On ToT, event.dataTransfer.getData("text/uri-list") returns an empty string when...
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2017-10-16  Wenson Hsieh  <wenson_hsieh@apple.com>
2
3         On ToT, event.dataTransfer.getData("text/uri-list") returns an empty string when dragging an image
4         https://bugs.webkit.org/show_bug.cgi?id=178301
5         <rdar://problem/34990050>
6
7         Reviewed by Darin Adler.
8
9         After r222656, we consider images on the pasteboard to be files. This causes DataTransfer.getData to return the
10         empty string for all types, which brings back https://bugs.webkit.org/show_bug.cgi?id=170637. To allow pages to
11         access the URL part of a dragged image, we exempt "text/uri-list" from our heurstics to hide pasteboard data
12         which may contain files, and return the URL as long as its protocol is either HTTP or HTTPS.
13
14         Tweaked an existing layout test to cover this scenario, as well as the scenario in which the dragged image links
15         to a file URL (in which case we should avoid exposing the data).
16
17         Test: editing/pasteboard/drag-drop-href-as-url.html
18               DataInteractionTests.DataTransferGetDataWhenDroppingImageWithHTTPURL
19
20         * dom/DataTransfer.cpp:
21         (WebCore::DataTransfer::getDataForItem const):
22
23         When the pasteboard contains files, allow data for "text/uri-list" to be returned, as long as the URL string has
24         a white-listed protocol (currently, this is just http and https).
25
26         (WebCore::DataTransfer::shouldSuppressGetAndSetDataToAvoidExposingFilePaths const):
27         (WebCore::DataTransfer::setData):
28         (WebCore::DataTransfer::types const):
29
30         When the pasteboard contains files, allow "text/uri-list" to be added, alongside the "Files" type, if it would
31         have been exposed in the list of safe DOM types.
32
33         * dom/DataTransfer.h:
34         * platform/Pasteboard.cpp:
35         (WebCore::Pasteboard::canExposeURLToDOMWhenPasteboardContainsFiles):
36
37         Add a new helper method to determine whether it is safe to expose an URL string as "text/uri-list" to bindings,
38         if the pasteboard contains files. While this currently checks whether or not the URL is in the HTTP family, we
39         may want to consider tweaking this to blacklist the "file" protocol instead, and allow all other valid URLs by
40         default.
41
42         * platform/Pasteboard.h:
43         * platform/PlatformPasteboard.h:
44         * platform/ios/PlatformPasteboardIOS.mm:
45         (WebCore::pasteboardMayContainFilePaths):
46         (WebCore::PlatformPasteboard::stringForType const):
47
48         Mark stringForType as const, and also teach stringForType to return the null string for the platform URL type if
49         the pasteboard might contain file paths.
50
51         (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const):
52
53         Before coercing a platform type to "text/uri-list" when building the list of DOM-safe types, check that the
54         stringForType is not the empty string, in which case we don't expose the type to the DOM at all. This ensures
55         that in cases where the URL might reveal a file path, we don't advertise "text/uri-list" as a type. We adopt a
56         similar strategy on iOS.
57
58         (WebCore::PlatformPasteboard::stringForType): Deleted.
59         * platform/mac/PlatformPasteboardMac.mm:
60         (WebCore::pasteboardMayContainFilePaths):
61         (WebCore::PlatformPasteboard::stringForType const):
62         (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const):
63         (WebCore::PlatformPasteboard::stringForType): Deleted.
64
65 2017-10-16  Frederic Wang  <fwang@igalia.com>
66
67         Use auto/nullptr in scrolling code
68         https://bugs.webkit.org/show_bug.cgi?id=178306
69
70         Reviewed by Carlos Garcia Campos.
71
72         This patch modifies the scrolling code to use the auto keyword when
73         possible. It also replaces '0' with 'nullptr' for the return value of
74         ScrollingStateTree::stateNodeForID.
75
76         No new tests, behavior unchanged.
77
78         * page/scrolling/AsyncScrollingCoordinator.cpp:
79         (WebCore::AsyncScrollingCoordinator::frameViewLayoutUpdated):
80         (WebCore::AsyncScrollingCoordinator::frameViewRootLayerDidChange):
81         (WebCore::AsyncScrollingCoordinator::requestScrollPositionUpdate):
82         (WebCore::AsyncScrollingCoordinator::frameViewForScrollingNode const):
83         (WebCore::AsyncScrollingCoordinator::updateScrollPositionAfterAsyncScroll):
84         (WebCore::AsyncScrollingCoordinator::reconcileScrollingState):
85         (WebCore::AsyncScrollingCoordinator::updateFrameScrollingNode):
86         (WebCore::AsyncScrollingCoordinator::updateOverflowScrollingNode):
87         (WebCore::AsyncScrollingCoordinator::updateNodeLayer):
88         (WebCore::AsyncScrollingCoordinator::updateNodeViewportConstraints):
89         (WebCore::AsyncScrollingCoordinator::setSynchronousScrollingReasons):
90         (WebCore::AsyncScrollingCoordinator::updateScrollLayerPosition):
91         (WebCore::AsyncScrollingCoordinator::setActiveScrollSnapIndices):
92         * page/scrolling/ScrollingCoordinator.cpp:
93         (WebCore::ScrollingCoordinator::coordinatesScrollingForFrameView const):
94         (WebCore::ScrollingCoordinator::absoluteEventTrackingRegionsForFrame const):
95         (WebCore::ScrollingCoordinator::scrollLayerForFrameView):
96         (WebCore::ScrollingCoordinator::headerLayerForFrameView):
97         (WebCore::ScrollingCoordinator::footerLayerForFrameView):
98         (WebCore::ScrollingCoordinator::counterScrollingLayerForFrameView):
99         (WebCore::ScrollingCoordinator::insetClipLayerForFrameView):
100         (WebCore::ScrollingCoordinator::contentShadowLayerForFrameView):
101         (WebCore::ScrollingCoordinator::rootContentLayerForFrameView):
102         (WebCore::ScrollingCoordinator::handleWheelEventPhase):
103         (WebCore::ScrollingCoordinator::hasVisibleSlowRepaintViewportConstrainedObjects const):
104         (WebCore::ScrollingCoordinator::updateSynchronousScrollingReasonsForAllFrames):
105         (WebCore::ScrollingCoordinator::synchronousScrollingReasonsAsText const):
106         * page/scrolling/ScrollingStateFixedNode.cpp:
107         (WebCore::ScrollingStateFixedNode::reconcileLayerPositionForViewportRect):
108         * page/scrolling/ScrollingStateStickyNode.cpp:
109         (WebCore::ScrollingStateStickyNode::reconcileLayerPositionForViewportRect):
110         * page/scrolling/ScrollingStateTree.cpp:
111         (WebCore::ScrollingStateTree::nodeTypeAndParentMatch const):
112         (WebCore::ScrollingStateTree::attachNode):
113         (WebCore::ScrollingStateTree::detachNode):
114         (WebCore::ScrollingStateTree::removeNodeAndAllDescendants):
115         (WebCore::ScrollingStateTree::stateNodeForID const):
116         * page/scrolling/ScrollingTree.cpp:
117         (WebCore::ScrollingTree::shouldHandleWheelEventSynchronously):
118         (WebCore::ScrollingTree::viewportChangedViaDelegatedScrolling):
119         (WebCore::ScrollingTree::scrollPositionChangedViaDelegatedScrolling):
120         (WebCore::ScrollingTree::commitTreeState):
121         (WebCore::ScrollingTree::updateTreeFromStateNode):
122         * page/scrolling/ScrollingTreeNode.cpp:
123         (WebCore::ScrollingTreeNode::enclosingFrameNode const):
124         * page/scrolling/coordinatedgraphics/ScrollingCoordinatorCoordinatedGraphics.cpp:
125         (WebCore::ScrollingCoordinatorCoordinatedGraphics::detachFromStateTree):
126         (WebCore::ScrollingCoordinatorCoordinatedGraphics::updateNodeLayer):
127         (WebCore::ScrollingCoordinatorCoordinatedGraphics::updateNodeViewportConstraints):
128         (WebCore::ScrollingCoordinatorCoordinatedGraphics::scrollableAreaScrollLayerDidChange):
129         (WebCore::ScrollingCoordinatorCoordinatedGraphics::willDestroyScrollableArea):
130
131 2017-10-16  Fujii Hironori  <Hironori.Fujii@sony.com>
132
133         A lot of "Can't stat WebCore/animation: No such file or directory" since r223328
134         https://bugs.webkit.org/show_bug.cgi?id=178326
135
136         Unreviewed build fix
137
138         The directory WebCore/animation was removed in r223328.
139
140         No new tests because there is no behavior change.
141
142         * CMakeLists.txt: Removed animation from
143         WebCore_INCLUDE_DIRECTORIES and WebCore_IDL_INCLUDES.
144         * DerivedSources.make: Removed animation from VPATH and IDL_INCLUDES
145
146 2017-10-16  Frederic Wang  <fwang@igalia.com>
147
148         Replace some ScrollingTreeNode::nodeType() calls with is*Node()
149         https://bugs.webkit.org/show_bug.cgi?id=178259
150
151         Reviewed by Darin Adler.
152
153         No new tests, behavior unchanged.
154
155         * page/scrolling/AsyncScrollingCoordinator.cpp:
156         (WebCore::AsyncScrollingCoordinator::frameViewForScrollingNode const):
157         * page/scrolling/ScrollingStateNode.h:
158         (WebCore::ScrollingStateNode::isScrollingNode const):
159         * page/scrolling/ScrollingTree.cpp:
160         (WebCore::ScrollingTree::updateTreeFromStateNode):
161         * page/scrolling/ScrollingTreeNode.cpp:
162         (WebCore::ScrollingTreeNode::enclosingFrameNode const):
163         * page/scrolling/ScrollingTreeNode.h:
164         (WebCore::ScrollingTreeNode::isScrollingNode const):
165
166 2017-10-16  Tomas Popela  <tpopela@redhat.com>
167
168         DataTransfer.cpp triggers -Wunused-but-set-variable
169         https://bugs.webkit.org/show_bug.cgi?id=178209
170
171         Reviewed by Wenson Hsieh.
172
173         Use the ASSERT_UNUSED to silence it.
174
175         * dom/DataTransfer.cpp:
176         (WebCore::DataTransfer::filesFromPasteboardAndItemList const):
177
178 2017-10-15  Sam Weinig  <sam@webkit.org>
179
180         [Settings] Split non-macro generated parts of Settings into SettingsBase base class
181         https://bugs.webkit.org/show_bug.cgi?id=178321
182
183         Reviewed by Darin Adler.
184
185         Working towards getting generated Settings working again, but in smaller patches, split
186         non-generated part off into SettingsBase as a first step.
187         
188         One function, effectiveFrameFlattening(), needs to remain in Settings for now, as it directly
189         references a macro generated function, frameFlattening().
190
191         * CMakeLists.txt:
192         * WebCore.xcodeproj/project.pbxproj:
193         * page/Page.h:
194         * page/Settings.cpp:
195         * page/Settings.h:
196         * page/SettingsBase.h: Copied from Source/WebCore/page/Settings.h.
197         * page/cocoa/SettingsBaseCocoa.mm: Copied from Source/WebCore/page/cocoa/SettingsCocoa.mm.
198         * page/cocoa/SettingsCocoa.mm: Removed.
199
200 2017-10-15  Yusuke Suzuki  <utatane.tea@gmail.com>
201
202         [JSC] Perform module specifier validation at parsing time
203         https://bugs.webkit.org/show_bug.cgi?id=178256
204
205         Reviewed by Darin Adler.
206
207         No behavior change in the current implementation.
208
209         * bindings/js/JSDOMWindowBase.cpp:
210         (WebCore::JSDOMWindowBase::moduleLoaderResolve):
211         * bindings/js/JSDOMWindowBase.h:
212         * bindings/js/ScriptModuleLoader.cpp:
213         (WebCore::ScriptModuleLoader::resolve):
214         * bindings/js/ScriptModuleLoader.h:
215
216 2017-10-15  Chris Dumez  <cdumez@apple.com>
217
218         DOMTokenList shouldn't add empty attributes
219         https://bugs.webkit.org/show_bug.cgi?id=178280
220         <rdar://problem/34987431>
221
222         Reviewed by Ryosuke Niwa.
223
224         Follow-up to r223306, reverse the check conditions to avoid attribute
225         lookup when possible. Also use m_tokens instead of tokens() to avoid
226         unnecessary branch.
227
228         * html/DOMTokenList.cpp:
229         (WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
230
231 2017-10-15  Darin Adler  <darin@apple.com>
232
233         UTF-8 decoding produces one replacement character per byte; Encoding standard requires one replacement character per illegal sequence instead
234         https://bugs.webkit.org/show_bug.cgi?id=178207
235
236         Reviewed by Sam Weinig.
237
238         * platform/text/TextCodecUTF8.cpp:
239         (WebCore::TextCodecUTF8::create): Deleted. Use a lambda instead.
240         (WebCore::TextCodecUTF8::registerCodecs): Use a lambda.
241         (WebCore::nonASCIISequenceLength): Changed to return 0 instead of 2 for the range 80-C1 since
242         none of those are valid sequence leading characters.
243         (WebCore::decodeNonASCIISequence): Changed the length argument to be in/out so the caller
244         knows how much of the sequence we decoded for failure cases. Simplified the length 2 section.
245         (WebCore::TextCodecUTF8::handleError): Deleted.
246         (WebCore::TextCodecUTF8::handlePartialSequence): Changed this into a pair of plain functions
247         rather than two template function specializations since the two functions are rather different.
248         For the one-byte version, got rid of the unused arguments. For the two-byte version, got rid
249         of the ignored return value, stopped using the handleError function since each error case
250         needs to be handled differently. In each error case consume the entire incorrect sequence
251         instead of just one byte.
252         (WebCore::TextCodecUTF8::decode): Updated for the above change, and changed the non-partial
253         incorrect sequence to consume the entire incorrect sequence instead of just one byte. Also
254         use WTF prefixes explicitly so we don't  have to do "using namespace".
255         (WebCore::TextCodecUTF8::encode): Got rid of unneeded type punning, and added some inline
256         capacity to save one memory allocation when encoding shorter strings.
257
258         * platform/text/TextCodecUTF8.h: Use pragma once. Intialize m_partialSequenceSize where it
259         is defined and let the compiler generate the constructor. Updated for the changes above.
260
261         * platform/text/TextEncoding.h: Export a constructor now used by a unit test.
262         * platform/text/TextEncodingRegistry.h: Export newTextCodec, now used by a unit test.
263
264 2017-10-14  Antoine Quint  <graouts@apple.com>
265
266         Remove all Web Animations code
267         https://bugs.webkit.org/show_bug.cgi?id=178273
268
269         Reviewed by Sam Weinig.
270
271         We remove all existing code related to Web Animations which does not include any functionality,
272         only stubs. This leaves the build and runtime flags, we'll start a complete implementation from
273         scratch.
274
275         * CMakeLists.txt:
276         * DerivedSources.make:
277         * WebCore.xcodeproj/project.pbxproj:
278         * animation/Animatable.idl: Removed.
279         * animation/AnimationEffect.cpp: Removed.
280         * animation/AnimationEffect.h: Removed.
281         * animation/AnimationEffect.idl: Removed.
282         * animation/AnimationTimeline.cpp: Removed.
283         * animation/AnimationTimeline.h: Removed.
284         * animation/AnimationTimeline.idl: Removed.
285         * animation/DocumentAnimation.cpp: Removed.
286         * animation/DocumentAnimation.h: Removed.
287         * animation/DocumentAnimation.idl: Removed.
288         * animation/DocumentTimeline.cpp: Removed.
289         * animation/DocumentTimeline.h: Removed.
290         * animation/DocumentTimeline.idl: Removed.
291         * animation/KeyframeEffect.cpp: Removed.
292         * animation/KeyframeEffect.h: Removed.
293         * animation/KeyframeEffect.idl: Removed.
294         * animation/WebAnimation.cpp: Removed.
295         * animation/WebAnimation.h: Removed.
296         * animation/WebAnimation.idl: Removed.
297         * bindings/js/JSAnimationTimelineCustom.cpp: Removed.
298         * bindings/js/JSBindingsAllInOne.cpp:
299         * bindings/js/WebCoreBuiltinNames.h:
300         * dom/Element.cpp:
301         (WebCore::Element::getAnimations): Deleted.
302         * dom/Element.h:
303         * dom/Element.idl:
304
305 2017-10-14  Devin Rousso  <webkit@devinrousso.com>
306
307         Web Inspector: provide a way to enable/disable event listeners
308         https://bugs.webkit.org/show_bug.cgi?id=177451
309
310         Reviewed by Joseph Pecoraro.
311
312         Test: inspector/dom/setEventListenerDisabled.html
313
314         * dom/EventTarget.cpp:
315         (WebCore::EventTarget::fireEventListeners):
316         Add InspectorInstrumentation call to isEventListenerDisabled. If true, the event listener's
317         callback will not be called.
318
319         * inspector/InspectorDOMAgent.h:
320         * inspector/InspectorDOMAgent.cpp:
321         (WebCore::InspectorDOMAgent::discardBindings):
322         (WebCore::InspectorDOMAgent::getEventListenersForNode):
323         (WebCore::InspectorDOMAgent::setEventListenerDisabled):
324         (WebCore::InspectorDOMAgent::buildObjectForEventListener):
325         (WebCore::InspectorDOMAgent::willRemoveEventListener):
326         (WebCore::InspectorDOMAgent::isEventListenerDisabled):
327         Introduce a mapping of `EventListener*` to `InspectorEventListener`, a struct for uniquely
328         identifying event listeners so they can be referenced from the frontend. We only add items
329         to this mapping when `getEventListenersForNode` is called, as that is when EventListener
330         data is sent to the frontend. This allows us to defer creating an Inspector "mirror" object
331         for each EventListener until it is needed. Items are removed whenever an event listener is
332         removed or when the document changes.
333
334         * inspector/InspectorInstrumentation.h:
335         (WebCore::InspectorInstrumentation::isEventListenerDisabled):
336         * inspector/InspectorInstrumentation.cpp:
337         (WebCore::InspectorInstrumentation::willRemoveEventListenerImpl):
338         (WebCore::InspectorInstrumentation::isEventListenerDisabledImpl):
339         Pass additional parameters to InspectorDOMAgent so it can determine if the event listener
340         actually exists. If not, don't dispatch an event to the frontend as nothing will change.
341
342 2017-10-14  Sam Weinig  <sam@webkit.org>
343
344         Remove HashCountedSet's copyToVector functions
345         https://bugs.webkit.org/show_bug.cgi?id=178215
346
347         Reviewed by Daniel Bates.
348
349         * page/DeviceController.cpp:
350         (WebCore::DeviceController::dispatchDeviceEvent):
351         (WebCore::DeviceController::fireDeviceEvent):
352         
353             Replace use of HashCountedSet's copyToVector functions with copyToVector(hashCountedSet.values()).
354
355 2017-10-13  Jer Noble  <jer.noble@apple.com>
356
357         Performance: Skip texture upload if source image and destination texture haven't changed
358         https://bugs.webkit.org/show_bug.cgi?id=178254
359         <rdar://problem/34968181>
360
361         Reviewed by Dean Jackson.
362
363         Update GraphicsContext3D to track which texture is bound to which texture unit, and also to
364         track when those bound textures have their backing stores modified. This new "seed" value
365         will be used to determine whether a given texture which has previously had image data
366         uploaded to it needs to be re-updated.
367
368         In VideoTextureCopierCV, track whether the texture's seed changed, whether the IOSurface is
369         the same,  whether the IOSurface's seed has changed, and whether the "flipY" parameter
370         changed since the last time the copier was asked to upload to the texture.
371
372         * platform/graphics/GraphicsContext3D.h:
373         (WebCore::GraphicsContext3D::textureSeed):
374         (WebCore::GraphicsContext3D::GraphicsContext3DState::currentBoundTexture):
375         (WebCore::GraphicsContext3D::GraphicsContext3DState::boundTexture):
376         (WebCore::GraphicsContext3D::GraphicsContext3DState::setBoundTexture):
377         * platform/graphics/cv/VideoTextureCopierCV.cpp:
378         (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture):
379         * platform/graphics/cv/VideoTextureCopierCV.h:
380         (WebCore::VideoTextureCopierCV::lastTextureSeed):
381         * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
382         (WebCore::GraphicsContext3D::prepareTexture):
383         (WebCore::GraphicsContext3D::bindTexture):
384         (WebCore::GraphicsContext3D::texStorage2D):
385         (WebCore::GraphicsContext3D::texStorage3D):
386         (WebCore::GraphicsContext3D::framebufferTexture2D):
387         (WebCore::GraphicsContext3D::texSubImage2D):
388         (WebCore::GraphicsContext3D::compressedTexImage2D):
389         (WebCore::GraphicsContext3D::compressedTexSubImage2D):
390         (WebCore::GraphicsContext3D::createTexture):
391         (WebCore::GraphicsContext3D::deleteTexture):
392         (WebCore::GraphicsContext3D::texImage2DDirect):
393
394 2017-10-13  Per Arne Vollan  <pvollan@apple.com>
395
396         [Win] When built with VS2017, MiniBrowser crashes on startup.
397         https://bugs.webkit.org/show_bug.cgi?id=175209
398
399         Reviewed by Daniel Bates.
400
401         Generated StaticStringImpl objects are not initialized compile-time with VS2017.
402         When compiling with VS2017, the global, static, StaticStringImpl objects needs to
403         be defined with the constexpr specifier, in order for the objects to be initialized
404         at compile time. Since the StaticStringImpl objects will be const then, we need to
405         be able to create an AtomicString object from a const StaticStringImpl object. 
406         This constructor has been added to the AtomicString class.
407
408         No new tests, covered by existing tests. 
409
410         * bindings/scripts/StaticString.pm:
411         (GenerateStrings):
412         (GenerateStringAsserts):
413         * dom/QualifiedName.cpp:
414         (WebCore::createQualifiedName):
415         * dom/QualifiedName.h:
416         * dom/make_names.pl:
417         (printDefinitions):
418
419 2017-10-13  Brent Fulgham  <bfulgham@apple.com>
420
421         Protect FrameView during style calculations
422         https://bugs.webkit.org/show_bug.cgi?id=178300
423         <rdar://problem/34869329>
424
425         Reviewed by Ryosuke Niwa.
426
427         Protect the FrameView during layout and style updates in case arbitrary script
428         is run that might clear it.
429
430         Test: fast/html/marquee-reparent-check.html
431
432         * page/FrameView.cpp:
433         (WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive):
434
435 2017-10-13  Per Arne Vollan  <pvollan@apple.com>
436
437         Crash under ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData
438         https://bugs.webkit.org/show_bug.cgi?id=178279
439
440         Reviewed by Alex Christensen.
441
442         Check if the connection is valid before calling ResourceHandleClient::didSendData.
443
444         No new tests, covered by existing tests.
445
446         * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
447         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData):
448
449 2017-10-13  Brent Fulgham  <bfulgham@apple.com>
450
451         CMD+R / CMD+Q keyboard shortcuts are treated as user interaction with page
452         https://bugs.webkit.org/show_bug.cgi?id=178183
453         <rdar://problem/33327730>
454
455         Reviewed by Ryosuke Niwa.
456
457         Key events are granted user interaction credit (in terms of updating the last time of user
458         interaction), even if the key event was not handled. Instead, we should defer granting
459         access until the key event has been handled.
460         
461         Add a new default constructor argument to UserGestureIndicator to be used when handling key
462         events, so we can delay a decision about whether to grant ResourceLoadStatistics
463         'hasHadUserInteraction' until we confirm that the event was handled by the page.
464
465         This change does not affect other aspects of user interaction.
466
467         Tests: fast/events
468                http/tests/resourceLoadStatistics/prevalent-resource-handled-keydown.html
469                http/tests/resourceLoadStatistics/prevalent-resource-unhandled-keydown.html
470
471         * dom/UserGestureIndicator.cpp:
472         (WebCore::UserGestureIndicator::UserGestureIndicator): Add check based on constructor argument.
473         Also: Drive by fix to avoid calling 'currentToken' when not on the main thread.
474         * dom/UserGestureIndicator.h:
475         * page/EventHandler.cpp:
476         (WebCore::EventHandler::keyEvent): If the key event was handled, grant user interaction credit
477         for ResourceLoadStatistics processing.
478         (WebCore::EventHandler::internalKeyEvent): Use the new UserGestureIndicator constructor argument.
479
480 2017-10-13  Chris Dumez  <cdumez@apple.com>
481
482         DOMTokenList shouldn't add empty attributes
483         https://bugs.webkit.org/show_bug.cgi?id=178280
484
485         Reviewed by Ryosuke Niwa.
486
487         DOMTokenList shouldn't add empty attributes after:
488         - https://github.com/whatwg/dom/pull/488
489
490         Firefox and Chrome follow the latest spec.
491
492         No new tests, updating existing test.
493
494         * html/DOMTokenList.cpp:
495         (WebCore::DOMTokenList::updateAssociatedAttributeFromTokens):
496         Implement the first step of https://dom.spec.whatwg.org/#concept-dtl-update
497
498 2017-10-13  Jer Noble  <jer.noble@apple.com>
499
500         Unreviewed build fix; wrap more functions in USE(IOSURFACE) so that
501         they do not generate "unused function" errors.
502
503         * platform/graphics/cv/VideoTextureCopierCV.cpp:
504
505 2017-10-13  Jer Noble  <jer.noble@apple.com>
506
507         One last unreviewed build fix; since the IOSurface APIs don't exist at
508         all on the simulator, just wrap the entirety of the implementation of
509         copyImageToPlatformTexture() in a #if USE(IOSURFACE) check.
510
511         * platform/graphics/cv/VideoTextureCopierCV.cpp:
512         (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture):
513
514 2017-10-13  Jer Noble  <jer.noble@apple.com>
515
516         Unreviewed build fix for the previous build fix; use the right PAL path for IOSurfaceSPI.h.
517
518         * platform/graphics/cv/VideoTextureCopierCV.cpp:
519
520 2017-10-13  Jer Noble  <jer.noble@apple.com>
521
522         Unreviewed build fix; add definitions for IOSurface methods missing on some platforms.
523
524         * platform/graphics/cv/VideoTextureCopierCV.cpp:
525
526 2017-10-13  Alex Christensen  <achristensen@webkit.org>
527
528         Remove Editor::simplifyMarkup
529         https://bugs.webkit.org/show_bug.cgi?id=178271
530
531         Reviewed by Wenson Hsieh.
532
533         An API test became flaky, and it turns out this isn't used anywhere, so let's remove it!
534         It was used in Mountain Lion, Mavericks, and Yosemite, but not since then.
535         See <rdar://problem/10726177>
536
537         * editing/Editor.cpp:
538         (WebCore::Editor::simplifyMarkup): Deleted.
539         * editing/Editor.h:
540
541 2017-10-13  Jer Noble  <jer.noble@apple.com>
542
543         Unreviewed build fix; forward declare the type of IOSurfaceRef.
544
545         * platform/cocoa/CoreVideoSoftLink.cpp:
546         * platform/cocoa/CoreVideoSoftLink.h:
547
548 2017-10-13  Jer Noble  <jer.noble@apple.com>
549
550         Unreviewed build fix; add soft link macros for newly called CoreVideo methods.
551
552         * platform/cocoa/CoreVideoSoftLink.cpp:
553         * platform/cocoa/CoreVideoSoftLink.h:
554
555 2017-10-13  Jer Noble  <jer.noble@apple.com>
556
557         Unreviewed build fix; add UNUSED_PARAM macros.
558
559         * platform/graphics/cocoa/GraphicsContext3DCocoa.mm:
560         (WebCore::GraphicsContext3D::texImageIOSurface2D):
561
562 2017-10-13  Jer Noble  <jer.noble@apple.com>
563
564         Performance: do pixel conformance and texturing in a single step.
565         https://bugs.webkit.org/show_bug.cgi?id=178219
566         <rdar://problem/34937237>
567
568         Reviewed by Dean Jackson.
569
570         No new tests; performance improvements should have no behavior change.
571
572         Rather than asking the VTDecompressionSession to conform the output CVPixelBuffer into a
573         pixel format compatible with OpenGL (& ES), don't constrain the output at all, and only do a
574         conformance step if the output is not already compatible with OpenGL. This eliminates one
575         copy (in hardware) operation.
576
577         Move the TextureCacheCV object into VideoTextureCopierCV; it will be conditionally used to
578         create the texture if the pixel buffer is compatible.
579
580         Refactor copyVideoTextureToPlatformTexture(CVOpenGLTextureRef) in VideoTextureCopierCV. The
581         new entry point, copyImageToPlatformTexture(), will attempt to use the texture cache first,
582         and call a new common copyVideoTextureToPlatformTexture(Platform3DObject) with the result.
583
584         The new copyImageToPlatformTexture() will pull planar YUV frames into two textures, and combine
585         the two with a color transfer function when drawing to the output texture.
586
587         * platform/graphics/GraphicsContext3D.h:
588         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
589         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::copyVideoTextureToPlatformTexture):
590         * platform/graphics/cocoa/GraphicsContext3DCocoa.mm:
591         (WebCore::GraphicsContext3D::texImageIOSurface2D):
592         * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
593         (WebCore::WebCoreDecompressionSession::ensureDecompressionSessionForSample):
594         * platform/graphics/cv/TextureCacheCV.h:
595         * platform/graphics/cv/TextureCacheCV.mm:
596         (WebCore::TextureCacheCV::textureFromImage):
597         * platform/graphics/cv/VideoTextureCopierCV.cpp:
598         (WebCore::pixelRangeFromPixelFormat):
599         (WebCore::transferFunctionFromString):
600         (WebCore::YCbCrToRGBMatrixForRangeAndTransferFunction):
601         (WebCore::VideoTextureCopierCV::~VideoTextureCopierCV):
602         (WebCore::VideoTextureCopierCV::initializeUVContextObjects):
603         (WebCore::VideoTextureCopierCV::copyImageToPlatformTexture):
604         (WebCore::VideoTextureCopierCV::copyVideoTextureToPlatformTexture):
605         * platform/graphics/cv/VideoTextureCopierCV.h:
606
607 2017-10-13  Romain Bellessort  <romain.bellessort@crf.canon.fr>
608
609         [Readable Streams API] Align queue with spec for ReadableStreamDefaultController
610         https://bugs.webkit.org/show_bug.cgi?id=178082
611
612         Reviewed by Xabier Rodriguez-Calvar.
613
614         Implemented new queue behavior for dequeueValue (used by ReadableStreamDefaultController),
615         which fixes rounding errors (as described in https://github.com/whatwg/streams/pull/661).
616         Also aligned ReadableByteStreamController queue so that both queues are implemented in
617         the same way.
618
619         No new tests (covered by existing tests, especially WPT tests that now pass).
620
621         * Modules/streams/ReadableByteStreamInternals.js:
622         (privateInitializeReadableByteStreamController): Aligned queue with RSDC.
623         (readableByteStreamControllerCancel): Aligned queue with RSDC.
624         (readableByteStreamControllerError): Aligned queue with RSDC.
625         (readableByteStreamControllerClose): Aligned queue with RSDC.
626         (readableByteStreamControllerHandleQueueDrain): Aligned queue with RSDC.
627         (readableByteStreamControllerPull): Aligned queue with RSDC.
628         (readableByteStreamControllerEnqueue): Aligned queue with RSDC.
629         (readableByteStreamControllerEnqueueChunk): Aligned queue with RSDC.
630         (readableByteStreamControllerProcessPullDescriptors): Aligned queue with RSDC.
631         (readableByteStreamControllerFillDescriptorFromQueue): Aligned queue with RSDC.
632         (readableByteStreamControllerPullInto): Aligned queue with RSDC.
633         * Modules/streams/StreamInternals.js:
634         (dequeueValue): Updated to match spec.
635         * bindings/js/WebCoreBuiltinNames.h: Removed now useless "totalQueuedBytes".
636
637 2017-10-13  Wenson Hsieh  <wenson_hsieh@apple.com>
638
639         "text/html" data is not exposed when dragging and dropping across origins
640         https://bugs.webkit.org/show_bug.cgi?id=178253
641         <rdar://problem/34971203>
642
643         Reviewed by Ryosuke Niwa.
644
645         Minor tweak to DataTransfer::setDataFromItemList to allow "text/html" written from bindings to transfer across
646         origins without requiring a sanitized representation. Currently, sanitizedData is null, which limits "text/html"
647         to being treated as custom data, inaccessible across origins. We should instead treat markup supplied via
648         bindings the same way as we do "text/plain" supplied via bindings.
649
650         Modified Tests: editing/pasteboard/data-transfer-set-data-sanitize-url-when-copying-in-null-origin.html
651                         editing/pasteboard/data-transfer-set-data-sanitize-url-when-dragging-in-null-origin.html
652
653         * dom/DataTransfer.cpp:
654         (WebCore::DataTransfer::setDataFromItemList):
655
656 2017-10-12  Brady Eidson  <beidson@apple.com>
657
658         SW "Hello world".
659         https://bugs.webkit.org/show_bug.cgi?id=178187
660
661         Reviewed by Andy Estes.
662
663         No new tests (Covered by changes to existing tests).
664
665         With this patch, SW scripts are actually compiled and run inside a ServiceWorkerGlobalScope environment
666         in the SW context process.
667
668         * WebCore.xcodeproj/project.pbxproj:
669
670         * bindings/js/WorkerScriptController.cpp:
671         (WebCore::WorkerScriptController::initScript):
672
673         * dom/EventTargetFactory.in:
674
675         * workers/WorkerGlobalScope.h:
676         (WebCore::WorkerGlobalScope::isServiceWorkerGlobalScope const):
677
678         * workers/service/ServiceWorkerContextData.cpp: Copied from Source/WebCore/workers/service/ServiceWorkerGlobalScope.cpp.
679         (WebCore::ServiceWorkerContextData::isolatedCopy const):
680         * workers/service/ServiceWorkerContextData.h:
681         (WebCore::ServiceWorkerContextData::encode const):
682         (WebCore::ServiceWorkerContextData::decode):
683
684         * workers/service/ServiceWorkerGlobalScope.cpp:
685         (WebCore::ServiceWorkerGlobalScope::ServiceWorkerGlobalScope):
686         (WebCore::ServiceWorkerGlobalScope::~ServiceWorkerGlobalScope):
687         (WebCore::ServiceWorkerGlobalScope::registration):
688         (WebCore::ServiceWorkerGlobalScope::eventTargetInterface const):
689         * workers/service/ServiceWorkerGlobalScope.h:
690         (WebCore::ServiceWorkerGlobalScope::create):
691         (WebCore::ServiceWorkerGlobalScope::serverConnectionIdentifier const):
692
693         * workers/service/context/SWContextManager.cpp: Copied from Source/WebCore/workers/service/ServiceWorkerGlobalScope.cpp.
694         (WebCore::SWContextManager::singleton):
695         (WebCore::SWContextManager::SWContextManager):
696         (WebCore::SWContextManager::startServiceWorkerContext):
697         * workers/service/context/SWContextManager.h: Copied from Source/WebCore/workers/service/ServiceWorkerGlobalScope.h.
698
699         * workers/service/context/ServiceWorkerThread.cpp: Added.
700         (WebCore::ServiceWorkerThreadProxy::sharedDummyProxy):
701         (WebCore::ServiceWorkerThread::ServiceWorkerThread):
702         (WebCore::m_workerObjectProxy):
703         (WebCore::ServiceWorkerThread::~ServiceWorkerThread):
704         (WebCore::ServiceWorkerThread::createWorkerGlobalScope):
705         (WebCore::ServiceWorkerThread::runEventLoop):
706         * workers/service/context/ServiceWorkerThread.h: Copied from Source/WebCore/workers/service/ServiceWorkerGlobalScope.h.
707         (WebCore::ServiceWorkerThread::create):
708         (WebCore::ServiceWorkerThread::workerObjectProxy const):
709
710         * workers/service/server/SWServer.cpp:
711         (WebCore::SWServer::createWorker):
712
713 2017-10-12  Alex Christensen  <achristensen@webkit.org>
714
715         Use asynchronous ResourceHandleClient calls for WebKit1
716         https://bugs.webkit.org/show_bug.cgi?id=160677
717
718         Reviewed by Brady Eidson.
719
720         Covered by existing tests.
721
722         * PlatformAppleWin.cmake:
723         * PlatformMac.cmake:
724         * WebCore.xcodeproj/project.pbxproj:
725         * loader/ResourceLoader.cpp:
726         (WebCore::ResourceLoader::willSendRequestAsync):
727         (WebCore::ResourceLoader::didReceiveResponseAsync):
728         (WebCore::ResourceLoader::canAuthenticateAgainstProtectionSpaceAsync):
729         * loader/ResourceLoader.h:
730         * loader/appcache/ApplicationCacheGroup.cpp:
731         (WebCore::ApplicationCacheGroup::didReceiveResponseAsync):
732         (WebCore::ApplicationCacheGroup::willSendRequestAsync):
733         (WebCore::ApplicationCacheGroup::canAuthenticateAgainstProtectionSpaceAsync):
734         (WebCore::ApplicationCacheGroup::didReceiveResponse): Deleted.
735         * loader/appcache/ApplicationCacheGroup.h:
736         * platform/network/BlobResourceHandle.cpp:
737         (WebCore::BlobResourceHandle::continueDidReceiveResponse):
738         (WebCore::BlobResourceHandle::getSizeForNext):
739         (WebCore::BlobResourceHandle::notifyResponseOnSuccess):
740         (WebCore::BlobResourceHandle::notifyResponseOnError):
741         * platform/network/PingHandle.h:
742         * platform/network/ResourceHandle.cpp:
743         (WebCore::ResourceHandle::didReceiveResponse):
744         (WebCore::ResourceHandle::usesAsyncCallbacks): Deleted.
745         * platform/network/ResourceHandle.h:
746         * platform/network/ResourceHandleClient.cpp:
747         (WebCore::ResourceHandleClient::~ResourceHandleClient):
748         (WebCore::ResourceHandleClient::willSendRequest): Deleted.
749         (WebCore::ResourceHandleClient::willSendRequestAsync): Deleted.
750         (WebCore::ResourceHandleClient::didReceiveResponseAsync): Deleted.
751         (WebCore::ResourceHandleClient::canAuthenticateAgainstProtectionSpaceAsync): Deleted.
752         * platform/network/ResourceHandleClient.h:
753         (WebCore::ResourceHandleClient::didReceiveAuthenticationChallenge):
754         (WebCore::ResourceHandleClient::didReceiveResponse): Deleted.
755         (WebCore::ResourceHandleClient::usesAsyncCallbacks): Deleted.
756         (WebCore::ResourceHandleClient::canAuthenticateAgainstProtectionSpace): Deleted.
757         * platform/network/ResourceHandleInternal.h:
758         (WebCore::ResourceHandleInternal::ResourceHandleInternal):
759         * platform/network/SynchronousLoaderClient.cpp:
760         (WebCore::SynchronousLoaderClient::willSendRequestAsync):
761         (WebCore::SynchronousLoaderClient::canAuthenticateAgainstProtectionSpaceAsync):
762         (WebCore::SynchronousLoaderClient::didReceiveResponseAsync):
763         (WebCore::SynchronousLoaderClient::didFinishLoading):
764         (WebCore::SynchronousLoaderClient::didFail):
765         (WebCore::SynchronousLoaderClient::willSendRequest): Deleted.
766         (WebCore::SynchronousLoaderClient::canAuthenticateAgainstProtectionSpace): Deleted.
767         (WebCore::SynchronousLoaderClient::didReceiveResponse): Deleted.
768         * platform/network/SynchronousLoaderClient.h:
769         * platform/network/cf/ResourceHandleCFNet.cpp:
770         (WebCore::ResourceHandle::createCFURLConnection):
771         (WebCore::ResourceHandle::start):
772         (WebCore::ResourceHandle::willSendRequest):
773         (WebCore::ResourceHandle::shouldUseCredentialStorage):
774         (WebCore::ResourceHandle::canAuthenticateAgainstProtectionSpace):
775         (WebCore::ResourceHandle::platformLoadResourceSynchronously):
776         * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
777         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::ResourceHandleCFURLConnectionDelegateWithOperationQueue):
778         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::releaseHandle):
779         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):
780         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
781         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveData):
782         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFinishLoading):
783         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didFail):
784         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
785         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveChallenge):
786         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didSendBodyData):
787         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::shouldUseCredentialStorage):
788         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace):
789         (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::continueCanAuthenticateAgainstProtectionSpace):
790         * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.h:
791         * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.cpp: Removed.
792         * platform/network/cf/SynchronousResourceHandleCFURLConnectionDelegate.h: Removed.
793         * platform/network/mac/ResourceHandleMac.mm:
794         (WebCore::ResourceHandle::start):
795         (WebCore::ResourceHandle::schedule):
796         (WebCore::ResourceHandle::makeDelegate):
797         (WebCore::ResourceHandle::delegate):
798         (WebCore::ResourceHandle::platformLoadResourceSynchronously):
799         (WebCore::ResourceHandle::willSendRequest):
800         (WebCore::ResourceHandle::continueWillSendRequest):
801         (WebCore::ResourceHandle::continueDidReceiveResponse):
802         (WebCore::ResourceHandle::canAuthenticateAgainstProtectionSpace):
803         (WebCore::ResourceHandle::continueCanAuthenticateAgainstProtectionSpace):
804         (WebCore::ResourceHandle::continueWillCacheResponse):
805         (WebCore::ResourceHandle::shouldUseCredentialStorage): Deleted.
806         * platform/network/mac/WebCoreResourceHandleAsDelegate.h: Removed.
807         * platform/network/mac/WebCoreResourceHandleAsDelegate.mm: Removed.
808         * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.h:
809         * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
810         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]):
811         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveAuthenticationChallenge:]):
812         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]):
813         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
814         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveData:lengthReceived:]):
815         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didSendBodyData:totalBytesWritten:totalBytesExpectedToWrite:]):
816         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didFailWithError:]):
817         (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willCacheResponse:]):
818
819 2017-10-12  Chris Dumez  <cdumez@apple.com>
820
821         [Mac] Add support for MouseEvent.buttons
822         https://bugs.webkit.org/show_bug.cgi?id=178214
823
824         Reviewed by Ryosuke Niwa.
825
826         Add support for MouseEvent.buttons on Mac as per:
827         - https://www.w3.org/TR/uievents/#ref-for-dom-mouseevent-buttons-1
828
829         This is supported by Firefox and Chrome already.
830
831         No new tests, rebaselined existing test.
832
833         * dom/Element.cpp:
834         (WebCore::Element::dispatchMouseEvent):
835         * dom/MouseEvent.cpp:
836         (WebCore::MouseEvent::create):
837         (WebCore::MouseEvent::MouseEvent):
838         * dom/MouseEvent.h:
839         (WebCore::MouseEvent::buttons const):
840         * dom/MouseEvent.idl:
841         * dom/MouseEventInit.h:
842         * dom/MouseEventInit.idl:
843         * dom/SimulatedClick.cpp:
844         * dom/WheelEvent.cpp:
845         * page/EventHandler.cpp:
846         (WebCore::EventHandler::dispatchDragEvent):
847         * platform/PlatformMouseEvent.h:
848         (WebCore::PlatformMouseEvent::buttons const):
849         * platform/mac/PlatformEventFactoryMac.mm:
850         (WebCore::currentlyPressedMouseButtons):
851         (WebCore::PlatformMouseEventBuilder::PlatformMouseEventBuilder):
852
853 2017-10-12  David Kilzer  <ddkilzer@apple.com>
854
855         [iOS] Fix -Wunused-lambda-capture warnings in WebCore/WebKit with new clang compiler
856         <https://webkit.org/b/178226>
857
858         Reviewed by Chris Fleizach.
859
860         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
861         (-[WebAccessibilityObjectWrapper _accessibilityArticleAncestor]):
862         - Remove unused lambda variable 'self'.
863
864 2017-10-12  Daniel Bates  <dabates@apple.com>
865
866         Mark more InlineBox member functions as const
867         https://bugs.webkit.org/show_bug.cgi?id=178217
868
869         Reviewed by Andy Estes.
870
871         * rendering/InlineBox.cpp:
872         (WebCore::InlineBox::locationIncludingFlipping const): Mark as const. Also fix some style
873         nits while I am here.
874         (WebCore::InlineBox::flipForWritingMode const): Mark as const.
875         (WebCore::InlineBox::locationIncludingFlipping): Deleted.
876         (WebCore::InlineBox::flipForWritingMode): Deleted.
877         * rendering/InlineBox.h:
878
879 2017-10-12  Daniel Bates  <dabates@apple.com>
880
881         Teach InlineTextBox::clampOffset() about combined text and hyphenation
882         https://bugs.webkit.org/show_bug.cgi?id=178032
883
884         Reviewed by Zalan Bujtas.
885
886         Treat combined text and the last character of a word halve plus hyphen as single units.
887
888         With regards to combined text, ideally we would allow arbitrary selection inside combined
889         text. Currently we do not support selection of combined text. To simplify the process of
890         adding support for selecting combined text we treat combined text as a single unit. Once
891         we are confident that we correctly implemented such support we can re-evaluate allowing
892         arbitrary selection of combined text.
893
894         With regards to treating the last character of a word halve plus hyphen as a single unit.
895         This patch extends the targeted fix made for document markers in r223013 to all code that
896         makes use of clamped offsets as a result the selection rect for inline boxes more accurately
897         reflect the rectangle(s) that make up the painted selection. This is a step towards reconciling
898         the difference between the computation of the rectangle that represents an arbitrary
899         selection and the code that paints the active selection as part of <https://bugs.webkit.org/show_bug.cgi?id=138913>.
900
901         * rendering/InlineTextBox.cpp:
902         (WebCore::InlineTextBox::localSelectionRect const): Compute text run, including combined text
903         or hyphens due to line wrapping now that specified start and end positions are clamped with
904         respect to combined text and hyphens (computed earlier in this function). Only measure the
905         text represented by the selection if the start position > 0 or the end position is not equal
906         to the length of the run.
907         (WebCore::InlineTextBox::paint): Remove unnecessary code to fix up the selection start and
908         end positions based on the truncation offset as this is done by clampedOffset(), called by
909         selectionStartEnd().
910         (WebCore::InlineTextBox::clampedOffset const): Modified to adjust the clamped offset with
911         respect to truncation as well as treat combined text or a trailing word halve plus hyphen
912         as single units. Assert that we are not fully truncated because it does not make sense to
913         be computing the clamped offset in such a situation since nothing should be painted.
914         (WebCore::InlineTextBox::selectionStartEnd const): Modified to compute the end of an inside
915         selection using clampedOffset() to account for truncation, combined text or a hyphen. We
916         already are using clampedOffset() when computing the start and end position for all other
917         selection states.
918         (WebCore::InlineTextBox::paintSelection): Compute text run, including combined text
919         or hyphens due to line wrapping now that specified start and end positions are clamped with
920         respect to combined text and hyphens (computed earlier in this function). Remove unnecessary
921         code to adjust selection end point with respect to truncation, combined text, or an added
922         hyphen now that selectionStartEnd() takes care of this (via clampedOffset()).
923         (WebCore::InlineTextBox::paintTextSubrangeBackground): Compute text run, including combined
924         text or hyphens due to line wrapping now that specified start and end positions are clamped
925         with respect to combined text and hyphens (computed earlier in this function).
926         (WebCore::InlineTextBox::paintDocumentMarker): Compute text run, including combined text now
927         that specified start and end positions are clamped with respect to combined text (computed earlier in this function).
928         Also remove unnecessary code to adjust end offset of the marker with respect to truncation
929         and length of the text run as clampedOffset() now does this for us.
930
931 2017-10-11  Simon Fraser  <simon.fraser@apple.com>
932
933         Don't assert if mix-blend-mode is set to a non-separable blend mode on a composited layer
934         https://bugs.webkit.org/show_bug.cgi?id=178196
935         rdar://problem/34942337
936
937         Reviewed by Dan Bates.
938
939         Core Animation doesn't support non-separable blend modes (hue, saturation, color, luminosity)
940         on layers, but don't assert if we try to use them.
941
942         Test: compositing/filters/blend-mode-saturation.html
943
944         * platform/graphics/ca/cocoa/PlatformCAFiltersCocoa.mm:
945         (PlatformCAFilters::setBlendingFiltersOnLayer):
946
947 2017-10-12  John Wilander  <wilander@apple.com>
948
949         ResourceLoadObserver::logFrameNavigation() should use redirectResponse.url()
950         https://bugs.webkit.org/show_bug.cgi?id=175257
951         <rdar://problem/33359866>
952
953         Reviewed by Brent Fulgham.
954
955         This patch was joint work between Michael Specter and John Wilander.
956
957         Tests: http/tests/resourceLoadStatistics/non-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
958                http/tests/resourceLoadStatistics/non-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
959                http/tests/resourceLoadStatistics/non-sandboxed-nesting-iframe-with-non-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
960                http/tests/resourceLoadStatistics/non-sandboxed-nesting-iframe-with-non-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
961                http/tests/resourceLoadStatistics/non-sandboxed-nesting-iframe-with-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
962                http/tests/resourceLoadStatistics/non-sandboxed-nesting-iframe-with-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
963                http/tests/resourceLoadStatistics/sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
964                http/tests/resourceLoadStatistics/sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
965                http/tests/resourceLoadStatistics/sandboxed-nesting-iframe-with-non-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
966                http/tests/resourceLoadStatistics/sandboxed-nesting-iframe-with-non-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
967                http/tests/resourceLoadStatistics/sandboxed-nesting-iframe-with-sandboxed-iframe-redirect-ip-to-localhost-to-ip.html
968                http/tests/resourceLoadStatistics/sandboxed-nesting-iframe-with-sandboxed-iframe-redirect-localhost-to-ip-to-localhost.html
969
970         * loader/DocumentLoader.cpp:
971         (WebCore::DocumentLoader::willSendRequest):
972             Now sends redirectResponse.url() to WebCore::ResourceLoadObserver::logFrameNavigation().
973         * loader/ResourceLoadObserver.cpp:
974         (WebCore::ResourceLoadObserver::logFrameNavigation):
975             Now receives the redirect response URL from WebCore::DocumentLoader().
976         (WebCore::ResourceLoadObserver::nonNullOwnerURL const):
977             New function to traverse the frame chain upward and find the first non-null URL.
978         * loader/ResourceLoadObserver.h:
979
980 2017-10-12  Frederic Wang  <fwang@igalia.com>
981
982         Use less specific cast in ScrollingTree::scrollPositionChangedViaDelegatedScrolling
983         https://bugs.webkit.org/show_bug.cgi?id=178211
984
985         Reviewed by Simon Fraser.
986
987         No new tests, behavior is not changed.
988
989         ScrollingTree::scrollPositionChangedViaDelegatedScrolling is a generic function that applies
990         to scrolling nodes. Casting to more specific ScrollingTreeOverflowScrollingNodes is however
991         not necessary to implement it. This patch moves to the least specific cast necessary so that
992         this function will be usable for async scrolling of non-main frames in the future. Note that
993         the function is currently only called from ScrollingTreeScrollingNodeDelegateIOS which in
994         turn is only used by the ScrollingTreeScrollingOverflowNodeIOS class and so code behavior is
995         not changed.
996
997         * page/scrolling/ScrollingTree.cpp:
998         (WebCore::ScrollingTree::scrollPositionChangedViaDelegatedScrolling): Only cast the node to
999         ScrollingTreeScrollingNode.
1000
1001 2017-10-11  Sam Weinig  <sam@webkit.org>
1002
1003         Remove out-parameter variants of copyToVector
1004         https://bugs.webkit.org/show_bug.cgi?id=178155
1005
1006         Reviewed by Tim Horton.
1007
1008         * Modules/geolocation/Geolocation.cpp:
1009         (WebCore::Geolocation::stopTimersForOneShots):
1010         (WebCore::Geolocation::cancelAllRequests):
1011         (WebCore::Geolocation::handleError):
1012         (WebCore::Geolocation::makeSuccessCallbacks):
1013         * Modules/indexeddb/IDBDatabase.cpp:
1014         (WebCore::IDBDatabase::transaction):
1015         * Modules/indexeddb/IDBGetAllResult.cpp:
1016         (WebCore::IDBGetAllResult::allBlobFilePaths const):
1017         * Modules/indexeddb/server/MemoryIndex.cpp:
1018         (WebCore::IDBServer::MemoryIndex::notifyCursorsOfValueChange):
1019         (WebCore::IDBServer::MemoryIndex::notifyCursorsOfAllRecordsChanged):
1020         * css/CSSFontSelector.cpp:
1021         (WebCore::CSSFontSelector::dispatchInvalidationCallbacks):
1022         * dom/Document.cpp:
1023         (WebCore::Document::moveNodeIteratorsToNewDocument):
1024         (WebCore::Document::resume):
1025         (WebCore::Document::didAssociateFormControlsTimerFired):
1026         * dom/IdTargetObserverRegistry.cpp:
1027         (WebCore::IdTargetObserverRegistry::notifyObserversInternal):
1028         * dom/MutationObserver.cpp:
1029         (WebCore::MutationObserver::notifyMutationObservers):
1030         * dom/Node.cpp:
1031         (WebCore::Document::invalidateNodeListAndCollectionCaches):
1032         * dom/RadioButtonGroups.cpp:
1033         * dom/ScriptExecutionContext.cpp:
1034         (WebCore::ScriptExecutionContext::dispatchMessagePortEvents):
1035         (WebCore::ScriptExecutionContext::stopActiveDOMObjects):
1036         * loader/appcache/ApplicationCacheGroup.cpp:
1037         (WebCore::ApplicationCacheGroup::checkIfLoadIsComplete):
1038         (WebCore::ApplicationCacheGroup::deliverDelayedMainResources):
1039         * loader/cache/MemoryCache.cpp:
1040         (WebCore::MemoryCache::forEachResource):
1041         (WebCore::MemoryCache::pruneDeadResourcesToSize):
1042         * page/DOMWindow.cpp:
1043         (WebCore::DOMWindow::willDestroyCachedFrame):
1044         (WebCore::DOMWindow::willDestroyDocumentInFrame):
1045         (WebCore::DOMWindow::willDetachDocumentFromFrame):
1046         (WebCore::DOMWindow::disconnectDOMWindowProperties):
1047         (WebCore::DOMWindow::reconnectDOMWindowProperties):
1048         * page/FrameView.cpp:
1049         (WebCore::collectAndProtectWidgets):
1050         * page/MemoryRelease.cpp:
1051         (WebCore::releaseCriticalMemory):
1052         * page/Performance.cpp:
1053         (WebCore::Performance::queueEntry):
1054         * platform/cocoa/PasteboardCocoa.mm:
1055         (WebCore::Pasteboard::typesForLegacyUnsafeBindings):
1056         * platform/graphics/cocoa/FontCacheCoreText.cpp:
1057         (WebCore::FontCache::systemFontFamilies):
1058         * platform/ios/PlatformPasteboardIOS.mm:
1059         (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const):
1060         * platform/ios/WebCoreMotionManager.mm:
1061         (-[WebCoreMotionManager sendAccelerometerData:]):
1062         (-[WebCoreMotionManager sendMotionData:withHeading:]):
1063         * platform/mac/PlatformPasteboardMac.mm:
1064         (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const):
1065         * platform/network/cocoa/WebCoreNSURLSession.mm:
1066         (-[WebCoreNSURLSession invalidateAndCancel]):
1067         * rendering/RenderBlock.cpp:
1068         (WebCore::RenderBlock::endAndCommitUpdateScrollInfoAfterLayoutTransaction):
1069         * rendering/RenderBlockLineLayout.cpp:
1070         (WebCore::setLogicalWidthForTextRun):
1071         * rendering/RenderDeprecatedFlexibleBox.cpp:
1072         (WebCore::FlexBoxIterator::next):
1073         * rendering/RenderTableSection.cpp:
1074         (WebCore::RenderTableSection::paintObject):
1075
1076             Replace out-parameter based copyToVector, with one that returns a Vector.
1077
1078 2017-10-12  Yusuke Suzuki  <utatane.tea@gmail.com>
1079
1080         Support integrity="" on module scripts
1081         https://bugs.webkit.org/show_bug.cgi?id=177959
1082
1083         Reviewed by Sam Weinig.
1084
1085         This patch extends module hooks to accept fetching parameters.
1086         When starting fetching modules, WebCore creates ModuleFetchParameters.
1087         And this parameters is propagated to the fetch hook. Then, fetch
1088         hook can use this parameters to fetch modules.
1089
1090         This parameters only contains `integrity` field. This "integrity" is
1091         used to perform subresource integrity check in module loader pipeline.
1092         And this error is just proparaged as errors in module pipeline, which
1093         is the same to the other types of errors in module pipeline.
1094
1095         Test: http/tests/subresource-integrity/sri-module.html
1096
1097         * ForwardingHeaders/runtime/JSScriptFetchParameters.h: Added.
1098         * ForwardingHeaders/runtime/ScriptFetchParameters.h: Added.
1099         * WebCore.xcodeproj/project.pbxproj:
1100         * bindings/js/CachedModuleScriptLoader.cpp:
1101         (WebCore::CachedModuleScriptLoader::create):
1102         (WebCore::CachedModuleScriptLoader::CachedModuleScriptLoader):
1103         Take parameters, which includes "integrity".
1104
1105         * bindings/js/CachedModuleScriptLoader.h:
1106         * bindings/js/JSDOMWindowBase.cpp:
1107         (WebCore::JSDOMWindowBase::moduleLoaderFetch):
1108         (WebCore::JSDOMWindowBase::moduleLoaderImportModule):
1109         import and fetch hooks take parameters.
1110
1111         * bindings/js/JSDOMWindowBase.h:
1112         * bindings/js/JSMainThreadExecState.h:
1113         (WebCore::JSMainThreadExecState::loadModule):
1114         * bindings/js/ScriptController.cpp:
1115         (WebCore::ScriptController::loadModuleScriptInWorld):
1116         (WebCore::ScriptController::loadModuleScript):
1117         Pass parameters to the entry point of the module pipeline.
1118
1119         * bindings/js/ScriptController.h:
1120         * bindings/js/ScriptModuleLoader.cpp:
1121         (WebCore::ScriptModuleLoader::fetch):
1122         If parameters are passed, we set them to CachedModuleScriptLoader.
1123
1124         (WebCore::ScriptModuleLoader::importModule):
1125         Pass parameters to the entry point of dynamic import.
1126
1127         (WebCore::ScriptModuleLoader::notifyFinished):
1128         If script loader has parameters, we perform subresource integrity check here.
1129
1130         * bindings/js/ScriptModuleLoader.h:
1131         * dom/LoadableModuleScript.cpp:
1132         (WebCore::LoadableModuleScript::create):
1133         (WebCore::LoadableModuleScript::LoadableModuleScript):
1134         (WebCore::LoadableModuleScript::load):
1135         Create ModuleFetchParameters with "integrity" value.
1136
1137         * dom/LoadableModuleScript.h:
1138         * dom/ModuleFetchParameters.h: Copied from Source/WebCore/bindings/js/CachedModuleScriptLoader.h.
1139         (WebCore::ModuleFetchParameters::create):
1140         (WebCore::ModuleFetchParameters::integrity const):
1141         (WebCore::ModuleFetchParameters::ModuleFetchParameters):
1142         * dom/ScriptElement.cpp:
1143         (WebCore::ScriptElement::requestModuleScript):
1144         Pass "integrity" value to the module script.
1145
1146 2017-10-12  Tomas Popela  <tpopela@redhat.com>
1147
1148         Unreviewed, fix compilation warning
1149
1150         warning: extra tokens at end of #endif directive [-Wendif-labels]
1151
1152         * rendering/RenderMediaControls.h:
1153
1154 2017-10-11  Brent Fulgham  <bfulgham@apple.com>
1155
1156         Correct nullptr deref in selection handling.
1157         https://bugs.webkit.org/show_bug.cgi?id=178189
1158         <rdar://problem/33833012>
1159
1160         Reviewed by Ryosuke Niwa.
1161
1162         The VisibleSelection::toNormalizedRange returns nullptr for certain conditions (e.g., 'isNone'
1163         and 'isOrphaned' cases). It's possible to crash the WebProcess by executing a code path with
1164         an orphaned selection range.
1165
1166         The return value of 'toNormalizedRange' is checked for nullptr in many places, but not everywhere.
1167         This patch adds those missing nullptr checks.
1168
1169         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
1170         (-[WebAccessibilityObjectWrapper textMarkerRangeForSelection]):
1171         * editing/DeleteSelectionCommand.cpp:
1172         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
1173         * editing/EditingStyle.cpp:
1174         (WebCore::EditingStyle::styleAtSelectionStart):
1175         * editing/Editor.cpp:
1176         (WebCore::Editor::misspelledWordAtCaretOrRange const):
1177         * page/DOMSelection.cpp:
1178         (WebCore::DOMSelection::containsNode const):
1179         * page/DragController.cpp:
1180         (WebCore::DragController::concludeEditDrag):
1181
1182 2017-10-11  Ryan Haddad  <ryanhaddad@apple.com>
1183
1184         Unreviewed, rolling out r223215.
1185
1186         This change broke the Sierra build.
1187
1188         Reverted changeset:
1189
1190         "[Apple Pay] Add subLocality and subAdministrativeArea to
1191         ApplePayPaymentContact"
1192         https://bugs.webkit.org/show_bug.cgi?id=178191
1193         https://trac.webkit.org/changeset/223215
1194
1195 2017-10-11  Chris Dumez  <cdumez@apple.com>
1196
1197         XMLHttpRequest: do not sniff text/html, and do not sniff XML when responseType is set to "text"
1198         https://bugs.webkit.org/show_bug.cgi?id=168724
1199
1200         Reviewed by Ryosuke Niwa.
1201
1202         WebKit enabled HTML / XML charset detection for HTML-ish / XML-ish
1203         responses even when response type is text, which does not match the
1204         specification.
1205
1206         This patch is based on the following Blink patch by Yutaka Hirano <yhirano@chromium.org>:
1207         - https://chromium.googlesource.com/chromium/src.git/+/47e4fc53e6d68c0a788fcc26de598b9e3848033f
1208
1209         Tests:
1210         imported/w3c/web-platform-tests/XMLHttpRequest/responsetext-decoding.htm
1211         imported/w3c/web-platform-tests/XMLHttpRequest/responsedocument-decoding.htm
1212
1213         * xml/XMLHttpRequest.cpp:
1214         (WebCore::XMLHttpRequest::createDecoder const):
1215         (WebCore::XMLHttpRequest::didReceiveData):
1216         * xml/XMLHttpRequest.h:
1217
1218 2017-10-11  Andy Estes  <aestes@apple.com>
1219
1220         [Apple Pay] Add subLocality and subAdministrativeArea to ApplePayPaymentContact
1221         https://bugs.webkit.org/show_bug.cgi?id=178191
1222         <rdar://problem/34906367>
1223
1224         Reviewed by Tim Horton.
1225
1226         Added test cases to http/tests/ssl/applepay/ApplePaySession.html.
1227
1228         * Modules/applepay/ApplePayPaymentContact.h:
1229         * Modules/applepay/ApplePayPaymentContact.idl:
1230         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
1231         (WebCore::convert):
1232
1233 2017-10-11  Youenn Fablet  <youenn@apple.com>
1234
1235         Add API to clean CacheStorage data
1236         https://bugs.webkit.org/show_bug.cgi?id=178034
1237
1238         Reviewed by Chris Dumez.
1239
1240         Test: http/tests/cache-storage/cache-clearing.https.html
1241
1242         * platform/FileSystem.h:
1243
1244 2017-10-11  David Kilzer  <ddkilzer@apple.com>
1245
1246         Part 2: Fix -Wcast-qual and -Wunused-lambda-capture warnings in WebCore with new clang compiler
1247         <https://webkit.org/b/178036>
1248         <rdar://problem/33667497>
1249
1250         Reviewed by Chris Dumez.
1251
1252         * Modules/cache/WorkerCacheStorageConnection.cpp:
1253         (WebCore::WorkerCacheStorageConnection::doRemove):
1254         - Change ASSERT() to ASSERT_UNUSED() to suppress warnings about
1255           unused lambda capture for 'cacheIdentifier' in Release builds.
1256         * bridge/objc/objc_class.mm:
1257         (JSC::Bindings::ObjcClass::classForIsA): Change C-style cast
1258         into reinterpret_cast and const_cast to go from CFTypeRef to
1259         ObjcClass*.
1260         * crypto/mac/CryptoKeyRSAMac.cpp:
1261         (WebCore::castDataArgumentToCCRSACryptorCreateFromDataIfNeeded):
1262         Add.  Introduce method to add a required const_cast for older
1263         OSes since the signature of CCRSACryptorCreateFromData() changed
1264         in iOS 11 & High Sierra.
1265         (WebCore::CryptoKeyRSA::create): Use
1266         castDataArgumentToCCRSACryptorCreateFromDataIfNeeded().
1267         * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
1268         (WebCore::WebCoreDecompressionSession::handleDecompressionOutput):
1269         Remove unused lambda capture for 'status'.
1270
1271 2017-10-11  Chris Dumez  <cdumez@apple.com>
1272
1273         [Geolocation] Expose Coordinates.floorLevel
1274         https://bugs.webkit.org/show_bug.cgi?id=178173
1275         <rdar://problem/34918936>
1276
1277         Reviewed by Ryosuke Niwa.
1278
1279         Expose Coordinates.floorLevel via the Geolocation API. This is currently
1280         a WebKit-specific extension and it is only populated on iOS / WKTR / DRT.
1281         It is null on other platforms.
1282
1283         Test: fast/dom/Geolocation/floorLevel.html
1284
1285         * Modules/geolocation/Coordinates.h:
1286         (WebCore::Coordinates::floorLevel const):
1287         * Modules/geolocation/Coordinates.idl:
1288         * Modules/geolocation/GeolocationPosition.h:
1289         (WebCore::GeolocationPosition::encode const):
1290         (WebCore::GeolocationPosition::decode):
1291         * Modules/geolocation/ios/GeolocationPositionIOS.mm:
1292         (WebCore::GeolocationPosition::GeolocationPosition):
1293         * page/Settings.in:
1294
1295 2017-10-11  Simon Fraser  <simon.fraser@apple.com>
1296
1297         Avoid triggering layout from style change
1298         https://bugs.webkit.org/show_bug.cgi?id=178184
1299         rdar://problem/34699113
1300
1301         Reviewed by Zalan Bujtas.
1302
1303         It's bad for RenderBox::styleDidChange() to scroll RenderLayers, because that
1304         can trigger layout via FrameView::updateWidgetPositions() and ScrollingCoordinator::absoluteEventTrackingRegions().
1305         So postpone the scrolling until after layout.
1306
1307         Test: fast/scrolling/adjust-scroll-offset-on-zoom.html
1308
1309         * rendering/RenderBox.cpp:
1310         (WebCore::RenderBox::styleDidChange):
1311         * rendering/RenderLayer.cpp:
1312         (WebCore::RenderLayer::updateLayerPositions):
1313         (WebCore::RenderLayer::setPostLayoutScrollPosition):
1314         (WebCore::RenderLayer::applyPostLayoutScrollPositionIfNeeded):
1315         * rendering/RenderLayer.h:
1316
1317 2017-10-11  Youenn Fablet  <youenn@apple.com>
1318
1319         Bump default cache storage quota to 20MB
1320         https://bugs.webkit.org/show_bug.cgi?id=178132
1321
1322         Reviewed by Alex Christensen.
1323
1324         Covered by http/wpt/cache-storage/cache-quota.any.html.
1325
1326         * platform/network/NetworkStorageSession.h:
1327         (WebCore::NetworkStorageSession::cacheStoragePerOriginQuota const):
1328         (WebCore::NetworkStorageSession::setCacheStoragePerOriginQuota):
1329
1330 2017-10-11  Myles C. Maxfield  <mmaxfield@apple.com>
1331
1332         Allow PAL to log messages
1333         https://bugs.webkit.org/show_bug.cgi?id=171523
1334
1335         Reviewed by Alex Christensen.
1336
1337         Make the model of WebCore/PAL match the model of WebKit/WebCore. This is because PAL will
1338         need to log things (because existing files in WebCore/platform need to log things).
1339
1340         No new tests because there is no behavior change.
1341
1342         * WebCore.xcodeproj/project.pbxproj:
1343         * page/mac/PageMac.mm:
1344         (WebCore::Page::platformInitialize):
1345         * platform/Logging.cpp:
1346         (WebCore::registerNotifyCallback): Deleted.
1347         * platform/Logging.h:
1348         * rendering/SimpleLineLayout.cpp:
1349         (WebCore::SimpleLineLayout::canUseForWithReason):
1350
1351 2017-10-11  Chris Dumez  <cdumez@apple.com>
1352
1353         Unreviewed, fix build with some SDKs.
1354
1355         Stop capturing |this| unnecessarily in lambda.
1356
1357         * Modules/entriesapi/FileSystemDirectoryEntry.cpp:
1358         (WebCore::FileSystemDirectoryEntry::getEntry):
1359
1360 2017-10-11  Chris Dumez  <cdumez@apple.com>
1361
1362         Unreviewed, fix build with some SDKs.
1363
1364         Stop capturing |this| unnecessarily in lambda.
1365
1366         * Modules/entriesapi/DOMFileSystem.cpp:
1367         (WebCore::DOMFileSystem::getFile):
1368
1369 2017-10-11  Daniel Bates  <dabates@apple.com>
1370
1371         Extract logic to paint composition underlines to its own function
1372         https://bugs.webkit.org/show_bug.cgi?id=178038
1373
1374         Reviewed by Zalan Bujtas.
1375
1376         No functionality changed. So, no new tests.
1377
1378         * rendering/InlineTextBox.cpp:
1379         (WebCore::InlineTextBox::paint): Modified to call paintCompositionUnderlines().
1380         (WebCore::InlineTextBox::paintCompositionUnderlines const): Added; extract code
1381         from InlineTextBox::paint() and modernized it.
1382         (WebCore::InlineTextBox::paintCompositionUnderline const): Added.
1383         (WebCore::InlineTextBox::paintCompositionUnderline): Deleted; made const.
1384         * rendering/InlineTextBox.h:
1385
1386 2017-10-11  Daniel Bates  <dabates@apple.com>
1387
1388         InlineTextBox::isSelected() should only return true for a non-empty selection
1389         and remove incorrect FIXME from InlineTextBox::localSelectionRect()
1390         https://bugs.webkit.org/show_bug.cgi?id=160786
1391
1392         Reviewed by Zalan Bujtas.
1393
1394         Partial revert of r204400 in InlineTextBox::{isSelected, localSelectionRect}().
1395
1396         The function InlineTextBox::isSelected() should only return true for a non-empty selection.
1397         Also remove an incorrect FIXME added to InlineTextBox::localSelectionRect() that questioned
1398         whether it was correct for it to return an empty rectangle. It is correct for it to return
1399         such a rectangle because this function is used to implement Element.getClientRects(). And
1400         Element.getClientRects() can return a rectangle with zero width or zero height by step 3
1401         of algorithm getClientRects() of section Extensions to the Element interface of the
1402         CSSOM View Module spec., <https://drafts.csswg.org/cssom-view/> (Editor's Draft, 15 September 2017).
1403
1404         * rendering/InlineTextBox.cpp:
1405         (WebCore::InlineTextBox::isSelected const): Only return true for a non-empty selection
1406         and remove unnecessary FIXME. Also rename variables to improve readability.
1407         (WebCore::InlineTextBox::localSelectionRect const): Remove inaccurate FIXME comment.
1408         * rendering/InlineTextBox.h:
1409
1410 2017-10-11  Ryosuke Niwa  <rniwa@webkit.org>
1411
1412         Sanitize URL in pasteboard for other applications and cross origin content
1413         https://bugs.webkit.org/show_bug.cgi?id=178060
1414         <rdar://problem/34874518>
1415
1416         Reviewed by Wenson Hsieh.
1417
1418         This patch introduces the sanitization of URL when written from a web content to prevent web content from
1419         exploiting the URL parser of other applications in the system particularly of those that actively monitor
1420         system pasteboard (a.k.a. clipboard on non-Cocoa platforms) and decode or otherwise process URLs.
1421
1422         Because the Web compatibility requires that DataTransfer exposes the original URL to any document in the
1423         same origin as the one which wrote the URL into the pasteboard, we store a string which uniquely identifies
1424         the origin of an originating document into our custom pasteboard data. Note that we expose any URL which
1425         didn't come from WebKit since we don't expect URLs to reveal privacy sensitive information. We use UUID for
1426         the origin identifier of a null origin document.
1427
1428         An alternative approach is to store the pasteboard data from the same origin into the document and invalidate
1429         it when the system pasteboard changes. However, Pasteboard object cannot know about Document (as Pasteboard
1430         is a platform object and Document is a WebCore object), this turns out be quite tricky as there are multiple
1431         places where we create Pasteboard objects, and they all need to be aware of this special same origin
1432         Pasteboard object that hangs off of Document. Also, this approach would result in the same origin code paths
1433         to diverge between null origin and non-null origin documents.
1434
1435         Tests: editing/pasteboard/data-transfer-get-data-on-copying-pasting-malformed-url-in-same-document.html
1436                editing/pasteboard/data-transfer-set-data-ignore-copied-walformed-url-in-null-origin.html
1437                editing/pasteboard/data-transfer-set-data-sanitlize-url-when-copying-in-null-origin.html
1438                editing/pasteboard/data-transfer-set-data-sanitlize-url-when-dragging-in-null-origin.html
1439                http/tests/security/clipboard/copy-paste-url-across-origin-sanitizes-url.html
1440                CopyURL.ValidURL
1441                CopyURL.UnescapedURL
1442                CopyURL.MalformedURL
1443                DataInteractionTests.DataTransferSetDataValidURL
1444                DataInteractionTests.DataTransferSetDataUnescapedURL
1445                DataInteractionTests.DataTransferSetDataInvalidURL
1446
1447         * dom/DataTransfer.cpp:
1448         (WebCore::originForDocument): Extracted from createForCopyAndPaste.
1449         (WebCore::DataTransfer::createForCopyAndPaste):
1450         (WebCore::DataTransfer::getDataForItem const): Read the URL from the custom data when the originating content
1451         is of the same origin. When the originating content is cross origin, or there is no custom data (e.g. written
1452         by another native application; or sanitization didn't result in any difference), then callback to native value.
1453         (WebCore::DataTransfer::setDataFromItemList): Sanitize the URL before writing it to the native pasteboard.
1454         Store the original value if the sanitization resulted in any difference.
1455         (WebCore::DataTransfer::types const):
1456         (WebCore::DataTransfer::commitToPasteboard): Moved the code to write custom data to Pasteboard since we need
1457         to write the origin string with it.
1458         (WebCore::DataTransfer::createForDragStartEvent): Added Document as an argument to compute the origin string.
1459         (WebCore::DataTransfer::createForDrop): Ditto.
1460         (WebCore::DataTransfer::createForUpdatingDropTarget):
1461         (WebCore::DataTransfer::moveDragState):
1462         * dom/DataTransfer.h:
1463         * dom/Document.cpp:
1464         (WebCore::Document::uniqueIdentifier): Added. See above.
1465         * dom/Document.h:
1466         * editing/Editor.cpp:
1467         (WebCore::createDataTransferForClipboardEvent):
1468         (WebCore::dispatchClipboardEvent):
1469         * page/DragController.cpp:
1470         (WebCore::DragController::dispatchTextInputEventFor):
1471         * page/EventHandler.cpp:
1472         (WebCore::EventHandler::performDragAndDrop):
1473         (WebCore::EventHandler::handleDrag):
1474         * platform/Pasteboard.h:
1475         * platform/PasteboardStrategy.h:
1476         * platform/PlatformPasteboard.h:
1477         * platform/StaticPasteboard.cpp:
1478         (WebCore::StaticPasteboard::takeCustomData): Moved the logic to write to native pasteboard to DataTransfer.
1479         * platform/StaticPasteboard.h:
1480         * platform/cocoa/PasteboardCocoa.mm:
1481         (WebCore::Pasteboard::typesSafeForBindings):
1482         (WebCore::Pasteboard::readStringInCustomData): Rewritten using readCustomData. See below.
1483         (WebCore::Pasteboard::readOrigin): Added.
1484         (WebCore::Pasteboard::readCustomData): Added. Populates the cache. Because a single Pasteboard object is never
1485         allowed to read values once its content is updated by other applications, we can permanently cache the result.
1486         * platform/gtk/PasteboardGtk.cpp:
1487         (WebCore::Pasteboard::typesSafeForBindings): Now takes the unused origin string.
1488         (WebCore::Pasteboard::readOrigin): Added.
1489         * platform/gtk/PlatformPasteboardGtk.cpp:
1490         (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const): Now takes the unused origin string.
1491         * platform/ios/PlatformPasteboardIOS.mm:
1492         (WebCore::originKeyKeyForTeamData): Added.
1493         (WebCore::customTypesKeyForTeamData): Added. Replaces the use of PasteboardCustomData::cocoaType() in the team
1494         data for clarity since the team data key isn't same as the pasteboard type. We don't have to worry about the
1495         backwards compatibility since drag & drop session doesn't persist across iOS upgrades, and there is no publicly
1496         released iOS with this team data support.
1497         (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const): Read the origin string and the custom data
1498         off the team data. Don't expose custom types that are written by cross origin documents.
1499         (WebCore::PlatformPasteboard::write): Add the orign string with custom pasteboard types in the team data.
1500         (WebCore::PlatformPasteboard::readURL): Fixed a bug that this function was not reading NSURL when UIPasteboard
1501         serializes NSURL as a plist. This code is exercised by CopyURL.ValidURL.
1502         * platform/mac/PlatformPasteboardMac.mm:
1503         (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const): Don't add custom pasteboard types that are
1504         added by cross origin documents.
1505         * platform/win/PasteboardWin.cpp:
1506         (WebCore::Pasteboard::typesSafeForBindings): Now takes the unused origin string.
1507         (WebCore::Pasteboard::readOrigin): Added.
1508         * platform/wpe/PasteboardWPE.cpp:
1509         (WebCore::Pasteboard::typesSafeForBindings): Now takes the unused origin string.
1510         (WebCore::Pasteboard::readOrigin): Added.
1511         * platform/wpe/PlatformPasteboardWPE.cpp:
1512         (WebCore::PlatformPasteboard::typesSafeForDOMToReadAndWrite const): Now takes the unused origin string.
1513
1514 2017-10-11  Antti Koivisto  <antti@apple.com>
1515
1516         Remove some obsolete layout assertions
1517         https://bugs.webkit.org/show_bug.cgi?id=178170
1518
1519         Reviewed by Zalan Bujtas.
1520
1521         We have strong assertions against render tree mutation functions being called in layout. These are unnecessary.
1522
1523         * rendering/RenderBoxModelObject.cpp:
1524         (WebCore::RenderBoxModelObject::moveChildTo):
1525         * rendering/RenderElement.cpp:
1526         (WebCore::RenderElement::takeChildInternal):
1527         * rendering/RenderElement.h:
1528         * rendering/RenderListItem.cpp:
1529         (WebCore::RenderListItem::layout):
1530         * rendering/RenderListItem.h:
1531
1532 2017-10-11  Andy Estes  <aestes@apple.com>
1533
1534         [Payment Request] Implement Apple Pay merchant validation
1535         https://bugs.webkit.org/show_bug.cgi?id=178159
1536
1537         Reviewed by Brady Eidson.
1538
1539         When ApplePayPaymentHandler::validateMerchant() is called, dispatch the
1540         applepayvalidatemerchant event to the PaymentRequest object.
1541
1542         The event object is an ApplePayMerchantValidationEvent, on which the client calls complete()
1543         with a merchant session.
1544
1545         Test: http/tests/ssl/applepay/ApplePayMerchantValidationEvent.https.html
1546
1547         * DerivedSources.make:
1548         * Modules/applepay/ApplePayValidateMerchantEvent.h:
1549         * Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.cpp: Added.
1550         (WebCore::ApplePayMerchantValidationEvent::create):
1551         (WebCore::ApplePayMerchantValidationEvent::ApplePayMerchantValidationEvent):
1552         (WebCore::ApplePayMerchantValidationEvent::complete):
1553         (WebCore::ApplePayMerchantValidationEvent::eventInterface const):
1554         * Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.h: Added.
1555         * Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.idl: Added.
1556         * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
1557         (WebCore::ApplePayPaymentHandler::validateMerchant):
1558         * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h:
1559         * Modules/paymentrequest/PaymentRequest.idl:
1560         * WebCore.xcodeproj/project.pbxproj:
1561         * dom/EventNames.h:
1562         * dom/EventNames.in:
1563         * testing/Internals.cpp:
1564         (WebCore::Internals::Internals):
1565         * testing/MockPaymentCoordinator.cpp:
1566         (WebCore::MockPaymentCoordinator::MockPaymentCoordinator):
1567         (WebCore::MockPaymentCoordinator::showPaymentUI):
1568         * testing/MockPaymentCoordinator.h:
1569
1570 2017-10-11  Chris Dumez  <cdumez@apple.com>
1571
1572         Modernize Geolocation code
1573         https://bugs.webkit.org/show_bug.cgi?id=178148
1574
1575         Reviewed by Ryosuke Niwa.
1576
1577         Modernize Geolocation code:
1578         - Use std::optional<> instead of separate boolean members
1579         - Make GeolocationPosition a simple struct that can be passed via IPC
1580         - Replace WebGeolocationPosition::Data with GeolocationPosition
1581         - Move logic to construct a GeolocationPosition from a CLLocation on iOS
1582           in one place to avoid code duplication.
1583
1584         * Modules/geolocation/Coordinates.cpp:
1585         (WebCore::Coordinates::Coordinates):
1586         * Modules/geolocation/Coordinates.h:
1587         (WebCore::Coordinates::create):
1588         (WebCore::Coordinates::isolatedCopy const):
1589         (WebCore::Coordinates::latitude const):
1590         (WebCore::Coordinates::longitude const):
1591         (WebCore::Coordinates::altitude const):
1592         (WebCore::Coordinates::accuracy const):
1593         (WebCore::Coordinates::altitudeAccuracy const):
1594         (WebCore::Coordinates::heading const):
1595         (WebCore::Coordinates::speed const):
1596         * Modules/geolocation/Geolocation.cpp:
1597         (WebCore::createGeoposition):
1598         (WebCore::Geolocation::lastPosition):
1599         * Modules/geolocation/GeolocationClient.h:
1600         * Modules/geolocation/GeolocationController.cpp:
1601         (WebCore::GeolocationController::positionChanged):
1602         (WebCore::GeolocationController::lastPosition):
1603         * Modules/geolocation/GeolocationController.h:
1604         * Modules/geolocation/GeolocationPosition.h:
1605         (WebCore::GeolocationPosition::GeolocationPosition):
1606         The default constructor is only needed by our IPC decoding code.
1607
1608         (WebCore::GeolocationPosition::encode const):
1609         (WebCore::GeolocationPosition::decode):
1610         * Modules/geolocation/ios/GeolocationPositionIOS.mm: Copied from Source/WebCore/Modules/geolocation/Coordinates.cpp.
1611         (WebCore::GeolocationPosition::GeolocationPosition):
1612         * WebCore.xcodeproj/project.pbxproj:
1613         * platform/mock/GeolocationClientMock.cpp:
1614         (WebCore::GeolocationClientMock::lastPosition):
1615         (WebCore::GeolocationClientMock::controllerTimerFired):
1616         * platform/mock/GeolocationClientMock.h:
1617
1618 2017-10-11  Brady Eidson  <beidson@apple.com>
1619
1620         Add a SW context process (where SW scripts will actually execute).
1621         https://bugs.webkit.org/show_bug.cgi?id=178156
1622         
1623         Reviewed by Andy Estes.
1624
1625         No new tests (Covered by changes to existing tests).
1626
1627         This patch adds an auxiliary "ServiceWorker context" WebProcess to a WebProcessPool.
1628
1629         This process is where ServiceWorker scripts will execute, separate from the client WebProcess
1630         hosting the page(s) they are serving.
1631
1632         This patch also adds all of the plumbing to pass along a fetched service worker script to this
1633         context WebProcess, as well as message back failure to actually start the script so we can test.
1634
1635         Touches lots of code sites but is basically just a lot of plumbing.
1636
1637         * WebCore.xcodeproj/project.pbxproj:
1638
1639         * workers/service/ServiceWorkerContextData.h: Copied from Source/WebCore/workers/service/server/SWServerWorker.h.
1640         (WebCore::ServiceWorkerContextData::encode const):
1641         (WebCore::ServiceWorkerContextData::decode):
1642
1643         * workers/service/server/SWServer.cpp:
1644         (WebCore::SWServer::Connection::finishFetchingScriptInServer):
1645         (WebCore::SWServer::Connection::scriptContextFailedToStart):
1646         (WebCore::SWServer::scriptFetchFinished):
1647         (WebCore::SWServer::scriptContextFailedToStart):
1648         (WebCore::SWServer::createWorker):
1649         * workers/service/server/SWServer.h:
1650
1651         * workers/service/server/SWServerRegistration.cpp:
1652         (WebCore::SWServerRegistration::scriptFetchFinished):
1653         (WebCore::SWServerRegistration::scriptContextFailedToStart):
1654         * workers/service/server/SWServerRegistration.h:
1655
1656         * workers/service/server/SWServerWorker.cpp:
1657         (WebCore::SWServerWorker::SWServerWorker):
1658         (WebCore::SWServerWorker::~SWServerWorker):
1659         * workers/service/server/SWServerWorker.h:
1660         (WebCore::SWServerWorker::create):
1661         (WebCore::SWServerWorker::scriptURL const):
1662         (WebCore::SWServerWorker::script const):
1663         (WebCore::SWServerWorker::type const):
1664         (WebCore::SWServerWorker::workerID const):
1665
1666 2017-10-11  Joanmarie Diggs  <jdiggs@igalia.com>
1667
1668         [ATK] Expose value of aria-keyshortcuts as object attribute
1669         https://bugs.webkit.org/show_bug.cgi?id=171175
1670
1671         Reviewed by Chris Fleizach.
1672
1673         Expose the author-provided string through the "keyshortcuts" object attribute.
1674
1675         Test: accessibility/gtk/aria-keyshortcuts.html
1676
1677         * accessibility/AccessibilityObject.cpp:
1678         (WebCore::AccessibilityObject::ariaKeyShortcutsValue const):
1679         * accessibility/AccessibilityObject.h:
1680         * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
1681         (webkitAccessibleGetAttributes):
1682         * html/HTMLAttributeNames.in:
1683
1684 2017-10-11  Yusuke Suzuki  <utatane.tea@gmail.com>
1685
1686         [JSC] Drop Instantiate hook in ES6 module loader
1687         https://bugs.webkit.org/show_bug.cgi?id=178162
1688
1689         Reviewed by Sam Weinig.
1690
1691         Drop instantiate hooks.
1692         No behavior change.
1693
1694         * bindings/js/JSDOMWindowBase.cpp:
1695         * bindings/js/JSWorkerGlobalScopeBase.cpp:
1696
1697 2017-10-11  Alicia Boya García  <aboya@igalia.com>
1698
1699         [MSE][GStreamer] Add dump of append pipeline
1700         https://bugs.webkit.org/show_bug.cgi?id=178074
1701
1702         Reviewed by Xabier Rodriguez-Calvar.
1703
1704         Enable dump of AppendPipeline.
1705
1706         * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
1707         (WebCore::appendPipelineStateChangeMessageCallback):
1708         (WebCore::AppendPipeline::AppendPipeline):
1709         (WebCore::AppendPipeline::handleStateChangeMessage):
1710         * platform/graphics/gstreamer/mse/AppendPipeline.h:
1711
1712 2017-09-27  Frederic Wang  <fwang@igalia.com>
1713
1714         [iOS] Do not flatten frames when async frame scrolling is enabled
1715         https://bugs.webkit.org/show_bug.cgi?id=173704
1716
1717         Reviewed by Simon Fraser.
1718
1719         This patch disables frame flattening when async frame scrolling is enabled on iOS, as
1720         otherwise you can not scroll them. Once iframe scrolling is implemented in iOS (bug 149264),
1721         developers and beta testers will be able to check it by enabling "Async Frame Scrolling"
1722         in the "Experimental WebKit Features" menu of Safari iOS.
1723
1724         Test: platform/ios/fast/frames/flattening/iframe-flattening-with-async-frame-scrolling.html
1725
1726         * page/FrameView.cpp:
1727         (WebCore::FrameView::frameFlatteningEnabled): Use effectiveFrameFlattening()
1728         * page/Settings.cpp:
1729         (WebCore::Settings::effectiveFrameFlattening): New function to return frameFlattening() or do
1730         some exceptions on iOS.
1731         * page/Settings.h: Declare effectiveFrameFlattening.
1732         * rendering/RenderFrameSet.cpp:
1733         (WebCore::RenderFrameSet::flattenFrameSet): Use effectiveFrameFlattening()
1734         * rendering/RenderIFrame.cpp:
1735         (WebCore::RenderIFrame::flattenFrame): Ditto.
1736         * rendering/RenderView.cpp:
1737         (WebCore::FrameFlatteningLayoutDisallower::FrameFlatteningLayoutDisallower): Ditto.
1738
1739 2017-10-10  Xabier Rodriguez Calvar  <calvaris@igalia.com>
1740
1741         [GStreamer] Fix double seek requested by downloadbuffer GStreamer element in webkibwebsrc
1742         https://bugs.webkit.org/show_bug.cgi?id=178079
1743
1744         Reviewed by Žan Doberšek.
1745
1746         When the downloadbuffer GStreamer element requests two seeks too
1747         close to each other there's some rare race condition where our
1748         source answers that it is not seekable and ends up with
1749         downloadbuffer element to seek beyond the file size, which causes
1750         the server to issue a 416 HTTP error code eventually, causing our
1751         MediaPlayer to stop.
1752
1753         * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
1754         (webKitWebSrcStop): We only unset he seekable attribute if we are
1755         not seeking.
1756
1757 2017-10-10  Ryosuke Niwa  <rniwa@webkit.org>
1758
1759         Enable custom pasteboard data in DumpRenderTree and WebKitTestRunner
1760         https://bugs.webkit.org/show_bug.cgi?id=178154
1761
1762         Reviewed by Wenson Hsieh.
1763
1764         Extracted the logic to compute the default enabled-ness of custom pasteboard data as
1765         Settings::defaultCustomPasteboardDataEnabled() to be called by WebKit1 and WebKit2 layers.
1766
1767         * page/Settings.cpp:
1768         (WebCore::Settings::defaultCustomPasteboardDataEnabled): Extracted from customPasteboardDataEnabled.
1769         (WebCore::Settings::customPasteboardDataEnabled): Deleted. Now inlined in the header file.
1770         * page/Settings.h:
1771         (WebCore::Settings::customPasteboardDataEnabled):
1772         * platform/cocoa/PasteboardCocoa.mm:
1773         (WebCore::Pasteboard::read): Fixed a bug that we were adding MIME type to the map before checking that
1774         we could actually read the buffer. We shouldn't skip a type (NSTIFFPboardType and kUTTypeTIFF for now)
1775         if an equivalent type had failed to read.
1776
1777 2017-10-10  Andy Estes  <aestes@apple.com>
1778
1779         [Payment Request] Validate that all PaymentCurrencyAmounts use the same currency code when using Apple Pay
1780         https://bugs.webkit.org/show_bug.cgi?id=178150
1781
1782         Reviewed by Tim Horton.
1783
1784         Apple Pay requires a single currency code, but the Payment Request API allows the client to
1785         specify a currency code for each PaymentCurrencyAmount.
1786
1787         Instead of having a required currencyCode property on ApplePayRequest and ignoring the
1788         currency property on PaymentCurrencyAmount, validate that all PaymentCurrencyAmounts use the
1789         same currency code and use that as ApplePaySessionPaymentRequest's currencyCode.
1790
1791         Added test cases to http/tests/ssl/applepay/PaymentRequest.https.html.
1792
1793         * Modules/applepay/ApplePayPaymentRequest.h:
1794         * Modules/applepay/ApplePayPaymentRequest.idl:
1795         * Modules/applepay/ApplePayRequestBase.cpp:
1796         (WebCore::convertAndValidate):
1797         * Modules/applepay/ApplePayRequestBase.h:
1798         * Modules/applepay/ApplePayRequestBase.idl:
1799         * Modules/applepay/ApplePaySession.cpp:
1800         (WebCore::convertAndValidate):
1801         * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
1802         (WebCore::validate):
1803         (WebCore::convertAndValidate):
1804         (WebCore::ApplePayPaymentHandler::show):
1805         * Modules/applepay/paymentrequest/ApplePayRequest.idl:
1806
1807 2017-10-10  Andy Estes  <aestes@apple.com>
1808
1809         [Payment Request] Implement PaymentRequest.canMakePayment()
1810         https://bugs.webkit.org/show_bug.cgi?id=178048
1811
1812         Reviewed by Youenn Fablet.
1813
1814         Test: http/tests/paymentrequest/payment-request-canmakepayment-method.https.html
1815
1816         * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
1817         (WebCore::ApplePayPaymentHandler::convertData): Moved
1818         ApplePayRequest-to-ApplePaySessionPaymentRequest conversion from here to show().
1819         (WebCore::ApplePayPaymentHandler::show): Returned an exception if
1820         ApplePaySessionPaymentRequest conversion fails.
1821         (WebCore::shouldDiscloseApplePayCapability): Checked if we are in an ephimeral session or if
1822         Settings::applePayCapabilityDisclosureAllowed() is false.
1823         (WebCore::ApplePayPaymentHandler::canMakePayment): Called
1824         PaymentCoordinator::canMakePayments() or PaymentCoordinator::canMakePaymentsWithActiveCard()
1825         depending on shouldDiscloseApplePayCapability().
1826         * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h:
1827         * Modules/applepay/paymentrequest/ApplePayRequest.h:
1828         * Modules/applepay/paymentrequest/ApplePayRequest.idl: Defined merchantIdentifier.
1829         * Modules/paymentrequest/PaymentHandler.h:
1830         * Modules/paymentrequest/PaymentRequest.cpp:
1831         (WebCore::parse): Moved JSON-parsing to here from show().
1832         (WebCore::PaymentRequest::show): Returned the exception from PaymentHandler::show().
1833         (WebCore::PaymentRequest::canMakePayment): For each payment method, try to create a
1834         PaymentHandler.
1835         For the first valid PaymentHandler, call canMakePayment() and pass a lambda that resolves
1836         the promise.
1837         * Modules/paymentrequest/PaymentRequest.h:
1838         * Modules/paymentrequest/PaymentRequest.idl: Added CallWith=Document annotations to show()
1839         and canMakePayment().
1840
1841 2017-10-10  Chris Dumez  <cdumez@apple.com>
1842
1843         Unreviewed, really fix the build with certain SDKs.
1844
1845         Follow-up to r223154, which fixed the wrong lambda.
1846
1847         * Modules/entriesapi/DOMFileSystem.cpp:
1848         (WebCore::DOMFileSystem::getEntry):
1849         (WebCore::DOMFileSystem::getFile):
1850
1851 2017-10-10  Chris Dumez  <cdumez@apple.com>
1852
1853         Unreviewed, fix build with certain SDKs.
1854
1855         Stop capturing |this| unnecessarily in lambda.
1856
1857         * Modules/entriesapi/DOMFileSystem.cpp:
1858         (WebCore::DOMFileSystem::getEntry):
1859
1860 2017-10-10  Matt Lewis  <jlewis3@apple.com>
1861
1862         Unreviewed, rolling out r223148.
1863
1864         This caused build failures.
1865
1866         Reverted changeset:
1867
1868         "Fix MSVC build with ENCRYPTED_MEDIA enabled"
1869         https://bugs.webkit.org/show_bug.cgi?id=177803
1870         http://trac.webkit.org/changeset/223148
1871
1872 2017-10-10  Zalan Bujtas  <zalan@apple.com>
1873
1874         AccessibilityRenderObject should not hold a raw pointer to RenderObject
1875         https://bugs.webkit.org/show_bug.cgi?id=178144
1876         <rdar://problem/34919287>
1877
1878         Reviewed by Chris Fleizach.
1879
1880         m_renderer's lifetime is not directly tied to the AX wrapper object's lifetime.
1881
1882         Covered by existing tests.
1883
1884         * accessibility/AccessibilityListBox.cpp:
1885         (WebCore::AccessibilityListBox::elementAccessibilityHitTest const):
1886         * accessibility/AccessibilityMathMLElement.cpp:
1887         (WebCore::AccessibilityMathMLElement::isMathFenceOperator const):
1888         (WebCore::AccessibilityMathMLElement::isMathSeparatorOperator const):
1889         (WebCore::AccessibilityMathMLElement::mathLineThickness const):
1890         * accessibility/AccessibilityMenuList.cpp:
1891         (WebCore::AccessibilityMenuList::press):
1892         (WebCore::AccessibilityMenuList::isCollapsed const):
1893         * accessibility/AccessibilityRenderObject.cpp:
1894         (WebCore::AccessibilityRenderObject::AccessibilityRenderObject):
1895         (WebCore::AccessibilityRenderObject::renderBoxModelObject const):
1896         (WebCore::AccessibilityRenderObject::setRenderer):
1897         (WebCore::AccessibilityRenderObject::previousSibling const):
1898         (WebCore::AccessibilityRenderObject::anchorElement const):
1899         (WebCore::AccessibilityRenderObject::helpText const):
1900         (WebCore::AccessibilityRenderObject::boundingBoxRect const):
1901         (WebCore::AccessibilityRenderObject::supportsPath const):
1902         (WebCore::AccessibilityRenderObject::elementPath const):
1903         (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const):
1904         (WebCore::AccessibilityRenderObject::index const):
1905         (WebCore::AccessibilityRenderObject::handleActiveDescendantChanged):
1906         (WebCore::AccessibilityRenderObject::observableObject const):
1907         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
1908         (WebCore::AccessibilityRenderObject::textChanged):
1909         (WebCore::AccessibilityRenderObject::remoteSVGRootElement const):
1910         (WebCore::AccessibilityRenderObject::roleValueForMSAA const):
1911         (WebCore::AccessibilityRenderObject::getScrollableAreaIfScrollable const):
1912         (WebCore::AccessibilityRenderObject::scrollTo const):
1913         * accessibility/AccessibilityRenderObject.h:
1914         (WebCore::AccessibilityRenderObject::setRenderObject):
1915         * accessibility/AccessibilitySlider.cpp:
1916         (WebCore::AccessibilitySlider::elementAccessibilityHitTest const):
1917         * accessibility/AccessibilityTable.cpp:
1918         (WebCore::AccessibilityTable::addChildren):
1919         * accessibility/AccessibilityTableCell.cpp:
1920         (WebCore::AccessibilityTableCell::computeAccessibilityIsIgnored const):
1921         (WebCore::AccessibilityTableCell::parentTable const):
1922         (WebCore::AccessibilityTableCell::rowIndexRange const):
1923         (WebCore::AccessibilityTableCell::columnIndexRange const):
1924         (WebCore::AccessibilityTableCell::titleUIElement const):
1925
1926 2017-10-10  Sam Weinig  <sam@webkit.org>
1927
1928         Replace copyKeysToVector/copyValuesToVector with copyToVector(map.keys())/copyToVector(map.values())
1929         https://bugs.webkit.org/show_bug.cgi?id=178102
1930
1931         Reviewed by Tim Horton.
1932
1933         * Modules/geolocation/Geolocation.cpp:
1934         (WebCore::Geolocation::Watchers::getNotifiersVector const):
1935         * Modules/indexeddb/IDBTransaction.cpp:
1936         (WebCore::IDBTransaction::connectionClosedFromServer):
1937         * Modules/indexeddb/client/IDBConnectionProxy.cpp:
1938         (WebCore::IDBClient::IDBConnectionProxy::connectionToServerLost):
1939         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
1940         (WebCore::IDBServer::UniqueIDBDatabase::immediateCloseForUserDelete):
1941         * Modules/mediastream/MediaStream.cpp:
1942         (WebCore::MediaStream::getTracks const):
1943         * bindings/js/ScriptController.cpp:
1944         (WebCore::ScriptController::windowProxies):
1945         * css/CSSComputedStyleDeclaration.cpp:
1946         (WebCore::CSSComputedStyleDeclaration::item const):
1947         * dom/Document.cpp:
1948         (WebCore::Document::prepareForDestruction):
1949         * dom/DocumentMarkerController.cpp:
1950         (WebCore::DocumentMarkerController::removeMarkers):
1951         * inspector/InspectorWorkerAgent.cpp:
1952         (WebCore::InspectorWorkerAgent::disconnectFromAllWorkerInspectorProxies):
1953         * inspector/NetworkResourcesData.cpp:
1954         * loader/DocumentLoader.cpp:
1955         (WebCore::cancelAll):
1956         (WebCore::setAllDefersLoading):
1957         (WebCore::areAllLoadersPageCacheAcceptable):
1958         * loader/cache/MemoryCache.cpp:
1959         (WebCore::MemoryCache::forEachSessionResource):
1960         * loader/mac/DocumentLoaderMac.cpp:
1961         (WebCore::scheduleAll):
1962         (WebCore::unscheduleAll):
1963         * page/ResourceUsageThread.cpp:
1964         (WebCore::ResourceUsageThread::notifyObservers):
1965         * platform/mediastream/MediaStreamPrivate.cpp:
1966         (WebCore::MediaStreamPrivate::tracks const):
1967
1968             Replace copyKeysToVector / copyValuesToVector with copyToVector(map.keys()) / copyToVector(map.values())
1969
1970 2017-10-10  Yoshiaki Jitsukawa  <Yoshiaki.Jitsukawa@sony.com>
1971
1972         Fix MSVC build with ENCRYPTED_MEDIA enabled
1973         https://bugs.webkit.org/show_bug.cgi?id=177803
1974
1975         Reviewed by Alex Christensen.
1976
1977         As a workaround for MSVC, a weak pointer of "this" is captured
1978         at the outermost lambda expression.
1979
1980         * Modules/encryptedmedia/MediaKeySession.cpp:
1981         (WebCore::MediaKeySession::generateRequest):
1982         (WebCore::MediaKeySession::load):
1983         (WebCore::MediaKeySession::update):
1984         (WebCore::MediaKeySession::close):
1985         (WebCore::MediaKeySession::remove):
1986         * platform/encryptedmedia/clearkey/CDMClearKey.cpp:
1987         (WebCore::CDMInstanceClearKey::updateLicense):
1988         (WebCore::CDMInstanceClearKey::loadSession):
1989         (WebCore::CDMInstanceClearKey::removeSessionData):
1990
1991 2017-10-10  Joanmarie Diggs  <jdiggs@igalia.com>
1992
1993         AX: [ATK] ARIA form role should be mapped to ATK_ROLE_LANDMARK; not ATK_ROLE_FORM
1994         https://bugs.webkit.org/show_bug.cgi?id=178137
1995
1996         Reviewed by Chris Fleizach.
1997
1998         Expose the ARIA form role as ATK_ROLE_LANDMARK; continue to expose the HTML form
1999         element as ATK_ROLE_FORM.
2000
2001         No new tests needed due to existing coverage. Update expectations for roles-exposed.html.
2002
2003         * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
2004         (atkRole):
2005
2006 2017-10-10  Matt Rajca  <mrajca@apple.com>
2007
2008         Respect audio rate change restrictions in HTMLMediaElement::setVolume.
2009         https://bugs.webkit.org/show_bug.cgi?id=178140
2010
2011         Reviewed by Eric Carlson.
2012
2013         Tests: media/audio-playback-volume-changes-with-restrictions-and-user-gestures.html
2014                media/audio-playback-volume-changes-with-restrictions.html
2015
2016         It's currently possible for a website to start auto-playing media with a zero volume and then
2017         programmatically set the volume to a non-zero value without a user gesture. This code path didn't
2018         have to be considered previously because volume changes are not supported on iOS.
2019
2020         We currently pause media when an audio track comes in after an element has already started playing silently
2021         in mediaPlayerDidAddAudioTrack. This patch does the same when a non-zero volume is set after a media
2022         element already began playing silently and there is an audio rate change restriction.
2023
2024         * html/HTMLMediaElement.cpp:
2025         (WebCore::HTMLMediaElement::setVolume):
2026
2027 2017-10-10  Ryosuke Niwa  <rniwa@webkit.org>
2028
2029         Loading should be disabled while constructing the fragment in WebContentReader::readWebArchive
2030         https://bugs.webkit.org/show_bug.cgi?id=178118
2031
2032         Reviewed by Antti Koivisto.
2033
2034         Disable image loading while constructing the document fragment in WebContentReader::readWebArchive
2035         as we do in createFragmentAndAddResources for RTF/RTFD. This refactoring is needed to start using
2036         blob URL in the pasted document fragment for webkit.org/b/124391.
2037
2038         Also modified WebContentReader::readWebArchive to take a reference to SharedBuffer instead of a pointer.
2039
2040         No new tests since existing tests have been updated to cover this behavior change.
2041
2042         * editing/WebContentReader.h:
2043         * editing/cocoa/WebContentReaderCocoa.mm:
2044         (WebCore::WebContentReader::readWebArchive): Use DeferredLoadingScope to disable the loader and images
2045         while constructing the document fragment.
2046         * platform/Pasteboard.h:
2047         * platform/ios/PasteboardIOS.mm:
2048         (WebCore::readPasteboardWebContentDataForType):
2049         * platform/mac/PasteboardMac.mm:
2050         (WebCore::Pasteboard::read):
2051
2052 2017-10-10  Antti Koivisto  <antti@apple.com>
2053
2054         Layers should be destroyed by RenderLayerModelObject
2055         https://bugs.webkit.org/show_bug.cgi?id=178139
2056
2057         Reviewed by Simon Fraser.
2058
2059         Clean up some FIXMEs.
2060
2061         * rendering/RenderLayerModelObject.cpp:
2062         (WebCore::RenderLayerModelObject::willBeDestroyed):
2063         (WebCore::RenderLayerModelObject::destroyLayer):
2064         * rendering/RenderLayerModelObject.h:
2065         * rendering/RenderObject.cpp:
2066         (WebCore::RenderObject::willBeDestroyed):
2067
2068 2017-10-10  Chris Dumez  <cdumez@apple.com>
2069
2070         Entries API should recognize path starting with 2 slashes as valid absolute path
2071         https://bugs.webkit.org/show_bug.cgi?id=178135
2072
2073         Reviewed by Ryosuke Niwa.
2074
2075         Entries API should recognize paths starting with 2 slashes as valid absolute paths to match Chrome's behavior.
2076         See https://github.com/WICG/entries-api/commit/990454758005a6039655835503d551015e346d9d
2077
2078         This was causing us to fail some manual web-platform-tests.
2079
2080         No new tests, updated existing tests.
2081
2082         * Modules/entriesapi/DOMFileSystem.cpp:
2083         (WebCore::isValidPathSegment):
2084         (WebCore::isZeroOrMorePathSegmentsSeparatedBySlashes):
2085         (WebCore::isValidRelativeVirtualPath):
2086         (WebCore::isValidVirtualPath):
2087
2088 2017-10-10  Matt Lewis  <jlewis3@apple.com>
2089
2090         Unreviewed, rolling out r223110.
2091
2092         This caused consistent failures and timeouts on multiple
2093         platforms.
2094
2095         Reverted changeset:
2096
2097         "Delete button doesn't fully delete certain emoji"
2098         https://bugs.webkit.org/show_bug.cgi?id=178096
2099         http://trac.webkit.org/changeset/223110
2100
2101 2017-10-10  Antti Koivisto  <antti@apple.com>
2102
2103         RenderObject::destroy() should only be invoked after renderer has been removed from the tree
2104         https://bugs.webkit.org/show_bug.cgi?id=178075
2105
2106         Reviewed by Zalan Bujtas.
2107
2108         This patch fixes the remaining cases where the renderer is still in the tree while destroy()
2109         is called and adds the assert.
2110
2111         * rendering/RenderBlock.cpp:
2112         (WebCore::RenderBlock::removeLeftoverAnonymousBlock):
2113         (WebCore::RenderBlock::takeChild):
2114         * rendering/RenderBoxModelObject.cpp:
2115         (WebCore::RenderBoxModelObject::willBeDestroyed):
2116         * rendering/RenderLayer.cpp:
2117         (WebCore::RenderLayer::~RenderLayer):
2118
2119             Null the parent pointers for m_scrollCorner/m_resizer.
2120
2121         (WebCore::RenderLayer::calculateClipRects const):
2122         * rendering/RenderLayer.h:
2123         * rendering/RenderObject.cpp:
2124         (WebCore::RenderObject::willBeDestroyed):
2125         (WebCore::RenderObject::removeFromParentAndDestroyCleaningUpAnonymousWrappers):
2126         (WebCore::RenderObject::destroy):
2127
2128             Use RELEASE_ASSERT as these are cheap and important checks.
2129             Also turn isBeingDestroyed test into RELEASE_ASSERT.
2130             Remove AX call that no longer does anything.
2131
2132         (WebCore::RenderObject::destroyAndCleanupAnonymousWrappers): Deleted.
2133         * rendering/RenderObject.h:
2134         * rendering/RenderRubyBase.cpp:
2135         (WebCore::RenderRubyBase::moveBlockChildren):
2136         * rendering/RenderTableRow.cpp:
2137         (WebCore::RenderTableRow::collapseAndDestroyAnonymousSiblingRows):
2138         (WebCore::RenderTableRow::destroyAndCollapseAnonymousSiblingRows): Deleted.
2139
2140             Renamed and made this no longer destroy itself. The caller now takes care of that.
2141             Removed an unnecessary lambda.
2142
2143         * rendering/RenderTableRow.h:
2144         * style/RenderTreeUpdater.cpp:
2145         (WebCore::RenderTreeUpdater::tearDownRenderers):
2146         (WebCore::RenderTreeUpdater::tearDownRenderer):
2147         * style/RenderTreeUpdaterListItem.cpp:
2148         (WebCore::RenderTreeUpdater::ListItem::updateMarker):
2149
2150 2017-10-09  Antti Koivisto  <antti@apple.com>
2151
2152         Add isContinuation bit
2153         https://bugs.webkit.org/show_bug.cgi?id=178084
2154
2155         Reviewed by Zalan Bujtas.
2156
2157         Currently continuations are identified indirectly by comparing renderer pointer with the element renderer pointer.
2158         This is bug prone and fails to cover anonymous continuations.
2159
2160         * accessibility/AccessibilityRenderObject.cpp:
2161         (WebCore::firstChildConsideringContinuation):
2162         (WebCore::startOfContinuations):
2163         (WebCore::firstChildIsInlineContinuation):
2164         (WebCore::AccessibilityRenderObject::computeAccessibilityIsIgnored const):
2165
2166             Ignore first-letter fragment. This worked before because first-letter renderers
2167             were mistakenly considered inline element continuations (see below).
2168
2169         * rendering/RenderBoxModelObject.cpp:
2170         (WebCore::RenderBoxModelObject::setContinuation):
2171         * rendering/RenderElement.cpp:
2172         (WebCore::RenderElement::RenderElement):
2173         * rendering/RenderElement.h:
2174         (WebCore::RenderElement::hasContinuation const):
2175         (WebCore::RenderElement::isContinuation const):
2176         (WebCore::RenderElement::setIsContinuation):
2177
2178             The new bit.
2179
2180         (WebCore::RenderElement::isElementContinuation const):
2181         (WebCore::RenderElement::isInlineElementContinuation const):
2182         * rendering/RenderInline.cpp:
2183         (WebCore::RenderInline::addChildIgnoringContinuation):
2184         (WebCore::RenderInline::cloneAsContinuation const):
2185         (WebCore::RenderInline::splitInlines):
2186         (WebCore::RenderInline::childBecameNonInline):
2187         (WebCore::RenderInline::clone const): Deleted.
2188         * rendering/RenderInline.h:
2189         * rendering/RenderObject.h:
2190         (WebCore::RenderObject::isAnonymousBlock const):
2191         (WebCore::RenderObject::isElementContinuation const): Deleted.
2192
2193             The old continuation test was 'node() && node()->renderer() != this'
2194             This was fragile as nulling the renderer will make it fail.
2195             It was also wrong for first-letter renderers (isElementContinuation was true for them).
2196
2197         (WebCore::RenderObject::isInlineElementContinuation const): Deleted.
2198
2199             Move to RenderElement.
2200
2201         (WebCore::RenderObject::isBlockElementContinuation const): Deleted.
2202
2203 2017-10-10  Joanmarie Diggs  <jdiggs@igalia.com>
2204
2205         AX: [ATK] STATE_CHECKABLE should be removed from radio buttons in radiogroups with aria-readonly="true"
2206         https://bugs.webkit.org/show_bug.cgi?id=177931
2207
2208         Reviewed by Chris Fleizach.
2209
2210         Add a check in canSetValueAttribute() for readonly radiogroup ancestors of
2211         radio buttons.
2212
2213         Test: accessibility/gtk/aria-readonly-radiogroup.html
2214
2215         * accessibility/AccessibilityNodeObject.cpp:
2216         (WebCore::AccessibilityNodeObject::canSetValueAttribute const):
2217         * accessibility/AccessibilityObject.cpp:
2218         (WebCore::AccessibilityObject::radioGroupAncestor const):
2219         * accessibility/AccessibilityObject.h:
2220
2221 2017-10-09  Chris Dumez  <cdumez@apple.com>
2222
2223         Calling fileSystemDirectoryEntry.getDirectory() with empty path should not fail
2224         https://bugs.webkit.org/show_bug.cgi?id=178114
2225
2226         Reviewed by Ryosuke Niwa.
2227
2228         Calling fileSystemDirectoryEntry.getDirectory() with empty/null/undefined path should not fail as per:
2229         - https://wicg.github.io/entries-api/#dom-filesystemdirectoryentry-getdirectory
2230
2231         The empty string is a valid path as per:
2232         - https://wicg.github.io/entries-api/#valid-path
2233
2234         This aligns out behavior with Chrome.
2235
2236         No new tests, updated existing test.
2237
2238         * Modules/entriesapi/DOMFileSystem.cpp:
2239         (WebCore::isValidVirtualPath):
2240         (WebCore::resolveRelativeVirtualPath):
2241
2242 2017-10-09  Chris Dumez  <cdumez@apple.com>
2243
2244         It should not be possible to submit a form that is disconnected
2245         https://bugs.webkit.org/show_bug.cgi?id=178099
2246
2247         Reviewed by Sam Weinig.
2248
2249         It should not be possible to submit a form that is disconnected. Both Firefox and Chrome agree with the specification.
2250
2251         This is as per:
2252         https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#form-submission-algorithm (step 1)
2253         which refers to:
2254         https://html.spec.whatwg.org/multipage/links.html#cannot-navigate
2255
2256         Form cannot navigate when it is disconnected.
2257
2258         No new tests, rebaselined existing tests.
2259
2260         * html/HTMLFormElement.cpp:
2261         (WebCore::HTMLFormElement::prepareForSubmission):
2262
2263 2017-10-09  Myles C. Maxfield  <mmaxfield@apple.com>
2264
2265         Delete button doesn't fully delete certain emoji
2266         https://bugs.webkit.org/show_bug.cgi?id=178096
2267         <rdar://problem/34785106>
2268
2269         Reviewed by Simon Fraser.
2270
2271         System infrastructure for handling emoji changes every year. Instead of having
2272         custom code to specifically walk over codepoints, we should delegate to the
2273         system handling.
2274
2275         Test: editing/deleting/delete-emoji.html
2276
2277         * rendering/RenderText.cpp:
2278         (WebCore::RenderText::previousOffset const):
2279         (WebCore::RenderText::previousOffsetForBackwardDeletion const):
2280         (WebCore::RenderText::nextOffset const):
2281         (WebCore::isHangulLVT): Deleted.
2282         (WebCore::isMark): Deleted.
2283         (WebCore::isRegionalIndicator): Deleted.
2284         (WebCore::isInArmenianToLimbuRange): Deleted.
2285
2286 2017-10-09  Said Abou-Hallawa  <sabouhallawa@apple.com>
2287
2288         Image data should be coalesced if it comes in small chunks before updating the ImageSource
2289         https://bugs.webkit.org/show_bug.cgi?id=175890
2290
2291         Reviewed by Simon Fraser.
2292
2293         Coalesce the updates, which an Image makes when receiving encoded data in
2294         small chunks, for all platforms. Ensure the clients of the CachedImage
2295         won't be notified unless an update in the ImageSource happens.
2296
2297         I need to change some functions' names to better implement this patch. 
2298         The names of these functions have been confusing:
2299             CachedImage::addData(SharedBuffer&)
2300             CachedImage::addDataBuffer(const char* data, unsigned)
2301             CachedImage::addIncrementalDataBuffer(SharedBuffer&)
2302
2303         The image data is not buffered incrementally into the CachedImage. When
2304         new data is received, SubresourceLoader calls CachedImage to "update" its
2305         m_data with either a SharedBuffer or a data pointer. In either case the
2306         SharedBuffer or the pointer contains all the loaded data. SubresourceLoader
2307         calls CachedImage to update its m_data, to ensure its m_image is created 
2308         and to notify its clients with the new data.
2309
2310         The verb "add" in the functions' name is misleading. I am suggesting the
2311         following names instead:
2312             CachedImage::updateBuffer(SharedBuffer&)
2313             CachedImage::updateData(const char*, unsigned)
2314             CachedImage::doUpdateBuffer(SharedBuffer&)
2315
2316         The first two are the virtual ones. They are called form SubresourceLoader.
2317         The third one is the internal implementation to update the m_data member.
2318         The same names will be used in the following classes:
2319             CachedResource which is the base class of CachedImage
2320             CachedRawResource which is derived from CachedResource
2321             CachedTextTrack which is derived from CachedResource
2322
2323         * html/ImageDocument.cpp:
2324         (WebCore::ImageDocument::updateDuringParsing):
2325         * loader/SubresourceLoader.cpp:
2326         (WebCore::SubresourceLoader::didReceiveDataOrBuffer):
2327         * loader/cache/CachedImage.cpp:
2328         (WebCore::CachedImage::clearImage): Reset the update back off members.
2329         (WebCore::CachedImage::doUpdateBuffer): Don't update CachedImage with
2330         the new data if it comes in small chunks with fast rate.
2331         (WebCore::CachedImage::shouldDeferUpdateImageData const): This code is moved 
2332         from ImageSource::dataChanged().
2333         (WebCore::CachedImage::didUpdateImageData): Ditto.
2334         (WebCore::CachedImage::updateImageData):
2335         (WebCore::CachedImage::updateBuffer):
2336         (WebCore::CachedImage::updateData):
2337         (WebCore::CachedImage::finishLoading):
2338         (WebCore::CachedImage::addIncrementalDataBuffer): Deleted.
2339         (WebCore::CachedImage::setImageDataBuffer): Deleted.
2340         (WebCore::CachedImage::addDataBuffer): Deleted.
2341         (WebCore::CachedImage::addData): Deleted.
2342         * loader/cache/CachedImage.h:
2343         * loader/cache/CachedRawResource.cpp:
2344         (WebCore::CachedRawResource::updateBuffer):
2345         (WebCore::CachedRawResource::updateData):
2346         (WebCore::CachedRawResource::addDataBuffer): Deleted.
2347         (WebCore::CachedRawResource::addData): Deleted.
2348         * loader/cache/CachedRawResource.h:
2349         * loader/cache/CachedResource.cpp:
2350         (WebCore::CachedResource::updateBuffer):
2351         (WebCore::CachedResource::updateData):
2352         (WebCore::CachedResource::addDataBuffer): Deleted.
2353         (WebCore::CachedResource::addData): Deleted.
2354         * loader/cache/CachedResource.h:
2355         * loader/cache/CachedTextTrack.cpp:
2356         (WebCore::CachedTextTrack::doUpdateBuffer): Rename updateData() to doUpdateBuffer().
2357         (WebCore::CachedTextTrack::updateBuffer): Rename addDataBuffer() to updateBuffer().
2358         (WebCore::CachedTextTrack::finishLoading): Call the internal function doUpdateBuffer().
2359         (WebCore::CachedTextTrack::updateData): Deleted.
2360         (WebCore::CachedTextTrack::addDataBuffer): Deleted.
2361         * loader/cache/CachedTextTrack.h:
2362         * platform/graphics/ImageSource.cpp:
2363         (WebCore::ImageSource::dataChanged): Move the update back off code to CachedImage::updateData().
2364         * platform/graphics/ImageSource.h:
2365
2366 2017-10-09  Michael Saboff  <msaboff@apple.com>
2367
2368         Implement RegExp Unicode property escapes
2369         https://bugs.webkit.org/show_bug.cgi?id=172069
2370
2371         Reviewed by JF Bastien.
2372
2373         Refactoring change - Added BuiltInCharacterClassID:: prefix to uses of the enum.
2374
2375         * contentextensions/URLFilterParser.cpp:
2376         (WebCore::ContentExtensions::PatternParser::atomBuiltInCharacterClass):
2377
2378 2017-10-09  Andy Estes  <aestes@apple.com>
2379
2380         [Payment Request] Implement PaymentRequest.show() and PaymentRequest.hide()
2381         https://bugs.webkit.org/show_bug.cgi?id=178043
2382         <rdar://problem/34076639>
2383
2384         Reviewed by Tim Horton.
2385
2386         Tests: http/tests/paymentrequest/payment-request-abort-method.https.html
2387                http/tests/paymentrequest/payment-request-show-method.https.html
2388
2389         * Modules/applepay/PaymentCoordinator.h:
2390         * Modules/applepay/PaymentSession.h: Virtually inherited from PaymentSessionBase to
2391         accommodate ApplePayPaymentHandler inheriting from both this and PaymentHandler.
2392         (WebCore::PaymentSession::~PaymentSession): Deleted.
2393         * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
2394         (WebCore::paymentCoordinator): Virtually inherited from PaymentSessionBase to accommodate
2395         ApplePayPaymentHandler inheriting from both this and PaymentSession.
2396         (WebCore::ApplePayPaymentHandler::hasActiveSession): Added. Calls PaymentCoordinator::hasActiveSession().
2397         (WebCore::ApplePayPaymentHandler::show): Added. Calls PaymentCoordinator::beginPaymentSession().
2398         (WebCore::ApplePayPaymentHandler::hide): Added. Calls PaymentCoordinator::abortPaymentSession().
2399         * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h: Inherited from PaymentSession in
2400         addition to PaymentHandler so that this can be PaymentCoordinator active session.
2401         * Modules/paymentrequest/PaymentHandler.cpp:
2402         (WebCore::PaymentHandler::create):
2403         (WebCore::PaymentHandler::hasActiveSession):
2404         * Modules/paymentrequest/PaymentHandler.h:
2405         * Modules/paymentrequest/PaymentRequest.cpp:
2406         (WebCore::PaymentRequest::~PaymentRequest):
2407         (WebCore::PaymentRequest::show): Rejected the promise if PaymentCoordinator has an active session.
2408         (WebCore::PaymentRequest::abort): Called stop().
2409         (WebCore::PaymentRequest::canSuspendForDocumentSuspension const): Returned true if state is
2410         Interactive and there is an active handler showing.
2411         (WebCore::PaymentRequest::stop): Hid the active session if it's showing, then set state to
2412         Closed and rejected the show promise.
2413         * Modules/paymentrequest/PaymentRequest.h:
2414         * Modules/paymentrequest/PaymentSessionBase.h: Added. Inherits from
2415         RefCounted<PaymentSessionBase> and defines a virtual destructor. This allows subclasses to
2416         virtually inherit a single ref-count to support multiple inheritance.
2417         * WebCore.xcodeproj/project.pbxproj:
2418         * bindings/scripts/CodeGeneratorJS.pm:
2419         (GetGnuVTableOffsetForType): Added ApplePaySession to the list of classes that need a vtable
2420         offset of 3.
2421         * page/MainFrame.cpp:
2422         (WebCore::MainFrame::setPaymentCoordinator): Added a setter for m_paymentCoordinator.
2423         * page/MainFrame.h:
2424         * testing/Internals.cpp:
2425         (WebCore::Internals::Internals): Set the main frame's payment coordinator to a new
2426         PaymentCoordinator with MockPaymentCoordinator as its client.
2427         * testing/MockPaymentCoordinator.cpp: Added a mock PaymentCoordinatorClient for testing.
2428         (WebCore::MockPaymentCoordinator::supportsVersion):
2429         (WebCore::MockPaymentCoordinator::canMakePayments):
2430         (WebCore::MockPaymentCoordinator::canMakePaymentsWithActiveCard):
2431         (WebCore::MockPaymentCoordinator::openPaymentSetup):
2432         (WebCore::MockPaymentCoordinator::showPaymentUI):
2433         (WebCore::MockPaymentCoordinator::paymentCoordinatorDestroyed):
2434         * testing/MockPaymentCoordinator.h: Added.
2435
2436 2017-10-09  Youenn Fablet  <youenn@apple.com>
2437
2438         Add quota to cache API
2439         https://bugs.webkit.org/show_bug.cgi?id=177552
2440
2441         Reviewed by Alex Christensen.
2442
2443         Tests: http/wpt/cache-storage/cache-quota.any.html
2444
2445         Storing padded opaque response body sizes within FetchResponse and CacheStorageConnection.
2446         See https://github.com/whatwg/storage/issues/31 for the rationale about this padding.
2447         Storing in CacheStorageConnection is needed for handling cloned network fetched created responses.
2448         Storing in FetchResponse is needed for handling cloned cache-storage created opaque responses.
2449
2450         Adding internals to query and set the fuzzed size of a response.
2451
2452         * Modules/cache/CacheStorageConnection.cpp:
2453         (WebCore::computeRealBodySize):
2454         (WebCore::CacheStorageConnection::computeRecordBodySize):
2455         (WebCore::CacheStorageConnection::setResponseBodySizeWithPadding):
2456         (WebCore::CacheStorageConnection::responseBodySizeWithPadding const):
2457         * Modules/cache/CacheStorageConnection.h:
2458         * Modules/cache/DOMCache.cpp:
2459         (WebCore::DOMCache::toConnectionRecord):
2460         (WebCore::DOMCache::updateRecords):
2461         * Modules/cache/DOMCache.h:
2462         * Modules/cache/DOMCacheEngine.cpp:
2463         (WebCore::DOMCacheEngine::errorToException):
2464         (WebCore::DOMCacheEngine::Record::copy const):
2465         * Modules/cache/DOMCacheEngine.h:
2466         * Modules/cache/WorkerCacheStorageConnection.cpp:
2467         (WebCore::toCrossThreadRecordData):
2468         (WebCore::fromCrossThreadRecordData):
2469         * Modules/fetch/FetchResponse.cpp:
2470         (WebCore::FetchResponse::clone):
2471         (WebCore::FetchResponse::BodyLoader::didReceiveResponse):
2472         * Modules/fetch/FetchResponse.h:
2473         * Modules/fetch/FetchResponse.idl:
2474         * testing/Internals.cpp:
2475         (WebCore::Internals::setResponseSizeWithPadding):
2476         (WebCore::Internals::responseSizeWithPadding const):
2477         * testing/Internals.h:
2478         * testing/Internals.idl:
2479
2480 2017-10-09  Zalan Bujtas  <zalan@apple.com>
2481
2482         Remove redundant RenderObject::virtualContinuation
2483         https://bugs.webkit.org/show_bug.cgi?id=178091
2484         <rdar://problem/34892906>
2485
2486         Reviewed by Antti Koivisto.
2487  
2488         virtualContinuation sounds like a feature of continuation, while it's just a (not super useful)helper override.
2489
2490         No change in functionality.
2491
2492         * rendering/RenderBlock.cpp:
2493         (WebCore::canMergeContiguousAnonymousBlocks):
2494         (WebCore::RenderBlock::takeChild):
2495         * rendering/RenderBlock.h:
2496         * rendering/RenderInline.h:
2497         * rendering/RenderObject.h:
2498         (WebCore::RenderObject::isBlockElementContinuation const):
2499         (WebCore::RenderObject::virtualContinuation const): Deleted.
2500
2501 2017-10-09  Dean Jackson  <dino@apple.com>
2502
2503         [WebGL] Third IOSurface buffer might be allocated with the wrong size
2504         https://bugs.webkit.org/show_bug.cgi?id=178092
2505         <rdar://problem/34893173>
2506
2507         Reviewed by Jer Noble.
2508
2509         If the WebGL canvas resizes after the third buffer was allocated, it
2510         was never getting told that its backing store should be thrown away.
2511
2512         * platform/graphics/cocoa/WebGLLayer.mm: Allocate the third buffer at
2513         the same time as the first two.
2514         (-[WebGLLayer allocateIOSurfaceBackingStoreWithSize:usingAlpha:]):
2515         (-[WebGLLayer bindFramebufferToNextAvailableSurface]):
2516
2517 2017-10-09  Sam Weinig  <sam@webkit.org>
2518
2519         Make HashMap::keys() and HashMap::values() work with WTF::map/WTF::copyToVector
2520         https://bugs.webkit.org/show_bug.cgi?id=178072
2521
2522         Reviewed by Darin Adler.
2523
2524         * platform/graphics/avfoundation/MediaSelectionGroupAVFObjC.h:
2525         (WebCore::MediaSelectionGroupAVFObjC::options):
2526         
2527             Update for type change for HashMap::values().
2528             
2529 2017-10-09  Wenson Hsieh  <wenson_hsieh@apple.com>
2530
2531         Unreviewed, another build fix attempt after r223031
2532
2533         The default constructor of DragTargetResponse is also invoked via initializer list in EventHandler.cpp, so we'll
2534         need to explicitly declare this constructor in the header.
2535
2536         * page/EventHandler.h:
2537
2538 2017-10-09  Ryan Haddad  <ryanhaddad@apple.com>
2539
2540         Unreviewed, rolling out r223021.
2541
2542         LayoutTests added with this change are failing.
2543
2544         Reverted changeset:
2545
2546         "[Payment Request] Implement PaymentRequest.show() and
2547         PaymentRequest.hide()"
2548         https://bugs.webkit.org/show_bug.cgi?id=178043
2549         http://trac.webkit.org/changeset/223021
2550
2551 2017-10-09  Jeremy Jones  <jeremyj@apple.com>
2552
2553         Blurry captions on retina screens.
2554         https://bugs.webkit.org/show_bug.cgi?id=177560
2555         rdar://problem/17913388
2556
2557         Reviewed by Jer Noble.
2558
2559         No new tests because the contents scale of the captions layer is not exposed to the DOM.
2560
2561         The captions layer contents scale needs to take into account the device screen scale to get the correct resolution for captions.
2562
2563         * html/shadow/MediaControlElements.cpp:
2564         (WebCore::MediaControlTextTrackContainerElement::updateTextTrackRepresentation):
2565         (WebCore::MediaControlTextTrackContainerElement::updateSizes):
2566
2567 2017-10-09  Wenson Hsieh  <wenson_hsieh@apple.com>
2568
2569         Unreviewed, fix the Windows build after r223031
2570
2571         Speculative build fix; no change in behavior.
2572
2573         * page/EventHandler.h:
2574         (WebCore::EventHandler::DragTargetResponse::DragTargetResponse):
2575
2576 2017-10-09  Alex Christensen  <achristensen@webkit.org>
2577
2578         Reduce includes in Document.h
2579         https://bugs.webkit.org/show_bug.cgi?id=178035
2580
2581         Reviewed by Darin Adler.
2582
2583         * dom/Document.h:
2584
2585 2017-10-09  Joanmarie Diggs  <jdiggs@igalia.com>
2586
2587         AX: [ATK] Explicitly-set aria-sort value of "none" should be exposed as an object attribute
2588         https://bugs.webkit.org/show_bug.cgi?id=177955
2589
2590         Reviewed by Chris Fleizach.
2591
2592         Expose "none" as the value of aria-sort when the attribute is present and not
2593         one of the other valid sort types. Also add a new AccessibilitySortDirection,
2594         SortDirectionInvalid. This is currently only being used when the sort direction
2595         is sought for a role which does not support this ARIA attribute, but might come
2596         in handy if we want to add further sanity checks on the author-provided values.
2597
2598         Test: accessibility/gtk/aria-sort-values.html
2599
2600         * accessibility/AccessibilityObject.cpp:
2601         (WebCore::AccessibilityObject::sortDirection const):
2602         * accessibility/AccessibilityObject.h:
2603         * accessibility/atk/WebKitAccessibleWrapperAtk.cpp:
2604         (webkitAccessibleGetAttributes):
2605         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
2606         (-[WebAccessibilityObjectWrapper additionalAccessibilityAttributeNames]):
2607
2608 2017-10-09  Robin Morisset  <rmorisset@apple.com>
2609
2610         Make the names of the options consistent 
2611         https://bugs.webkit.org/show_bug.cgi?id=177933
2612
2613         Reviewed by Saam Barati.
2614
2615         No functional change, just fixing comments.
2616
2617         * Modules/mediasource/MediaSource.cpp:
2618         (WebCore::MediaSource::buffered const):
2619         (WebCore::MediaSource::monitorSourceBuffers):
2620         * Modules/webaudio/AudioBufferSourceNode.cpp:
2621         (WebCore::AudioBufferSourceNode::process):
2622         * bindings/scripts/generate-bindings.pl:
2623         * css/StyleResolver.cpp:
2624         (WebCore::StyleResolver::adjustRenderStyle):
2625         * editing/BreakBlockquoteCommand.cpp:
2626         (WebCore::BreakBlockquoteCommand::doApply):
2627         * editing/ReplaceSelectionCommand.cpp:
2628         (WebCore::ReplaceSelectionCommand::doApply):
2629         * editing/VisibleSelection.cpp:
2630         (WebCore::VisibleSelection::setStartAndEndFromBaseAndExtentRespectingGranularity):
2631         * editing/VisibleUnits.cpp:
2632         (WebCore::closestWordBoundaryForPosition):
2633         * html/parser/AtomicHTMLToken.h:
2634         * html/parser/HTMLDocumentParser.cpp:
2635         (WebCore::HTMLDocumentParser::end):
2636         * inspector/InspectorOverlayPage.js:
2637         (reset):
2638         * page/ViewportConfiguration.cpp:
2639         (WebCore::ViewportConfiguration::layoutWidth const):
2640         (WebCore::ViewportConfiguration::layoutHeight const):
2641         * platform/graphics/FloatPolygon.h:
2642         * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
2643         (WebCore::InbandTextTrackPrivateAVF::processCueAttributes):
2644         * platform/graphics/filters/FilterOperation.h:
2645         * platform/graphics/opengl/GraphicsContext3DOpenGL.cpp:
2646         (WebCore::GraphicsContext3D::texImage2D):
2647         * platform/mac/WidgetMac.mm:
2648         (WebCore::safeRemoveFromSuperview):
2649         * rendering/RenderBlockFlow.cpp:
2650         (WebCore::RenderBlockFlow::collapseMarginsWithChildInfo):
2651         * rendering/RenderBlockFlow.h:
2652         * rendering/RenderBox.cpp:
2653         (WebCore::RenderBox::computePositionedLogicalWidthReplaced const):
2654         * rendering/RenderObject.cpp:
2655         (WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded const):
2656         * rendering/RenderTheme.cpp:
2657         (WebCore::RenderTheme::disabledTextColor const):
2658         * style/ClassChangeInvalidation.cpp:
2659         (WebCore::Style::computeClassChange):
2660         * style/StyleScope.cpp:
2661         (WebCore::Style::Scope::didChangeStyleSheetEnvironment):
2662         * svg/SVGAltGlyphDefElement.cpp:
2663         (WebCore::SVGAltGlyphDefElement::hasValidGlyphElements const):
2664
2665 2017-10-09  Adrian Perez de Castro  <aperez@igalia.com>
2666
2667         [WPE][GTK] Propagate libepoxy compiler flags obtained from pkg-config
2668         https://bugs.webkit.org/show_bug.cgi?id=178081
2669
2670         Reviewed by Carlos Alberto Lopez Perez.
2671
2672         No new tests needed.
2673
2674         * CMakeLists.txt: Use ${LIBEPOXY_DEFINITIONS} for building WebCore.
2675
2676 2017-10-09  Romain Bellessort  <romain.bellessort@crf.canon.fr>
2677
2678         [Readable Streams API] Implement canCloseOrEnqueue
2679         https://bugs.webkit.org/show_bug.cgi?id=178005
2680
2681         Reviewed by Youenn Fablet.
2682
2683         Implemented readableStreamDefaultControllerCanCloseOrEnqueue [1]. This is
2684         just a refactoring (based on spec) aiming at factorizing a set of tests
2685         that are done at multiple places.
2686
2687         [1] https://streams.spec.whatwg.org/#readable-stream-default-controller-can-close-or-enqueue
2688
2689         No new tests (refactoring, no new behavior).
2690
2691         * Modules/streams/ReadableStreamDefaultController.js:
2692         (enqueue): Updated.
2693         (close): Updated.
2694         * Modules/streams/ReadableStreamInternals.js:
2695         (readableStreamDefaultControllerClose): Updated.
2696         (readableStreamDefaultControllerCanCloseOrEnqueue): Added.
2697
2698 2017-10-05  Frederic Wang  <fwang@igalia.com>
2699
2700         Remove WOFF2 from Source/ThirdParty.
2701         https://bugs.webkit.org/show_bug.cgi?id=177862
2702
2703         Reviewed by Michael Catanzaro.
2704
2705         No new tests, already covered by existing tests.
2706
2707         * CMakeLists.txt: Use the system brotli/woff2 headers/libraries.
2708
2709 2017-10-08  Darin Adler  <darin@apple.com>
2710
2711         Update HTMLOListElement.start to behavior from latest HTML specification
2712         https://bugs.webkit.org/show_bug.cgi?id=178057
2713
2714         Reviewed by Chris Dumez.
2715
2716         * html/HTMLOListElement.cpp:
2717         (optionalValue): Added. Helper function that we can put into Expected.h later
2718         if we like; makes it easier to turn Expected into std::optional.
2719         (WebCore::HTMLOListElement::HTMLOListElement): Moved data member initialization
2720         into class definition so it doesn't have to be done here.
2721         (WebCore::HTMLOListElement::parseAttribute): Simplified using the new
2722         optionalValue function. Moved the call to update values in here since it's
2723         a trivial one-liner (albeit done twice).
2724         (WebCore::HTMLOListElement::updateItemValues): Deleted. Moved this into the
2725         parseAttribute function.
2726         (WebCore::HTMLOListElement::itemCount): Updated to use std::optional instead
2727         of a separate m_shouldRecalculateItemCount flag. Also inlined the
2728         recalculateItemCount function since it's a trivial one-liner.
2729         (WebCore::HTMLOListElement::itemCountAfterLayout): Deleted. The only use of
2730         this was to implement the now-obsolete behavior of the start attribute.
2731         (WebCore::HTMLOListElement::recalculateItemCount): Deleted. Moved this into
2732         the itemCount function.
2733
2734         * html/HTMLOListElement.h: Changed startForBindings to return 1 when start
2735         is not specified; this what the HTML specification now calls for. Updated
2736         for the changes above. Merged m_itemCount and m_shouldRecalculateItemCount
2737         into a single optional m_itemCount, and made it mutable so it can be
2738         computed as a side effect of calling the const member function start.
2739
2740 2017-10-08  Darin Adler  <darin@apple.com>
2741
2742         Fix bugs related to setting reflected floating point DOM attributes
2743         https://bugs.webkit.org/show_bug.cgi?id=178061
2744
2745         Reviewed by Sam Weinig.
2746
2747         * html/HTMLProgressElement.cpp:
2748         (WebCore::HTMLProgressElement::setValue): Changed the semantics to match what
2749         the HTML specification calls for. When a caller passes a negative number or
2750         zero, the value does get set on the element. Negative numbers are not allowed
2751         when you get the current value, but are allowed to be set.
2752         (WebCore::HTMLProgressElement::setMax): Changed the semantics to match what
2753         the HTML specification calls for. When a caller passes a negative number or
2754         zero, this should leave the attribute unchanged.
2755
2756         * html/shadow/MediaControlElementTypes.cpp:
2757         (WebCore::MediaControlVolumeSliderElement::setVolume): Use
2758         String::numberToStringECMAScript instead of String::number since that is what
2759         we want any time we are setting an attribute value from a floating point value.
2760         * html/shadow/MediaControlElements.cpp:
2761         (WebCore::MediaControlTimelineElement::setPosition): Ditto.
2762         (WebCore::MediaControlTimelineElement::setDuration): Removed unneeded check
2763         of std::isfinite since the single caller already checks that.
2764
2765 2017-10-08  Wenson Hsieh  <wenson_hsieh@apple.com>
2766
2767         DataTransfer.items does not contain items for custom types supplied via add or setData
2768         https://bugs.webkit.org/show_bug.cgi?id=178016
2769
2770         Reviewed by Darin Adler.
2771
2772         Minor tweaks to expose pasteboard types and data through DataTransfer's item list. This patch fixes two primary
2773         issues: (1) custom pasteboard data is not exposed through the item list in any way, and (2) the "Files"
2774         compatibility type is exposed as a separate data transfer item of kind 'string' when dropping or pasting files.
2775
2776         Tests: editing/pasteboard/data-transfer-items-add-custom-data.html
2777                editing/pasteboard/data-transfer-items-drop-file.html
2778
2779         * dom/DataTransfer.cpp:
2780         (WebCore::normalizeType):
2781
2782         Use stripLeadingAndTrailingHTMLSpaces instead of stripWhitespace.
2783
2784         (WebCore::shouldReadOrWriteTypeAsCustomData):
2785         (WebCore::DataTransfer::getDataForItem const):
2786         (WebCore::DataTransfer::getData const):
2787
2788         Add getDataForItem, a version of getData that does not normalize types before reading from the pasteboard. This
2789         normalization step is only needed for backwards compatibility with legacy types (such as "text" and "url")
2790         written to and read from using getData and setData; when using DataTransferItemList.add to set data, adding data
2791         for these types should instead write as custom pasteboard data.
2792
2793         (WebCore::DataTransfer::setDataFromItemList):
2794         (WebCore::DataTransfer::types const):
2795         (WebCore::DataTransfer::typesForItemList const):
2796
2797         Add typesForItemList, which fetches the list of types to expose as items on the DataTransfer. Importantly, this
2798         does not include the "Files" type added for compatibility when accessing DataTransfer.types, instead returning
2799         an empty array. The actual files are added separately, by iterating over DataTransfer's files in ensureItems.
2800
2801         Note that when starting a drag or copying, we will still expose the full list of file and string types to
2802         bindings and not just file-backed items. Since all of this information is supplied by the page in the first
2803         place, we don't have to worry about exposing information, such as file paths, that may exist on the pasteboard.
2804
2805         * dom/DataTransfer.h:
2806         * dom/DataTransferItem.cpp:
2807         (WebCore::DataTransferItem::getAsString const):
2808         * dom/DataTransferItemList.cpp:
2809         (WebCore::shouldExposeTypeInItemList):
2810         (WebCore::DataTransferItemList::add):
2811         (WebCore::DataTransferItemList::ensureItems const):
2812         (WebCore::isSupportedType): Deleted.
2813
2814 2017-10-08  Darin Adler  <darin@apple.com>
2815
2816         CustomElementRegistry.define was throwing a JavaScript syntax error instead of a DOM syntax error
2817         https://bugs.webkit.org/show_bug.cgi?id=178055
2818
2819         Reviewed by Sam Weinig.
2820
2821         Both the JavaScript language and the DOM have "syntax error" exceptions, but
2822         they are not the same thing.
2823
2824         Also, since the time a while back where we moved JavaScript error handling to
2825         use WebCore::Exception and WebCore::ExceptionOr, there are a number of functions
2826         that are no longer used and can be deleted.
2827
2828         * bindings/js/JSCustomElementRegistryCustom.cpp:
2829         (WebCore::validateCustomElementNameAndThrowIfNeeded): Call throwDOMSyntaxError
2830         instead of throwSyntaxError.
2831
2832         * bindings/js/JSDOMExceptionHandling.cpp:
2833         (WebCore::reportDeprecatedGetterError): Deleted. Unused.
2834         (WebCore::reportDeprecatedSetterError): Deleted. Unused.
2835         (WebCore::throwNotSupportedError): Deleted the overload without an error message,
2836         since it's unused. Changed the other overload to take an ASCIILiteral, since
2837         that is what all the callers need.
2838         (WebCore::throwInvalidStateError): Take ASCIILiteral as above.
2839         (WebCore::throwArrayElementTypeError): Deleted. Unused.
2840         (WebCore::throwDOMSyntaxError): Added an ASCIILiteral message argument. This
2841         function was unused; it's now being used above, always with a literal message.
2842         (WebCore::throwIndexSizeError): Deleted. Unused.
2843         (WebCore::throwTypeMismatchError): Deleted. Unused.
2844         * bindings/js/JSDOMExceptionHandling.h: Updated for the changes above.
2845
2846         * bindings/js/JSHTMLElementCustom.cpp:
2847         (WebCore::constructJSHTMLElement): Fixed a typo in the error message.
2848
2849 2017-10-08  Ryosuke Niwa  <rniwa@webkit.org>
2850
2851         dragenter and dragleave shouldn't use the same data transfer object
2852         https://bugs.webkit.org/show_bug.cgi?id=178056
2853
2854         Reviewed by Darin Adler.
2855
2856         This patch fixes the bug that we were using a single DataTransfer to fire dragleave and dragenter events
2857         when the drag target moves from one element to another.
2858
2859         It alos refactors DragController and EventHandler code so that the construction of DataTransfer object
2860         happens in EventHandler instead of DragController, and extracts createForUpdatingDropTarget out of
2861         createForDrop to have a better encapsulation over the data store mode.
2862
2863         drag related functions in EventHandler now takes std::unique_ptr<Pasteboard>&&, drag operation mask set
2864         by the drag source, and a boolean indicating whether this drag & drop is for files or not. updateDragAndDrop
2865         takes a closure which makes a pasteboard because it has to create two instances of DataTransfer one for
2866         dragleave event and another one for dragenter event in some cases.
2867
2868         Test: editing/pasteboard/data-transfer-is-unique-for-dragenter-and-dragleave.html
2869
2870         * dom/DataTransfer.cpp:
2871         (WebCore::DataTransfer::createForDrop): Now takes Pasteboard instead of DragData.
2872         (WebCore::DataTransfer::createForUpdatingDropTarget): Extracted out of createForDrop. Moved the code to
2873         use Readonly mode in dashboad here from createDataTransferToUpdateDrag in DragController.cpp.
2874         * dom/DataTransfer.h:
2875         * page/DragController.cpp:
2876         (WebCore::createDataTransferToUpdateDrag): Deleted.
2877         (WebCore::DragController::dragExited):
2878         (WebCore::DragController::performDragOperation):
2879         (WebCore::DragController::tryDHTMLDrag):
2880         * page/EventHandler.cpp:
2881         (WebCore::EventHandler::dispatchDragEvent): Made this fucntion take DataTransfer& instead of DataTransfer*.
2882         (WebCore::findDropZone): Ditto.
2883         (WebCore::EventHandler::dispatchDragEnterOrDragOverEvent): Added.
2884         (WebCore::EventHandler::updateDragAndDrop):
2885         (WebCore::EventHandler::cancelDragAndDrop):
2886         (WebCore::EventHandler::performDragAndDrop):
2887         (WebCore::EventHandler::dispatchDragSrcEvent):
2888         (WebCore::EventHandler::dispatchDragStartEventOnSourceElement):
2889         * page/EventHandler.h:
2890
2891 2017-10-08  Jer Noble  <jer.noble@apple.com>
2892
2893         SourceBuffer remove throws out way more content than requested
2894         https://bugs.webkit.org/show_bug.cgi?id=177884
2895         <rdar://problem/34817104>
2896
2897         Reviewed by Darin Adler.
2898
2899         Test: media/media-source/media-source-remove-too-much.html
2900
2901         The end parameter is exclusive, not inclusive, of the range to be removed.
2902
2903         * Modules/mediasource/SourceBuffer.cpp:
2904         (WebCore::SourceBuffer::removeCodedFrames):
2905
2906 2017-10-08  Brent Fulgham  <bfulgham@apple.com>
2907
2908         Nullptr deref in WebCore::Node::computeEditability
2909         https://bugs.webkit.org/show_bug.cgi?id=177905
2910         <rdar://problem/34138402>
2911
2912         Reviewed by Darin Adler.
2913
2914         Script can run when setting focus, because a blur event and a focus event are generated.
2915         A handler for one of these events can cause the focused element to be cleared. We should
2916         handle this possibility gracefully.
2917
2918         Test: fast/dom/focus-shift-crash.html
2919
2920         * dom/Document.cpp:
2921         (WebCore::Document::setFocusedElement):
2922
2923 2017-10-07  Darin Adler  <darin@apple.com>
2924
2925         Update Document.createEvent for recent DOM specification changes
2926         https://bugs.webkit.org/show_bug.cgi?id=178052
2927
2928         Reviewed by Chris Dumez.
2929
2930         * dom/BeforeUnloadEvent.cpp:
2931         (WebCore::BeforeUnloadEvent::BeforeUnloadEvent): Added a constructor for
2932         createForBindings.
2933         (WebCore::BeforeUnloadEvent::~BeforeUnloadEvent): Deleted. Just let the
2934         compiler generate this.
2935         * dom/BeforeUnloadEvent.h: Added createForBindings. Also made more things private.
2936
2937         * dom/Document.cpp:
2938         (WebCore::Document::createEvent): Updated comments for clarity. Responding to
2939         changes to the DOM specification, added support for "beforeunloadevent", "focusevent",
2940         and "svgevents", moved "keyboardevents" and "popstateevent" into the list of strings
2941         we should remove, and moved "compositionevent", "devicemotionevent",
2942         "deviceorientationevent", "hashchangeevent", "storageevent", and "textevent" into
2943         the list of strings we should keep.
2944
2945         * dom/Event.h: Added a virtual setRelatedTarget alongside the virtual relatedTarget
2946         to allow us to clean up the code that manipulates it.
2947
2948         * dom/EventContext.cpp:
2949         (WebCore::MouseOrFocusEventContext::handleLocalEvents const): Call the virtual
2950         setRelatedTarget instead of doing a little type casting dance.
2951
2952         * dom/FocusEvent.h: Added createForBindings. Made more functions private and
2953         changed setRelatedTarget into a private final override.
2954
2955         * dom/MouseEvent.h: Changed setRelatedTarget into a private final override.
2956
2957 2017-10-07  Andy Estes  <aestes@apple.com>
2958
2959         [Payment Request] Implement PaymentRequest.show() and PaymentRequest.hide()
2960         https://bugs.webkit.org/show_bug.cgi?id=178043
2961         <rdar://problem/34076639>
2962
2963         Reviewed by Tim Horton.
2964
2965         Tests: http/tests/paymentrequest/payment-request-abort-method.https.html
2966                http/tests/paymentrequest/payment-request-show-method.https.html
2967
2968         * Modules/applepay/PaymentSession.h: Virtually inherited from PaymentSessionBase to
2969         accommodate ApplePayPaymentHandler inheriting from both this and PaymentHandler.
2970         (WebCore::PaymentSession::~PaymentSession): Deleted.
2971         * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
2972         (WebCore::paymentCoordinator): Virtually inherited from PaymentSessionBase to accommodate
2973         ApplePayPaymentHandler inheriting from both this and PaymentSession.
2974         (WebCore::ApplePayPaymentHandler::hasActiveSession): Added. Calls PaymentCoordinator::hasActiveSession().
2975         (WebCore::ApplePayPaymentHandler::show): Added. Calls PaymentCoordinator::beginPaymentSession().
2976         (WebCore::ApplePayPaymentHandler::hide): Added. Calls PaymentCoordinator::abortPaymentSession().
2977         * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h: Inherited from PaymentSession in
2978         addition to PaymentHandler so that this can be PaymentCoordinator active session.
2979         * Modules/paymentrequest/PaymentHandler.cpp:
2980         (WebCore::PaymentHandler::create):
2981         (WebCore::PaymentHandler::hasActiveSession):
2982         * Modules/paymentrequest/PaymentHandler.h:
2983         * Modules/paymentrequest/PaymentRequest.cpp:
2984         (WebCore::PaymentRequest::~PaymentRequest):
2985         (WebCore::PaymentRequest::show): Rejected the promise if PaymentCoordinator has an active session.
2986         (WebCore::PaymentRequest::abort): Called stop().
2987         (WebCore::PaymentRequest::canSuspendForDocumentSuspension const): Returned true if state is
2988         Interactive and there is an active handler showing.
2989         (WebCore::PaymentRequest::stop): Hid the active session if it's showing, then set state to
2990         Closed and rejected the show promise.
2991         * Modules/paymentrequest/PaymentRequest.h:
2992         * Modules/paymentrequest/PaymentSessionBase.h: Added. Inherits from
2993         RefCounted<PaymentSessionBase> and defines a virtual destructor. This allows subclasses to
2994         virtually inherit a single ref-count to support multiple inheritance.
2995         * WebCore.xcodeproj/project.pbxproj:
2996         * bindings/scripts/CodeGeneratorJS.pm:
2997         (GetGnuVTableOffsetForType): Added ApplePaySession to the list of classes that need a vtable
2998         offset of 3.
2999
3000 2017-10-07  Ryosuke Niwa  <rniwa@webkit.org>
3001
3002         WebContentReader::readHTML should be shared between macOS and iOS
3003         https://bugs.webkit.org/show_bug.cgi?id=178044
3004
3005         Reviewed by Wenson Hsieh.
3006
3007         Merged the implementations for WebContentReader::readHTML between macOS and iOS.
3008
3009         * editing/cocoa/WebContentReaderCocoa.mm:
3010         (WebCore::WebContentReader::readHTML):
3011         * editing/ios/WebContentReaderIOS.mm:
3012         (WebCore::WebContentReader::readHTML): Deleted.
3013         * editing/mac/WebContentReaderMac.mm:
3014         (WebCore::WebContentReader::readHTML): Deleted.
3015
3016 2017-10-06  Zalan Bujtas  <zalan@apple.com>
3017
3018         RenderTable should not hold a collection of raw pointers to RenderTableCaption
3019         https://bugs.webkit.org/show_bug.cgi?id=178026
3020         <rdar://problem/34863090>
3021
3022         Reviewed by Simon Fraser.
3023
3024         Similar to sections, RenderTable should not store captions as raw pointers. Their lifetimes are
3025         not guaranteed to be sync with the RenderTable's.
3026
3027         Covered by existing tests.
3028
3029         * rendering/RenderTable.cpp:
3030         (WebCore::RenderTable::addCaption):
3031         (WebCore::RenderTable::removeCaption):
3032         (WebCore::RenderTable::addOverflowFromChildren):
3033         * rendering/RenderTable.h:
3034         * rendering/RenderTableCaption.cpp:
3035         (WebCore::RenderTableCaption::insertedIntoTree):
3036         (WebCore::RenderTableCaption::willBeRemovedFromTree):
3037
3038 2017-10-06  Daniel Bates  <dabates@apple.com>
3039
3040         Spelling error annotation should encompass hyphen in misspelled word that wraps across multiple lines
3041         https://bugs.webkit.org/show_bug.cgi?id=177980
3042         <rdar://problem/34847454>
3043
3044         Reviewed by Simon Fraser.
3045
3046         On macOS the spelling and grammar annotations for a word or word phrase encompass
3047         hyphenations added because the word or word phrase wraps across more than one line.
3048         The effect tends to be more aesthetically pleasing and consistent with how these
3049         annotations would be pointed out by a person in conversation: by identify the word
3050         or phrase that has a spelling or grammar issue regardless of whether that word or
3051         phrase is broken into halves due to line wrapping. The same argument applies to
3052         other annotations on macOS, including text matches. Therefore, we should always
3053         include any hyphens encompassed by a marker that were added due to line wrapping
3054         when painting the marker.
3055
3056         Test: editing/spelling/spelling-marker-includes-hyphen.html
3057
3058         * rendering/InlineTextBox.cpp:
3059         (WebCore::InlineTextBox::paintDocumentMarker): Compute the text run including any
3060         added hyphens. If a hyphen was added then the inline text box represents that text
3061         up to the hyphen. Adjust the end position of the marker to be the length of the text
3062         run if its greater than or equal to the length of the text box.
3063
3064 2017-10-06  Zalan Bujtas  <zalan@apple.com>
3065
3066         RenderTable should not hold a collection of raw pointers to RenderTableCol
3067         https://bugs.webkit.org/show_bug.cgi?id=178030
3068         <rdar://problem/34865236>
3069
3070         Reviewed by Simon Fraser.
3071
3072         In addition to the m_columnRenderersValid flag, this patch ensures that
3073         we don't dereference stale column renderers even when the flag is out of sync.
3074
3075         Covered by existing tests.
3076
3077         * rendering/RenderTable.cpp:
3078         (WebCore::RenderTable::updateColumnCache const):
3079         (WebCore::RenderTable::slowColElement const):
3080         * rendering/RenderTable.h:
3081
3082 2017-10-06  Zalan Bujtas  <zalan@apple.com>
3083
3084         RootInlineBox should not hold a collection of raw pointers to RenderBox
3085         https://bugs.webkit.org/show_bug.cgi?id=178025
3086         <rdar://problem/34862488>
3087
3088         Reviewed by Simon Fraser.
3089
3090         There are already some assertions in place to check if the renderers are valid.
3091
3092         Covered by existing test cases.
3093
3094         * rendering/RenderBlockLineLayout.cpp:
3095         (WebCore::RenderBlockFlow::reattachCleanLineFloats):
3096         (WebCore::RenderBlockFlow::determineStartPosition):
3097         (WebCore::RenderBlockFlow::determineEndPosition):
3098         * rendering/RootInlineBox.h:
3099         (WebCore::RootInlineBox::appendFloat):
3100         (WebCore::RootInlineBox::floatsPtr):
3101
3102 2017-10-06  Zalan Bujtas  <zalan@apple.com>
3103
3104         Continuation map should not hold a raw pointer
3105         https://bugs.webkit.org/show_bug.cgi?id=178021
3106         <rdar://problem/34861590>
3107
3108         Reviewed by Simon Fraser.
3109
3110         This patch ensures proper lifetime management for renderers stored in the Continuation map
3111         (currently they rely on the correctness of addChild/takeChild methods).
3112
3113         Covered by existing tests.
3114
3115         * rendering/RenderBoxModelObject.cpp:
3116         (WebCore::RenderBoxModelObject::continuation const):
3117         (WebCore::RenderBoxModelObject::setContinuation):
3118
3119 2017-10-06  Commit Queue  <commit-queue@webkit.org>
3120
3121         Unreviewed, rolling out r222791 and r222873.
3122         https://bugs.webkit.org/show_bug.cgi?id=178031
3123
3124         Caused crashes with workers/wasm LayoutTests (Requested by
3125         ryanhaddad on #webkit).
3126
3127         Reverted changesets:
3128
3129         "WebAssembly: no VM / JS version of everything but Instance"
3130         https://bugs.webkit.org/show_bug.cgi?id=177473
3131         http://trac.webkit.org/changeset/222791
3132
3133         "WebAssembly: address no VM / JS follow-ups"
3134         https://bugs.webkit.org/show_bug.cgi?id=177887
3135         http://trac.webkit.org/changeset/222873
3136
3137 2017-10-06  Alex Christensen  <achristensen@webkit.org>
3138
3139         Add more infrastructure to apply custom header fields to same-origin requests
3140         https://bugs.webkit.org/show_bug.cgi?id=177629
3141
3142         Reviewed by Ryosuke Niwa.
3143
3144         Covered by new API tests.
3145
3146         * loader/DocumentLoader.h:
3147         (WebCore::DocumentLoader::customHeaderFields):
3148         * loader/HTTPHeaderField.cpp:
3149         (WebCore::HTTPHeaderField::create):
3150         (WebCore::HTTPHeaderField::HTTPHeaderField): Deleted.
3151         * loader/HTTPHeaderField.h:
3152         (WebCore::HTTPHeaderField::encode const):
3153         (WebCore::HTTPHeaderField::decode):
3154         
3155         Change HTTPHeaderField from one String containing the name and value
3156         to a string for the name and another for value.  This matches HTTPHeaderMap
3157         and NSURLRequest more closely where names and values are treated as separate Strings.
3158         
3159         * loader/cache/CachedResourceLoader.cpp:
3160         (WebCore::CachedResourceLoader::requestResource):
3161         
3162         If the DocumentLoader has custom header fields from the WebsitePolicies, apply them to any same-origin requests.
3163         
3164         * loader/cache/CachedResourceRequest.h:
3165         (WebCore::CachedResourceRequest::resourceRequest):
3166         * platform/network/ResourceRequestBase.cpp:
3167         (WebCore::ResourceRequestBase::setCachePolicy):
3168         (WebCore::ResourceRequestBase::setTimeoutInterval):
3169         (WebCore::ResourceRequestBase::setHTTPMethod):
3170         (WebCore::ResourceRequestBase::setHTTPHeaderField):
3171         (WebCore::ResourceRequestBase::clearHTTPAuthorization):
3172         (WebCore::ResourceRequestBase::clearHTTPContentType):
3173         (WebCore::ResourceRequestBase::clearHTTPReferrer):
3174         (WebCore::ResourceRequestBase::clearHTTPOrigin):
3175         (WebCore::ResourceRequestBase::clearHTTPUserAgent):
3176         (WebCore::ResourceRequestBase::clearHTTPAccept):
3177         (WebCore::ResourceRequestBase::clearHTTPAcceptEncoding):
3178         (WebCore::ResourceRequestBase::setResponseContentDispositionEncodingFallbackArray):
3179         (WebCore::ResourceRequestBase::setHTTPBody):
3180         (WebCore::ResourceRequestBase::setAllowCookies):
3181         (WebCore::ResourceRequestBase::setPriority):
3182         (WebCore::ResourceRequestBase::addHTTPHeaderFieldIfNotPresent):
3183         (WebCore::ResourceRequestBase::addHTTPHeaderField):
3184         (WebCore::ResourceRequestBase::setHTTPHeaderFields):
3185         
3186         non-HTTP/HTTPS ResourceRequests need to be updated, too, if header fields are added.
3187         Skipping updating non-HTTP/HTTPS ResourceRequests is not a valid shortcut, and with the
3188         growing importance of custom schemes with our new public API, we should update ResourceRequests
3189         of custom schemes correctly.
3190
3191 2017-10-06  Sam Weinig  <sam@webkit.org>
3192
3193         Add basic support for getting a ImageBitmapRenderingContext
3194         https://bugs.webkit.org/show_bug.cgi?id=177983
3195
3196         Reviewed by Dean Jackson.
3197
3198         Add initial support for ImageBitmapRenderingContext.
3199
3200         * CMakeLists.txt:
3201         * DerivedSources.make:
3202         * WebCore.xcodeproj/project.pbxproj:
3203         
3204             Add new files.
3205         
3206         * dom/Document.cpp:
3207         * dom/Document.h:
3208         * dom/Document.idl:
3209         
3210             Add ImageBitmapRenderingContext to RenderingContext variant so it wil be able to
3211             be used with Document.getCSSCanvasContext.
3212         
3213         * html/HTMLCanvasElement.h:
3214         * html/HTMLCanvasElement.cpp:
3215         (WebCore::HTMLCanvasElement::setHeight):
3216         (WebCore::HTMLCanvasElement::setWidth):
3217         
3218             Throw an exception if the context is in the placeholder mode (which we
3219             signify via a special PlaceholderRenderingContext) as speced. This can't
3220             currently be hit, as setting a placeholder requires offscreen canvas
3221             support, coming soon.
3222         
3223         (WebCore::HTMLCanvasElement::getContext):
3224         
3225             Re-work to match the spec's matrix of options, adding in support
3226             for 'bitmaprenderer'/ ImageBitmapRenderingContext type as well as 
3227             the placeholder mode.
3228         
3229         (WebCore::HTMLCanvasElement::createContext2d):
3230         (WebCore::HTMLCanvasElement::getContext2d):
3231         (WebCore::HTMLCanvasElement::isWebGLType):
3232         (WebCore::HTMLCanvasElement::createContextWebGL):
3233         (WebCore::HTMLCanvasElement::getContextWebGL):
3234         (WebCore::HTMLCanvasElement::createContextWebGPU):
3235         (WebCore::HTMLCanvasElement::getContextWebGPU):
3236         (WebCore::HTMLCanvasElement::isBitmapRendererType):
3237         (WebCore::HTMLCanvasElement::createContextBitmapRenderer):
3238         (WebCore::HTMLCanvasElement::getContextBitmapRenderer):
3239
3240             Split creation out of the get functions so it can be called
3241             by getContext, where we know if the canvas is null or not.
3242
3243         * html/HTMLCanvasElement.idl:
3244         
3245             Add ImageBitmapRenderingContext to RenderingContext variant so it wil be able to
3246             be used with HTMLCanvasElement.getContext.
3247
3248         * html/canvas/CanvasRenderingContext.h:
3249         (WebCore::CanvasRenderingContext::isBitmapRenderer const):
3250         (WebCore::CanvasRenderingContext::isPlaceholder const):
3251         
3252             Add predicates for ImageBitmapRenderingContext and 
3253             PlaceholderRenderingContext.
3254         
3255         * html/canvas/ImageBitmapRenderingContext.cpp: Added.
3256         (WebCore::ImageBitmapRenderingContext::ImageBitmapRenderingContext):
3257         * html/canvas/ImageBitmapRenderingContext.h: Added.
3258         * html/canvas/ImageBitmapRenderingContext.idl: Added.
3259         * html/canvas/PlaceholderRenderingContext.cpp: Added.
3260         (WebCore::PlaceholderRenderingContext::PlaceholderRenderingContext):
3261         * html/canvas/PlaceholderRenderingContext.h: Added.
3262         
3263             Add stubbed out implementations for the new contexts.
3264
3265 2017-10-06  Jer Noble  <jer.noble@apple.com>
3266
3267         Netflix playback fails with S7353 error
3268         https://bugs.webkit.org/show_bug.cgi?id=178023
3269
3270         Reviewed by Dean Jackson.
3271
3272         On certain platforms, WebCoreDecompressionSession will fail to produce CVImageBuffers when presented with
3273         encrypted content. On those platforms, the seek() command will fail, because frames at the destination time
3274         cannot be decoded. This occurs for Netflix because the <video> element is not in the DOM at decode time.
3275
3276         Only create a WebCoreDecompressionSession in MediaPlayerPrivateMediaSourceAVFObjC when we have explicitly
3277         been asked to paint into a WebGL canvas.
3278
3279         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
3280         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::acceleratedRenderingStateChanged):
3281
3282 2017-10-06  Jiewen Tan  <jiewen_tan@apple.com>
3283
3284         Replace some stack raw pointers with RefPtrs within WebCore/dom
3285         https://bugs.webkit.org/show_bug.cgi?id=177852
3286         <rdar://problem/34804487>
3287
3288         Reviewed by Ryosuke Niwa.
3289
3290         This is an effort to reduce raw pointer usage in DOM code. In this patch,
3291         stack raw pointers that could be freed during their lifetime because of
3292         event dispatching, layout updating and etc are selected. All selections are
3293         basing on code speculation.
3294
3295         No changes in behaviours.
3296
3297         * dom/ContainerNodeAlgorithms.cpp:
3298         (WebCore::addChildNodesToDeletionQueue):
3299         Escalate the RefPtr to where node is first defined.
3300         * dom/Document.cpp:
3301         (WebCore::Document::setVisualUpdatesAllowed):
3302         (WebCore::Document::updateLayout):
3303         (WebCore::Document::updateLayoutIfDimensionsOutOfDate):
3304         Possible layout updates during their lifetime.
3305         (WebCore::Document::implicitClose):
3306         Possible event dispatching during its lifetime.
3307         (WebCore::Document::nodeChildrenWillBeRemoved):
3308         (WebCore::Document::nodeWillBeRemoved):
3309         Possible node removal during their lifetime.
3310         (WebCore::command):
3311         Possible layout updates during its lifetime.
3312         * dom/DocumentMarkerController.cpp:
3313         (WebCore::DocumentMarkerController::renderedRectsForMarkers):
3314         Possible layout updates during its lifetime.
3315         * dom/Element.cpp:
3316         (WebCore::Element::removedFrom):
3317          Possible event dispatching during its lifetime.
3318         (WebCore::checkForSiblingStyleChanges):
3319         Possible layout updates during their lifetime.
3320         * dom/MouseRelatedEvent.cpp:
3321         (WebCore::MouseRelatedEvent::computeRelativePosition):
3322         Possible layout updates during its lifetime.
3323         * dom/RadioButtonGroups.cpp:
3324         (WebCore::RadioButtonGroup::setCheckedButton):
3325         Possible layout updates during its lifetime.
3326         * dom/SlotAssignment.cpp:
3327         (WebCore::SlotAssignment::didChangeSlot):
3328         Possible layout updates during its lifetime.
3329
3330 2017-10-06  Zalan Bujtas  <zalan@apple.com>
3331
3332         RootInlineBox should not hold a raw pointer to RenderObject
3333         https://bugs.webkit.org/show_bug.cgi?id=178018
3334         <rdar://problem/34859256>
3335
3336         Reviewed by Simon Fraser.
3337
3338         Not resetting the line break object could lead to dereferencing a stale renderer.  
3339
3340         Covered by existing tests.
3341
3342         * rendering/RootInlineBox.cpp:
3343         (WebCore::RootInlineBox::RootInlineBox):
3344         (WebCore::RootInlineBox::setLineBreakInfo):
3345         * rendering/RootInlineBox.h:
3346         (WebCore::RootInlineBox::lineBreakObj const):
3347
3348 2017-10-06  Youenn Fablet  <youenn@apple.com>
3349
3350         Removing some dead code in RTCPeerConnection
3351         https://bugs.webkit.org/show_bug.cgi?id=178011
3352
3353         Reviewed by Alejandro G. Castro.
3354
3355         No change of behavior.
3356         Removing code used by non-libwebrtc WebRTC backends.
3357
3358         * Modules/mediastream/RTCPeerConnection.cpp:
3359         (WebCore::RTCPeerConnection::addTrack):
3360         (WebCore::RTCPeerConnection::removeTrack):
3361         (WebCore::RTCPeerConnection::completeAddTransceiver):
3362
3363 2017-10-05  Dean Jackson  <dino@apple.com>
3364
3365         ImageBitmap API stubs
3366         https://bugs.webkit.org/show_bug.cgi?id=177984
3367         <rdar://problem/34848023>
3368
3369         Patch by Sam and Dean.
3370         Reviewed by Dean and Sam.
3371
3372         Add the IDL for ImageBitmap and ImageBitmapOptions, plus some
3373         stub implementations (complete with all the algorithms from
3374         the HTML specification as comments).
3375
3376         * CMakeLists.txt: Add the new files.
3377         * DerivedSources.make: Create the JS bindings for ImageBitmap and ImageBitmapOptions.
3378         * WebCore.xcodeproj/project.pbxproj:
3379         * bindings/js/CallTracerTypes.h:
3380         * html/ImageBitmap.cpp: Added.
3381         (WebCore::ImageBitmap::create):
3382         (WebCore::ImageBitmap::createPromise):
3383         (WebCore::ImageBitmap::ImageBitmap):
3384         (WebCore::ImageBitmap::~ImageBitmap):
3385         (WebCore::ImageBitmap::width const):
3386         (WebCore::ImageBitmap::height const):
3387         (WebCore::ImageBitmap::close):
3388         * html/ImageBitmap.h: Added.
3389         (WebCore::ImageBitmap::isDetached const):
3390         * html/ImageBitmap.idl: Copied from Source/WebCore/html/canvas/CanvasDrawImage.idl.
3391         * html/ImageBitmapOptions.h: Copied from Source/WebCore/html/canvas/CanvasDrawImage.idl.
3392         * html/ImageBitmapOptions.idl: Copied from Source/WebCore/html/canvas/CanvasDrawImage.idl.
3393         * html/canvas/CanvasDrawImage.idl:
3394         * html/canvas/CanvasFillStrokeStyles.idl:
3395         * html/canvas/CanvasRenderingContext2D.cpp:
3396         (WebCore::size):