638         * Modules/indexeddb/IDBDatabase.cpp:
2639         (WebCore::IDBDatabase::connectionToServerLost): Make sure there is still a script execution context.
2640
2641 2016-07-01  Jer Noble  <jer.noble@apple.com>
2642
2643         REGRESSION (r202641): Netflix playback stalls after a few seconds
2644         https://bugs.webkit.org/show_bug.cgi?id=159365
2645
2646         Reviewed by Eric Carlson.
2647
2648         Test: LayoutTests/media/media-source/media-source-small-gap.html
2649
2650         In r202641, we removed a "fudge factor" of 1 millisecond added onto the duration
2651         of every sample for the purposes of calculating a SourceBuffer's buffered ranges.
2652         Netflix (and likely other providers) have streams that have 1 "timeScale" gaps
2653         between segments (e.g., 1/9000s, 1/3003s, etc.). Fill those gaps by looking for
2654         the previous and next samples and extending the buffered range to cover the gaps
2655         if they're short enough. We have to ensure that we correctly remove those extended
2656         durations when we remove samples from the SourceBuffer as well.
2657
2658         * Modules/mediasource/SourceBuffer.cpp:
2659         (WebCore::removeSamplesFromTrackBuffer):
2660         (WebCore::SourceBuffer::removeCodedFrames):
2661         (WebCore::SourceBuffer::sourceBufferPrivateDidReceiveSample):
2662
2663 2016-07-05  Brady Eidson  <beidson@apple.com>
2664
2665         Database process crashes deleting a corrupt SQLite database file (null deref).
2666         https://bugs.webkit.org/show_bug.cgi?id=155506.
2667
2668         Reviewed by Alex Christensen.
2669
2670         Covered by new API test.
2671
2672         * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
2673         (WebCore::IDBServer::SQLiteIDBBackingStore::deleteBackingStore): Null check.
2674
2675 2016-07-05  Brady Eidson  <beidson@apple.com>
2676
2677         TransactionOperations can get destroyed on the wrong thread.
2678         https://bugs.webkit.org/show_bug.cgi?id=159103
2679
2680         Reviewed by Alex Christensen.
2681
2682         No new tests (Very racy, not feasible to write a dedicated test for, caught on bots occasionally as-is).
2683
2684         * Modules/indexeddb/IDBActiveDOMObject.h:
2685         (WebCore::IDBActiveDOMObject::callFunctionOnOriginThread):
2686         
2687         * Modules/indexeddb/client/IDBConnectionProxy.cpp:
2688         (WebCore::IDBClient::IDBConnectionProxy::completeOperation): Pass the last ref to the operation to its
2689           origin thread to be deleted there.
2690         
2691         * Modules/indexeddb/client/TransactionOperation.h:
2692         (WebCore::IDBClient::TransactionOperation::performCompleteOnOriginThread):
2693
2694 2016-07-05  Youenn Fablet  <youenn@apple.com>
2695
2696         Remove CredentialRequest ResourceLoaderOptions
2697         https://bugs.webkit.org/show_bug.cgi?id=159404
2698
2699         Reviewed by Sam Weinig.
2700
2701         No observable change of behavior.
2702         Removing CredentialRequest from ResourceLoaderOptions and replacing it by FetchOptions::Credentials.
2703         As per https://fetch.spec.whatwg.org/#http-fetch, credentials flag is set according FetchOptions::Credentials.
2704
2705         * loader/DocumentLoader.cpp:
2706         (WebCore::DocumentLoader::startLoadingMainResource): Set credentials mode to Include.
2707         * loader/DocumentThreadableLoader.cpp:
2708         (WebCore::DocumentThreadableLoader::redirectReceived): Disable credentials if credentials mode is SameOrigin
2709         (request being cross origin).
2710         * loader/MediaResourceLoader.cpp: Refqctoring to use CachedResourceReauest::setAsPotentiallyCrossOrigin.
2711         Removed unnecessary ResourceRequest copy by using the mutable request of CachedResourceRequest.
2712         (WebCore::MediaResourceLoader::requestResource):
2713         * loader/NetscapePlugInStreamLoader.cpp:
2714         (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader): Set credential mode  to Include
2715         * loader/ResourceLoaderOptions.h: Removing CredentialRequest option.
2716         (WebCore::ResourceLoaderOptions::ResourceLoaderOptions):
2717         (WebCore::ResourceLoaderOptions::credentialRequest): Deleted.
2718         (WebCore::ResourceLoaderOptions::setCredentialRequest): Deleted.
2719         * loader/cache/CachedResourceLoader.cpp:
2720         (WebCore::CachedResourceLoader::requestUserCSSStyleSheet): Set credential mode to Include.
2721         (WebCore::CachedResourceLoader::defaultCachedResourceOptions): Ditto.
2722         * loader/cache/CachedResourceRequest.cpp:
2723         (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin): Set credential mode according crossorigin
2724         atribute value.
2725         * loader/icon/IconLoader.cpp:
2726         (WebCore::IconLoader::startLoading): Set credential mode to Omit.
2727         * page/EventSource.cpp:
2728         (WebCore::EventSource::connect): Set credential mode according crossorigin atribute value.
2729         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
2730         (WebCore::WebCoreAVCFResourceLoader::startLoading): Set credential mode to Omit.
2731         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
2732         (WebCore::WebCoreAVFResourceLoader::startLoading): Ditto.
2733         * platform/network/ResourceHandleTypes.h: Removed definition of CredentialRequest.
2734         * xml/XMLHttpRequest.cpp:
2735         (WebCore::XMLHttpRequest::createRequest): Set credential mode according crossorigin atribute value.
2736
2737 2016-07-04  Fujii Hironori  <Hironori.Fujii@sony.com>
2738
2739         [GTK] Null Node dereference in FrameSelection::notifyAccessibilityForSelectionChange of FrameSelectionAtk.cpp
2740         https://bugs.webkit.org/show_bug.cgi?id=159411
2741
2742         Reviewed by Carlos Garcia Campos.
2743
2744         Tests:
2745             editing/selection/selection-in-iframe-removed-crash.html
2746
2747         * editing/atk/FrameSelectionAtk.cpp:
2748         (WebCore::FrameSelection::notifyAccessibilityForSelectionChange):
2749         Added a null check for the return value of containerNode().
2750
2751 2016-07-04  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
2752
2753         [EFL] Remove mac configuration dependency in WebKit Version definition
2754         https://bugs.webkit.org/show_bug.cgi?id=159407
2755
2756         Reviewed by Yusuke Suzuki.
2757
2758         EFL port has been used Version.xconfig file in WebKit/mac/Configurations
2759         in order to generate WebKitVersion.h file. But it can be simply defined
2760         in cmake.
2761
2762         * PlatformEfl.cmake: Remove WebKitVersion.h generation.
2763         * platform/efl/UserAgentEfl.cpp:
2764         (WebCore::versionForUAString): Use USER_AGENT_EFL_MAJOR_VERSION and USER_AGENT_EFL_MINOR_VERSION.
2765
2766 2016-07-04  Carlos Garcia Campos  <cgarcia@igalia.com>
2767
2768         [Coordinated Graphics] Modernize and cleanup CompositingCoordinator
2769         https://bugs.webkit.org/show_bug.cgi?id=159212
2770
2771         Reviewed by Žan Doberšek.
2772
2773         Use references instead of pointers when possible.
2774
2775         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
2776         (WebCore::CoordinatedGraphicsLayer::paintToSurface):
2777         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
2778         * platform/graphics/texmap/coordinated/CoordinatedImageBacking.cpp:
2779         (WebCore::CoordinatedImageBacking::update):
2780         * platform/graphics/texmap/coordinated/CoordinatedImageBacking.h:
2781         * platform/graphics/texmap/coordinated/CoordinatedSurface.h:
2782         * platform/graphics/texmap/coordinated/Tile.cpp:
2783         (WebCore::Tile::updateBackBuffer):
2784         * platform/graphics/texmap/coordinated/TiledBackingStoreClient.h:
2785
2786 2016-07-04  Youenn Fablet  <youenn@apple.com>
2787
2788         Remove RequestOriginPolicy from ResourceLoaderOptions
2789         https://bugs.webkit.org/show_bug.cgi?id=159406
2790
2791         Reviewed by Sam Weinig.
2792
2793         Using FetchOptions::mode in lieu of ResourceLoaderOptions::RequestOriginPolicy.
2794         The cors, no-cors and same-origin values match PotentiallyCrossOriginEnabled,
2795         UseDefaultOriginRestrictionsForType and RestrictToSameOrigin, default being
2796         cors/UseDefaultOriginRestrictionsForType as per fetch specification.
2797
2798         No change of behavior.
2799
2800         * css/CSSImageSetValue.cpp:
2801         (WebCore::CSSImageSetValue::cachedImageSet):
2802         * css/CSSImageValue.cpp:
2803         (WebCore::CSSImageValue::cachedImage):
2804         * loader/DocumentLoader.cpp:
2805         (WebCore::DocumentLoader::startLoadingMainResource):
2806         * loader/MediaResourceLoader.cpp:
2807         (WebCore::MediaResourceLoader::requestResource):
2808         * loader/NetscapePlugInStreamLoader.cpp:
2809         (WebCore::NetscapePlugInStreamLoader::NetscapePlugInStreamLoader):
2810         * loader/ResourceLoaderOptions.h:
2811         (WebCore::ResourceLoaderOptions::ResourceLoaderOptions):
2812         (WebCore::ResourceLoaderOptions::requestOriginPolicy): Deleted.
2813         (WebCore::ResourceLoaderOptions::setRequestOriginPolicy): Deleted.
2814         * loader/SubresourceLoader.cpp:
2815         (WebCore::SubresourceLoader::init):
2816         (WebCore::SubresourceLoader::willSendRequestInternal):
2817         * loader/cache/CachedResourceLoader.cpp:
2818         (WebCore::CachedResourceLoader::requestUserCSSStyleSheet):
2819         (WebCore::CachedResourceLoader::canRequest):
2820         (WebCore::CachedResourceLoader::defaultCachedResourceOptions):
2821         * loader/cache/CachedResourceRequest.cpp:
2822         (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin):
2823         * loader/icon/IconLoader.cpp:
2824         (WebCore::IconLoader::startLoading):
2825         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
2826         (WebCore::WebCoreAVCFResourceLoader::startLoading):
2827         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
2828         (WebCore::WebCoreAVFResourceLoader::startLoading):
2829         * style/StylePendingResources.cpp:
2830         (WebCore::Style::loadPendingImage):
2831
2832 2016-07-04  Youenn Fablet  <youenn@apple.com>
2833
2834         Shield WebRTC JS built-ins from user scripts
2835         https://bugs.webkit.org/show_bug.cgi?id=155964
2836
2837         Reviewed by Sam Weinig.
2838
2839         Making use of Promise.prototype.@then instead of Promise.prototype.then.
2840         Covered by updated tests.
2841
2842         * Modules/mediastream/RTCPeerConnection.js:
2843         (createOffer):
2844         (createAnswer):
2845         (setLocalDescription):
2846         (setRemoteDescription):
2847         (addIceCandidate):
2848         (getStats):
2849         * Modules/mediastream/RTCPeerConnectionInternals.js:
2850         (enqueueOperation):
2851
2852 2016-07-04  Brady Eidson  <beidson@apple.com>
2853
2854         WebProcesses don't handle DatabaseProcess going away uncleanly..
2855         https://bugs.webkit.org/show_bug.cgi?id=159371
2856
2857         Reviewed by Alex Christensen.
2858
2859         Covered by new API test.
2860
2861         * Modules/indexeddb/IDBDatabase.cpp:
2862         (WebCore::IDBDatabase::didCloseFromServer):
2863         (WebCore::IDBDatabase::connectionToServerLost):
2864         * Modules/indexeddb/IDBDatabase.h:
2865         
2866         * Modules/indexeddb/client/IDBConnectionProxy.cpp:
2867         (WebCore::IDBClient::IDBConnectionProxy::connectionToServerLost): Notify all IDBDatabase
2868           connections, as well as all pending IDBOpenDBRequests, with the error about the
2869           server connection dropping.
2870         * Modules/indexeddb/client/IDBConnectionProxy.h:
2871         
2872         * Modules/indexeddb/client/IDBConnectionToServer.cpp:
2873         (WebCore::IDBClient::IDBConnectionToServer::connectionToServerLost):
2874         * Modules/indexeddb/client/IDBConnectionToServer.h:
2875         
2876         * Modules/indexeddb/shared/IDBError.h:
2877
2878 2016-07-04  Philippe Normand  <pnormand@igalia.com>
2879
2880         Release build with logging enabled fails
2881         https://bugs.webkit.org/show_bug.cgi?id=159403
2882
2883         Reviewed by Žan Doberšek.
2884
2885         Protect logging-related methods with !LOG_DISABLED.
2886
2887         * Modules/indexeddb/IDBDatabaseIdentifier.cpp:
2888         * Modules/indexeddb/IDBDatabaseIdentifier.h:
2889         * Modules/indexeddb/IDBKey.cpp:
2890         * Modules/indexeddb/IDBKey.h:
2891         * Modules/indexeddb/IDBKeyData.cpp:
2892         * Modules/indexeddb/IDBKeyData.h:
2893         * Modules/indexeddb/IDBKeyPath.cpp:
2894         (WebCore::IDBKeyPath::IDBKeyPath):
2895         * Modules/indexeddb/IDBKeyRangeData.cpp:
2896         * Modules/indexeddb/IDBKeyRangeData.h:
2897         * Modules/indexeddb/server/IndexValueEntry.cpp:
2898         (WebCore::IDBServer::IndexValueEntry::Iterator::isValid):
2899         * Modules/indexeddb/server/IndexValueStore.cpp:
2900         * Modules/indexeddb/server/IndexValueStore.h:
2901         * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
2902         (WebCore::IDBServer::MemoryIDBBackingStore::clearObjectStore):
2903         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2904         (WebCore::IDBServer::UniqueIDBDatabase::isVersionChangeInProgress):
2905         * Modules/indexeddb/shared/IDBDatabaseInfo.cpp:
2906         * Modules/indexeddb/shared/IDBDatabaseInfo.h:
2907         * Modules/indexeddb/shared/IDBIndexInfo.cpp:
2908         * Modules/indexeddb/shared/IDBIndexInfo.h:
2909         * Modules/indexeddb/shared/IDBObjectStoreInfo.cpp:
2910         * Modules/indexeddb/shared/IDBObjectStoreInfo.h:
2911         * Modules/indexeddb/shared/IDBResourceIdentifier.cpp:
2912         * Modules/indexeddb/shared/IDBResourceIdentifier.h:
2913         * Modules/indexeddb/shared/IDBTransactionInfo.cpp:
2914         * Modules/indexeddb/shared/IDBTransactionInfo.h:
2915         * page/SecurityOriginData.cpp:
2916         * page/SecurityOriginData.h:
2917
2918 2016-07-04  Commit Queue  <commit-queue@webkit.org>
2919
2920         Unreviewed, rolling out r202556.
2921         https://bugs.webkit.org/show_bug.cgi?id=159399
2922
2923         introduces deadlocks (Requested by philn on #webkit).
2924
2925         Reverted changeset:
2926
2927         "[GStreamer] improved duration query support in the HTTP
2928         source element"
2929         https://bugs.webkit.org/show_bug.cgi?id=159204
2930         http://trac.webkit.org/changeset/202556
2931
2932 2016-07-03  Carlos Garcia Campos  <cgarcia@igalia.com>
2933
2934         [image-decoders] Make ImageDecoder::size() lazily decode the image if needed to return a valid size
2935         https://bugs.webkit.org/show_bug.cgi?id=159297
2936
2937         Reviewed by Antonio Gomes.
2938
2939         It's otherwise confusing leading to bugs like #159089.
2940
2941         * platform/image-decoders/ImageDecoder.cpp:
2942         (WebCore::ImageDecoder::createFrameImageAtIndex): Check the size at the beginning and return early if it's
2943         empty. We no longer need to check the size after calling frameBufferAtIndex().
2944         * platform/image-decoders/ImageDecoder.h:
2945         (WebCore::ImageDecoder::size): Check first is size is available, which lazily decodes the image.
2946         (WebCore::ImageDecoder::scaledSize): Remove const.
2947         (WebCore::ImageDecoder::frameSizeAtIndex): Ditto.
2948         * platform/image-decoders/ico/ICOImageDecoder.cpp:
2949         (WebCore::ICOImageDecoder::size): Ditto.
2950         (WebCore::ICOImageDecoder::frameSizeAtIndex): Ditto.
2951         * platform/image-decoders/ico/ICOImageDecoder.h:
2952
2953 2016-07-02  Youenn Fablet  <youenn@apple.com>
2954
2955         Synchronous preflight checker should set loading options to not use credentials
2956         https://bugs.webkit.org/show_bug.cgi?id=159351
2957
2958         Reviewed by Alex Christensen.
2959
2960         Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials.
2961
2962         No change of behavior as preflight request is expressly set to not use credentials in
2963         createAccessControlPreflightRequest.
2964
2965         * loader/CrossOriginPreflightChecker.cpp:
2966         (WebCore::CrossOriginPreflightChecker::doPreflight):
2967
2968 2016-07-01  Commit Queue  <commit-queue@webkit.org>
2969
2970         Unreviewed, rolling out r202766.
2971         https://bugs.webkit.org/show_bug.cgi?id=159382
2972
2973         The new test asserts every time (Requested by ap on #webkit).
2974
2975         Reverted changeset:
2976
2977         "Web Inspector: Sending XHR with UTF8 encoded data shows
2978         garbled data in Resource sidebar"
2979         https://bugs.webkit.org/show_bug.cgi?id=159358
2980         http://trac.webkit.org/changeset/202766
2981
2982 2016-07-01  Zalan Bujtas  <zalan@apple.com>
2983
2984         prepareForDestruction() always needs to be called before destroying the Document object.
2985         https://bugs.webkit.org/show_bug.cgi?id=159372
2986         rdar://problem/26788150
2987
2988         Reviewed by Antti Koivisto.
2989
2990         We should never start destroying the Document object without calling prepareForDestruction() first.
2991         It ensures that render tree gets nuked before we start tearing down the node tree.
2992
2993         Test: fast/history/page-cache-destroy-document.html
2994
2995         * dom/Document.cpp:
2996         (WebCore::Document::removedLastRef):
2997
2998 2016-07-01  Johan K. Jensen  <jj@johanjensen.dk>
2999
3000         Web Inspector: Sending XHR with UTF8 encoded data shows garbled data in Resource sidebar
3001         https://bugs.webkit.org/show_bug.cgi?id=159358
3002
3003         Reviewed by Joseph Pecoraro.
3004
3005         Test: http/tests/inspector/network/xhr-request-data-encoded-correctly.html
3006
3007         * inspector/InspectorNetworkAgent.cpp:
3008         (WebCore::buildObjectForResourceRequest):
3009
3010 2016-07-01  Dean Jackson  <dino@apple.com>
3011
3012         "image-src" support is missing. We only support "-webkit-image-src"
3013         https://bugs.webkit.org/show_bug.cgi?id=159373
3014         <rdar://problem/27140443>
3015
3016         Patch by Brent Fulgham and Dean Jackson.
3017         Reviewed by Dean Jackson and Brent Fulgham.
3018
3019         Support unprefixed image-set.
3020
3021         Test: fast/css/image-set-unprefixed.html
3022
3023         * css/CSSImageSetValue.cpp:
3024         (WebCore::CSSImageSetValue::customCSSText):
3025         * css/CSSParser.cpp:
3026         (WebCore::isImageSetFunctionValue): New helper function
3027         that checks prefixed and unprefixed form.
3028         (WebCore::CSSParser::parseValue): Use the helper.
3029         (WebCore::CSSParser::parseContent):
3030         (WebCore::CSSParser::parseFillImage):
3031         (WebCore::CSSParser::parseBorderImage):
3032
3033 2016-07-01  Chris Dumez  <cdumez@apple.com>
3034
3035         Possible null Range dereference under AXObjectCache::visiblePositionFromCharacterOffset()
3036         https://bugs.webkit.org/show_bug.cgi?id=159330
3037         <rdar://problem/27123752>
3038
3039         Reviewed by Benjamin Poulain.
3040
3041         rangeForUnorderedCharacterOffsets() can return a null Range but we failed
3042         to do a null check before dereferencing it.
3043
3044         * accessibility/AXObjectCache.cpp:
3045         (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
3046
3047 2016-07-01  Chris Dumez  <cdumez@apple.com>
3048
3049         Regression(r199087): window.focus() / window.close() can no longer be called by a Window's opener
3050         https://bugs.webkit.org/show_bug.cgi?id=159364
3051         <rdar://problem/27117169>
3052
3053         Reviewed by Gavin Barraclough.
3054
3055         window.focus() / window.close() could no longer be called by a Window's opener
3056         after r199087, which would break focusing of open iWork documents on icloud.com.
3057
3058         Before r199087, we would construct a new function in the caller's context every
3059         time window.focus and window.close was accessed. r199087 fixed the issue so that
3060         we always call the same function. However, those functions are using
3061         [CallWith=Document] and they are were no longer passed the *caller*'s document
3062         as a result. This broke focus / close permission checking as the code needed the
3063         caller's document to do the check.
3064
3065         This patch introduces [CallWith=CallerDocument] and [CallWith=CallerWindow] so
3066         that the implementation can now pass the caller's Document / Window to the
3067         implementation. The bindings rely on JSDOMWindow's callerDOMWindow() to get the
3068         caller DOMWindow / document. This new functionality is now used for window.close
3069         and window.focus to unbreak their permission checking.
3070
3071         Test: fast/dom/Window/child-window-focus.html
3072
3073         * bindings/scripts/CodeGeneratorJS.pm:
3074         (GenerateCallWith):
3075         * bindings/scripts/IDLAttributes.txt:
3076         * page/DOMWindow.cpp:
3077         (WebCore::DOMWindow::focus):
3078         * page/DOMWindow.h:
3079         * page/DOMWindow.idl:
3080
3081 2016-07-01  Chris Dumez  <cdumez@apple.com>
3082
3083         [iOS] Possible null Range dereference under computeAutocorrectionContext()
3084         https://bugs.webkit.org/show_bug.cgi?id=159328
3085         <rdar://problem/26766720>
3086
3087         Reviewed by Benjamin Poulain.
3088
3089         * editing/Editor.cpp:
3090         (WebCore::Editor::compositionRange):
3091         * editing/Editor.h:
3092         Update to return a RefPtr instead of a PassRefPtr and use nullptr
3093         instead of 0 in the implementation.
3094
3095 2016-07-01  Jon Davis  <jond@apple.com>
3096
3097         Updated Picture element and WOFF 2 status
3098         https://bugs.webkit.org/show_bug.cgi?id=159356
3099
3100         Reviewed by Timothy Hatcher.
3101         
3102         Status updates and clean-up to move Web Animations and Resource Timing entries from JSC to WebCore.
3103
3104         * features.json:
3105
3106 2016-07-01  Andreas Kling  <akling@apple.com>
3107
3108         Add early return when processing content extensions if there aren't any.
3109         <https://webkit.org/b/159363>
3110
3111         Reviewed by Antti Koivisto.
3112
3113         Short-circuit outta there if there aren't any extensions to query.
3114
3115         * contentextensions/ContentExtensionsBackend.cpp:
3116         (WebCore::ContentExtensions::ContentExtensionsBackend::processContentExtensionRulesForLoad):
3117
3118 2016-07-01  Eric Carlson  <eric.carlson@apple.com>
3119
3120         HTMLMediaElement::resume() may cause JavaScript execution
3121         https://bugs.webkit.org/show_bug.cgi?id=159327
3122         <rdar://problem/27131641>
3123
3124         Reviewed by Jer Noble.
3125
3126         HTMLMediaElement::updatePlayState can cause an element to begin playing and enter fullscreen,
3127         which can result in a call to the media controls and JavaScript execution. Javascript is not
3128         allowed allowed to run when a page resumes, so make the call to updatePlayState asynchronous.
3129
3130         No new tests, I wasn't able to create a test that triggers the crash.
3131
3132         * html/HTMLMediaElement.cpp:
3133         (WebCore::HTMLMediaElement::scheduleDelayedAction): Support UpdatePlayState.
3134         (WebCore::HTMLMediaElement::pendingActionTimerFired): Ditto.
3135         (WebCore::HTMLMediaElement::setReadyState): UpdateMediaState -> UpdateState.
3136         (WebCore::HTMLMediaElement::playInternal): Don't call updateMediaController, it is called
3137           by updatePlayState.
3138         (WebCore::HTMLMediaElement::setMuted): UpdateMediaState -> UpdateState.
3139         (WebCore::HTMLMediaElement::mediaPlayerTimeChanged): Ditto.
3140         (WebCore::HTMLMediaElement::mediaEngineWasUpdated): Update media state asynchronously.
3141         (WebCore::HTMLMediaElement::updatePlayState): Add parameter to allow update to happen
3142           asynchronously.
3143         (WebCore::HTMLMediaElement::setPlaying): UpdateMediaState -> UpdateState.
3144         (WebCore::HTMLMediaElement::setPausedInternal): Update media state asynchronously.
3145         (WebCore::HTMLMediaElement::mediaPlayerCurrentPlaybackTargetIsWirelessChanged):  
3146           UpdateMediaState -> UpdateState.
3147         (WebCore::HTMLMediaElement::removeEventListener): Ditto.
3148         (WebCore::HTMLMediaElement::enqueuePlaybackTargetAvailabilityChangedEvent): Ditto.
3149         (WebCore::HTMLMediaElement::updateMediaState): UpdateMediaState -> UpdateState
3150         * html/HTMLMediaElement.h:
3151         * html/HTMLMediaElementEnums.h: Add UpdatePlayState.
3152
3153 2016-07-01  Brady Eidson  <beidson@apple.com>
3154
3155         Blob content type not preserved when retrieving blobs from IndexedDB.
3156         <rdar://problem/27057357> and https://bugs.webkit.org/show_bug.cgi?id=159360
3157
3158         Reviewed by Alex Christensen.
3159
3160         Test: storage/indexeddb/modern/blob-svg-image.html
3161
3162         * fileapi/Blob.cpp:
3163         (WebCore::Blob::Blob):
3164
3165         * fileapi/ThreadableBlobRegistry.cpp:
3166         (WebCore::postToMainThread):
3167         (WebCore::ThreadableBlobRegistry::registerBlobURLOptionallyFileBacked): Pass along the content type
3168           to the blob registry so that if the file-backed blob takes over, it has the content type.
3169         (WebCore::threadableQueue): Deleted.
3170         * fileapi/ThreadableBlobRegistry.h:
3171
3172         * platform/network/BlobRegistry.h:
3173
3174         * platform/network/BlobRegistryImpl.cpp:
3175         (WebCore::BlobRegistryImpl::registerBlobURL):
3176         (WebCore::BlobRegistryImpl::registerBlobURLOptionallyFileBacked):
3177         * platform/network/BlobRegistryImpl.h:
3178
3179 2016-07-01  Youenn Fablet  <youenn@apple.com>
3180
3181         Make ResourceLoaderOptions derive from FetchOptions
3182         https://bugs.webkit.org/show_bug.cgi?id=159345
3183
3184         Reviewed by Alex Christensen.
3185
3186         No change of behavior.
3187
3188         * Modules/fetch/FetchLoader.cpp:
3189         (WebCore::FetchLoader::start):
3190         * loader/CrossOriginPreflightChecker.cpp:
3191         (WebCore::CrossOriginPreflightChecker::startPreflight):
3192         * loader/ResourceLoaderOptions.h:
3193         (WebCore::ResourceLoaderOptions::fetchOptions): Deleted.
3194         (WebCore::ResourceLoaderOptions::setFetchOptions): Deleted.
3195         * loader/SubresourceLoader.cpp:
3196         (WebCore::SubresourceLoader::willSendRequestInternal):
3197         * loader/ThreadableLoader.h: Removing securityOrigin field (left over from https://bugs.webkit.org/show_bug.cgi?id=159221)
3198
3199 2016-07-01  Per Arne Vollan  <pvollan@apple.com>
3200
3201         [Win] Animations tests are crashing in debug mode.
3202         https://bugs.webkit.org/show_bug.cgi?id=159335
3203
3204         Reviewed by Alex Christensen.
3205
3206         A MSVC runtime check fails because an uninitialized variable is being used.
3207
3208         * css/StyleResolver.cpp:
3209         (WebCore::StyleResolver::keyframeStylesForAnimation):
3210
3211 2016-07-01  Youenn Fablet  <youennf@gmail.com>
3212
3213         Add a runtime flag for DOM iterators
3214         https://bugs.webkit.org/show_bug.cgi?id=159300
3215
3216         Reviewed by Alex Christensen.
3217
3218         * Modules/fetch/FetchHeaders.idl: Making iterator runtime-enabled.
3219         * bindings/generic/RuntimeEnabledFeatures.h:
3220         (WebCore::RuntimeEnabledFeatures::setDOMIteratorEnabled):
3221         (WebCore::RuntimeEnabledFeatures::domIteratorEnabled):
3222         * bindings/scripts/CodeGeneratorJS.pm:
3223         (ToMethodName): Fixing dOM -> dom casing issue.
3224         (GenerateImplementation): Using addIterableProperties new method.
3225         (addIterableProperties): Activating property addition according runtime flag if iterator is rnutime flagged.
3226         * bindings/scripts/IDLParser.pm:
3227         (parseOptionalIterableInterface): Adding extendedAttributes to iterable.
3228         * bindings/scripts/test/JS/JSTestNode.cpp:
3229         (WebCore::JSTestNodePrototype::finishCreation):
3230         * bindings/scripts/test/JS/JSTestObj.cpp:
3231         (WebCore::JSTestObjPrototype::finishCreation):
3232         * bindings/scripts/test/TestNode.idl: Making iterator runtime-enabled.
3233         * bindings/scripts/test/TestObj.idl: Ditto.
3234         * css/FontFaceSet.idl: Ditto.
3235         * dom/NodeList.idl: Ditto.
3236
3237 2016-07-01  Frederic Wang  <fwang.igalia.com>
3238
3239         Eliminate trailing whitespace in MathML code
3240         https://bugs.webkit.org/show_bug.cgi?id=159091
3241
3242         Reviewed by Alex Christensen.
3243
3244         No new tests, behavior is unchanged.
3245
3246         * rendering/mathml/RenderMathMLBlock.cpp:
3247         (WebCore::RenderMathMLBlock::baselinePosition):
3248         (WebCore::RenderMathMLBlock::paint):
3249         (WebCore::parseMathMLNamedSpace):
3250         * rendering/mathml/RenderMathMLBlock.h:
3251         * rendering/mathml/RenderMathMLFenced.cpp:
3252         (WebCore::RenderMathMLFenced::updateFromElement):
3253         (WebCore::RenderMathMLFenced::addChild):
3254         * rendering/mathml/RenderMathMLFenced.h:
3255         * rendering/mathml/RenderMathMLFraction.cpp:
3256         (WebCore::RenderMathMLFraction::styleDidChange):
3257         (WebCore::RenderMathMLFraction::paint):
3258         * rendering/mathml/RenderMathMLFraction.h:
3259         * rendering/mathml/RenderMathMLMath.h:
3260         * rendering/mathml/RenderMathMLMenclose.h:
3261         * rendering/mathml/RenderMathMLOperator.cpp:
3262         * rendering/mathml/RenderMathMLOperator.h:
3263         * rendering/mathml/RenderMathMLRoot.cpp:
3264         (WebCore::RenderMathMLRoot::paint):
3265         * rendering/mathml/RenderMathMLScripts.cpp:
3266         * rendering/mathml/RenderMathMLSpace.cpp:
3267         * rendering/mathml/RenderMathMLSpace.h:
3268         * rendering/mathml/RenderMathMLToken.h:
3269         * rendering/mathml/RenderMathMLUnderOver.cpp:
3270         * rendering/mathml/RenderMathMLUnderOver.h:
3271
3272 2016-07-01  Frederic Wang  <fwang@igalia.com>
3273
3274         Small cleanup: Remove unused functions RenderObject::isRenderMathML*Wrapper
3275         https://bugs.webkit.org/show_bug.cgi?id=159333
3276
3277         Reviewed by Alex Christensen.
3278
3279         After the refactoring of RenderMathMLRoot and RenderMathMLScripts, the anonymous flexbox
3280         wrappers used in the old layout implementation have been removed. We thus remove the
3281         corresponding isRender* function from RenderObject.
3282
3283         No new tests, behavior is unchanged.
3284
3285         * rendering/RenderObject.h:
3286         (WebCore::RenderObject::isRenderMathMLRootWrapper): Deleted.
3287         (WebCore::RenderObject::isRenderMathMLScriptsWrapper): Deleted.
3288
3289 2016-07-01  Andreas Kling  <akling@apple.com>
3290
3291         [Mac] Get rid of the old timey rubber-banding linen pattern.
3292         <https://webkit.org/b/159329>
3293
3294         Reviewed by Benjamin Poulain.
3295
3296         Remove the "ScrollingOverhang" custom GraphicsLayer appearance since that was only used to
3297         install the old timey linen pattern behind the web content.
3298
3299         We now always just set the overhang area's background color to the document background color.
3300
3301         This fixes an issue where we could end up loading the linen pattern and keeping it in memory
3302         despite never actually showing it on screen.
3303
3304         * platform/ScrollbarTheme.h:
3305         (WebCore::ScrollbarTheme::setUpOverhangAreasLayerContents): Deleted.
3306         * platform/graphics/GraphicsLayer.cpp:
3307         * platform/graphics/GraphicsLayer.h:
3308         * platform/graphics/ca/cocoa/PlatformCALayerCocoa.mm:
3309         (PlatformCALayerCocoa::updateCustomAppearance):
3310         * platform/mac/ScrollbarThemeMac.h:
3311         * platform/mac/ScrollbarThemeMac.mm:
3312         (WebCore::linenBackgroundColor): Deleted.
3313         (WebCore::ScrollbarThemeMac::setUpOverhangAreaBackground): Deleted.
3314         (WebCore::ScrollbarThemeMac::removeOverhangAreaBackground): Deleted.
3315         (WebCore::ScrollbarThemeMac::setUpOverhangAreasLayerContents): Deleted.
3316         * rendering/RenderLayerCompositor.cpp:
3317         (WebCore::RenderLayerCompositor::updateOverflowControlsLayers):
3318         (WebCore::RenderLayerCompositor::setRootExtendedBackgroundColor):
3319
3320 2016-06-30  Jiewen Tan  <jiewen_tan@apple.com>
3321
3322         Create a generic "linked-on-or-after" check for new CSP Rules
3323         https://bugs.webkit.org/show_bug.cgi?id=159322
3324         <rdar://problem/27117220>
3325
3326         Reviewed by Brent Fulgham.
3327
3328         Create a generic "linked-on-or-after" check for new CSP Rules and cleanup
3329         quirks for Ecobee, Quora and XtraMat.
3330
3331         * platform/RuntimeApplicationChecks.h:
3332         * platform/RuntimeApplicationChecks.mm:
3333         (WebCore::IOSApplication::isEcobee): Deleted.
3334         (WebCore::IOSApplication::isQuora): Deleted.
3335         (WebCore::IOSApplication::isXtraMath): Deleted.
3336
3337 2016-06-30  Antti Koivisto  <antti@apple.com>
3338
3339         WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
3340         https://bugs.webkit.org/show_bug.cgi?id=159307
3341         <rdar://problem/26184868>
3342
3343         Reviewed by Andreas Kling.
3344
3345         Pseudo elements are resolved in RenderTreeUpdater (instead of Style::TreeResolver). Their resolution may trigger
3346         resource loads which can cause synchronous layout (when failing synchronously) and lead to destruction of the
3347         the style resolver in post layout task.
3348
3349         No known reliable way to test this.
3350
3351         * style/RenderTreeUpdater.cpp:
3352         (WebCore::RenderTreeUpdater::commit):
3353
3354             Use PostResolutionCallbackDisabler in RenderTreeUpdater similarly to Style::TreeResolver. This prevents
3355             post layout tasks from running synchronously and closes this particular crash path.
3356
3357 2016-06-30  Antoine Quint  <graouts@apple.com>
3358
3359         Drawing an SVG image into a <canvas> that is not in the DOM draws the wrong region
3360         https://bugs.webkit.org/show_bug.cgi?id=159276
3361
3362         Reviewed by Dean Jackson.
3363
3364         In the event where the <img> element that we are passing to CanvasRenderingContext2D.drawImage()
3365         points to an SVG resource, we ensure that the container for the SVG image is sized to match the
3366         HTML element. The necessity for setting this container size, explained in webkit.org/b/148845,
3367         is that we must ensure a cached image does not have an outdated container size.
3368
3369         Tests: svg/as-image/img-with-svg-resource-in-dom-and-drawImage.html
3370                svg/as-image/img-with-svg-resource-in-dom-no-size-and-drawImage.html
3371                svg/as-image/img-with-svg-resource-not-in-dom-and-drawImage.html
3372                svg/as-image/img-with-svg-resource-not-in-dom-no-size-and-drawImage.html
3373
3374         * html/canvas/CanvasRenderingContext2D.cpp:
3375         (WebCore::CanvasRenderingContext2D::drawImage):
3376
3377 2016-06-30  Eric Carlson  <eric.carlson@apple.com>
3378
3379         getUserMedia() exposed, but not functional
3380         https://bugs.webkit.org/show_bug.cgi?id=158393
3381         <rdar://problem/26642259>
3382
3383         Reviewed by Dean Jackson.
3384         
3385         Set default value of the Media Stream runtime flag to false on Mac OS X and iOS until the
3386         browser support is in place.
3387
3388         * bindings/generic/RuntimeEnabledFeatures.cpp:
3389         (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures): Disable media stream by default
3390         on Mac OS X and iOS.
3391         * bindings/generic/RuntimeEnabledFeatures.h:
3392
3393 2016-06-30  Commit Queue  <commit-queue@webkit.org>
3394
3395         Unreviewed, rolling out r202676.
3396         https://bugs.webkit.org/show_bug.cgi?id=159314
3397
3398         This change caused storage/websql tests to crash on Mac and
3399         iOS WK1 (Requested by ryanhaddad on #webkit).
3400
3401         Reverted changeset:
3402
3403         "Purge PassRefPtr in Modules/webdatabase"
3404         https://bugs.webkit.org/show_bug.cgi?id=159255
3405         http://trac.webkit.org/changeset/202676
3406