Remove hasStaticPropertyTable (part 5: done!)
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-06-19  Gavin & Ellie Barraclough  <barraclough@apple.com>
2
3         Remove hasStaticPropertyTable (part 5: done!)
4         https://bugs.webkit.org/show_bug.cgi?id=158431
5
6         Reviewed by Chris Dumez.
7
8         * bindings/scripts/CodeGeneratorJS.pm:
9         (GenerateHeader):
10             - remove hasStaticPropertyTable.
11         * bindings/scripts/test/JS/JSInterfaceName.h:
12         (WebCore::JSInterfaceName::create):
13         * bindings/scripts/test/JS/JSTestActiveDOMObject.h:
14         (WebCore::JSTestActiveDOMObject::create):
15         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.h:
16         (WebCore::JSTestClassWithJSBuiltinConstructor::create):
17         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
18         (WebCore::JSTestCustomConstructorWithNoInterfaceObject::create):
19         * bindings/scripts/test/JS/JSTestCustomNamedGetter.h:
20         (WebCore::JSTestCustomNamedGetter::create):
21         * bindings/scripts/test/JS/JSTestEventConstructor.h:
22         (WebCore::JSTestEventConstructor::create):
23         * bindings/scripts/test/JS/JSTestEventTarget.h:
24         (WebCore::JSTestEventTarget::create):
25         * bindings/scripts/test/JS/JSTestException.h:
26         (WebCore::JSTestException::create):
27         * bindings/scripts/test/JS/JSTestGenerateIsReachable.h:
28         (WebCore::JSTestGenerateIsReachable::create):
29         * bindings/scripts/test/JS/JSTestGlobalObject.h:
30         * bindings/scripts/test/JS/JSTestInterface.h:
31         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.h:
32         (WebCore::JSTestJSBuiltinConstructor::create):
33         * bindings/scripts/test/JS/JSTestMediaQueryListListener.h:
34         (WebCore::JSTestMediaQueryListListener::create):
35         * bindings/scripts/test/JS/JSTestNamedConstructor.h:
36         (WebCore::JSTestNamedConstructor::create):
37         * bindings/scripts/test/JS/JSTestNode.h:
38         * bindings/scripts/test/JS/JSTestNondeterministic.h:
39         (WebCore::JSTestNondeterministic::create):
40         * bindings/scripts/test/JS/JSTestObj.h:
41         (WebCore::JSTestObj::create):
42         * bindings/scripts/test/JS/JSTestOverloadedConstructors.h:
43         (WebCore::JSTestOverloadedConstructors::create):
44         * bindings/scripts/test/JS/JSTestOverrideBuiltins.h:
45         (WebCore::JSTestOverrideBuiltins::create):
46         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.h:
47         (WebCore::JSTestSerializedScriptValueInterface::create):
48         * bindings/scripts/test/JS/JSTestTypedefs.h:
49         (WebCore::JSTestTypedefs::create):
50         * bindings/scripts/test/JS/JSattribute.h:
51         (WebCore::JSattribute::create):
52         * bindings/scripts/test/JS/JSreadonly.h:
53         (WebCore::JSreadonly::create):
54
55 2016-06-19  Youenn Fablet  <youenn.fablet@crf.canon.fr>
56
57         The JSBuiltinConstructor feature can't handle a JS interface extending an other JS interface
58         https://bugs.webkit.org/show_bug.cgi?id=158834
59
60         Reviewed by Eric Carlson.
61
62         No change of behavior.
63
64         * bindings/scripts/CodeGeneratorJS.pm:
65         (GenerateHeader): Explicitly setting DOMWrapped type definition from
66         JSXX class deriving from another JSYY class.
67         * bindings/scripts/test/JS/JSTestEventTarget.h: Rebased.
68         * bindings/scripts/test/JS/JSTestNode.h: Ditto.
69
70 2016-06-18  Antti Koivisto  <antti@apple.com>
71
72         Use time literals in WebCore
73         https://bugs.webkit.org/show_bug.cgi?id=158905
74
75         Reviewed by Andreas Kling.
76
77         std::chrono::milliseconds(1) -> 1ms etc.
78
79         * dom/Document.cpp:
80         (WebCore::Document::minimumLayoutDelay):
81         (WebCore::Document::elapsedTime):
82         * fileapi/FileReader.cpp:
83         (WebCore::FileReader::create):
84         * inspector/InspectorOverlay.cpp:
85         (WebCore::InspectorOverlay::showPaintRect):
86         * loader/CrossOriginPreflightResultCache.cpp:
87         (WebCore::CrossOriginPreflightResultCache::CrossOriginPreflightResultCache):
88         * loader/ProgressTracker.cpp:
89         (WebCore::ProgressTracker::progressStarted):
90         * loader/cache/CachedResource.cpp:
91         (WebCore::CachedResource::freshnessLifetime):
92         * page/ChromeClient.h:
93         * page/DOMTimer.cpp:
94         (WebCore::DOMTimer::intervalClampedToMinimum):
95         (WebCore::DOMTimer::alignedFireTime):
96         * page/DOMTimer.h:
97         * page/FrameView.cpp:
98         (WebCore::FrameView::scrollPositionChanged):
99         * page/ResourceUsageThread.cpp:
100         (WebCore::ResourceUsageThread::threadBody):
101         * page/Settings.cpp:
102         (WebCore::Settings::Settings):
103         * page/mac/ServicesOverlayController.mm:
104         (WebCore::ServicesOverlayController::remainingTimeUntilHighlightShouldBeShown):
105         * platform/graphics/FontCache.cpp:
106         (WebCore::FontCache::fontForFamily):
107         * platform/network/CacheValidation.cpp:
108         (WebCore::computeCurrentAge):
109         (WebCore::computeFreshnessLifetimeForHTTPFamily):
110
111 2016-06-17  Benjamin Poulain  <benjamin@webkit.org>
112
113         :indeterminate pseudo-class should match radios whose group has no checked radio
114         https://bugs.webkit.org/show_bug.cgi?id=156270
115
116         Reviewed by Simon Fraser.
117
118         The pseudo-class ":indeterminate" is supposed to match radio buttons
119         for which the entire group has no checked button.
120         Spec: https://html.spec.whatwg.org/#pseudo-classes:selector-indeterminate
121
122         The change is straightforward with one non-obvious choice:
123         I added matchesIndeterminatePseudoClass() in addition to shouldAppearIndeterminate().
124
125         The reason is shouldAppearIndeterminate() is used for styling and AX of elements
126         with an indeterminate states (check boxes and progress element). There is no such
127         UI for radio boxes.
128         I could have extended shouldAppearIndeterminate() to radio box
129         then filter out this case in RenderTheme. The problem is doing that would also requires
130         changes to the repaint logic to match :indeterminate. It seemed overkill to me to
131         change repaint() for a case that is never used in practice.
132
133         Tests: fast/css/pseudo-indeterminate-radio-buttons-basics.html
134                fast/css/pseudo-indeterminate-with-radio-buttons-style-invalidation.html
135                fast/selectors/detached-radio-button-checked-and-indeterminate-states.html
136                fast/selectors/pseudo-indeterminate-with-radio-buttons-style-update.html
137
138         * css/SelectorCheckerTestFunctions.h:
139         (WebCore::shouldAppearIndeterminate):
140         * dom/Element.cpp:
141         (WebCore::Element::matchesIndeterminatePseudoClass):
142         * dom/Element.h:
143         * dom/RadioButtonGroups.cpp:
144         (WebCore::RadioButtonGroup::setCheckedButton):
145         (WebCore::RadioButtonGroup::updateCheckedState):
146         (WebCore::RadioButtonGroup::remove):
147         (WebCore::RadioButtonGroup::setNeedsStyleRecalcForAllButtons):
148         (WebCore::RadioButtonGroups::hasCheckedButton):
149         * dom/RadioButtonGroups.h:
150         * html/CheckboxInputType.cpp:
151         (WebCore::CheckboxInputType::matchesIndeterminatePseudoClass):
152         (WebCore::CheckboxInputType::shouldAppearIndeterminate):
153         (WebCore::CheckboxInputType::supportsIndeterminateAppearance): Deleted.
154         * html/CheckboxInputType.h:
155         * html/HTMLInputElement.cpp:
156         (WebCore::HTMLInputElement::setChecked):
157         (WebCore::HTMLInputElement::matchesIndeterminatePseudoClass):
158         (WebCore::HTMLInputElement::shouldAppearIndeterminate):
159         (WebCore::HTMLInputElement::radioButtonGroups):
160         * html/HTMLInputElement.h:
161         * html/InputType.cpp:
162         (WebCore::InputType::matchesIndeterminatePseudoClass):
163         (WebCore::InputType::shouldAppearIndeterminate):
164         (WebCore::InputType::supportsIndeterminateAppearance): Deleted.
165         * html/InputType.h:
166         * html/RadioInputType.cpp:
167         (WebCore::RadioInputType::matchesIndeterminatePseudoClass):
168         (WebCore::RadioInputType::willDispatchClick): Deleted.
169         (WebCore::RadioInputType::didDispatchClick): Deleted.
170         (WebCore::RadioInputType::supportsIndeterminateAppearance): Deleted.
171         The iOS specific code is just plain wrong.
172         It was changing the indeterminate state of the input element.
173         The spec clearly says that state is only used by checkbox:
174         https://html.spec.whatwg.org/#dom-input-indeterminate
175
176         Moreover, the style update would not change the indeterminate state
177         of other buttons in the Button Group, which is just bizarre.
178         RenderThemeIOS does not make use of any of this with the current style.
179
180         * html/RadioInputType.h:
181         * style/StyleSharingResolver.cpp:
182         (WebCore::Style::SharingResolver::canShareStyleWithElement):
183         (WebCore::Style::canShareStyleWithControl): Deleted.
184         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes): Deleted.
185         Style sharing is unified behind the selector matching which is neat.
186
187 2016-06-17  Commit Queue  <commit-queue@webkit.org>
188
189         Unreviewed, rolling out r202152.
190         https://bugs.webkit.org/show_bug.cgi?id=158897
191
192         The new test is very unstable, timing out frequently
193         (Requested by ap on #webkit).
194
195         Reverted changeset:
196
197         "Web Inspector: console.profile should use the new Sampling
198         Profiler"
199         https://bugs.webkit.org/show_bug.cgi?id=153499
200         http://trac.webkit.org/changeset/202152
201
202 2016-06-17  Commit Queue  <commit-queue@webkit.org>
203
204         Unreviewed, rolling out r202068, r202115, and r202128.
205         https://bugs.webkit.org/show_bug.cgi?id=158896
206
207         The new test is very unstable, timing out frequently
208         (Requested by ap on #webkit).
209
210         Reverted changesets:
211
212         "decompose4 return value is unchecked, leading to potentially
213         uninitialized data."
214         https://bugs.webkit.org/show_bug.cgi?id=158761
215         http://trac.webkit.org/changeset/202068
216
217         "[mac] LayoutTest transforms/undecomposable.html is a flaky
218         timeout"
219         https://bugs.webkit.org/show_bug.cgi?id=158816
220         http://trac.webkit.org/changeset/202115
221
222         "[mac] LayoutTest transforms/undecomposable.html is a flaky
223         timeout"
224         https://bugs.webkit.org/show_bug.cgi?id=158816
225         http://trac.webkit.org/changeset/202128
226
227 2016-06-17  Chris Fleizach  <cfleizach@apple.com>
228
229         AX: HTML indeterminate IDL attribute not mapped to checkbox value=2 for native checkboxes
230         https://bugs.webkit.org/show_bug.cgi?id=158876
231         <rdar://problem/26842619>
232
233         Reviewed by Joanmarie Diggs.
234
235         The indeterminate state was not being reported for native checkboxes. 
236
237         Also the isIndeterminate() method was relying on whether the appearance changed, which does not happen on Mac, so that
238         was not being reported correctly. Changed that to check the actual attribute.
239
240         Test: accessibility/checkbox-mixed-value.html
241
242         * accessibility/AccessibilityNodeObject.cpp:
243         (WebCore::AccessibilityNodeObject::isIndeterminate):
244         (WebCore::AccessibilityNodeObject::isPressed):
245         (WebCore::AccessibilityNodeObject::checkboxOrRadioValue):
246         * accessibility/AccessibilityObject.cpp:
247         (WebCore::AccessibilityObject::checkboxOrRadioValue):
248
249 2016-06-17  Dean Jackson  <dino@apple.com>
250
251         REGRESSION (r199819): CrashTracer: [GraphicsContext3D::getInternalFramebufferSize
252         https://bugs.webkit.org/show_bug.cgi?id=158895
253         <rdar://problem/26423617>
254
255         Reviewed by Zalan Bujtas.
256
257         In r199819 we started resetting contexts if the page had too
258         many. Unfortunately there were entry points in the WebGL context
259         that didn't check for the validity of the object before trying
260         to access the lower level objects.
261
262         Test: webgl/many-contexts-access-after-loss.html
263
264         * html/canvas/WebGLRenderingContextBase.cpp:
265         (WebCore::WebGLRenderingContextBase::drawingBufferWidth): Return 0 if we're lost.
266         (WebCore::WebGLRenderingContextBase::drawingBufferHeight): Ditto.
267
268 2016-06-17  Daniel Bates  <dabates@apple.com>
269
270         Unreviewed, rolling out r202186.
271
272         Broke the Apple Windows, Apple Yosemite, GTK, and WinCairo
273         builds.
274
275         Reverted changeset:
276
277         "File scheme should not allow access of a resource on a
278         different volume."
279         https://bugs.webkit.org/show_bug.cgi?id=158552
280         http://trac.webkit.org/changeset/202186
281
282 2016-06-17  Daniel Bates  <dabates@apple.com>
283
284         Unreviewed, rolling out r202187.
285
286         202186
287
288         Reverted changeset:
289
290         "Unreviewed clean-up after r202186."
291         http://trac.webkit.org/changeset/202187
292
293 2016-06-17  Chris Dumez  <cdumez@apple.com>
294
295         Optimize parseCacheHeader() by using StringView
296         https://bugs.webkit.org/show_bug.cgi?id=158891
297
298         Reviewed by Darin Adler.
299
300         Optimize parseCacheHeader() and avoid some temporary String allocations
301         by using StringView. We now strip the whitespaces in the input string
302         at the beginning of the function, at the same as as we strip the
303         control characters. We are then able to leverage StringView in the
304         rest of the function to get substrings without the need for extra
305         String allocations.
306
307         * platform/network/CacheValidation.cpp:
308         (WebCore::isControlCharacterOrSpace):
309         (WebCore::trimToNextSeparator):
310         (WebCore::parseCacheHeader):
311
312 2016-06-17  Brent Fulgham  <bfulgham@apple.com>
313
314         Unreviewed clean-up after r202186.
315
316         * platform/FileSystem.cpp:
317         (WebCore::filesHaveSameVolume): Don't use C-style formatting.
318
319 2016-06-17  Pranjal Jumde  <pjumde@apple.com>
320
321         File scheme should not allow access of a resource on a different volume.
322         https://bugs.webkit.org/show_bug.cgi?id=158552
323         <rdar://problem/15307582>
324
325         Reviewed by Brent Fulgham.
326
327         Tests: Tools/TestWebKitAPI/Tests/mac/CrossPartitionFileSchemeAccess.mm
328
329         * page/SecurityOrigin.cpp:
330         (WebCore::SecurityOrigin::canDisplay):
331         * platform/FileSystem.cpp:
332         (WebCore::platformFileStat):
333         (WebCore::filesHaveSameVolume):
334         Returns true if the files are on the same volume
335         * platform/FileSystem.h:
336
337 2016-06-17  Antoine Quint  <graouts@apple.com>
338
339         Web video playback controls should have RTL volume slider
340         https://bugs.webkit.org/show_bug.cgi?id=158856
341         <rdar://problem/25971769>
342
343         Reviewed by Tim Horton.
344
345         We reproduce the system used to propagate the page scale factor from the WebPage to the media controls to
346         propagate the user interface layout direction.
347
348         The Page exposes a new setUserInterfaceLayoutDirection() method which is set by the WebPage. The Page
349         then notifies the Document of a change, which propagates down to registered media elements, and finally sets
350         the usesLTRUserInterfaceLayoutDirection property on the media controller object in the injected JavaScript.
351         Based on the value of that property we toggle a new .uses-ltr-user-interface-layout-direction CSS class on the
352         .volume-box which applies a translate to the right and flips the volume controls on the x axis.
353
354         Since we're setting a new JS property from HTMLMediaController, we refactor much of the code out of the existing
355         pageScaleFactorChanged() and setPageScaleFactorProperty() into the new setControllerJSProperty() method so that
356         can easily set a named JS property with a given JSValue.
357
358         For testing purposes, we expose the WebCore::Page::setUserInterfaceLayoutDirection() method through Internals.
359
360         Test: fullscreen/video-controls-rtl.html
361
362         * Modules/mediacontrols/mediaControlsApple.css:
363         (video:-webkit-full-screen::-webkit-media-controls-panel .volume-box:not(.uses-ltr-user-interface-layout-direction)):
364         * Modules/mediacontrols/mediaControlsApple.js:
365         (Controller.prototype.set usesLTRUserInterfaceLayoutDirection):
366         * WebCore.xcodeproj/project.pbxproj:
367         * dom/Document.cpp:
368         (WebCore::Document::registerForUserInterfaceLayoutDirectionChangedCallbacks):
369         (WebCore::Document::unregisterForUserInterfaceLayoutDirectionChangedCallbacks):
370         (WebCore::Document::userInterfaceLayoutDirectionChanged):
371         * dom/Document.h:
372         * html/HTMLMediaElement.cpp:
373         (WebCore::HTMLMediaElement::registerWithDocument):
374         (WebCore::HTMLMediaElement::unregisterWithDocument):
375         (WebCore::HTMLMediaElement::updatePageScaleFactorJSProperty):
376         (WebCore::HTMLMediaElement::updateUsesLTRUserInterfaceLayoutDirectionJSProperty):
377         (WebCore::HTMLMediaElement::setControllerJSProperty):
378         (WebCore::HTMLMediaElement::didAddUserAgentShadowRoot):
379         (WebCore::HTMLMediaElement::pageScaleFactorChanged):
380         (WebCore::HTMLMediaElement::userInterfaceLayoutDirectionChanged):
381         (WebCore::setPageScaleFactorProperty): Deleted.
382         * html/HTMLMediaElement.h:
383         * page/Page.cpp:
384         (WebCore::Page::setUserInterfaceLayoutDirection):
385         * page/Page.h:
386         (WebCore::Page::userInterfaceLayoutDirection):
387         * platform/UserInterfaceLayoutDirection.h: Renamed from Source/WebKit2/UIProcess/UserInterfaceLayoutDirection.h.
388         * testing/Internals.cpp:
389         (WebCore::Internals::setUserInterfaceLayoutDirection):
390         * testing/Internals.h:
391         * testing/Internals.idl:
392
393 2016-06-17  Chris Dumez  <cdumez@apple.com>
394
395         TouchEvent should have a constructor
396         https://bugs.webkit.org/show_bug.cgi?id=158883
397         <rdar://problem/26063585>
398
399         Reviewed by Benjamin Poulain.
400
401         TouchEvent should have a constructor:
402         - https://w3c.github.io/touch-events/#touchevent-interface
403
404         Chrome already ships this:
405         - https://bugs.chromium.org/p/chromium/issues/detail?id=508675
406
407         Test: fast/events/touch/touch-event-constructor.html
408
409         * bindings/js/JSDictionary.cpp:
410         (WebCore::JSDictionary::convertValue):
411         * bindings/js/JSDictionary.h:
412         * dom/TouchEvent.cpp:
413         (WebCore::TouchEvent::TouchEvent):
414         * dom/TouchEvent.h:
415         * dom/TouchEvent.idl:
416
417 2016-06-17  Zalan Bujtas  <zalan@apple.com>
418
419         Potential null dereferencing on a detached positioned renderer.
420         https://bugs.webkit.org/show_bug.cgi?id=158879
421
422         Reviewed by Simon Fraser.
423
424         This patch fixes the case when the while loop to search for the absolute positioned ancestor
425         returns null (it happens when positioned renderer has been detached from the render tree).
426
427         Speculative fix.
428
429         * rendering/RenderBlock.cpp:
430         (WebCore::RenderBlock::markFixedPositionObjectForLayoutIfNeeded):
431         * rendering/RenderBlock.h:
432
433 2016-06-17  Chris Dumez  <cdumez@apple.com>
434
435         URL hash setter does not remove fragment identifier if argument is an empty string
436         https://bugs.webkit.org/show_bug.cgi?id=158869
437         <rdar://problem/26863430>
438
439         Reviewed by Darin Adler.
440
441         URL hash setter and URLUtils hash setter should remove the fragment identifier
442         if set to "#" or "":
443         - https://url.spec.whatwg.org/#dom-url-hash
444         - https://html.spec.whatwg.org/multipage/semantics.html#dom-hyperlink-hash
445
446         This patch aligns our behavior with the specification and with other browsers
447         (tested Firefox and Chrome).
448
449         This patch also updates HTMLAnchorElement to inherit URLUtils to avoid code
450         duplication. HTMLAnchorElement already implements URLUtils in the IDL, as per
451         the specification:
452         - https://html.spec.whatwg.org/multipage/semantics.html#htmlanchorelement
453
454         No new tests, rebaselined existing tests.
455
456         * html/HTMLAnchorElement.cpp:
457         (WebCore::HTMLAnchorElement::origin): Deleted.
458         (WebCore::HTMLAnchorElement::text): Deleted.
459         (WebCore::HTMLAnchorElement::setText): Deleted.
460         (WebCore::HTMLAnchorElement::toString): Deleted.
461         (WebCore::HTMLAnchorElement::isLiveLink): Deleted.
462         (WebCore::HTMLAnchorElement::sendPings): Deleted.
463         (WebCore::HTMLAnchorElement::handleClick): Deleted.
464         (WebCore::HTMLAnchorElement::eventType): Deleted.
465         (WebCore::HTMLAnchorElement::treatLinkAsLiveForEventType): Deleted.
466         (WebCore::isEnterKeyKeydownEvent): Deleted.
467         (WebCore::shouldProhibitLinks): Deleted.
468         (WebCore::HTMLAnchorElement::willRespondToMouseClickEvents): Deleted.
469         (WebCore::rootEditableElementMap): Deleted.
470         (WebCore::HTMLAnchorElement::rootEditableElementForSelectionOnMouseDown): Deleted.
471         (WebCore::HTMLAnchorElement::clearRootEditableElementForSelectionOnMouseDown): Deleted.
472         (WebCore::HTMLAnchorElement::setRootEditableElementForSelectionOnMouseDown): Deleted.
473         * html/HTMLAnchorElement.h:
474         (WebCore::HTMLAnchorElement::invalidateCachedVisitedLinkHash): Deleted.
475         * html/URLUtils.h:
476         (WebCore::URLUtils<T>::setHash):
477
478 2016-06-17  John Wilander  <wilander@apple.com>
479
480         Ignore case in the check for security origin inheritance
481         https://bugs.webkit.org/show_bug.cgi?id=158878
482
483         Reviewed by Alex Christensen.
484
485         Darin Adler commented in https://bugs.webkit.org/show_bug.cgi?id=158855:
486         "Are these comparisons intentionally case sensitive? Shouldn’t they ignore ASCII 
487         case? We could use equalIgnoringASCIICase and equalLettersIgnoringASCIICase for 
488         those two lines instead of using ==. URL::parse normalizes letters in the scheme 
489         and host by using toASCIILower, but does not normalize letters elsewhere in the 
490         URL, such as in the "blank" or "srcdoc" in the above URLs."
491
492         Test: http/tests/dom/window-open-about-uppercase-blank-and-access-document.html
493
494         * platform/URL.cpp:
495         (WebCore::URL::shouldInheritSecurityOriginFromOwner):
496
497 2016-06-17  Hyungwook Lee  <hyungwook.lee@navercorp.com>
498
499         Fix compilation errors when we enable DUMP_NODE_STATISTICS in Node.h
500         https://bugs.webkit.org/show_bug.cgi?id=158868
501
502         Reviewed by Alex Christensen.
503
504         Fix compilation errors in Node.cpp when we enable DUMP_NODE_STATISTICS
505
506         * dom/Node.cpp:
507         (WebCore::Node::dumpStatistics):
508
509 2016-06-17  Per Arne Vollan  <pvollan@apple.com>
510
511         [Win] Scrolling in popup menu scrolls past last entry.
512         https://bugs.webkit.org/show_bug.cgi?id=158870
513
514         Reviewed by Brent Fulgham.
515
516         When the popup has a scrollbar, the content size is not equal to the popup window size.
517   
518         * platform/win/PopupMenuWin.cpp:
519         (WebCore::PopupMenuWin::contentsSize):
520
521 2016-06-17  Frederic Wang  <fwang@igalia.com>
522
523         Refactor RenderMathMLRoot layout function to avoid using flexbox
524         https://bugs.webkit.org/show_bug.cgi?id=153987
525
526         Reviewed by Brent Fulgham.
527
528         No new tests, already covered by existing tests.
529         A case for RTL root has been added to roots.xhtml.
530
531         We reimplement RenderMathMLRoot without any flexbox or anonymous.
532         The anonymous RenderMathMLRadicalOperator used to draw the radical sign is replaced with
533         the MathOperator class introduced in bug 152244.
534         msqrt (row of children under a square root) is now implemented directly in RenderMathMLRoot,
535         so RenderMathMLSquareRoot is removed and RenderMathMLRoot now inherits from RenderMathMLRow.
536
537         * CMakeLists.txt: Remove files for RenderMathMLRadicalOperator and RenderMathMLSquareRoot.
538         * WebCore.xcodeproj/project.pbxproj: ditto.
539         * accessibility/AccessibilityRenderObject.cpp: Update code now that we do not use any
540         radical wrappers.
541         (WebCore::AccessibilityRenderObject::isMathRow): Now that RenderMathMLRoot inherits from
542         RenderMathMLRow, we must exclude MathRoot or otherwise some accessibility code may treat
543         roots as rows.
544         (WebCore::AccessibilityRenderObject::mathRadicandObject): Return the first child for
545         Root/SquareRoot or nullptr.
546         (WebCore::AccessibilityRenderObject::mathRootIndexObject): Return the second child for
547         Root and nullptr for SquareRoot.
548         * mathml/MathMLInlineContainerElement.cpp:
549         (WebCore::MathMLInlineContainerElement::childrenChanged): We no longer need a special case
550         for msqrt, it is treated as a normal RenderMathMLRow.
551         (WebCore::MathMLInlineContainerElement::createElementRenderer): Make msqrt create a
552         RenderMathMLRoot object.
553         * rendering/RenderObject.h:
554         (WebCore::RenderObject::isRenderMathMLRadicalOperator): Deleted.
555         * rendering/mathml/RenderMathMLBlock.cpp:
556         (WebCore::RenderMathMLBlock::mirrorIfNeeded): New function to mirror a child horizontal
557         offset according to the parent width.
558         (WebCore::RenderMathMLBlock::renderName):
559         * rendering/mathml/RenderMathMLBlock.h:
560         (WebCore::RenderMathMLBlock::mirrorIfNeeded): Moved from RenderMathMLScripts, just forward
561         call to the other mirrorIfNeeded function.
562         * rendering/mathml/RenderMathMLOperator.cpp: We no longer need this trailingSpaceError hack.
563         (WebCore::RenderMathMLOperator::trailingSpaceError): Deleted.
564         * rendering/mathml/RenderMathMLOperator.h: ditto.
565         * rendering/mathml/RenderMathMLRadicalOperator.cpp: Removed. The radical sign is now drawn
566         with a MathOperator.
567         * rendering/mathml/RenderMathMLRadicalOperator.h: Removed.
568         * rendering/mathml/RenderMathMLRoot.cpp: Complete refactoring to avoid using flexbox and
569         anonymous wrappers.
570         (WebCore::RenderMathMLRoot::RenderMathMLRoot): Set m_kind parameters to distinguish between
571         square root and general root and set the MathOperator member to draw the radical sign.
572         (WebCore::RenderMathMLRoot::isValid): Helper function to verify whether the child list is valid.
573         (WebCore::RenderMathMLRoot::getBase): Get the base of an mroot.
574         (WebCore::RenderMathMLRoot::getIndex): Get the index of an mroot.
575         (WebCore::RenderMathMLRoot::styleDidChange): Be sure to keep the style of the
576         MathOperator in sync with ours ; no need to skip empty roots.
577         (WebCore::RenderMathMLRoot::updateFromElement): Call the function from the new parent class ;
578         no need to skip empty roots.
579         (WebCore::RenderMathMLRoot::updateStyle): Remove the isEmpty ASSERT as it is valid to have
580         empty square root. Set the m_kernBeforeDegree, m_kernBeforeDegree members.
581         No need to set style for anonymous.
582         (WebCore::RenderMathMLRoot::computePreferredLogicalWidths): Implement this function.
583         (WebCore::RenderMathMLRoot::layoutBlock): Implement this function.
584         (WebCore::RenderMathMLRoot::paintChildren): Implement this function.
585         (WebCore::RenderMathMLRoot::paint): Remove the trailingSpaceError hack ;
586         paint the radical sign via MathOperator::paint
587         (WebCore::RenderMathMLRoot::baseWrapper): Deleted.
588         (WebCore::RenderMathMLRoot::radicalWrapper): Deleted.
589         (WebCore::RenderMathMLRoot::indexWrapper): Deleted.
590         (WebCore::RenderMathMLRoot::radicalOperator): Deleted.
591         (WebCore::RenderMathMLRoot::restructureWrappers): Deleted.
592         (WebCore::RenderMathMLRoot::addChild): Deleted.
593         (WebCore::RenderMathMLRoot::firstLineBaseline): Deleted.
594         (WebCore::RenderMathMLRoot::layout): Deleted.
595         (WebCore::RenderMathMLRootWrapper::createAnonymousWrapper): Deleted.
596         (WebCore::RenderMathMLRootWrapper::removeChildWithoutRestructuring): Deleted.
597         (WebCore::RenderMathMLRootWrapper::removeChild): Deleted.
598         * rendering/mathml/RenderMathMLRoot.h: Make RenderMathMLRoot inherit from RenderMathMLRow.
599         Make RenderMathMLRoot support <msqrt>.
600         Remove all the anonymous wrapper stuff and instead use a MathOperator for the radical symbol.
601         Update function declaration to implement layout without flexbox and add some helper functions.
602         * rendering/mathml/RenderMathMLRow.cpp: Allow to get the exact metrics of the chid row,
603         for use in RenderMathMLRoot.
604         (WebCore::RenderMathMLRow::computeLineVerticalStretch): rename parameters.
605         (WebCore::RenderMathMLRow::layoutRowItems): Set parameters to the final ascent, descent and
606         logical width of the chid row. Set the temporary logical width for RenderMathRoot before
607         laying the children out.
608         (WebCore::RenderMathMLRow::layoutBlock): Rename parameters ; add a dummy logicalWidth
609         parameter.
610         * rendering/mathml/RenderMathMLRow.h: Make some functions accessible or overridable by
611         RenderMathMLRoot. Make layoutRowItems return the final ascent, descent and logical width
612         after the chid row is laid out.
613         * rendering/mathml/RenderMathMLScripts.cpp: Move mirrorIfNeeded to RenderMathMLBlock.
614         (WebCore::RenderMathMLScripts::mirrorIfNeeded): Deleted.
615         * rendering/mathml/RenderMathMLScripts.h: Move mirrorIfNeeded to RenderMathMLBlock.
616         * rendering/mathml/RenderMathMLSquareRoot.cpp: Removed.
617         * rendering/mathml/RenderMathMLSquareRoot.h: Removed.
618         * rendering/mathml/MathOperator.cpp:
619         (WebCore::MathOperator::paint): Apply a mirroring scale transform to radical symbol
620         in RTL direction.
621
622 2016-06-17  Chris Dumez  <cdumez@apple.com>
623
624         Drop some unnecessary header includes
625         https://bugs.webkit.org/show_bug.cgi?id=158864
626
627         Reviewed by Alexey Proskuryakov.
628
629         Drop some unnecessary header includes to try and reduce build times.
630
631         * WebCore.xcodeproj/project.pbxproj:
632         * accessibility/AccessibilityList.cpp:
633         * css/CSSComputedStyleDeclaration.cpp:
634         * css/MediaQueryMatcher.cpp:
635         * css/StyleMedia.cpp:
636         * css/TransformFunctions.cpp:
637         * dom/NodeRenderStyle.h:
638         * dom/PseudoElement.h:
639         (isType): Deleted.
640         * html/HTMLTitleElement.cpp:
641         * html/shadow/MediaControlElementTypes.h:
642         * html/shadow/MediaControls.cpp:
643         * inspector/InspectorDOMAgent.h:
644         * inspector/InspectorLayerTreeAgent.h:
645         * inspector/InspectorPageAgent.cpp:
646         * page/scrolling/AsyncScrollingCoordinator.cpp:
647         * page/scrolling/ScrollingCoordinator.h:
648         * rendering/BidiRun.h:
649         * rendering/BorderEdge.h:
650         * rendering/RenderElement.h:
651         * rendering/RenderObject.h:
652         (WebCore::AnnotatedRegionValue::operator==): Deleted.
653         (WebCore::AnnotatedRegionValue::operator!=): Deleted.
654         * rendering/RenderObjectEnums.h: Added.
655         * rendering/RenderTheme.h:
656         * rendering/SimpleLineLayoutFlowContents.h:
657         * rendering/SimpleLineLayoutTextFragmentIterator.h:
658         * rendering/TextPainter.h:
659         * rendering/style/RenderStyle.h:
660         (WebCore::pseudoElementRendererIsNeeded):
661         * rendering/style/ShapeValue.cpp:
662         * rendering/style/ShapeValue.h:
663         * style/ClassChangeInvalidation.cpp:
664         * style/ClassChangeInvalidation.h:
665         * style/InlineTextBoxStyle.h:
666         * style/StyleUpdate.cpp:
667
668 2016-06-17  Andreas Kling  <akling@apple.com>
669
670         [iOS] Throw away linked code when navigating to a new page.
671         <https://webkit.org/b/153851>
672
673         Reviewed by Antti Koivisto.
674
675         When navigating to a new page, tell JSC to throw out any linked code it has lying around.
676         Linked code is tied to a specific global object, and as we're creating a new one for the
677         new page, none of it is useful to us here.
678
679         In the event that the user navigates back, the cost of relinking some code will be far
680         lower than the memory cost of keeping all of it around.
681
682         This was in-tree before but was rolled out due to regressing JSBench. It was a slowdown
683         due to the benchmark harness using top-level navigations to drive the tests.
684         This new version avoids that problem by only throwing out code if we haven't navigated
685         in the last 2 seconds. This also prevents excessive work in response to redirects.
686
687         I've also moved this into MemoryPressureHandler so we don't make a mess in FrameLoader.
688
689         * loader/FrameLoader.cpp:
690         (WebCore::FrameLoader::commitProvisionalLoad):
691         * platform/MemoryPressureHandler.cpp:
692         (WebCore::MemoryPressureHandler::jettisonExpensiveObjectsOnTopLevelNavigation):
693         * platform/MemoryPressureHandler.h:
694
695 2016-06-17  Youenn Fablet  <youenn.fablet@crf.canon.fr>
696
697         CORS preflight with a non-200 response should be a preflight failure
698         https://bugs.webkit.org/show_bug.cgi?id=111008
699
700         Reviewed by Darin Adler.
701
702         Covered by rebased tests.
703
704         * Modules/fetch/FetchResponse.h: Making use of ResourceResponse::isSuccessful.
705         * loader/CrossOriginPreflightChecker.cpp:
706         (WebCore::CrossOriginPreflightChecker::validatePreflightResponse): Checking that response status is code is
707         successful. If not, calling preflight failure callback.
708         (WebCore::CrossOriginPreflightChecker::startPreflight): Putting in manual redirection mode so that redirection
709         responses are processed as other responses.
710         * loader/ResourceLoaderOptions.h:
711         (WebCore::ResourceLoaderOptions::fetchOptions): Adding a non-const getter and fixing const getter to return a
712         const reference.
713         (WebCore::ResourceLoaderOptions::setFetchOptions): Passing options by reference.
714         * platform/network/ResourceResponseBase.cpp:
715         (WebCore::ResourceResponseBase::isSuccessful): Utility function.
716         * platform/network/ResourceResponseBase.h:
717
718 2016-06-17  Frederic Wang  <fwang@igalia.com>
719
720         MathOperator: Add fallback mechanisms for stretching and mirroring radical symbols
721         https://bugs.webkit.org/show_bug.cgi?id=156836
722
723         Reviewed by Sergio Villar Senin.
724
725         Some platforms do not have OpenType MATH fonts pre-installed and thus can not draw stretchy
726         operators using size variants or glyph assembly. This is especially problematic for the
727         radical symbol which is used to write roots. Currently, we have some fallback code to draw
728         that symbol using graphical primitives but it is a bit complex and makes the style of radical
729         inconsistent with the font used. We solve these issues by just scaling the base glyph via a
730         scale transform. Such scale transform is also used to mirror the radical symbol so that we
731         have some support for right-to-left roots until we can do glyph-level mirroring
732         via the OpenType rtlm feature.
733
734         Test: mathml/radical-fallback.html
735
736         * rendering/mathml/MathOperator.cpp: Add a constant for the code point U+221A of the radical.
737         (WebCore::MathOperator::reset): In general, we don't need any vertical scaling for radical
738         symbols so m_radicalVerticalScale is initialized to 1.
739         (WebCore::MathOperator::calculateStretchyData): If we don't have a font with a MATH table and we
740         try streching a radical, then we update the vertical metrics to match the target size and
741         set m_radicalVerticalScale to the value necessary to make the base glyph scaled to that size.
742         (WebCore::MathOperator::paint): For a radical operator, we may apply a scale transform of
743         parameters (radicalHorizontalScale, m_radicalVerticalScale) in order to support RTL
744         mirroring or vertical stretching.
745         * rendering/mathml/MathOperator.h: We add a m_radicalVerticalScale member to indicate the
746         scaling to apply to the base radical glyph when the stretchy fallback is necessary.
747         (WebCore::MathOperator::isStretched): The operator is also considered stretched when the
748         m_radicalVerticalScale is applied to the base size.
749         * rendering/mathml/RenderMathMLRadicalOperator.cpp: Remove code specific to the old fallback mechanism.
750         * rendering/mathml/RenderMathMLRadicalOperator.h: Ditto.
751
752 2016-06-16  Commit Queue  <commit-queue@webkit.org>
753
754         Unreviewed, rolling out r202147.
755         https://bugs.webkit.org/show_bug.cgi?id=158867
756
757         Broke scrolling tests on iOS Simulator (Requested by ap on
758         #webkit).
759
760         Reverted changeset:
761
762         "Focus event dispatched in iframe causes parent document to
763         scroll incorrectly"
764         https://bugs.webkit.org/show_bug.cgi?id=158629
765         http://trac.webkit.org/changeset/202147
766
767 2016-06-16  Benjamin Poulain  <bpoulain@apple.com>
768
769         :in-range & :out-of-range CSS pseudo-classes shouldn't match disabled or readonly inputs
770         https://bugs.webkit.org/show_bug.cgi?id=156530
771
772         Reviewed by Simon Fraser.
773
774         Elements should only match :in-range and :out-of-range
775         when they are candidate for constraint validation.
776
777         Tests: fast/css/pseudo-in-range-on-disabled-input-basics.html
778                fast/css/pseudo-in-range-on-readonly-input-basics.html
779                fast/css/pseudo-in-range-out-of-range-on-disabled-input-trivial.html
780                fast/css/pseudo-out-of-range-on-disabled-input-basics.html
781                fast/css/pseudo-out-of-range-on-readonly-input-basics.html
782                fast/selectors/in-range-out-of-range-style-update.html
783
784         * html/BaseDateAndTimeInputType.cpp:
785         (WebCore::BaseDateAndTimeInputType::minOrMaxAttributeChanged):
786         * html/NumberInputType.cpp:
787         (WebCore::NumberInputType::minOrMaxAttributeChanged):
788         I forgot to handle style update in r202143.
789         This is covered by the new style invalidation test.
790
791         * html/BaseDateAndTimeInputType.h:
792         * html/HTMLInputElement.cpp:
793         (WebCore::HTMLInputElement::isInRange):
794         (WebCore::HTMLInputElement::isOutOfRange):
795
796 2016-06-16  Frederic Wang  <fwang@igalia.com>
797
798         Add separate MathOperator for selection/measuring/drawing of stretchy operators
799         https://bugs.webkit.org/show_bug.cgi?id=152244
800
801         Reviewed by Brent Fulgham.
802
803         We complete the class to select, measure and draw stretchy operators that is independent
804         from RenderMathMLOperator. That way, we will be able use stretchy operator without having
805         to introduce & manage anonymous RenderMathMLOperator's
806         (e.g for <mroot>, <msqrt> and <mfenced>).
807
808         No new tests, already covered by existing tests.
809
810         * rendering/mathml/MathOperator.cpp:
811         (WebCore::ascentForGlyph): Add this helper function to get glyph ascent.
812         (WebCore::descentForGlyph): Add this helper function to get glyph descent.
813         (WebCore::MathOperator::reset): Initialize all the data and calculate ascent/descent of the
814         base glyph.
815         (WebCore::MathOperator::setSizeVariant): Set the width/ascent/descent.
816         (WebCore::MathOperator::setGlyphAssembly): Ditto.
817         (WebCore::MathOperator::calculateDisplayStyleLargeOperator): Remove the STIX Word hack and
818         change m_maxPreferredWidth to use the actual width instead.
819         (WebCore::MathOperator::stretchTo): New functions to execute the actual operator streching.
820         (WebCore::MathOperator::fillWithVerticalExtensionGlyph): Add a FIXME for bug 155434.
821         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph): Align all the glyph baselines on
822         the same axis, given by m_ascent.
823         Add a FIXME for bug 155434.
824         (WebCore::MathOperator::paintHorizontalGlyphAssembly): Ditto.
825         (WebCore::MathOperator::paint): Public function to do the painting.
826         (WebCore::MathOperator::paintVerticalGlyphAssembly): Deleted.
827         * rendering/mathml/MathOperator.h: Update declarations and make most of the members private.
828         (WebCore::MathOperator::ascent): Function to expose m_ascent.
829         (WebCore::MathOperator::descent): Function to expose m_descent.
830         * rendering/mathml/RenderMathMLOperator.cpp:
831         (WebCore::RenderMathMLOperator::stretchTo): Forward the stretching call to MathOperator.
832         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths): Unfold advanceForGlyph
833         since we delete RenderMathMLOperator::advanceForGlyph. Just rely on
834         MathOperator::maxPreferredWidth to determine the preferred width of stretchy operators.
835         For horizontal operators, we just use the width of the base glyph.
836         Finally, we remove the dirty flag on preferred logical width.
837         (WebCore::RenderMathMLOperator::rebuildTokenContent): Reinit the MathOperator instance.
838         (WebCore::RenderMathMLOperator::updateFromElement): Force more updates of
839         RenderMathMLOperator to avoid test breakage.
840         (WebCore::RenderMathMLOperator::styleDidChange): Call MathOperator::reset to take into
841         account style change.
842         (WebCore::RenderMathMLOperator::updateStyle): Remove unused code.
843         (WebCore::RenderMathMLOperator::firstLineBaseline): Use MathOperator::ascent() function.
844         (WebCore::RenderMathMLOperator::computeLogicalHeight): Use MathOperator::ascent() and
845         MathOperator::descent() functions to calculate the height.
846         (WebCore::RenderMathMLOperator::paint): Only stretched operators are treated specially.
847         We center horizontal operator and forward the paint() call to MathOperator.
848         (WebCore::RenderMathMLOperator::trailingSpaceError): The error is now just the difference
849         between the values returned by MathOperator::maxPreferredWidth() and
850         MathOperator::width().
851         (WebCore::boundsForGlyph): Deleted.
852         (WebCore::heightForGlyph): Deleted.
853         (WebCore::advanceWidthForGlyph): Deleted.
854         (WebCore::RenderMathMLOperator::updateStyle): Deleted.
855
856 2016-06-16  Jiewen Tan  <jiewen_tan@apple.com>
857
858         CSP: Content Security Policy should allow '*' to match the originating page's scheme
859         https://bugs.webkit.org/show_bug.cgi?id=158811
860         <rdar://problem/26819568>
861
862         Reviewed by Daniel Bates.
863
864         Tests: security/contentSecurityPolicy/image-with-file-url-allowed-by-img-src-star.html
865                security/contentSecurityPolicy/link-with-file-url-allowed-by-style-src-star.html
866                security/contentSecurityPolicy/script-with-file-url-allowed-by-script-src-star.html
867                security/contentSecurityPolicy/video-with-file-url-allowed-by-media-src-star.html
868
869         * page/csp/ContentSecurityPolicySourceList.cpp:
870         (WebCore::ContentSecurityPolicySourceList::isProtocolAllowedByStar):
871
872 2016-06-16  Chris Dumez  <cdumez@apple.com>
873
874         Add HTTPHeaderMap::set() overload taking a NSString*
875         https://bugs.webkit.org/show_bug.cgi?id=158857
876
877         Reviewed by Darin Adler.
878
879         Add HTTPHeaderMap::set() overloading taking a NSString* in addition to
880         the one taking a CFStringRef. It is useful for the Cocoa implementation
881         of ResourceRequest::doUpdateResourceRequest().
882
883         * platform/network/HTTPHeaderMap.h:
884         (WebCore::HTTPHeaderMap::set):
885
886 2016-06-16  Joseph Pecoraro  <pecoraro@apple.com>
887
888         Web Inspector: console.profile should use the new Sampling Profiler
889         https://bugs.webkit.org/show_bug.cgi?id=153499
890         <rdar://problem/24352431>
891
892         Reviewed by Timothy Hatcher.
893
894         Test: inspector/timeline/setInstruments-programmatic-capture.html
895
896         * inspector/InspectorTimelineAgent.cpp:
897         (WebCore::InspectorTimelineAgent::startFromConsole):
898         (WebCore::InspectorTimelineAgent::stopFromConsole):
899         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
900         (WebCore::InspectorTimelineAgent::startProgrammaticCapture):
901         (WebCore::InspectorTimelineAgent::stopProgrammaticCapture):
902         (WebCore::InspectorTimelineAgent::toggleInstruments):
903         (WebCore::InspectorTimelineAgent::toggleScriptProfilerInstrument):
904         (WebCore::InspectorTimelineAgent::toggleHeapInstrument):
905         (WebCore::InspectorTimelineAgent::toggleMemoryInstrument):
906         (WebCore::InspectorTimelineAgent::toggleTimelineInstrument):
907         * inspector/InspectorTimelineAgent.h:
908         Web implementation of console.profile/profileEnd.
909         Make helpers for startings / stopping instruments.
910
911 2016-06-16  John Wilander  <wilander@apple.com>
912
913         Restrict security origin inheritance to empty, about:blank, and about:srcdoc URLs
914         https://bugs.webkit.org/show_bug.cgi?id=158855
915         <rdar://problem/26142632>
916
917         Reviewed by Alex Christensen.
918
919         Tests: http/tests/dom/window-open-about-blank-and-access-document.html
920                http/tests/dom/window-open-about-webkit-org-and-access-document.html
921
922         Document.cpp previously checked whether a document should inherit its owner's 
923         security origin by checking if the URL is either empty or blank. URL.cpp in 
924         turn only checks if the protocol is "about:" in the isBlankURL() function. 
925         Thus all about:* URLs inherited security origin. This patch restricts 
926         security origin inheritance to empty, about:blank, and about:srcdoc URLs.
927
928         Quotes and links from the WHATWG spec regarding about:srcdoc:
929
930         7.1 Browsing contexts
931         A browsing context can have a creator browsing context, the browsing context 
932         that was responsible for its creation. If a browsing context has a parent 
933         browsing context, then that is its creator browsing context. Otherwise, if the 
934         browsing context has an opener browsing context, then that is its creator 
935         browsing context. Otherwise, the browsing context has no creator browsing 
936         context.
937         https://html.spec.whatwg.org/multipage/browsers.html#concept-document-bc
938
939         7.1.1 Nested browsing contexts
940         Certain elements (for example, iframe elements) can instantiate further 
941         browsing contexts. These are called nested browsing contexts. If a browsing 
942         context P has a Document D with an element E that nests another browsing 
943         context C inside it, then C is said to be nested through D, and E is said to 
944         be the browsing context container of C. If the browsing context container 
945         element E is in the Document D, then P is said to be the parent browsing 
946         context of C and C is said to be a child browsing context of P. Otherwise, 
947         the nested browsing context C has no parent browsing context.
948         https://html.spec.whatwg.org/multipage/browsers.html#nested-browsing-context
949
950         4.8.5 The iframe element
951         The iframe element represents a nested browsing context.
952         ...
953         If the srcdoc attribute is specified
954             Navigate the element's child browsing context to a new response whose 
955             url list consists of about:srcdoc ...
956         https://html.spec.whatwg.org/multipage/embedded-content.html#attr-iframe-srcdoc
957
958         * dom/Document.cpp:
959         (WebCore::Document::initSecurityContext):
960             Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
961         (WebCore::Document::initContentSecurityPolicy):
962             Now uses the URL::shouldInheritSecurityOriginFromOwner() function instead.
963         (WebCore::shouldInheritSecurityOriginFromOwner): Deleted.
964             Moved to URL::shouldInheritSecurityOriginFromOwner() and restricted the check.
965         * platform/URL.cpp:
966         (WebCore::URL::shouldInheritSecurityOriginFromOwner):
967         * platform/URL.h:
968             Moved the function from Document and restricted the check to only allow
969             security origin inheritance for empty, about:blank, and about:srcdoc URLs.
970
971 2016-06-16  Simon Fraser  <simon.fraser@apple.com>
972
973         [iOS] Focus event dispatched in iframe causes parent document to scroll incorrectly
974         https://bugs.webkit.org/show_bug.cgi?id=158629
975         rdar://problem/26521616
976
977         Reviewed by Enrica Casucci.
978
979         When focussing elements in iframes, the page could scroll to an incorrect location.
980         This happened because code in Element::focus() tried to disable scrolling on focus,
981         but did so only for the current frame, so ancestor frames got programmatically scrolled.
982         On iOS we handle the scrolling in the UI process, so never want the web process to
983         do programmatic scrolling.
984
985         Fix by changing the focus and cache restore code to use SelectionRevealMode::DoNotReveal,
986         rather than manually prohibiting frame scrolling.
987
988         Tests: fast/forms/ios/focus-input-in-iframe.html
989                fast/forms/ios/programmatic-focus-input-in-iframe.html
990
991         * dom/Element.cpp:
992         (WebCore::Element::focus):
993         * history/CachedPage.cpp:
994         (WebCore::CachedPage::restore):
995
996 2016-06-16  Zalan Bujtas  <zalan@apple.com>
997
998         [New Block-Inside-Inline Model] Do not attempt to re-run margin collapsing on the block sequence.
999         https://bugs.webkit.org/show_bug.cgi?id=158854
1000
1001         Reviewed by David Hyatt.
1002
1003         Test: fast/block/inside-inlines/crash-on-first-line-change.html
1004
1005         * rendering/RenderBlockLineLayout.cpp:
1006         (WebCore::RenderBlockFlow::marginCollapseLinesFromStart):
1007
1008 2016-06-16  Ting-Wei Lan  <lantw44@gmail.com>
1009
1010         Include cstdlib before using std::atexit
1011         https://bugs.webkit.org/show_bug.cgi?id=158681
1012
1013         Reviewed by Brent Fulgham.
1014
1015         * platform/graphics/PlatformDisplay.cpp:
1016
1017 2016-06-16  Chris Dumez  <cdumez@apple.com>
1018
1019         Use StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCandidate()
1020         https://bugs.webkit.org/show_bug.cgi?id=158853
1021
1022         Reviewed by Brent Fulgham.
1023
1024         Use StringView::toAtomicString() in HTMLImageElement::setBestFitURLAndDPRFromImageCandidate()
1025         as m_bestFitImageURL data member is an AtomicString. This avoids constructing a String and
1026         then atomizing it.
1027
1028         * html/HTMLImageElement.cpp:
1029         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
1030
1031 2016-06-16  Benjamin Poulain  <bpoulain@apple.com>
1032
1033         :in-range & :out-of-range CSS pseudo-classes shouldn't match inputs without range limitations
1034         https://bugs.webkit.org/show_bug.cgi?id=156558
1035
1036         Reviewed by Simon Fraser.
1037
1038         The pseudo selectors :in-range and :out-of-range should only
1039         apply if:
1040         -minimum/maximum are defined for the input type
1041         -the input value is/is-not suffering from underflow/overflow.
1042
1043         Only certain types have a valid minimum and maximum:
1044         -number
1045         -range
1046         -date
1047         -month
1048         -week
1049         -time
1050         -datetime-local
1051
1052         Of those, only one has a default minimum and maximum: range.
1053         For all the others, the minimum or maximum is only defined
1054         if the min/max attribute is defined and valid.
1055
1056         This patch addresses these constraints for number and range.
1057         The date types range validation is severely broken and is
1058         left untouched. It really needs a clean rewrite.
1059
1060         Tests: fast/css/pseudo-in-range-basics.html
1061                fast/css/pseudo-in-range-out-of-range-trivial.html
1062                fast/css/pseudo-out-of-range-basics.html
1063
1064         * html/DateInputType.cpp:
1065         (WebCore::DateInputType::createStepRange):
1066         * html/DateTimeInputType.cpp:
1067         (WebCore::DateTimeInputType::createStepRange):
1068         * html/DateTimeLocalInputType.cpp:
1069         (WebCore::DateTimeLocalInputType::createStepRange):
1070         * html/InputType.cpp:
1071         (WebCore::InputType::isInRange):
1072         (WebCore::InputType::isOutOfRange):
1073         Notice the isEmpty() shortcut.
1074         A value can only overflow/underflow if it is not empty.
1075
1076         * html/MonthInputType.cpp:
1077         (WebCore::MonthInputType::createStepRange):
1078         * html/NumberInputType.cpp:
1079         (WebCore::NumberInputType::createStepRange):
1080         * html/RangeInputType.cpp:
1081         (WebCore::RangeInputType::createStepRange):
1082         * html/StepRange.cpp:
1083         (WebCore::StepRange::StepRange):
1084         * html/StepRange.h:
1085         (WebCore::StepRange::hasRangeLimitations):
1086         * html/WeekInputType.cpp:
1087         (WebCore::WeekInputType::createStepRange):
1088
1089 2016-06-16  Anders Carlsson  <andersca@apple.com>
1090
1091         Fix macOS Sierra build
1092         https://bugs.webkit.org/show_bug.cgi?id=158849
1093
1094         Reviewed by Tim Horton.
1095
1096         Add WebCore:: qualifiers for IOSurface, to avoid conflicts with the IOSurface Objective-C class.
1097         
1098         Also, add an asLayerContents() getter that will return an id that's suitable for setting 
1099         as the contents of a CALayer.
1100
1101         * platform/graphics/cocoa/IOSurface.h:
1102         * platform/graphics/cocoa/IOSurface.mm:
1103
1104 2016-06-16  Andreas Kling  <akling@apple.com>
1105
1106         REGRESSION(r196217): 3% JSBench regression on iPhone 5.
1107         <https://webkit.org/b/158848>
1108         <rdar://problem/26609622>
1109
1110         Unreviewed rollout.
1111
1112         Don't jettison linked code on every top-level navigation as that was hurting JSBench on iPhone 5.
1113
1114         * loader/FrameLoader.cpp:
1115         (WebCore::FrameLoader::commitProvisionalLoad):
1116
1117 2016-06-16  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1118
1119         WebRTC: Check type of this in RTCPeerConnection JS built-in functions
1120         https://bugs.webkit.org/show_bug.cgi?id=151303
1121
1122         Reviewed by Youenn Fablet.
1123
1124         Check type of 'this' in RTCPeerConnection JS built-in functions.
1125
1126         Test: fast/mediastream/RTCPeerConnection-js-built-ins-check-this.html
1127
1128         * Modules/mediastream/RTCPeerConnection.js:
1129         (createOffer):
1130         (createAnswer):
1131         (setLocalDescription):
1132         (setRemoteDescription):
1133         (addIceCandidate):
1134         (getStats):
1135         Reject if 'this' isn't of type RTCPeerConnection.
1136         * Modules/mediastream/RTCPeerConnectionInternals.js:
1137         (isRTCPeerConnection):
1138         Add helper function to perform type check. Needs further robustifying.
1139
1140 2016-06-16  Myles C. Maxfield  <mmaxfield@apple.com>
1141
1142         Sporadic crash in HashTableAddResult following CSSValuePool::createFontFamilyValue
1143         https://bugs.webkit.org/show_bug.cgi?id=158297
1144
1145         Reviewed by Darin Adler.
1146
1147         In an effort to reduce the flash of unstyled content, we force all elements
1148         to have display: none during an external stylesheet load. We do this by
1149         ignoring the CSS cascade and forcing all elements to have a placeholder style
1150         which hardcodes display: none. (This is necessary to make elements created by
1151         script during the stylesheet load not flash.)
1152
1153         This style is exposed to web content via getComputedStyle(), which means it
1154         needs to maintain the invariant that font-families can never be null strings.
1155         We enforce this by forcing the font-family to be the standard font name.
1156
1157         Test: fast/text/placeholder-renderstyle-null-font.html
1158
1159         * style/StyleTreeResolver.cpp:
1160         (WebCore::Style::ensurePlaceholderStyle):
1161
1162 2016-06-16  Chris Dumez  <cdumez@apple.com>
1163
1164         Avoid some temporary String allocations for common HTTP headers in ResourceResponse::platformLazyInit()
1165         https://bugs.webkit.org/show_bug.cgi?id=158827
1166
1167         Reviewed by Darin Adler.
1168
1169         Add a HTTPHeaderMap::set() overload taking in a CFStringRef. The
1170         implementation has a fast path which gets the internal characters
1171         of the CFStringRef when possible and constructs a StringView for
1172         it in order to call findHTTPHeaderName(). As a result, we avoid
1173         allocating a temporary String when findHTTPHeaderName() succeeds.
1174
1175         This new HTTPHeaderMap::set() overload is called from both the
1176         CF and Cocoa implementations of ResourceResponse::platformLazyInit().
1177
1178         I have confirmed locally on both Mac and iOS that the fast path
1179         is used ~93% of the time. CFStringGetCStringPtr() returns null in
1180         rare cases, causing the regular code path to be used.
1181
1182         * platform/network/HTTPHeaderMap.cpp:
1183         (WebCore::HTTPHeaderMap::set):
1184         * platform/network/HTTPHeaderMap.h:
1185
1186 2016-06-15  Zalan Bujtas  <zalan@apple.com>
1187
1188         Decouple the percent height and positioned descendants maps.
1189         https://bugs.webkit.org/show_bug.cgi?id=158773
1190
1191         Reviewed by David Hyatt and Chris Dumez.
1192
1193         We track renderers with percent height across multiple containers using
1194         HashMap<const RenderBox*, std::unique_ptr<HashSet<const RenderBlock*>>>.
1195         We also use the same data structure to track positioned descendants.
1196         However a positioned renderer can have only one containing block so tracking it
1197         with a 1:many type is defective.
1198         It allows multiple inserts for positioned descendants, which could lead to
1199         inconsistent layout state as the rendering logic expects these type of renderers
1200         with only one containing block.
1201         This patch decouples percent height and positioned tracking by introducing
1202         the PositionedDescendantsMap class. This class is responsible for tracking
1203         the positioned descendants inbetween layouts.
1204
1205         No change in functionality.
1206
1207         Tests: fast/block/positioning/change-containing-block-for-absolute-positioned.html
1208                fast/block/positioning/change-containing-block-for-fixed-positioned.html
1209
1210         * rendering/RenderBlock.cpp:
1211         (WebCore::insertIntoTrackedRendererMaps):
1212         (WebCore::removeFromTrackedRendererMaps):
1213         (WebCore::PositionedDescendantsMap::addDescendant): Add more defensive ASSERT_NOT_REACHED
1214         to the double insert branch when webkit.org/b/158772 gets fixed.
1215         (WebCore::PositionedDescendantsMap::removeDescendant):
1216         (WebCore::PositionedDescendantsMap::removeContainingBlock):
1217         (WebCore::PositionedDescendantsMap::positionedRenderers):
1218         (WebCore::positionedDescendantsMap):
1219         (WebCore::removeBlockFromPercentageDescendantAndContainerMaps):
1220         (WebCore::RenderBlock::~RenderBlock):
1221         (WebCore::RenderBlock::positionedObjects):
1222         (WebCore::RenderBlock::insertPositionedObject):
1223         (WebCore::RenderBlock::removePositionedObject):
1224         (WebCore::RenderBlock::addPercentHeightDescendant):
1225         (WebCore::RenderBlock::removePercentHeightDescendant):
1226         (WebCore::RenderBlock::percentHeightDescendants):
1227         (WebCore::RenderBlock::checkPositionedObjectsNeedLayout):
1228         (WebCore::removeBlockFromDescendantAndContainerMaps): Deleted.
1229         * rendering/RenderBlock.h:
1230
1231 2016-06-15  David Kilzer  <ddkilzer@apple.com>
1232
1233         Move SoftLinking.h to platform/cococa from platform/mac
1234         <https://webkit.org/b/158825>
1235
1236         Reviewed by Andy Estes.
1237
1238         * PlatformMac.cmake: Update for new directory.
1239         * WebCore.xcodeproj/project.pbxproj: Ditto.
1240         * platform/cocoa/SoftLinking.h: Renamed from Source/WebCore/platform/mac/SoftLinking.h.
1241
1242 2016-06-15  Chris Dumez  <cdumez@apple.com>
1243
1244         [Cocoa] Clean up / optimize ResourceResponse::platformLazyInit(InitLevel)
1245         https://bugs.webkit.org/show_bug.cgi?id=158809
1246
1247         Reviewed by Darin Adler.
1248
1249         Clean up / optimize ResourceResponse::platformLazyInit(InitLevel).
1250
1251         * platform/network/HTTPParsers.cpp:
1252         (WebCore::extractReasonPhraseFromHTTPStatusLine):
1253         * platform/network/HTTPParsers.h:
1254         Have extractReasonPhraseFromHTTPStatusLine() return an AtomicString as the
1255         Reason is stored as an AtomicString on ResourceResponse. Have the
1256         implementation use StringView::subString()::toAtomicString().
1257
1258         * platform/network/cocoa/ResourceResponseCocoa.mm:
1259         (WebCore::stripLeadingAndTrailingDoubleQuote):
1260         Move the stripLeadingAndTrailingDoubleQuote logic from platformLazyInit()
1261         to its own function. Have it use StringView::subString()::toAtomicString()
1262         to avoid unnecessarily atomizing the textEncodingName that has surrounding
1263         double-quotes.
1264
1265         (WebCore::initializeHTTPHeaders):
1266         Move HTTP headers initialization to its own function for clarity.
1267
1268         (WebCore::extractHTTPStatusText):
1269         Move HTTP status Text extraction to its own function for clarity.
1270
1271         (WebCore::ResourceResponse::platformLazyInit):
1272         - The function is streamlined a bit because most of the logic was moved
1273           into separate functions.
1274         - Drop unnecessary (initLevel >= CommonFieldsOnly) check in the first
1275           if case and replace with an assertion. This function is always called
1276           with CommonFieldsOnly or above (AllFields).
1277         - Drop unnecessary (m_initLevel < AllFields) check in the second if
1278           case as this is always true. If not, we would have returned early
1279           at the beginning of the function when checking
1280           m_initLevel >= initLevel.
1281         - Use AutodrainedPool instead of NSAutoreleasePool for convenience and have
1282           only 1 pool instead of 2.
1283         - Drop unnecessary copyNSURLResponseStatusLine() function and call directly
1284           CFHTTPMessageCopyResponseStatusLine() since we already have a
1285           CFHTTPMessageRef at the call site.
1286
1287 2016-06-15  Tim Horton  <timothy_horton@apple.com>
1288
1289         <attachment> elements jump around a lot around when subtitle text changes slightly
1290         https://bugs.webkit.org/show_bug.cgi?id=158818
1291         <rdar://problem/24450270>
1292
1293         Reviewed by Simon Fraser.
1294
1295         Test: fast/attachment/attachment-subtitle-resize.html
1296
1297         * rendering/RenderAttachment.cpp:
1298         (WebCore::RenderAttachment::layout):
1299         * rendering/RenderAttachment.h:
1300         * rendering/RenderThemeMac.mm:
1301         (WebCore::AttachmentLayout::AttachmentLayout):
1302         (WebCore::RenderThemeMac::paintAttachment):
1303         In order to avoid changes to the centered subtitle text causing the whole
1304         attachment to bounce around a lot, make it so that attachment width can only
1305         increase, never decrease, and round the subtitle's width up to the nearest
1306         increment of 10px when determining its affect on the whole element's width.
1307         Also, center the attachment in its element, instead of left-aligning it,
1308         so that the extra width we may have is evenly distributed between the two sides.
1309
1310 2016-06-15  Ryan Haddad  <ryanhaddad@apple.com>
1311
1312         Reset bindings test results after r202105
1313
1314         Unreviewed test gardening.
1315
1316         * bindings/scripts/test/JS/JSTestObj.cpp:
1317
1318 2016-06-15  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1319
1320         WebRTC: (Refactor) Align the structure of RTCPeerConnection.idl with the header file
1321         https://bugs.webkit.org/show_bug.cgi?id=158779
1322
1323         Reviewed by Eric Carlson.
1324
1325         Restructure RTCPeerConnection.idl to make it easer to read and extend in the future.
1326
1327         No change in behavior.
1328
1329         * Modules/mediastream/RTCPeerConnection.idl:
1330
1331 2016-06-15  Chris Dumez  <cdumez@apple.com>
1332
1333         Drop some unnecessary header includes
1334         https://bugs.webkit.org/show_bug.cgi?id=158788
1335
1336         Reviewed by Alexey Proskuryakov.
1337
1338         Drop some unnecessary header includes in headers to speed up build time.
1339
1340         * Modules/encryptedmedia/MediaKeySession.cpp:
1341         * Modules/gamepad/GamepadManager.cpp:
1342         * Modules/indexeddb/IDBDatabase.cpp:
1343         * Modules/indexeddb/IDBOpenDBRequest.cpp:
1344         * Modules/indexeddb/IDBRequest.cpp:
1345         * Modules/indexeddb/IDBTransaction.cpp:
1346         * Modules/mediasource/MediaSource.cpp:
1347         * Modules/mediasource/SourceBuffer.cpp:
1348         * Modules/mediasource/SourceBufferList.cpp:
1349         * Modules/mediastream/MediaStream.cpp:
1350         * Modules/mediastream/MediaStreamTrack.cpp:
1351         * Modules/speech/SpeechSynthesis.cpp:
1352         * Modules/webaudio/AudioScheduledSourceNode.cpp:
1353         * Modules/webaudio/ScriptProcessorNode.cpp:
1354         * bindings/scripts/CodeGeneratorJS.pm:
1355         (GenerateImplementation):
1356         * dom/CharacterData.cpp:
1357         * dom/ContainerNode.cpp:
1358         * dom/DOMNamedFlowCollection.cpp:
1359         * dom/DeviceMotionController.cpp:
1360         * dom/DeviceOrientationController.cpp:
1361         * dom/Document.cpp:
1362         * dom/Document.h:
1363         * dom/DocumentEventQueue.cpp:
1364         * dom/DocumentOrderedMap.h:
1365         * dom/Element.cpp:
1366         * dom/Event.cpp:
1367         * dom/EventDispatcher.cpp:
1368         * dom/EventTarget.cpp:
1369         * dom/EventTarget.h:
1370         * dom/KeyboardEvent.cpp:
1371         * dom/MessageEvent.cpp:
1372         * dom/MessagePort.cpp:
1373         * dom/ScriptElement.cpp:
1374         * dom/ScriptExecutionContext.cpp:
1375         * dom/ScriptExecutionContext.h:
1376         * dom/SecurityContext.h:
1377         * dom/SimulatedClick.cpp:
1378         * dom/TextEvent.cpp:
1379         * dom/WebKitNamedFlow.cpp:
1380         * editing/FrameSelection.cpp:
1381         * fileapi/FileReader.cpp:
1382         * html/HTMLLinkElement.cpp:
1383         * html/HTMLPlugInImageElement.cpp:
1384         * html/HTMLStyleElement.cpp:
1385         * html/HTMLSummaryElement.cpp:
1386         * html/HTMLTrackElement.cpp:
1387         * html/HTMLVideoElement.cpp:
1388         * html/InputType.cpp:
1389         * html/MediaController.cpp:
1390         * html/TextFieldInputType.cpp:
1391         * html/canvas/WebGLRenderingContextBase.cpp:
1392         * html/parser/HTMLScriptRunner.cpp:
1393         * html/shadow/MediaControlElementTypes.cpp:
1394         * html/shadow/MediaControls.cpp:
1395         * html/shadow/MediaControlsApple.cpp:
1396         * html/shadow/SliderThumbElement.cpp:
1397         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
1398         * inspector/InspectorIndexedDBAgent.cpp:
1399         * loader/DocumentLoader.cpp:
1400         * loader/ImageLoader.cpp:
1401         * loader/PolicyChecker.cpp:
1402         * mathml/MathMLSelectElement.cpp:
1403         * page/DOMWindow.h:
1404         * page/EventSource.cpp:
1405         * page/FrameView.cpp:
1406         * page/Performance.cpp:
1407         * page/csp/ContentSecurityPolicy.cpp:
1408         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
1409         * platform/network/HTTPHeaderMap.h:
1410         * platform/network/ResourceHandle.cpp:
1411         * rendering/RenderEmbeddedObject.cpp:
1412         * rendering/RenderSnapshottedPlugIn.cpp:
1413         * svg/SVGSVGElement.cpp:
1414         * svg/SVGUseElement.cpp:
1415         * svg/animation/SVGSMILElement.cpp:
1416         * workers/WorkerGlobalScope.h:
1417         * xml/XMLHttpRequest.cpp:
1418         * xml/XMLHttpRequestProgressEventThrottle.cpp:
1419         * xml/XMLHttpRequestUpload.cpp:
1420
1421 2016-06-15  Antti Koivisto  <antti@apple.com>
1422
1423         GoogleMaps transit schedule explorer comes up blank initially
1424         https://bugs.webkit.org/show_bug.cgi?id=158803
1425         rdar://problem/25818080
1426
1427         Reviewed by Andreas Kling.
1428
1429         In case we had something like
1430
1431         .foo bar { ... }
1432
1433         and later a new stylesheet was added dynamically that contained
1434
1435         .foo baz { ... }
1436
1437         we would fail to add the new rules to the descendant invalidation rule sets for ".foo". This could
1438         cause some style invalidations to be missed.
1439
1440         * css/DocumentRuleSets.cpp:
1441         (WebCore::DocumentRuleSets::collectFeatures):
1442
1443         Reset the ancestorClassRules and ancestorAttributeRulesForHTML rule set caches when new style sheets
1444         are added (==collectFeatures is called).
1445
1446 2016-06-15  Javier Fernandez  <jfernandez@igalia.com>
1447
1448         [css-sizing] Item borders are missing with 'min-width:-webkit-fill-available' and zero available width
1449         https://bugs.webkit.org/show_bug.cgi?id=158258
1450
1451         Reviewed by Darin Adler.
1452
1453         The "fill-available" size is defined as the containing block's size less
1454         the box's border and padding size. However, when used for min-width we
1455         should ensure we don't get negative values as result of logical width
1456         computation.
1457
1458         http://www.w3.org/TR/css-sizing-3/#fill-available-sizing
1459
1460         This patch ensure fill-available value computed value will be always
1461         greater than box's boder and padding width.
1462
1463         Test: fast/css-intrinsic-dimensions/fill-available-with-zero-width.html
1464
1465         * rendering/RenderBox.cpp:
1466         (WebCore::RenderBox::computeIntrinsicLogicalWidthUsing):
1467
1468 2016-06-15  Alex Christensen  <achristensen@webkit.org>
1469
1470         Fix 2d canvas transform after r192900
1471         https://bugs.webkit.org/show_bug.cgi?id=158725
1472         rdar://problem/26774230
1473
1474         Reviewed by Dean Jackson.
1475
1476         Test: fast/canvas/canvas-transform-inverse.html
1477
1478         * html/canvas/CanvasRenderingContext2D.cpp:
1479         (WebCore::CanvasRenderingContext2D::transform):
1480         r192900 was intended to have no change in behavior, but I made a typo.
1481         We need to apply the inverse of the original transform to the path to be correct.
1482         This affects transforms applied to the canvas during the creation of a path.
1483
1484 2016-06-15  Eric Carlson  <eric.carlson@apple.com>
1485
1486         [iOS] Make HTMLMediaElement.muted mutable
1487         https://bugs.webkit.org/show_bug.cgi?id=158787
1488         <rdar://problem/24452567>
1489
1490         Reviewed by Dean Jackson.
1491
1492         Tests: media/audio-playback-restriction-removed-muted.html
1493                media/audio-playback-restriction-removed-track-enabled.html
1494
1495         * html/HTMLMediaElement.cpp:
1496         (WebCore::HTMLMediaElement::audioTrackEnabledChanged): Remove most behavior restrictions if
1497           the track state was changed as a result of a user gesture.
1498         (WebCore::HTMLMediaElement::setMuted): Ditto.
1499         (WebCore::HTMLMediaElement::removeBehaviorsRestrictionsAfterFirstUserGesture): Add mask 
1500           parameter so caller can choose which restrictions are removed.
1501         * html/HTMLMediaElement.h:
1502
1503         * html/MediaElementSession.cpp:
1504         (WebCore::restrictionName): Drive-by fix: remove duplicate label.
1505         * html/MediaElementSession.h:
1506
1507         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.h:
1508         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
1509         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayer): Set muted on AVPlayer if setMuted
1510           was called before the player was created.
1511         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVolume): Drive-by fix: return early if there
1512           is no AVPlayer, not if we won't have metadata yet.
1513         (WebCore::MediaPlayerPrivateAVFoundationObjC::setMuted): New.
1514
1515 2016-06-15  Romain Bellessort  <romain.bellessort@crf.canon.fr>
1516
1517         Enabling Shadow DOM for all platforms
1518         https://bugs.webkit.org/show_bug.cgi?id=158738
1519
1520         Reviewed by Ryosuke Niwa.
1521
1522         No new tests (no new behavior to be tested).
1523
1524         Removed Shadow DOM from options (enabled by default)
1525         (comprises removal of corresponding preprocessor directives)
1526
1527         * Configurations/FeatureDefines.xcconfig:
1528         * DerivedSources.make:
1529         * bindings/generic/RuntimeEnabledFeatures.h:
1530         * bindings/js/JSDocumentFragmentCustom.cpp:
1531         * bindings/js/JSNodeCustom.cpp:
1532         * css/CSSGrammar.y.in:
1533         * css/CSSParser.cpp:
1534         * css/CSSParserValues.cpp:
1535         * css/CSSParserValues.h:
1536         * css/CSSSelector.cpp:
1537         * css/CSSSelector.h:
1538         * css/ElementRuleCollector.cpp:
1539         * css/ElementRuleCollector.h:
1540         * css/RuleSet.cpp:
1541         * css/RuleSet.h:
1542         * css/SelectorChecker.cpp:
1543         * css/SelectorChecker.h:
1544         * css/SelectorPseudoClassAndCompatibilityElementMap.in:
1545         * css/StyleResolver.cpp:
1546         * cssjit/SelectorCompiler.cpp:
1547         * dom/ComposedTreeAncestorIterator.h:
1548         * dom/ComposedTreeIterator.cpp:
1549         * dom/ComposedTreeIterator.h:
1550         * dom/ContainerNode.cpp:
1551         * dom/Document.cpp:
1552         * dom/Document.h:
1553         * dom/Element.cpp:
1554         * dom/Element.h:
1555         * dom/Element.idl:
1556         * dom/Event.idl:
1557         * dom/EventPath.cpp:
1558         * dom/Node.cpp:
1559         * dom/Node.h:
1560         * dom/NonDocumentTypeChildNode.idl:
1561         * dom/ShadowRoot.cpp:
1562         * dom/ShadowRoot.h:
1563         * dom/ShadowRoot.idl:
1564         * dom/SlotAssignment.cpp:
1565         * dom/SlotAssignment.h:
1566         * html/HTMLSlotElement.cpp:
1567         * html/HTMLSlotElement.h:
1568         * html/HTMLSlotElement.idl:
1569         * html/HTMLTagNames.in:
1570         * page/FocusController.cpp:
1571         * style/StyleSharingResolver.cpp:
1572         * style/StyleTreeResolver.cpp:
1573
1574 2016-06-15  Andreas Kling  <akling@apple.com>
1575
1576         [Cocoa] Add two notify listeners for poking the garbage collector.
1577         <https://webkit.org/b/158783>
1578
1579         Reviewed by Antti Koivisto.
1580
1581         Add two new notify listeners:
1582
1583         - com.apple.WebKit.fullGC
1584
1585             Trigger a full garbage collection in the main WebCore VM immediately.
1586
1587         - com.apple.WebKit.deleteAllCode
1588
1589             Throw away all of JSC's linked and unlinked code, and do a full GC.
1590
1591         These will make it easier to diagnose memory growth issues by having a lever that
1592         eliminates many of the large object graphs without going after behavior-changing things
1593         like the memory cache.
1594
1595         * platform/MemoryPressureHandler.cpp:
1596         (WebCore::MemoryPressureHandler::platformInitialize):
1597         * platform/MemoryPressureHandler.h:
1598         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1599         (WebCore::MemoryPressureHandler::platformInitialize):
1600
1601 2016-06-15  Antti Koivisto  <antti@apple.com>
1602
1603         Vary:Cookie validation doesn't work in private browsing
1604         https://bugs.webkit.org/show_bug.cgi?id=158616
1605         <rdar://problem/26755067>
1606
1607         Reviewed by Andreas Kling.
1608
1609         There wasn't a way to get cookie based on SessionID from WebCore.
1610
1611         * platform/CookiesStrategy.h:
1612
1613             Add a cookie retrival function that takes SessionID instead of NetworkStorageSession.
1614
1615         * platform/network/CacheValidation.cpp:
1616         (WebCore::headerValueForVary):
1617
1618             Use it.
1619
1620         (WebCore::verifyVaryingRequestHeaders):
1621
1622 2016-06-15  Per Arne Vollan  <pvollan@apple.com>
1623
1624         [Win] The test accessibility/selected-text-range-aria-elements.html is failing.
1625         https://bugs.webkit.org/show_bug.cgi?id=158732
1626
1627         Reviewed by Brent Fulgham.
1628
1629         Implement support for getting selected text range.
1630
1631         * accessibility/win/AccessibilityObjectWrapperWin.cpp:
1632         (WebCore::AccessibilityObjectWrapper::accessibilityAttributeValue):
1633
1634 2016-06-14  Myles C. Maxfield  <mmaxfield@apple.com>
1635
1636         Addressing post-review comments after r201971
1637         https://bugs.webkit.org/show_bug.cgi?id=158450
1638
1639         Unreviewed.
1640
1641         * css/CSSFontFaceSet.cpp:
1642         (WebCore::CSSFontFaceSet::add):
1643         (WebCore::CSSFontFaceSet::remove):
1644
1645 2016-06-14  Myles C. Maxfield  <mmaxfield@apple.com>
1646
1647         Honor bidi unicode codepoints
1648         https://bugs.webkit.org/show_bug.cgi?id=149170
1649         <rdar://problem/26527378>
1650
1651         Reviewed by Simon Fraser.
1652
1653         BidiResolver doesn't have any concept of isolate Unicode code points, so produces
1654         unexpected output when they are present. Fix by considering such code points as
1655         whitespace in the bidi algorithm. This is a stop-gap measure until we can support
1656         the codepoints fully in our Bidi algorithm.
1657
1658         Test: fast/text/isolate-ignore.html
1659
1660         * platform/graphics/Font.cpp:
1661         (WebCore::createAndFillGlyphPage):
1662         * platform/text/BidiResolver.h:
1663         (WebCore::Subclass>::createBidiRunsForLine):
1664
1665 2016-06-14  Antoine Quint  <graouts@apple.com>
1666
1667         [iOS] Play glyph is pixelated when the page zoom is large
1668         https://bugs.webkit.org/show_bug.cgi?id=158770
1669         <rdar://problem/26092124>
1670
1671         Reviewed by Dean Jackson.
1672
1673         Use the same technique that we use to scale the video controls by using a combination
1674         of CSS "zoom" and "transform" properties to have the video play glyph scaled at its
1675         native size regardless of page zoom.
1676
1677         * Modules/mediacontrols/mediaControlsiOS.js:
1678         (ControllerIOS.prototype.set pageScaleFactor):
1679
1680 2016-06-14  Chris Dumez  <cdumez@apple.com>
1681
1682         Regression(r201534): Compile time greatly regressed
1683         https://bugs.webkit.org/show_bug.cgi?id=158765
1684         <rdar://problem/26587342>
1685
1686         Reviewed by Darin Adler.
1687
1688         Compile time greatly regressed by r201534 due to Document.h now including
1689         TextAutoSizing.h. Move the TextAutoSizingTraits back to Document.h to
1690         restore pre-r201534 behavior.
1691
1692         * WebCore.xcodeproj/project.pbxproj:
1693         * dom/Document.cpp:
1694         (WebCore::TextAutoSizingTraits::constructDeletedValue):
1695         (WebCore::TextAutoSizingTraits::isDeletedValue):
1696         * dom/Document.h:
1697         * rendering/TextAutoSizing.h:
1698         (WebCore::TextAutoSizingTraits::constructDeletedValue): Deleted.
1699         (WebCore::TextAutoSizingTraits::isDeletedValue): Deleted.
1700
1701 2016-06-14  Antoine Quint  <graouts@apple.com>
1702
1703         Inline media controls cut off PiP and fullscreen buttons on cnn.com
1704         https://bugs.webkit.org/show_bug.cgi?id=158766
1705         <rdar://problem/24175161>
1706
1707         Reviewed by Dean Jackson.
1708
1709         The display of the picture-in-picture and fullscreen buttons are dependent on the availability
1710         of video tracks through a call to hasVideo(). We need to ensure that the display properties of
1711         both those buttons are updated when the number of video tracks has changed since the controls
1712         may be populated prior to the availability of video tracks.
1713
1714         * Modules/mediacontrols/mediaControlsApple.js:
1715         (Controller.prototype.updateHasVideo):
1716
1717 2016-06-14  Joseph Pecoraro  <pecoraro@apple.com>
1718
1719         Web Inspector: Rename Timeline.setAutoCaptureInstruments to Timeline.setInstruments
1720         https://bugs.webkit.org/show_bug.cgi?id=158762
1721
1722         Reviewed by Timothy Hatcher.
1723
1724         Test: inspector/timeline/setInstruments-errors.html
1725
1726         * inspector/InspectorTimelineAgent.cpp:
1727         (WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
1728         (WebCore::InspectorTimelineAgent::setInstruments):
1729         (WebCore::InspectorTimelineAgent::mainFrameStartedLoading):
1730         (WebCore::InspectorTimelineAgent::setAutoCaptureInstruments): Deleted.
1731         * inspector/InspectorTimelineAgent.h:
1732
1733 2016-06-14  Dean Jackson  <dino@apple.com>
1734
1735         decompose4 return value is unchecked, leading to potentially uninitialized data.
1736         https://bugs.webkit.org/show_bug.cgi?id=158761
1737         <rdar://problem/17526268>
1738
1739         Reviewed by Simon Fraser.
1740
1741         WebCore::decompose4 could return early without initializing data.
1742         I now initialize it, but I also started checking the return
1743         value at all the call sites to make sure everything is sensible.
1744
1745         Test: transforms/undecomposable.html
1746
1747         * platform/graphics/transforms/PerspectiveTransformOperation.cpp:
1748         (WebCore::PerspectiveTransformOperation::blend):
1749         * platform/graphics/transforms/RotateTransformOperation.cpp:
1750         (WebCore::RotateTransformOperation::blend):
1751         * platform/graphics/transforms/TransformationMatrix.cpp:
1752         (WebCore::decompose4):
1753         (WebCore::TransformationMatrix::blend4):
1754         * platform/graphics/transforms/TransformationMatrix.h:
1755
1756 2016-06-14  Benjamin Poulain  <bpoulain@apple.com>
1757
1758         Add the unprefixed version of the pseudo element ::placeholder
1759         https://bugs.webkit.org/show_bug.cgi?id=158653
1760
1761         Reviewed by Dean Jackson.
1762
1763         Test: fast/forms/placeholder-pseudo-element-with-webkit-prefix.html
1764
1765         The pseudo element ::-webkit-input-placeholder is stupidly popular
1766         which forces other engines to support this exact name.
1767
1768         The pseudo-element spec provides a new standard name we can adopt
1769         to drop the prefix: https://drafts.csswg.org/css-pseudo-4/#placeholder-pseudo
1770
1771         This patch does just that, make ::placeholder the standard name to select
1772         the placeholder element in the shadow dom of input elements.
1773
1774         Unlike pseudo classes, we did not have any support for prefixes and aliasing.
1775         I want to keep the absurdly efficient matching we currently use for styling
1776         because style updates are more common than stylesheet updates.
1777         With that constraint in mind, the value of CSSSelector has to be the unprefixed
1778         version for both forms of input.
1779
1780         This leaves us with the problem of displaying the CSSSelector for CSSOM.
1781         To differentiate the legacy form from the standard form, I added
1782         a new type of PseudoElement: PseudoElementWebKitCustomLegacyPrefixed.
1783         When parsing, PseudoElementWebKitCustomLegacyPrefixed let us replace
1784         the original value "-webkit-input-placeholder" by the standard value.
1785         When creating the selectorText for CSSOM, PseudoElementWebKitCustomLegacyPrefixed
1786         let us replace the standard for by the legacy form.
1787
1788         * css/CSSParserValues.cpp:
1789         (WebCore::CSSParserSelector::parsePseudoElementSelector):
1790         * css/CSSSelector.cpp:
1791         (WebCore::CSSSelector::pseudoId):
1792         (WebCore::CSSSelector::selectorText):
1793         * css/CSSSelector.h:
1794         (WebCore::CSSSelector::isCustomPseudoElement):
1795         (WebCore::CSSSelector::isWebKitCustomPseudoElement):
1796         * css/SelectorChecker.cpp:
1797         (WebCore::SelectorChecker::matchRecursively):
1798         * css/SelectorPseudoElementTypeMap.in:
1799         * css/html.css:
1800         (::placeholder):
1801         (input::placeholder, isindex::placeholder):
1802         (textarea::placeholder):
1803         (::-webkit-input-placeholder): Deleted.
1804         (input::-webkit-input-placeholder, isindex::-webkit-input-placeholder): Deleted.
1805         (textarea::-webkit-input-placeholder): Deleted.
1806         * features.json:
1807         * html/shadow/TextControlInnerElements.cpp:
1808         (WebCore::TextControlPlaceholderElement::TextControlPlaceholderElement):
1809
1810 2016-06-14  Doug Russell  <d_russell@apple.com>
1811
1812         AX: Form label text should be exposed as static text if it contains only static text
1813         https://bugs.webkit.org/show_bug.cgi?id=158634
1814
1815         Reviewed by Chris Fleizach.
1816
1817         Use AccessibilityLabel to represent HTMLLabelElement to assistive technology.
1818         AccessibilityLabel::containsOnlyStaticText() searches label subtree to evaluate 
1819         if all children are static text.
1820         AccessibilityLabel::stringValue() consults containsOnlyStaticText() and returns
1821         textUnderElement() if true.
1822         WebAccessibilityObjectWrapperMac consults containsOnlyStaticText() and substitutes
1823         StaticTextRole for LabelRole if true.
1824         Cache containsOnlyStaticText() in the common case when updating children.
1825
1826         Tests: accessibility/mac/label-element-all-text-string-value.html
1827                accessibility/mac/label-element-with-link-string-value.html
1828
1829         * CMakeLists.txt:
1830         * WebCore.xcodeproj/project.pbxproj:
1831         * accessibility/AXObjectCache.cpp:
1832         (WebCore::createFromRenderer):
1833         * accessibility/AccessibilityAllInOne.cpp:
1834         * accessibility/AccessibilityLabel.cpp: Added.
1835         (WebCore::AccessibilityLabel::AccessibilityLabel):
1836         (WebCore::AccessibilityLabel::~AccessibilityLabel):
1837         (WebCore::AccessibilityLabel::create):
1838         (WebCore::AccessibilityLabel::computeAccessibilityIsIgnored):
1839         (WebCore::AccessibilityLabel::stringValue):
1840         (WebCore::childrenContainOnlyStaticText):
1841         (WebCore::AccessibilityLabel::containsOnlyStaticText):
1842         (WebCore::AccessibilityLabel::updateChildrenIfNecessary):
1843         (WebCore::AccessibilityLabel::clearChildren):
1844         (WebCore::AccessibilityLabel::insertChild):
1845         * accessibility/AccessibilityLabel.h: Added.
1846         * accessibility/AccessibilityObject.h:
1847         (WebCore::AccessibilityObject::isLabel):
1848         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
1849         (-[WebAccessibilityObjectWrapper role]):
1850
1851 2016-06-14  Commit Queue  <commit-queue@webkit.org>
1852
1853         Unreviewed, rolling out r202057.
1854         https://bugs.webkit.org/show_bug.cgi?id=158749
1855
1856         This change broke the Windows build. (Requested by ryanhaddad
1857         on #webkit).
1858
1859         Reverted changeset:
1860
1861         "Honor bidi unicode codepoints"
1862         https://bugs.webkit.org/show_bug.cgi?id=149170
1863         http://trac.webkit.org/changeset/202057
1864
1865 2016-06-14  Myles C. Maxfield  <mmaxfield@apple.com>
1866
1867         Honor bidi unicode codepoints
1868         https://bugs.webkit.org/show_bug.cgi?id=149170
1869         <rdar://problem/26527378>
1870
1871         Reviewed by Simon Fraser.
1872
1873         BidiResolver doesn't have any concept of isolate Unicode code points, so produces
1874         unexpected output when they are present. Fix by considering such code points as
1875         whitespace in the bidi algorithm. This is a stop-gap measure until we can support
1876         the codepoints fully in our Bidi algorithm.
1877
1878         Test: fast/text/isolate-ignore.html
1879
1880         * platform/graphics/Font.cpp:
1881         (WebCore::createAndFillGlyphPage):
1882         * platform/text/BidiResolver.h:
1883         (WebCore::Subclass>::createBidiRunsForLine):
1884
1885 2016-06-14  Commit Queue  <commit-queue@webkit.org>
1886
1887         Unreviewed, rolling out r200455.
1888         https://bugs.webkit.org/show_bug.cgi?id=158740
1889
1890         hangs twitter/facebook (Requested by mcatanzaro on #webkit).
1891
1892         Reverted changeset:
1893
1894         "[GStreamer] Adaptive streaming issues"
1895         https://bugs.webkit.org/show_bug.cgi?id=144040
1896         http://trac.webkit.org/changeset/200455
1897
1898 2016-06-14  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
1899
1900         WebRTC: RTCPeerConnection::addTrack() should throw InvalidAccessError instead of InvalidModificationError.
1901         https://bugs.webkit.org/show_bug.cgi?id=158735
1902
1903         Reviewed by Eric Carlson.
1904
1905         Throw InvalidAccessError instead of InvalidModificationError when track already exists in connection's
1906         set of senders as per specification (https://w3c.github.io/webrtc-pc/#dom-rtcpeerconnection-addtrack).
1907
1908         Updated existing test results: fast/mediastream/RTCPeerConnection-add-removeTrack-expected.txt
1909
1910         * Modules/mediastream/RTCPeerConnection.cpp:
1911         (WebCore::RTCPeerConnection::addTrack):
1912
1913 2016-06-14  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1914
1915         WebRTC: Imlement MediaEndpointPeerConnection::addIceCandidate()
1916         https://bugs.webkit.org/show_bug.cgi?id=158690
1917
1918         Reviewed by Eric Carlson.
1919
1920         Implement MediaEndpointPeerConnection::addIceCandidate() that is the MediaEndpoint
1921         implementation of RTCPeerConnection.addIceCandidate() [1].
1922
1923         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#dom-peerconnection-addicecandidate
1924
1925         Test: fast/mediastream/RTCPeerConnection-addIceCandidate.html
1926
1927         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
1928         (WebCore::MediaEndpointPeerConnection::addIceCandidate):
1929         (WebCore::MediaEndpointPeerConnection::addIceCandidateTask):
1930         Implemented.
1931         * Modules/mediastream/MediaEndpointPeerConnection.h:
1932         * platform/mediastream/MediaEndpoint.h:
1933         Use mid instead of mdescIndex to identify the target media description in the backend.
1934         * platform/mock/MockMediaEndpoint.cpp:
1935         Update mock method signature accordingly.
1936         (WebCore::MockMediaEndpoint::addRemoteCandidate):
1937         * platform/mock/MockMediaEndpoint.h:
1938
1939 2016-06-14  Zalan Bujtas  <zalan@apple.com>
1940
1941         Make RenderBlock::insertInto/RemoveFromTrackedRendererMaps functions static.
1942         https://bugs.webkit.org/show_bug.cgi?id=158722
1943
1944         Reviewed by Simon Fraser.
1945
1946         These functions manipulate static tracker hashmaps. They don't need to be on RenderBlock.
1947         This is also in preparation for decoupling positioned descendant tracking from descendent percentage height handling.
1948         (gPositionedDescendantsMap and gPercentHeightDescendantsMap) 
1949
1950         No change in functionality.
1951
1952         * rendering/RenderBlock.cpp:
1953         (WebCore::insertIntoTrackedRendererMaps):
1954         (WebCore::removeFromTrackedRendererMaps):
1955         (WebCore::removeBlockFromDescendantAndContainerMaps):
1956         (WebCore::RenderBlock::insertPositionedObject):
1957         (WebCore::RenderBlock::addPercentHeightDescendant):
1958         (WebCore::RenderBlock::insertIntoTrackedRendererMaps): Deleted.
1959         (WebCore::RenderBlock::removeFromTrackedRendererMaps): Deleted.
1960         * rendering/RenderBlock.h:
1961
1962 2016-06-14  Adam Bergkvist  <adam.bergkvist@ericsson.com>
1963
1964         WebRTC: Add media setup test where media is set up in one direction at a time
1965         https://bugs.webkit.org/show_bug.cgi?id=158691
1966
1967         Reviewed by Eric Carlson.
1968
1969         Add test for setting up media in one direction at a time. This requires a change in sdp.js
1970         to allow an SDP that doesn't contain a stream id or track id (representing
1971         a track being sent). In this test, the first answer doesn't contain any sending media.
1972
1973         Test: fast/mediastream/RTCPeerConnection-media-setup-two-dialogs.html
1974
1975         * Modules/mediastream/sdp.js:
1976
1977 2016-06-14  Chris Dumez  <cdumez@apple.com>
1978
1979         [Cocoa] Avoid extra copy of headers dictionary in ResourceResponse::platformLazyInit()
1980         https://bugs.webkit.org/show_bug.cgi?id=158717
1981
1982         Reviewed by Alex Christensen.
1983
1984         Avoid extra copy of headers dictionary in ResourceResponse::platformLazyInit() by
1985         calling CFHTTPMessageCopyAllHeaderFields() instead of [NSURLResponse allHeaderFields].
1986
1987         CFHTTPMessageCopyAllHeaderFields() creates only 1 copy while
1988         [NSURLResponse allHeaderFields] creates 2 (see <rdar://problem/26778863>).
1989
1990         * platform/network/cocoa/ResourceResponseCocoa.mm:
1991         (WebCore::addToHTTPHeaderMap):
1992         (WebCore::ResourceResponse::platformLazyInit):
1993
1994 2016-06-14  David Kilzer  <ddkilzer@apple.com>
1995
1996         REGRESSION (r151608): Leak of QTMovieLayer or AVPlayerLayer in -[WebVideoFullscreenController setVideoElement:]
1997         <https://webkit.org/b/158729>
1998
1999         Reviewed by Eric Carlson.
2000
2001         * platform/mac/WebVideoFullscreenController.mm:
2002         (-[WebVideoFullscreenController setVideoElement:]): Use
2003         RetainPtr<> to prevent leaks.
2004         * platform/mac/WebVideoFullscreenHUDWindowController.mm:
2005         Drive-by fix to remove unused <wtf/RetainPtr.h> import.
2006
2007 2016-06-14  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2008
2009         The vector of mediastreams should be passed via a reference to RTCPeerConnection::addTrack()
2010         https://bugs.webkit.org/show_bug.cgi?id=158701
2011
2012         Pass vector of mediastreams by reference.
2013
2014         Reviewed by Youenn Fablet.
2015
2016         * Modules/mediastream/RTCPeerConnection.cpp:
2017         (WebCore::RTCPeerConnection::addTrack):
2018         * Modules/mediastream/RTCPeerConnection.h:
2019
2020 2016-06-14  Ryosuke Niwa  <rniwa@webkit.org>
2021
2022         Crash inside firstPositionInNode in checkLoadCompleteForThisFrame
2023         https://bugs.webkit.org/show_bug.cgi?id=158724
2024
2025         Reviewed by Alex Christensen.
2026
2027         Added null checks for document and document element since they could be nullptr here.
2028
2029         * loader/FrameLoader.cpp:
2030         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
2031
2032 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2033
2034         Remove hasStaticPropertyTable (part 3: JSLocation::putDelegate)
2035         https://bugs.webkit.org/show_bug.cgi?id=158431
2036
2037         Unreviewed build fix.
2038
2039         * bindings/js/JSLocationCustom.cpp:
2040         (WebCore::JSLocation::putDelegate):
2041
2042 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2043
2044         Remove hasStaticPropertyTable (part 4: JSHTMLDocument & JSStorage)
2045         https://bugs.webkit.org/show_bug.cgi?id=158431
2046
2047         Reviewed by Chris Dumez.
2048
2049         All uses of hasStaticPropertyTable flag generated by bindings are wrong.
2050
2051         JSHTMLDocument & JSStorage contain a number of static_asserts claiming that
2052         various methods do not support static properties. These asserts were likely
2053         correct at the time they were added, as JSObject::getOwnPropertySlot and
2054         JSObject::deleteProperty did not support getting / deleting static value.
2055         This is no longer the case, and these asserts are now incorrect.
2056
2057         * bindings/js/JSHTMLDocumentCustom.cpp:
2058         (WebCore::JSHTMLDocument::getOwnPropertySlot):
2059         * bindings/js/JSStorageCustom.cpp:
2060         (WebCore::JSStorage::deleteProperty):
2061         (WebCore::JSStorage::deletePropertyByIndex):
2062         (WebCore::JSStorage::putDelegate):
2063             - remove incorrect static_asserts.
2064
2065 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2066
2067         Remove hasStaticPropertyTable (part 3: JSLocation::putDelegate)
2068         https://bugs.webkit.org/show_bug.cgi?id=158431
2069
2070         Reviewed by Geoff Garen.
2071
2072         All uses of hasStaticPropertyTable flag generated by bindings are wrong.
2073
2074         JSLocation::putDelegate checks the static property table redundantly.
2075
2076         In the case of same origin access, if the property is not in the static
2077         table the method will call JSObject::put and return true (indicating the
2078         delegate handled the put). If the property is in the static table, the
2079         method will return false (indicating the the delegate did not handle the
2080         access) - in which case the calling function will call JSObject::put.
2081         Checking for the property in the static table is redundant - same origin
2082         access does not require any special handling, and should just always
2083         return false & let the caller handle the put.
2084
2085         In the case of cross origin access, if the property is not in the static
2086         table we return true (indicating the access was handled, and silently
2087         blocking it). If it is a static property, we check the name, and if the
2088         name is not 'href' we also return true, silently blocking. In the case
2089         that the name is 'href' we'll return false, indicating to the caller
2090         that the access was not handled by the delegate, resulting in it taking
2091         place. The additional check of the static table is redundant, since we
2092         only have special behaviour in the case of 'href'. (Moreover it is
2093         unnecesszarily fragile, since if we made a change such that 'href' was no
2094         longer implemented as a static property with would fail.)
2095
2096         - for same origin, always return false.
2097         - for cross origin, return false for 'href', otherwise return true.
2098
2099         * bindings/js/JSLocationCustom.cpp:
2100         (WebCore::JSLocation::putDelegate):
2101             - restructure & remove static table check.
2102
2103 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2104
2105         Remove hasStaticPropertyTable (part 2: JSPluginElement)
2106         https://bugs.webkit.org/show_bug.cgi?id=158431
2107
2108         Reviewed by Chris Dumez.
2109
2110         All uses of hasStaticPropertyTable flag generated by bindings are wrong.
2111
2112         The check in pluginElementCustomGetOwnPropertySlot was somewhat dubious in the
2113         first place (for types with static properties it would give precedence to both
2114         static and also property storage properties; for types without static properties
2115         it would check neither - an odd asymetry in the case of values in the storage
2116         array, and was depending on an implementation detail that could change).
2117
2118         This is all now redundant anyway. None of these types have static properties.
2119         All properties are now corretcly on the prototype (which is handled appropriately
2120         below). This is just dead code.
2121
2122         * bindings/js/JSPluginElementFunctions.h:
2123         (WebCore::pluginElementCustomGetOwnPropertySlot):
2124             - remove dead code.
2125
2126 2016-06-13  Gavin & Ellie Barraclough  <barraclough@apple.com>
2127
2128         Remove hasStaticPropertyTable (part 1: DOM bindings)
2129         https://bugs.webkit.org/show_bug.cgi?id=158431
2130
2131         Reviewed by Chris Dumez.
2132
2133         All uses of hasStaticPropertyTable flag generated by bindings are wrong.
2134
2135         * bindings/js/JSDOMBinding.h:
2136         (WebCore::getStaticValueSlotEntryWithoutCaching): Deleted.
2137         (WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMObject>): Deleted.
2138             - this method is not used anywhere.
2139
2140 2016-06-13  Adam Bergkvist  <adam.bergkvist@ericsson.com>
2141
2142         WebRTC: Imlement MediaEndpointPeerConnection::replaceTrack()
2143         https://bugs.webkit.org/show_bug.cgi?id=158688
2144
2145         Reviewed by Eric Carlson.
2146
2147         Implement MediaEndpointPeerConnection::replaceTrack() that is the MediaEndpoint implementation
2148         of RTCRtpSender.replaceTrack() [1].
2149
2150         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#dom-rtcrtpsender-replacetrack
2151
2152         Updated fast/mediastream/RTCRtpSender-replaceTrack.html
2153
2154         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
2155         (WebCore::MediaEndpointPeerConnection::replaceTrack):
2156         (WebCore::MediaEndpointPeerConnection::replaceTrackTask):
2157         Implemented.
2158         * Modules/mediastream/MediaEndpointPeerConnection.h:
2159         * Modules/mediastream/PeerConnectionBackend.h:
2160         * Modules/mediastream/RTCPeerConnection.cpp:
2161         (WebCore::RTCPeerConnection::replaceTrack):
2162         * Modules/mediastream/RTCPeerConnection.h:
2163         Move the MediaStreamTrack instance of sending a reference to it. This change is the main
2164         reason many files are touched by this change.
2165         * Modules/mediastream/RTCRtpSender.h:
2166         * Modules/mediastream/RTCRtpSender.idl:
2167         * platform/mediastream/MediaEndpoint.h:
2168         Use mid instead of mdescIndex to identify the media description in the backend.
2169         * platform/mock/MockMediaEndpoint.cpp:
2170         (WebCore::MockMediaEndpoint::replaceSendSource):
2171         * platform/mock/MockMediaEndpoint.h:
2172
2173 2016-06-13  Joseph Pecoraro  <pecoraro@apple.com>
2174
2175         window.onerror should pass the ErrorEvent's 'error' property as the 5th argument to the event handler
2176         https://bugs.webkit.org/show_bug.cgi?id=55092
2177         <rdar://problem/25731279>
2178
2179         Reviewed by Dean Jackson.
2180
2181         This includes the actual Error in window.error / ErrorEvent:
2182         https://html.spec.whatwg.org/multipage/webappapis.html#the-errorevent-interface
2183
2184         This is useful for scripts to be able to get an error stack
2185         from uncaught exceptions, by checking the error itself.
2186
2187         Tests: fast/events/window-onerror17.html
2188                http/tests/security/cross-origin-script-error-event-redirected.html
2189                http/tests/security/cross-origin-script-error-event.html
2190                http/tests/security/script-crossorigin-error-event-information.html
2191                http/tests/security/script-no-crossorigin-error-event-should-be-sanitized.html
2192                userscripts/window-onerror-for-isolated-world-3.html
2193
2194         * CMakeLists.txt:
2195         * WebCore.xcodeproj/project.pbxproj:
2196         * bindings/js/JSBindingsAllInOne.cpp:
2197         Add new custom error event file.
2198
2199         * bindings/js/JSDOMBinding.cpp:
2200         (WebCore::reportException):
2201         Include the JSC::Exception when reporting exceptions, so the error value is available.
2202         
2203         * bindings/js/JSErrorEventCustom.cpp:
2204         (WebCore::JSErrorEvent::error):
2205         Sanitized access to the ErrorEvent's error property to prevent leaking objects
2206         across isolated world boundaries. This is like CustomEvent's data property.
2207
2208         * bindings/js/JSErrorHandler.cpp:
2209         (WebCore::JSErrorHandler::handleEvent):
2210         * bindings/js/JSErrorHandler.h:
2211         Include the error object as the 4th argument to the window.onerror event handler.
2212
2213         * dom/ScriptExecutionContext.cpp:
2214         (WebCore::ScriptExecutionContext::sanitizeScriptError):
2215         (WebCore::ScriptExecutionContext::reportException):
2216         (WebCore::ScriptExecutionContext::dispatchErrorEvent):
2217         * dom/ScriptExecutionContext.h:
2218         Include the error object in the ErrorEvent constructed when dispatching error events.
2219
2220         * dom/ErrorEvent.cpp:
2221         (WebCore::ErrorEvent::ErrorEvent):
2222         (WebCore::ErrorEvent::sanitizedErrorValue):
2223         (WebCore::ErrorEvent::trySerializeError):
2224         * dom/ErrorEvent.h:
2225         * dom/ErrorEvent.idl:
2226         Include an any "error" property on the ErrorEvent, and allow it in initialization.
2227
2228         * bindings/js/WorkerScriptController.cpp:
2229         (WebCore::WorkerScriptController::evaluate):
2230         * workers/WorkerMessagingProxy.cpp:
2231         (WebCore::WorkerMessagingProxy::postExceptionToWorkerObject):
2232         Within the Worker world, the error is included in the event.
2233         When re-dispatching the error on the world object in the world that spawned the
2234         Worker the event does not include an error object. This matches other browsers
2235         right now, but could be improved to have the same cross world serialization
2236         as isolated worlds have with the error data.
2237
2238         * dom/CustomEvent.h:
2239         Remove unimplemented stale method.
2240
2241 2016-06-13  Dean Jackson  <dino@apple.com>
2242
2243         SVG elements don't blend correctly into HTML
2244         https://bugs.webkit.org/show_bug.cgi?id=158718
2245         <rdar://problem/26782004>
2246
2247         Reviewed by Antoine Quint.
2248
2249         We were not creating any transparency layers for the root SVG nodes.
2250         This is ok if the SVG is the root document, because it is the backdrop.
2251         However, if it is inline SVG, it needs to apply the operation in
2252         order to composite into the document.
2253
2254         Test: svg/css/mix-blend-mode-with-inline-svg.html
2255
2256         * rendering/RenderLayer.cpp:
2257         (WebCore::RenderLayer::beginTransparencyLayers):
2258
2259 2016-06-13  Brady Eidson  <beidson@apple.com>
2260
2261         storage/indexeddb/modern/leaks-1.html leaks the database connection handle.
2262         https://bugs.webkit.org/show_bug.cgi?id=158643
2263
2264         Reviewed by Alex Christensen.
2265
2266         Tested by changes to existing test.
2267
2268         * Modules/indexeddb/IDBDatabase.cpp:
2269         (WebCore::IDBDatabase::hasPendingActivity):
2270         
2271         * dom/EventTarget.h:
2272         (WebCore::EventTarget::eventTargetData):
2273         (WebCore::EventTarget::hasEventListeners):
2274
2275
2276 2016-06-13  Enrica Casucci  <enrica@apple.com>
2277
2278         REGRESSION(r201956): Failure to initialize new internal settings produced random test failures in release.
2279         https://bugs.webkit.org/show_bug.cgi?id=158713
2280         rdar://26769957
2281
2282         Reviewed by Simon Fraser.
2283
2284         Failed to initialize the new member variable in both Settings and InternalSettings classes.
2285
2286         * page/Settings.cpp:
2287         (WebCore::Settings::Settings):
2288         * testing/InternalSettings.cpp:
2289         (WebCore::InternalSettings::Backup::Backup):
2290
2291 2016-06-13  Chris Dumez  <cdumez@apple.com>
2292
2293         Drop HipChat hack introduced in r197548
2294         https://bugs.webkit.org/show_bug.cgi?id=158711
2295
2296         Reviewed by Geoffrey Garen.
2297
2298         Drop HipChat hack introduced in r197548. This hack is no longer needed
2299         as the bug was fixed in HipChat since then:
2300         https://support.atlassian.com/servicedesk/customer/portal/32/HCP-7532
2301
2302         I have confirmed locally that the latest version (4.0.12.665) is able
2303         to connect without the hack.
2304
2305         * bindings/js/JSLocationCustom.cpp:
2306         (WebCore::JSLocation::putDelegate): Deleted.
2307         * platform/RuntimeApplicationChecks.h:
2308         * platform/RuntimeApplicationChecks.mm:
2309         (WebCore::MacApplication::isHipChat): Deleted.
2310
2311 2016-06-13  Chris Fleizach  <cfleizach@apple.com>
2312
2313         AX: CrashTracer: com.apple.WebKit.WebContent at WebCore::AccessibilityRenderObject::remoteSVGRootElement const + 227
2314         https://bugs.webkit.org/show_bug.cgi?id=158685
2315
2316         Reviewed by David Kilzer.
2317
2318         Crash reports show a null access at a line that tries to dereference a pointer. 
2319         I still don't have a way to layout test this, as it seems tied to tear down of the main document.
2320
2321         * accessibility/AccessibilityRenderObject.cpp:
2322         (WebCore::AccessibilityRenderObject::remoteSVGRootElement):
2323
2324 2016-06-13  Jeremy Jones  <jeremyj@apple.com>
2325
2326         Use two video layer solution only on mac.
2327         https://bugs.webkit.org/show_bug.cgi?id=158705
2328         rdar://problem/26776360
2329
2330         Reviewed by Jer Noble.
2331
2332         Two video layer solution is only useful on the mac to prevent flicker, so don't do it elsewhere.
2333
2334         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
2335         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVPlayerLayer):
2336
2337 2016-06-13  Jeremy Jones  <jeremyj@apple.com>
2338
2339         Decrease PiP flicker by not removing window prematurely.
2340         https://bugs.webkit.org/show_bug.cgi?id=158436
2341         <rdar://problem/19052639>
2342
2343         Reviewed by Darin Adler.
2344
2345         UIWindow shouldn't be removed until cleanupFullscreen, so the video layer has a chance
2346         to be reparented in the DOM first.
2347
2348         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
2349         (WebVideoFullscreenInterfaceAVKit::didStopPictureInPicture):
2350
2351 2016-06-13  Alex Christensen  <achristensen@webkit.org>
2352
2353         Add WebSocketProvider stub
2354         https://bugs.webkit.org/show_bug.cgi?id=158702
2355
2356         Reviewed by Brady Eidson.
2357
2358         No new tests.  No change in behavior.
2359
2360         * WebCore.xcodeproj/project.pbxproj:
2361         * dom/DocumentMarkerController.cpp:
2362         * dom/ScriptedAnimationController.cpp:
2363         * html/HTMLMediaElement.cpp:
2364         * html/MediaDocument.cpp:
2365         * html/shadow/MediaControlElements.cpp:
2366         * html/shadow/MediaControls.cpp:
2367         * html/shadow/MediaControls.h:
2368         * html/shadow/MediaControlsApple.cpp:
2369         * inspector/InspectorInstrumentation.cpp:
2370         * inspector/InspectorInstrumentation.h:
2371         * inspector/InspectorOverlay.cpp:
2372         (WebCore::InspectorOverlay::overlayPage):
2373         * loader/EmptyClients.h:
2374         * loader/FrameLoader.cpp:
2375         * loader/FrameLoader.h:
2376         * loader/appcache/ApplicationCacheHost.cpp:
2377         * loader/cache/CachedResource.cpp:
2378         * page/FrameView.cpp:
2379         * page/Page.cpp:
2380         (WebCore::Page::Page):
2381         * page/Page.h:
2382         (WebCore::Page::applicationCacheStorage):
2383         (WebCore::Page::databaseProvider):
2384         (WebCore::Page::socketProvider):
2385         (WebCore::Page::storageNamespaceProvider):
2386         * page/PageConfiguration.cpp:
2387         (WebCore::PageConfiguration::PageConfiguration):
2388         * page/PageConfiguration.h:
2389         * page/ResourceUsageOverlay.cpp:
2390         * page/SocketProvider.h: Added.
2391         (WebCore::SocketProvider::~SocketProvider):
2392         * page/cocoa/ResourceUsageOverlayCocoa.mm:
2393         * rendering/RenderElement.cpp:
2394         * rendering/RenderLayerBacking.cpp:
2395         * style/StyleResolveForDocument.cpp:
2396         * style/StyleTreeResolver.cpp:
2397         * svg/graphics/SVGImage.cpp:
2398         (WebCore::SVGImage::dataChanged):
2399         * testing/MockPageOverlayClient.cpp:
2400
2401 2016-06-13  Brady Eidson  <beidson@apple.com>
2402
2403         Crashes in WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask.
2404         <rdar://problem/26768449> and https://bugs.webkit.org/show_bug.cgi?id=158696
2405
2406         Reviewed by David Kilzer.
2407
2408         No new tests (Covered by all existing tests in Gmalloc/ASAN configs).
2409
2410         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2411         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask):
2412         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
2413
2414 2016-06-13  Brady Eidson  <beidson@apple.com>
2415
2416         Modern IDB: IDBOpenDBRequest objects leak.
2417         https://bugs.webkit.org/show_bug.cgi?id=158694
2418
2419         Reviewed by Alex Christensen.
2420
2421         No new tests (Currently have no testing strategy for guaranteeing lifetime of WebCore DOM objects)
2422
2423         * Modules/indexeddb/client/IDBConnectionProxy.cpp:
2424         (WebCore::IDBClient::IDBConnectionProxy::completeOpenDBRequest): At this point we never need the
2425             request again, so remove it from the map.
2426
2427 2016-06-13  Chris Dumez  <cdumez@apple.com>
2428
2429         Make sure HTTPHeaderMap gets a move constructor / assignment operator
2430         https://bugs.webkit.org/show_bug.cgi?id=158695
2431         <rdar://problem/26729511>
2432
2433         Reviewed by Alex Christensen.
2434
2435         Make sure HTTPHeaderMap gets a move constructor / assignment operator.
2436         It was not getting an implicit one because of its user-declared
2437         destructor. This patch drops the user-declared destructor so that
2438         HTTPHeaderMap now gets an implicit move constructor / assignment
2439         operator.
2440
2441         Not having a move constructor / assignment operator is an issue because
2442         we rely on HTTPHeaderMap::isolatedCopy() / WTFMove() since r201623 to
2443         pass HTTPHeaderMap across thread.
2444
2445         * platform/network/HTTPHeaderMap.cpp:
2446         (WebCore::HTTPHeaderMap::~HTTPHeaderMap): Deleted.
2447         * platform/network/HTTPHeaderMap.h:
2448
2449 2016-06-13  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2450
2451         Remove useless parameter from GenerateParametersCheck signature
2452         https://bugs.webkit.org/show_bug.cgi?id=158692
2453
2454         Reviewed by Chris Dumez.
2455
2456         Remove one parameter which is passed to GenerateParametersCheck
2457         but never used in the caller code.
2458
2459         * bindings/scripts/CodeGeneratorJS.pm:
2460         (GenerateImplementation):
2461         (GenerateParametersCheck):
2462         (GenerateConstructorDefinition):
2463
2464 2016-06-13  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2465
2466         Improve code generator for functions with variadic parameters
2467         https://bugs.webkit.org/show_bug.cgi?id=158529
2468
2469         Reviewed by Darin Adler.
2470
2471         JS bindings code of functions with variadic parameters is improved.
2472
2473         Functions with variadic parameters are skipped for ObjC and GObject code generators.
2474
2475         * bindings/scripts/CodeGeneratorGObject.pm:
2476         (SkipFunction): Skip functions with variadic parameters.
2477         * bindings/scripts/CodeGeneratorJS.pm:
2478         (GenerateParametersCheck):
2479         * bindings/scripts/CodeGeneratorObjC.pm:
2480         (SkipFunction): Skip functions with variadic parameters.
2481         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
2482         (webkit_dom_test_obj_any): Deleted.
2483         (webkit_dom_test_obj_attach_shadow_root): Deleted.
2484         (webkit_dom_test_obj_get_read_only_long_attr): Deleted.
2485         (webkit_dom_test_obj_get_read_only_string_attr): Deleted.
2486         * bindings/scripts/test/GObject/WebKitDOMTestObj.h:
2487         * bindings/scripts/test/JS/JSTestObj.cpp:
2488         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod12):
2489         (WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
2490         (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
2491         (WebCore::jsTestObjPrototypeFunctionVariadicNodeMethod):
2492         * bindings/scripts/test/ObjC/DOMTestObj.h:
2493         * bindings/scripts/test/ObjC/DOMTestObj.mm:
2494
2495 2016-06-12  Zalan Bujtas  <zalan@apple.com>
2496
2497         Cleanup RenderBlock::removePositionedObjects
2498         https://bugs.webkit.org/show_bug.cgi?id=158670
2499
2500         Reviewed by Simon Fraser.
2501
2502         No change in functionality.
2503
2504         * rendering/RenderBlock.cpp:
2505         (WebCore::RenderBlock::insertPositionedObject):
2506         (WebCore::RenderBlock::removePositionedObject):
2507         (WebCore::RenderBlock::removePositionedObjects):
2508         * rendering/RenderBlock.h:
2509
2510 2016-06-12  Zalan Bujtas  <zalan@apple.com>
2511
2512         Remove positioned descendants when RenderBlock is no longer a containing block.
2513         https://bugs.webkit.org/show_bug.cgi?id=158655
2514         <rdar://problem/26510032>
2515
2516         Reviewed by Simon Fraser.
2517
2518         Normally the RenderView is the containing block for fixed positioned renderers.
2519         However when a renderer acquires some transform related properties, it becomes the containing
2520         block for all the fixed positioned renderers in its descendant tree.
2521         When the last transform related property is removed, the renderer is no longer a containing block
2522         and we need to remove all these positioned renderers from the descendant tracker map (gPositionedDescendantsMap).
2523         They will be inserted back into the tracker map during the next layout (either under the RenderView or
2524         under the next transformed renderer in the ancestor chain).
2525
2526         Test: fast/block/fixed-position-reparent-when-transition-is-removed.html
2527
2528         * rendering/RenderBlock.cpp:
2529         (WebCore::RenderBlock::removePositionedObjectsIfNeeded):
2530
2531 2016-06-11  Myles C. Maxfield  <mmaxfield@apple.com>
2532
2533         Addressing post-review comments after r201978.
2534         https://bugs.webkit.org/show_bug.cgi?id=158649
2535         <rdar://problem/13258122>
2536
2537         Unreviewed.
2538
2539         * platform/graphics/FontCache.cpp:
2540         (WebCore::FontCache::alternateFamilyName):
2541         * platform/graphics/cocoa/FontCacheCoreText.cpp:
2542         (WebCore::FontCache::platformAlternateFamilyName):
2543
2544 2016-06-11  Darin Adler  <darin@apple.com>
2545
2546         Tighten code to build set of tag names
2547         https://bugs.webkit.org/show_bug.cgi?id=158662
2548
2549         Reviewed by Alexey Proskuryakov.
2550
2551         * dom/Element.cpp:
2552         (WebCore::canAttachAuthorShadowRoot): Use an array of pointers that the loader
2553         can initialize as part of loading the library, rather than an array that needs
2554         to be initialized with code at runtime.
2555
2556 2016-06-11  Myles C. Maxfield  <mmaxfield@apple.com>
2557
2558         [Win] [EFL] Build fix after r201978.
2559         https://bugs.webkit.org/show_bug.cgi?id=158649
2560         <rdar://problem/13258122>
2561
2562         Unreviewed
2563
2564         * platform/graphics/freetype/FontCacheFreeType.cpp:
2565         (WebCore::FontCache::platformAlternateFamilyName):
2566         * platform/graphics/win/FontCacheWin.cpp:
2567
2568 2016-06-11  Myles C. Maxfield  <mmaxfield@apple.com>
2569
2570         [Cocoa] Map commonly used Chinese Windows font names to names present on Cocoa operating systems
2571         https://bugs.webkit.org/show_bug.cgi?id=158649
2572         <rdar://problem/13258122>
2573
2574         Reviewed by Darin Adler.
2575
2576         There are many Chinese websites which hardcode Windows font names.
2577         We should map these to fonts which best match them on Cocoa operating
2578         systems. We can do this by using our existing fallback font name
2579         infrastructure.
2580
2581         Tests: fast/text/chinese-font-name-aliases-2.html
2582                fast/text/chinese-font-name-aliases.html
2583
2584         * platform/graphics/FontCache.cpp:
2585         (WebCore::FontCache::alternateFamilyName):
2586         (WebCore::alternateFamilyName): Deleted.
2587         * platform/graphics/FontCache.h:
2588         * platform/graphics/cocoa/FontCacheCoreText.cpp:
2589         (WebCore::FontCache::platformAlternateFamilyName):
2590         * platform/graphics/freetype/FontCacheFreeType.cpp:
2591         (WebCore::FontCache::platformAlternateFamilyName):
2592         * platform/graphics/win/FontCacheWin.cpp:
2593         (WebCore::FontCache::platformAlternateFamilyName):
2594
2595 2016-06-11  Commit Queue  <commit-queue@webkit.org>
2596
2597         Unreviewed, rolling out r201967, r201968, and r201972.
2598         https://bugs.webkit.org/show_bug.cgi?id=158665
2599
2600         Caused flaky failures on IndexedDB tests (Requested by ap on
2601         #webkit).
2602
2603         Reverted changesets:
2604
2605         "Vary:Cookie validation doesn't work in private browsing"
2606         https://bugs.webkit.org/show_bug.cgi?id=158616
2607         http://trac.webkit.org/changeset/201967
2608
2609         "Build fix."
2610         http://trac.webkit.org/changeset/201968
2611
2612         "WinCairo build fix attempt."
2613         http://trac.webkit.org/changeset/201972
2614
2615 2016-06-11  Konstantin Tokarev  <annulen@yandex.ru>
2616
2617         Fixed compilation of LocaleICU with ENABLE(DATE_AND_TIME_INPUT_TYPES)
2618         https://bugs.webkit.org/show_bug.cgi?id=158659
2619
2620         Reviewed by Darin Adler.
2621
2622         No new tests needed.
2623
2624         * platform/text/LocaleICU.cpp:
2625         (WebCore::getFormatForSkeleton):
2626         (WebCore::LocaleICU::monthFormat):
2627         (WebCore::LocaleICU::shortMonthFormat):
2628
2629 2016-06-11  Antti Koivisto  <antti@apple.com>
2630
2631         WinCairo build fix attempt.
2632
2633         * platform/network/NetworkStorageSession.cpp:
2634         * platform/network/NetworkStorageSession.h:
2635         * platform/network/NetworkStorageSessionStub.cpp:
2636         (WebCore::NetworkStorageSession::NetworkStorageSession):
2637         (WebCore::NetworkStorageSession::context):
2638         (WebCore::NetworkStorageSession::createPrivateBrowsingSession):
2639         (WebCore::NetworkStorageSession::switchToNewTestingSession):
2640         (WebCore::NetworkStorageSession::~NetworkStorageSession): Deleted.
2641         (WebCore::defaultSession): Deleted.
2642         (WebCore::NetworkStorageSession::defaultStorageSession): Deleted.
2643
2644 2016-06-11  Myles C. Maxfield  <mmaxfield@apple.com>
2645
2646         Deleting a CSSOM style rule invalidates any previously-added FontFaces
2647         https://bugs.webkit.org/show_bug.cgi?id=158450
2648
2649         Reviewed by Darin Adler.
2650
2651         This patch has two pieces: updating the CSSOM when the FontFace changes, and
2652         updating the FontFace when the CSSOM changes.
2653
2654         1: Updating the CSSOM when the FontFace changes: CSSFontFaces already have a RefPtr
2655         to their StyleRuleFontFace which represents their CSS-connection. When changing a
2656         property of the CSSFontFace, we simply reach into the StyleRule and update it to
2657         match. Our existing infrastructure of invalidation due to the attribute changes
2658         makes sure that all the necessary updates occur.
2659
2660         2. Updating the FontFace when the CSSOM changes: If the CSSOM changes in a trivial
2661         way (for example, a new @font-face is appended to the end of the last <style>
2662         element), we can handle it directly. However, when something more invasive occurs,
2663         we end up clearing the entire CSSFontSelector, and then adding all the style rules
2664         from scratch. This involves three steps:
2665             a) CSSFontSelector::buildStarted() is run, which means "we're about to start
2666                building up all the @font-face rules from scratch." We take this opportunity
2667                to purge as many fonts as possible. This is valuable because, for example,
2668                this function gets run when the page gets put into the page cache, so we
2669                want to destroy as much as possible. Not everything can be purged, however -
2670                only CSS-connected fonts which have never been inspected by script are
2671                purgeable. We don't allow fonts inspected by script to be purged because
2672                purging might result in a font appearing from JavaScript to transition from
2673                a success -> failure state, which we don't allow.
2674             b) Upon style recalc (possibly asynchronously) CSSFontSelector::addFontFaceRule()
2675                is called for each @font-face rule. We actually detect that we're in the
2676                middle of a style rebuild, and defer this step.
2677             c) When we're done adding all the font face rules, we call
2678                CSSFontSelector::buildCompleted(). This is where we compare the newly built-
2679                up list of font faces with what existed previously (as remembered in
2680                CSSFontSelector::buildStarted()) in order to detect font faces which were
2681                deleted from the document. Fonts which were newly added to the document
2682                are handled naturally.
2683                Fonts which have a property modified on them are created as if they were new.
2684                However, instead of simply adding the CSSFontFace, we search for the existing
2685                CSSFontFace (by CSS connection pointer) and tell the existing FontFace to
2686                adopt this new CSSFontFace. This means that the JavaScript object will just
2687                pick up any newly-written values in the CSSOM. It also means that the
2688                "status" attribute of the JavaScript object is reset, but this is expected
2689                and allowed by the spec. (For example, if you change the "src" attribute of
2690                an @font-face block via the CSSOM, all bets are off when you inspect the
2691                FontFace JS object representing that block.)
2692
2693         Test: fast/text/font-face-set-cssom.html
2694
2695         * css/CSSFontFace.cpp:
2696         (WebCore::CSSFontFace::CSSFontFace):
2697         (WebCore::CSSFontFace::setFamilies):
2698         (WebCore::CSSFontFace::setStyle):
2699         (WebCore::CSSFontFace::setWeight):
2700         (WebCore::CSSFontFace::setUnicodeRange):
2701         (WebCore::CSSFontFace::setVariantLigatures):
2702         (WebCore::CSSFontFace::setVariantPosition):
2703         (WebCore::CSSFontFace::setVariantCaps):
2704         (WebCore::CSSFontFace::setVariantNumeric):
2705         (WebCore::CSSFontFace::setVariantAlternates):
2706         (WebCore::CSSFontFace::setVariantEastAsian):
2707         (WebCore::CSSFontFace::setFeatureSettings):
2708         (WebCore::CSSFontFace::initializeWrapper):
2709         (WebCore::CSSFontFace::wrapper):
2710         (WebCore::CSSFontFace::setWrapper):
2711         (WebCore::CSSFontFace::purgeable):
2712         (WebCore::CSSFontFace::updateStyleIfNeeded):
2713         * css/CSSFontFace.h:
2714         * css/CSSFontFaceSet.cpp:
2715         (WebCore::CSSFontFaceSet::remove):
2716         (WebCore::CSSFontFaceSet::containsCSSConnection):
2717         (WebCore::CSSFontFaceSet::purge):
2718         * css/CSSFontFaceSet.h:
2719         * css/CSSFontSelector.cpp:
2720         (WebCore::CSSFontSelector::buildStarted):
2721         (WebCore::CSSFontSelector::buildCompleted):
2722         (WebCore::CSSFontSelector::addFontFaceRule):
2723         * css/CSSFontSelector.h:
2724         * css/FontFace.cpp:
2725         (WebCore::FontFace::family):
2726         (WebCore::FontFace::style):
2727         (WebCore::FontFace::weight):
2728         (WebCore::FontFace::unicodeRange):
2729         (WebCore::FontFace::variant):
2730         (WebCore::FontFace::featureSettings):
2731         (WebCore::FontFace::adopt):
2732         * css/FontFace.h:
2733
2734 2016-06-11  Chris Dumez  <cdumez@apple.com>
2735
2736         WorkerNavigator is missing some attributes
2737         https://bugs.webkit.org/show_bug.cgi?id=158593
2738         <rdar://problem/26731334>
2739
2740         Reviewed by Darin Adler.
2741
2742         Add attributes that are missing on WorkerNavigator:
2743         - appCodeName
2744         - hardwareConcurrency
2745         - language
2746         - product
2747         - productSub
2748         - vendor
2749         - vendorSub
2750
2751         Firefox and Chrome already expose those attributes.
2752
2753         Relevant specification:
2754         https://html.spec.whatwg.org/multipage/workers.html#the-workernavigator-object
2755
2756         This patch also refactors the IDL to match the specification more
2757         closely and promote sharing between Navigator and WorkerNavigator.
2758
2759         No new tests, updated existing test.
2760
2761         * CMakeLists.txt:
2762         * DerivedSources.make:
2763         Add new supplemental IDL files.
2764
2765         * page/Navigator.cpp:
2766         * page/Navigator.h:
2767         Moved language() / hardwareConcurrency() from Navigator to NavigatorBase
2768         so that it can be used by NavigatorWorker as well.
2769
2770         * page/NavigatorBase.h:
2771         * page/NavigatorBase.cpp:
2772         (WebCore::NavigatorBase::language):
2773         The implementation still calls defaultLanguage() but I updated it to be
2774         thread safe on all platforms.
2775
2776         (WebCore::NavigatorBase::hardwareConcurrency):
2777         Use std::call_once() for thread safety.
2778
2779         * page/Navigator.idl:
2780         * page/NavigatorConcurrentHardware.idl: Copied from Source/WebCore/page/WorkerNavigator.idl.
2781         * page/NavigatorID.idl: Copied from Source/WebCore/page/WorkerNavigator.idl.
2782         * page/NavigatorLanguage.idl: Copied from Source/WebCore/page/WorkerNavigator.idl.
2783         * page/NavigatorOnLine.idl: Copied from Source/WebCore/page/WorkerNavigator.idl.
2784         * page/WorkerNavigator.idl:
2785         Move several attributes to their own supplemental interfaces to match
2786         the specification and promote sharing with WorkerNavigator.
2787
2788         * platform/Language.cpp:
2789         (WebCore::userPreferredLanguages):
2790         * platform/Language.h:
2791         Made thread-safe on all platforms.
2792
2793 2016-06-11  Antti Koivisto  <antti@apple.com>
2794
2795         Build fix.
2796
2797         * platform/network/cf/NetworkStorageSessionCFNet.cpp:
2798         (WebCore::NetworkStorageSession::switchToNewTestingSession):
2799
2800 2016-06-10  Antti Koivisto  <antti@apple.com>
2801
2802         Vary:Cookie validation doesn't work in private browsing
2803         https://bugs.webkit.org/show_bug.cgi?id=158616
2804         rdar://problem/26755067
2805
2806         Reviewed by Darin Adler.
2807
2808         This wasn't implemented because there was no way to get NetworkStorageSession from
2809         a SessionID on WebCore side.
2810
2811         The patch adds a simple WebCore level weak map that allows getting NetworkStorageSessions
2812         from SessionID. This seemed like the cleanest way to do this without a big refactoring
2813         around the currently WebKit2 level SessionTracker.
2814
2815         * CMakeLists.txt:
2816         * WebCore.xcodeproj/project.pbxproj:
2817         * platform/network/CacheValidation.cpp:
2818         (WebCore::headerValueForVary):
2819
2820             Get NetworkStorageSession from SessionID for cookies
2821
2822         (WebCore::verifyVaryingRequestHeaders):
2823         * platform/network/NetworkStorageSession.cpp: Added.
2824
2825             Add platform independent .cpp for NetworkStorageSession.
2826             Implement a weak map for SessionID -> NetworkStorageSession.
2827
2828         (WebCore::sessionsMap):
2829         (WebCore::NetworkStorageSession::NetworkStorageSession):
2830         (WebCore::NetworkStorageSession::~NetworkStorageSession):
2831         (WebCore::NetworkStorageSession::forSessionID):
2832
2833             Get NetworkStorageSession for sessionID.
2834
2835         * platform/network/NetworkStorageSession.h:
2836         (WebCore::NetworkStorageSession::sessionID):
2837         (WebCore::NetworkStorageSession::credentialStorage):
2838         * platform/network/cf/NetworkStorageSessionCFNet.cpp:
2839         (WebCore::NetworkStorageSession::NetworkStorageSession):
2840
2841             Call to common constructor.
2842
2843         (WebCore::defaultNetworkStorageSession):
2844         * platform/network/soup/NetworkStorageSessionSoup.cpp:
2845         (WebCore::NetworkStorageSession::NetworkStorageSession):
2846
2847             Call to common constructor.
2848
2849         (WebCore::defaultSession):
2850         (WebCore::NetworkStorageSession::~NetworkStorageSession): Deleted.
2851
2852 2016-06-10  Ada Chan  <adachan@apple.com>
2853
2854         Use the video element's video box when getting the inline video rect in WebVideoFullscreenManager
2855         https://bugs.webkit.org/show_bug.cgi?id=158351
2856         <rdar://problem/26567938>
2857
2858         Reviewed by Darin Adler.
2859
2860         * WebCore.xcodeproj/project.pbxproj:
2861         Change the visibility of RenderVideo.h and RenderMedia.h since we'll be importing RenderVideo.h from WebKit2.
2862         * rendering/RenderVideo.h:
2863
2864 2016-06-10  Benjamin Poulain  <bpoulain@apple.com>
2865
2866         Add support for passive event listeners on touch events
2867         https://bugs.webkit.org/show_bug.cgi?id=158601
2868
2869         Reviewed by Simon Fraser.
2870
2871         This patch wires "passive" state of EventTarget to the delivery of touch
2872         events in WebKit2.
2873
2874         Instead of having a NonFastScrollableRegion, we have a pair of regions
2875         in EventTrackingRegions.
2876         The "asynchronousDispatchRegion" tracks the area for which all event
2877         listeners are passive. For those, events should be dispatched asynchronously.
2878         The "synchronousDispatchRegion" tracks the area for which there is at
2879         least one active event listener. Events have to be dispatched synchronously
2880         for correctness.
2881
2882         Tests: fast/events/touch/ios/tap-with-active-listener-on-elements.html
2883                fast/events/touch/ios/tap-with-active-listener-on-window.html
2884                fast/events/touch/ios/tap-with-passive-listener-on-elements.html
2885                fast/events/touch/ios/tap-with-passive-listener-on-window.html
2886
2887         * WebCore.xcodeproj/project.pbxproj:
2888         * dom/Document.cpp:
2889         (WebCore::Document::wheelEventHandlersChanged):
2890         (WebCore::Document::Document): Deleted.
2891         * dom/Document.h:
2892
2893         * dom/EventListenerMap.cpp:
2894         (WebCore::EventListenerMap::containsActive):
2895         If a Target has multiple listener for an event type, we want to know
2896         if any of them is active.
2897
2898         * dom/EventListenerMap.h:
2899         * dom/EventTarget.cpp:
2900         (WebCore::EventTarget::hasActiveEventListeners):
2901         (WebCore::EventTarget::hasActiveTouchEventListeners):
2902         * dom/EventTarget.h:
2903
2904         * page/DebugPageOverlays.cpp:
2905         (WebCore::NonFastScrollableRegionOverlay::updateRegion):
2906         I did not change the debug overlays.
2907         The NonFastScrollable area is the region for which events needs
2908         synchronous dispatch. Everything else should scroll without delay.
2909
2910         * page/FrameView.cpp:
2911         (WebCore::FrameView::scrollableAreaSetChanged):
2912         * page/Page.cpp:
2913         (WebCore::Page::nonFastScrollableRects):
2914         * page/scrolling/AsyncScrollingCoordinator.cpp:
2915         (WebCore::AsyncScrollingCoordinator::setEventTrackingRegionsDirty):
2916         (WebCore::AsyncScrollingCoordinator::willCommitTree):
2917         (WebCore::AsyncScrollingCoordinator::updateEventTrackingRegions):
2918         (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):
2919         (WebCore::AsyncScrollingCoordinator::frameViewEventTrackingRegionsChanged):
2920         (WebCore::AsyncScrollingCoordinator::scrollingStateTreeAsText):
2921         (WebCore::AsyncScrollingCoordinator::setNonFastScrollableRegionDirty): Deleted.
2922         (WebCore::AsyncScrollingCoordinator::updateNonFastScrollableRegion): Deleted.
2923         (WebCore::AsyncScrollingCoordinator::frameViewNonFastScrollableRegionChanged): Deleted.
2924         * page/scrolling/AsyncScrollingCoordinator.h:
2925         (WebCore::AsyncScrollingCoordinator::eventTrackingRegionsDirty):
2926         (WebCore::AsyncScrollingCoordinator::nonFastScrollableRegionDirty): Deleted.
2927
2928         * page/scrolling/ScrollingCoordinator.cpp:
2929         (WebCore::ScrollingCoordinator::absoluteEventTrackingRegionsForFrame):
2930         (WebCore::ScrollingCoordinator::absoluteEventTrackingRegions):
2931         (WebCore::ScrollingCoordinator::absoluteNonFastScrollableRegionForFrame): Deleted.
2932         (WebCore::ScrollingCoordinator::absoluteNonFastScrollableRegion): Deleted.
2933         I intentionally left the Wheel event with synchronous dispatch.
2934         This use case will need its own set of tests.
2935
2936         * page/scrolling/ScrollingCoordinator.h:
2937         (WebCore::ScrollingCoordinator::frameViewEventTrackingRegionsChanged):
2938         (WebCore::ScrollingCoordinator::frameViewNonFastScrollableRegionChanged): Deleted.
2939         * page/scrolling/ScrollingStateFrameScrollingNode.cpp:
2940         (WebCore::ScrollingStateFrameScrollingNode::ScrollingStateFrameScrollingNode):
2941         (WebCore::ScrollingStateFrameScrollingNode::setEventTrackingRegions):
2942         (WebCore::ScrollingStateFrameScrollingNode::dumpProperties):
2943         (WebCore::ScrollingStateFrameScrollingNode::setNonFastScrollableRegion): Deleted.
2944         * page/scrolling/ScrollingStateFrameScrollingNode.h:
2945         * page/scrolling/ScrollingTree.cpp:
2946         (WebCore::ScrollingTree::shouldHandleWheelEventSynchronously):
2947         (WebCore::ScrollingTree::commitNewTreeState):
2948         (WebCore::ScrollingTree::eventTrackingTypeForPoint):
2949         (WebCore::ScrollingTree::isPointInNonFastScrollableRegion): Deleted.
2950         * page/scrolling/ScrollingTree.h:
2951         * page/scrolling/mac/ScrollingCoordinatorMac.mm:
2952         (WebCore::ScrollingCoordinatorMac::scheduleTreeStateCommit):
2953         * platform/EventTrackingRegions.h: Added.
2954         (WebCore::EventTrackingRegions::isEmpty):
2955         (WebCore::EventTrackingRegions::trackingTypeForPoint):
2956         (WebCore::operator==):
2957
2958 2016-06-10  Enrica Casucci  <enrica@apple.com>
2959
2960         REGRESSION(r198177): Cannot paste an image when the pasteboard format is mime type.
2961         https://bugs.webkit.org/show_bug.cgi?id=158590
2962         rdar://problem/25471371
2963
2964         Reviewed by Darin Adler.
2965
2966         When creating a fragment from an image resource, the resource needs to
2967         be added to the document loader before setting the src attribute to the
2968         image element, otherwise loading is triggered and the loading fails.
2969         In r198177 the order of the operations was changed causing the bug.
2970         This patch adds support to test the scenario where the image in the pasteboard
2971         is available only as mime type (not WebArchive or RTFD), a situation that occurs
2972         more frequently on iOS.
2973
2974         Test: editing/pasteboard/image-in-iframe.html
2975
2976         * editing/ios/EditorIOS.mm:
2977         (WebCore::Editor::createFragmentForImageResourceAndAddResource):
2978         * editing/mac/EditorMac.mm:
2979         (WebCore::Editor::WebContentReader::readWebArchive):
2980         (WebCore::Editor::WebContentReader::readRTFD):
2981         (WebCore::Editor::WebContentReader::readRTF):
2982         (WebCore::Editor::createFragmentForImageResourceAndAddResource):
2983         * page/Settings.cpp:
2984         (WebCore::Settings::setImagesEnabled):
2985         (WebCore::Settings::setPreferMimeTypeForImages):
2986         (WebCore::Settings::setForcePendingWebGLPolicy):
2987         * page/Settings.h:
2988         (WebCore::Settings::areImagesEnabled):
2989         (WebCore::Settings::preferMimeTypeForImages):
2990         (WebCore::Settings::arePluginsEnabled):
2991         * testing/InternalSettings.cpp:
2992         (WebCore::InternalSettings::Backup::restoreTo):
2993         (WebCore::InternalSettings::setLangAttributeAwareFormControlUIEnabled):
2994         (WebCore::InternalSettings::setPreferMimeTypeForImages):
2995         (WebCore::InternalSettings::setImagesEnabled):
2996         * testing/InternalSettings.h:
2997         * testing/InternalSettings.idl:
2998
2999 2016-06-10  Alex Christensen  <achristensen@webkit.org>
3000
3001         Fix WinCairo build after r201943
3002
3003         * platform/network/curl/MultipartHandle.cpp:
3004         (WebCore::MultipartHandle::didReceiveResponse):
3005         * platform/network/curl/ResourceHandleManager.cpp:
3006         (WebCore::handleLocalReceiveResponse):
3007         (WebCore::headerCallback):
3008         (WebCore::ResourceHandleManager::dispatchSynchronousJob):
3009
3010 2016-06-10  Alex Christensen  <achristensen@webkit.org>
3011
3012         handleDataURL is only used by curl
3013         https://bugs.webkit.org/show_bug.cgi?id=158636
3014
3015         Reviewed by Tim Horton.
3016
3017         * CMakeLists.txt:
3018         * platform/network/DataURL.cpp: Removed.
3019         * platform/network/DataURL.h: Removed.
3020         * platform/network/curl/ResourceHandleManager.cpp:
3021         (WebCore::ResourceHandleManager::startScheduledJobs):
3022         (WebCore::handleDataURL):
3023         (WebCore::ResourceHandleManager::dispatchSynchronousJob):
3024
3025 2016-06-10  Alex Christensen  <achristensen@webkit.org>
3026
3027         Reduce ResourceResponse copying
3028         https://bugs.webkit.org/show_bug.cgi?id=158232
3029
3030         Reviewed by Darin Adler.
3031
3032         No new tests.  No change in behavior except removing an unnecessary copy on cocoa platforms.
3033
3034         * loader/ResourceLoader.cpp:
3035         (WebCore::ResourceLoader::didSendData):
3036         (WebCore::ResourceLoader::didReceiveResponse):
3037         * loader/ResourceLoader.h:
3038         * loader/appcache/ApplicationCacheGroup.cpp:
3039         (WebCore::ApplicationCacheGroup::createResourceHandle):
3040         (WebCore::ApplicationCacheGroup::didReceiveResponse):
3041         * loader/appcache/ApplicationCacheGroup.h:
3042         * platform/graphics/PlatformMediaResourceLoader.h:
3043         (WebCore::PlatformMediaResourceClient::~PlatformMediaResourceClient):
3044         (WebCore::PlatformMediaResourceClient::responseReceived):
3045         (WebCore::PlatformMediaResourceClient::redirectReceived):
3046         (WebCore::PlatformMediaResourceClient::shouldCacheResponse):
3047         (WebCore::PlatformMediaResourceClient::dataSent):
3048         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.h:
3049         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
3050         (ResourceHandleStreamingClient::willSendRequest):
3051         (ResourceHandleStreamingClient::didReceiveResponse):
3052         * platform/network/BlobResourceHandle.cpp:
3053         (WebCore::BlobResourceHandle::notifyResponseOnSuccess):
3054         (WebCore::BlobResourceHandle::notifyResponseOnError):
3055         (WebCore::BlobResourceHandle::notifyReceiveData):
3056         * platform/network/DataURL.cpp:
3057         (WebCore::handleDataURL):
3058         * platform/network/PingHandle.h:
3059         (WebCore::PingHandle::PingHandle):
3060         * platform/network/ResourceHandleClient.cpp:
3061         (WebCore::ResourceHandleClient::willSendRequestAsync):
3062         (WebCore::ResourceHandleClient::didReceiveResponseAsync):
3063         * platform/network/ResourceHandleClient.h:
3064         (WebCore::ResourceHandleClient::didSendData):
3065         (WebCore::ResourceHandleClient::didReceiveResponse):
3066         (WebCore::ResourceHandleClient::didReceiveData):
3067         * platform/network/ResourceResponseBase.cpp:
3068         (WebCore::ResourceResponseBase::ResourceResponseBase):
3069         (WebCore::ResourceResponseBase::includeCertificateInfo):
3070         (WebCore::ResourceResponseBase::suggestedFilename):
3071         (WebCore::ResourceResponseBase::certificateInfo): Deleted.
3072         * platform/network/ResourceResponseBase.h:
3073         (WebCore::ResourceResponseBase::certificateInfo):
3074         (WebCore::ResourceResponseBase::encode):
3075         (WebCore::ResourceResponseBase::decode):
3076         (WebCore::ResourceResponseBase::containsCertificateInfo): Deleted.
3077         * platform/network/SynchronousLoaderClient.cpp:
3078         (WebCore::SynchronousLoaderClient::canAuthenticateAgainstProtectionSpace):
3079         (WebCore::SynchronousLoaderClient::didReceiveResponse):
3080         (WebCore::SynchronousLoaderClient::didReceiveData):
3081         * platform/network/SynchronousLoaderClient.h:
3082         * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
3083         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
3084         * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp:
3085         (WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveResponse):
3086         (WebCore::SynchronousResourceHandleCFURLConnectionDelegate::didReceiveData):
3087         * platform/network/mac/WebCoreResourceHandleAsDelegate.mm:
3088         (-[WebCoreResourceHandleAsDelegate connection:didReceiveResponse:]):
3089         * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
3090         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
3091         * platform/network/soup/ResourceHandleSoup.cpp:
3092         (WebCore::nextMultipartResponsePartCallback):
3093         (WebCore::sendRequestCallback):
3094
3095 2016-06-09  Ryosuke Niwa  <rniwa@webkit.org>
3096
3097         Add SPI to disable spellchecking on auto-fillable text fields
3098         https://bugs.webkit.org/show_bug.cgi?id=158611
3099
3100         Reviewed by Anders Carlsson.
3101
3102         Added a boolean flag m_isSpellCheckingEnabled to HTMLInputElement. This flag defaults to true, and can be set
3103         to false by WebKit2 C API.
3104
3105         * editing/Editor.cpp:
3106         (WebCore::Editor::isSpellCheckingEnabledFor): Fixed a bug that we were calling isSpellCheckingEnabled on
3107         the div inside an input element's shadow tree instead of the input element itself.
3108         * html/HTMLInputElement.cpp:
3109         (WebCore::HTMLInputElement::HTMLInputElement): Initialize m_spellcheckEnabled to true (it's a bit field).
3110         (WebCore::HTMLInputElement::isSpellCheckingEnabled): Added. Return false if m_spellcheckEnabled is false.
3111         * html/HTMLInputElement.h:
3112         (WebCore::HTMLInputElement::setSpellcheckEnabled): Added.
3113
3114 2016-06-10  Alex Christensen  <achristensen@webkit.org>
3115
3116         Introduce WTF::UniqueRef
3117         https://bugs.webkit.org/show_bug.cgi?id=158596
3118
3119         Reviewed by Brady Eidson.
3120
3121         No new tests.  No change in behavior.
3122
3123         * inspector/InspectorOverlay.cpp:
3124         (WebCore::InspectorOverlay::overlayPage):
3125         * loader/EmptyClients.cpp:
3126         (WebCore::fillWithEmptyClients):
3127         * page/Page.cpp:
3128         (WebCore::Page::Page):
3129         * page/Page.h:
3130         (WebCore::Page::canStartMedia):
3131         (WebCore::Page::editorClient):
3132         (WebCore::Page::plugInClient):
3133         (WebCore::Page::mainFrame):
3134         (WebCore::Page::groupPtr): Deleted.
3135         * page/PageConfiguration.cpp:
3136         (WebCore::PageConfiguration::PageConfiguration):
3137         * page/PageConfiguration.h:
3138         * svg/graphics/SVGImage.cpp:
3139         (WebCore::SVGImage::dataChanged):
3140
3141 2016-06-10  Joseph Pecoraro  <pecoraro@apple.com>
3142
3143         Web Inspector: Cleanup InspectorIndexedDBAgent a bit
3144         https://bugs.webkit.org/show_bug.cgi?id=158598
3145
3146         Reviewed by Darin Adler.
3147
3148         * inspector/InspectorIndexedDBAgent.cpp:
3149
3150 2016-06-10  Youenn Fablet  <youenn.fablet@crf.canon.fr>
3151
3152         Origin header is not included in CORS requests for preloaded cross-origin resources
3153         https://bugs.webkit.org/show_bug.cgi?id=155761
3154         <rdar://problem/25351850>
3155
3156         Reviewed by Alex Christensen.
3157
3158         Making HTML preloader fully aware of crossorigin attribute value.
3159         Introducing CachedResourceRequest::setAsPotentiallyCrossOrigin as a helper routine to activate CORS mode.
3160         Making HTMLLinkElement and HTMLResourcePreloader use that routine.
3161         Making TokenPreloadScanner store the crossorigin attribute value in preload requests.
3162         Making TokenPreloadScanner store the crossorigin attribute value for link elements.
3163
3164         Test: http/tests/security/cross-origin-css-9.html
3165
3166         * html/HTMLLinkElement.cpp:
3167         (WebCore::HTMLLinkElement::process):
3168         * html/parser/HTMLPreloadScanner.cpp:
3169         (WebCore::TokenPreloadScanner::StartTagScanner::createPreloadRequest):
3170         (WebCore::TokenPreloadScanner::StartTagScanner::processAttribute):
3171         * html/parser/HTMLResourcePreloader.cpp:
3172         (WebCore::crossOriginModeAllowsCookies):
3173         (WebCore::PreloadRequest::resourceRequest):
3174         * html/parser/HTMLResourcePreloader.h:
3175         (WebCore::PreloadRequest::setCrossOriginMode):
3176         (WebCore::PreloadRequest::PreloadRequest): Deleted.
3177         (WebCore::PreloadRequest::resourceType): Deleted.
3178         * loader/cache/CachedResourceRequest.cpp:
3179         (WebCore::CachedResourceRequest::setAsPotentiallyCrossOrigin):
3180         * loader/cache/CachedResourceRequest.h:
3181
3182 2016-06-10  Chris Dumez  <cdumez@apple.com>
3183
3184         ErrorEvent / ProgressEvent should be exposed to workers
3185         https://bugs.webkit.org/show_bug.cgi?id=158606
3186
3187         Reviewed by Brady Eidson.
3188
3189         ErrorEvent / ProgressEvent should be exposed to workers:
3190         - https://html.spec.whatwg.org/multipage/webappapis.html#errorevent
3191         - https://xhr.spec.whatwg.org/#interface-progressevent
3192
3193         Firefox and Chrome both already expose those.
3194
3195         No new tests, rebaselined existing test.
3196
3197         * dom/ErrorEvent.idl:
3198         * dom/ProgressEvent.idl:
3199
3200 2016-06-10  Chris Dumez  <cdumez@apple.com>
3201
3202         MessagePort should be exposed to workers
3203         https://bugs.webkit.org/show_bug.cgi?id=158607
3204
3205         Reviewed by Brady Eidson.
3206
3207         MessagePort should be exposed to workers:
3208         https://html.spec.whatwg.org/multipage/comms.html#messageport
3209
3210         Firefox and Chrome both already expose it.
3211
3212         No new tests, rebaselined existing test.
3213
3214         * dom/MessagePort.idl:
3215
3216 2016-06-10  Youenn Fablet  <youenn.fablet@crf.canon.fr>
3217
3218         Move preflight check code outside of DocumentThreadableLoader
3219         https://bugs.webkit.org/show_bug.cgi?id=158425
3220
3221         Reviewed by Darin Adler.
3222
3223         Moving preflight check code in its own class.
3224         This allows code to be easier to read, use/reuse and update.
3225
3226         Behavior should be the same as before except in the case of a preflight response
3227         being a 3XX redirect response.
3228         Before this patch, the 3XX response was directly passed to the code processing regular responses.
3229         To keep compatibility with existing tests, a didFailRedirectCheck callback is called.
3230         This should be change to a preflight failure.
3231
3232         Covered by existing tests.
3233
3234         * CMakeLists.txt:
3235         * WebCore.xcodeproj/project.pbxproj:
3236         * loader/CrossOriginPreflightChecker.cpp: Added.
3237         (WebCore::CrossOriginPreflightChecker::CrossOriginPreflightChecker):
3238         (WebCore::CrossOriginPreflightChecker::~CrossOriginPreflightChecker):
3239         (WebCore::CrossOriginPreflightChecker::handleLoadingFailure):
3240         (WebCore::CrossOriginPreflightChecker::validatePreflightResponse):
3241         (WebCore::CrossOriginPreflightChecker::notifyFinished):
3242         (WebCore::CrossOriginPreflightChecker::startPreflight):
3243         (WebCore::CrossOriginPreflightChecker::doPreflight):
3244         (WebCore::CrossOriginPreflightChecker::redirectReceived):
3245         (WebCore::CrossOriginPreflightChecker::setDefersLoading):
3246         (WebCore::CrossOriginPreflightChecker::isXMLHttpRequest):
3247         * loader/CrossOriginPreflightChecker.h: Added.
3248         * loader/DocumentThreadableLoader.cpp:
3249         (WebCore::DocumentThreadableLoader::create):
3250         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
3251         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight):
3252         (WebCore::DocumentThreadableLoader::setDefersLoading):
3253         (WebCore::DocumentThreadableLoader::clearResource):
3254         (WebCore::DocumentThreadableLoader::didReceiveResponse):
3255         (WebCore::DocumentThreadableLoader::didReceiveData):
3256         (WebCore::DocumentThreadableLoader::notifyFinished):
3257         (WebCore::DocumentThreadableLoader::didFinishLoading):
3258         (WebCore::DocumentThreadableLoader::didFail):
3259         (WebCore::DocumentThreadableLoader::preflightSuccess):
3260         (WebCore::DocumentThreadableLoader::preflightFailure):
3261         (WebCore::DocumentThreadableLoader::loadRequest):
3262         (WebCore::DocumentThreadableLoader::responseReceived): Deleted.
3263         (WebCore::DocumentThreadableLoader::dataReceived): Deleted.
3264         (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Deleted.
3265         * loader/DocumentThreadableLoader.h:
3266         (WebCore::DocumentThreadableLoader::options):
3267         (WebCore::DocumentThreadableLoader::isLoading):
3268         (WebCore::DocumentThreadableLoader::document):
3269
3270 2016-06-10  Adam Bergkvist  <adam.bergkvist@ericsson.com>
3271
3272         WebRTC: Imlement MediaEndpointPeerConnection::createAnswer()
3273         https://bugs.webkit.org/show_bug.cgi?id=158566
3274
3275         Reviewed by Eric Carlson.
3276
3277         Add the MediaEndpointPeerConnection implementation of RTCPeerConnection.createAnswer [1].
3278         createAnswer() creates a 'reply' to an remote offer set with setRemoteDescription(),
3279         completes the offer/answer dialog and brings the RTCPeerConnection back to the 'stable'
3280         signaling state.
3281
3282         [1] https://w3c.github.io/webrtc-pc/archives/20160513/webrtc.html#dom-rtcpeerconnection-createanswer
3283
3284         Test: fast/mediastream/RTCPeerConnection-inspect-answer.html
3285
3286         * Modules/mediastream/MediaEndpointPeerConnection.cpp:
3287         (WebCore::MediaEndpointPeerConnection::createOfferTask):
3288         Align creation of RTCSessionDescription with createAnswerTask.
3289         (WebCore::MediaEndpointPeerConnection::createAnswer):
3290         (WebCore::MediaEndpointPeerConnection::createAnswerTask):
3291         Add Implementation.
3292         * Modules/mediastream/MediaEndpointPeerConnection.h:
3293
3294 2016-06-08  Sergio Villar Senin  <svillar@igalia.com>
3295
3296         [css-grid] CRASH when getting the computed style of a grid with only absolutely positioned children
3297         https://bugs.webkit.org/show_bug.cgi?id=158537
3298
3299         Reviewed by Darin Adler.
3300
3301         Absolute positioning occurs after layout of the grid and its in-flow contents, and does not
3302         contribute to the sizing of any grid tracks or affect the size/configuration of the grid in
3303         any way. This means that we should treat as empty any grid whose only children are
3304         absolutely positioned items.
3305
3306         Since r201510 empty grids are no longer internally represented by a 1x1 matrix. As we were
3307         not considering grids-with-only-absolutely-positioned-children as empty, we were trying to
3308         access some invalid position in the internal representation of the grid triggering an ASSERT
3309         in debug builds and a crash in release.
3310
3311         Test: fast/css-grid-layout/grid-only-abspos-item-computed-style-crash.html
3312
3313         * css/CSSComputedStyleDeclaration.cpp:
3314         (WebCore::valueForGridTrackList):
3315
3316 2016-06-10  Chris Dumez  <cdumez@apple.com>
3317
3318         DOMException should be exposed to workers
3319         https://bugs.webkit.org/show_bug.cgi?id=158608
3320
3321         Reviewed by Alex Christensen.
3322
3323         DOMException should be exposed to workers:
3324         https://heycam.github.io/webidl/#es-DOMException-call
3325
3326         Both Firefox and Chrome expose DOMException to workers already.
3327
3328         No new tests, rebaselined existing test.
3329
3330         * dom/DOMCoreException.idl:
3331
3332 2016-06-09  Alex Christensen  <achristensen@webkit.org>
3333
3334         Fix CMake build.
3335
3336         * PlatformMac.cmake:
3337
3338 2016-06-09  Alex Christensen  <achristensen@webkit.org>
3339
3340         Fix AppleWin build after r201901.
3341         https://bugs.webkit.org/show_bug.cgi?id=119839
3342
3343         * platform/graphics/ca/win/PlatformCALayerWin.cpp:
3344         (PlatformCALayerWin::backingStoreAttached):
3345         (PlatformCALayerWin::userInteractionEnabled):
3346         (PlatformCALayerWin::setUserInteractionEnabled):
3347         (PlatformCALayerWin::geometryFlipped):
3348         * platform/graphics/ca/win/PlatformCALayerWin.h:
3349
3350 2016-06-09  Chris Fleizach  <cfleizach@apple.com>
3351
3352         AX: VoiceOver Unable to View Download Progress or Completion Status for Mail Attachments
3353         https://bugs.webkit.org/show_bug.cgi?id=158581
3354
3355         Reviewed by Darin Adler.
3356
3357         Update attachment element accessibility so that:
3358            1) the action name comes first to match UI
3359            2) on iOS, it has the updates frequently trait
3360
3361         Make sure this test now runs on iOS as well.
3362
3363         Modified tests: accessibility/attachment-element.html
3364
3365         * accessibility/AccessibilityAttachment.cpp:
3366         (WebCore::AccessibilityAttachment::accessibilityText):
3367         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
3368         (-[WebAccessibilityObjectWrapper accessibilityCanFuzzyHitTest]):
3369         (-[WebAccessibilityObjectWrapper accessibilityTraits]):
3370         (-[WebAccessibilityObjectWrapper accessibilityValue]):
3371         (-[WebAccessibilityObjectWrapper accessibilityIsAttachmentElement]):
3372         (-[WebAccessibilityObjectWrapper accessibilityIsComboBox]):
3373
3374 2016-06-09  Alex Christensen  <achristensen@webkit.org>
3375
3376         Clean up WebCore.vcxproj after switching to CMake.
3377
3378         * WebCore.vcxproj/QTMovieWin: Removed.
3379         * WebCore.vcxproj/QTMovieWin/QTMovieWinCairoDebug.props: Removed.
3380         * WebCore.vcxproj/QTMovieWin/QTMovieWinCairoRelease.props: Removed.
3381         * WebCore.vcxproj/QTMovieWin/QTMovieWinCommon.props: Removed.
3382         * WebCore.vcxproj/QTMovieWin/QTMovieWinDebug.props: Removed.
3383         * WebCore.vcxproj/QTMovieWin/QTMovieWinPostBuild.cmd: Removed.
3384         * WebCore.vcxproj/QTMovieWin/QTMovieWinPreBuild.cmd: Removed.
3385         * WebCore.vcxproj/QTMovieWin/QTMovieWinPreLink.cmd: Removed.
3386         * WebCore.vcxproj/QTMovieWin/QTMovieWinProduction.props: Removed.
3387         * WebCore.vcxproj/QTMovieWin/QTMovieWinRelease.props: Removed.
3388         * WebCore.vcxproj/xcopy.excludes: Removed.
3389
3390 2016-06-09  Zalan Bujtas  <zalan@apple.com>
3391
3392         Hairline borders do not show up on 3x displays.
3393         https://bugs.webkit.org/show_bug.cgi?id=158604
3394         <rdar://problem/26511679>
3395
3396         Reviewed by Simon Fraser.
3397
3398         On a 3x display, when we convert a 1/3px hairline border from float
3399         to LayoutUnit and pixel floor the result, we end up with a 0px width border.
3400         It's because float to LayoutUnit is lossy and since the current kFixedPointDenominator % 3 != 0,
3401         flooring LayoutUnit(1/3px) ends up being 0px. (float: 1/3 -> LayoutUnit: (1/3 - 1/kFixedPointDenominator) -> floor: 0)
3402         This patch eliminates the (unnecessary) float -> LayoutUnit - float conversion on border width.   
3403
3404         Test: fast/borders/hidpi-3x-input-hairline-border.html
3405
3406         * rendering/BorderEdge.cpp:
3407         (WebCore::BorderEdge::BorderEdge):
3408         * rendering/BorderEdge.h:
3409
3410 2016-06-09  Commit Queue  <commit-queue@webkit.org>
3411
3412         Unreviewed, rolling out r201887.
3413         https://bugs.webkit.org/show_bug.cgi?id=158610
3414
3415         This change caused LayoutTest crashes under GuardMalloc and
3416         ASan (Requested by ryanhaddad on #webkit).
3417
3418         Reverted changeset:
3419
3420         "Deleting a CSSOM style rule invalidates any previously-added
3421         FontFaces"
3422         https://bugs.webkit.org/show_bug.cgi?id=158450
3423         http://trac.webkit.org/changeset/201887
3424
3425 2016-06-09  Chris Dumez  <cdumez@apple.com>
3426
3427         Address Darin's review comment on r201898.
3428         https://bugs.webkit.org/show_bug.cgi?id=158576
3429
3430         Reviewed by Darin Adler.
3431
3432         * page/Base64Utilities.h:
3433
3434 2016-06-09  Antoine Quint  <graouts@apple.com>
3435
3436         [iOS] -webkit-overflow-scrolling: touch; ignores pointer-events: none;
3437         https://bugs.webkit.org/show_bug.cgi?id=119839
3438         <rdar://problem/9671514>
3439
3440         Reviewed by Simon Fraser.
3441
3442         Propagate a "userInteractionEnabled" flag from the Web process which is used to turn off
3443         user interaction on a UIScrollView created for -webkit-overflow-scrolling: touch.