Get rid of custom bindings code for XMLHttpRequest.open()
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-20  Chris Dumez  <cdumez@apple.com>
2
3         Get rid of custom bindings code for XMLHttpRequest.open()
4         https://bugs.webkit.org/show_bug.cgi?id=159984
5
6         Reviewed by Ryosuke Niwa.
7
8         Get rid of custom bindings code for XMLHttpRequest.open() as the
9         bindings generator is able to generate it.
10
11         Relevant specification:
12         - https://xhr.spec.whatwg.org/#xmlhttprequest
13
14         The issue is that legacy content prevents treating the 'async' argument
15         being undefined identical from it being omitted. However, this can be
16         achieved by using overloading in IDL, like in the specification.
17
18         No new tests, already covered by the following tests:
19         - http/tests/xmlhttprequest/basic-auth.html
20         - http/tests/xmlhttprequest/open-async-overload.html
21
22         * bindings/js/JSXMLHttpRequestCustom.cpp:
23         (WebCore::SendFunctor::SendFunctor): Deleted.
24         (WebCore::SendFunctor::line): Deleted.
25         (WebCore::SendFunctor::column): Deleted.
26         (WebCore::SendFunctor::url): Deleted.
27         (WebCore::SendFunctor::operator()): Deleted.
28         * xml/XMLHttpRequest.cpp:
29         (WebCore::XMLHttpRequest::open):
30         * xml/XMLHttpRequest.h:
31         * xml/XMLHttpRequest.idl:
32
33 2016-07-20  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
34
35         Mark overriden methods in WebCore/svg final classes as final
36         https://bugs.webkit.org/show_bug.cgi?id=159966
37
38         Reviewed by Michael Catanzaro.
39
40         Update WebCore/svg classes so that overriden methods in final classes are marked final.
41
42         * svg/SVGAElement.h:
43         * svg/SVGAltGlyphDefElement.h:
44         * svg/SVGAltGlyphItemElement.h:
45         * svg/SVGAnimateTransformElement.h:
46         * svg/SVGAnimatedColor.h:
47         * svg/SVGCircleElement.h:
48         * svg/SVGClipPathElement.h:
49         * svg/SVGCursorElement.h:
50         * svg/SVGDefsElement.h:
51         * svg/SVGDescElement.h:
52         * svg/SVGEllipseElement.h:
53         * svg/SVGFEMergeNodeElement.h:
54         * svg/SVGFilterElement.h:
55         * svg/SVGFontElement.h:
56         * svg/SVGFontFaceElement.h:
57         * svg/SVGFontFaceFormatElement.h:
58         * svg/SVGFontFaceNameElement.h:
59         * svg/SVGFontFaceSrcElement.h:
60         * svg/SVGFontFaceUriElement.h:
61         * svg/SVGForeignObjectElement.h:
62         * svg/SVGGElement.h:
63         * svg/SVGGlyphElement.h:
64         * svg/SVGGlyphRefElement.h:
65         * svg/SVGHKernElement.h:
66         * svg/SVGImageElement.h:
67         * svg/SVGLineElement.h:
68         * svg/SVGMPathElement.h:
69         * svg/SVGMaskElement.h:
70         * svg/SVGMetadataElement.h:
71         * svg/SVGMissingGlyphElement.h:
72         * svg/SVGPathBuilder.h:
73         * svg/SVGPathByteStreamBuilder.h:
74         * svg/SVGPathByteStreamSource.h:
75         * svg/SVGPathElement.h:
76         * svg/SVGPathSegArcAbs.h:
77         * svg/SVGPathSegArcRel.h:
78         * svg/SVGPathSegClosePath.h:
79         * svg/SVGPathSegCurvetoCubicAbs.h:
80         * svg/SVGPathSegCurvetoCubicRel.h:
81         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
82         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
83         * svg/SVGPathSegCurvetoQuadraticAbs.h:
84         * svg/SVGPathSegCurvetoQuadraticRel.h:
85         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
86         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
87         * svg/SVGPathSegLinetoAbs.h:
88         * svg/SVGPathSegLinetoHorizontalAbs.h:
89         * svg/SVGPathSegLinetoHorizontalRel.h:
90         * svg/SVGPathSegLinetoRel.h:
91         * svg/SVGPathSegLinetoVerticalAbs.h:
92         * svg/SVGPathSegLinetoVerticalRel.h:
93         * svg/SVGPathSegListBuilder.h:
94         * svg/SVGPathSegListSource.h:
95         * svg/SVGPathSegMovetoAbs.h:
96         * svg/SVGPathSegMovetoRel.h:
97         * svg/SVGPathStringSource.h:
98         * svg/SVGPathTraversalStateBuilder.h:
99         * svg/SVGPatternElement.h:
100         * svg/SVGRectElement.h:
101         * svg/SVGScriptElement.h:
102         * svg/SVGStopElement.h:
103         * svg/SVGStyleElement.h:
104         * svg/SVGSwitchElement.h:
105         * svg/SVGTRefElement.cpp:
106         * svg/SVGTitleElement.h:
107         * svg/SVGToOTFFontConversion.cpp:
108         * svg/SVGUnknownElement.h:
109         * svg/SVGVKernElement.h:
110         * svg/SVGViewElement.h:
111         * svg/SVGZoomEvent.h:
112         * svg/animation/SVGSMILElement.cpp:
113         * svg/graphics/SVGImage.h:
114         * svg/graphics/SVGImageClients.h:
115         * svg/graphics/SVGImageForContainer.h:
116         * svg/graphics/filters/SVGFEImage.h:
117         * svg/graphics/filters/SVGFilter.h:
118         * svg/properties/SVGAnimatedEnumerationPropertyTearOff.h:
119         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
120         * svg/properties/SVGAnimatedPropertyTearOff.h:
121         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
122         * svg/properties/SVGMatrixTearOff.h:
123         * svg/properties/SVGPathSegListPropertyTearOff.h:
124
125 2016-07-20  Brady Eidson  <beidson@apple.com>
126
127         Transition most IDB interfaces from ScriptExecutionContext to ExecState.
128         https://bugs.webkit.org/show_bug.cgi?id=159975
129
130         Reviewed by Alex Christensen.
131
132         No new tests (No known behavior change).
133
134         * Modules/indexeddb/IDBCursor.cpp:
135         (WebCore::IDBCursor::continueFunction):
136         (WebCore::IDBCursor::deleteFunction):
137         * Modules/indexeddb/IDBCursor.h:
138         * Modules/indexeddb/IDBCursor.idl:
139
140         * Modules/indexeddb/IDBDatabase.idl:
141
142         * Modules/indexeddb/IDBFactory.cpp:
143         (WebCore::IDBFactory::cmp):
144         * Modules/indexeddb/IDBFactory.h:
145         * Modules/indexeddb/IDBFactory.idl:
146
147         * Modules/indexeddb/IDBIndex.cpp:
148         (WebCore::IDBIndex::openCursor):
149         (WebCore::IDBIndex::count):
150         (WebCore::IDBIndex::doCount):
151         (WebCore::IDBIndex::openKeyCursor):
152         (WebCore::IDBIndex::get):
153         (WebCore::IDBIndex::doGet):
154         (WebCore::IDBIndex::getKey):
155         (WebCore::IDBIndex::doGetKey):
156         * Modules/indexeddb/IDBIndex.h:
157         * Modules/indexeddb/IDBIndex.idl:
158
159         * Modules/indexeddb/IDBKeyRange.cpp:
160         (WebCore::IDBKeyRange::only): Deleted.
161         * Modules/indexeddb/IDBKeyRange.h:
162
163         * Modules/indexeddb/IDBObjectStore.cpp:
164         (WebCore::IDBObjectStore::openCursor):
165         (WebCore::IDBObjectStore::get):
166         (WebCore::IDBObjectStore::putOrAdd):
167         (WebCore::IDBObjectStore::deleteFunction):
168         (WebCore::IDBObjectStore::doDelete):
169         (WebCore::IDBObjectStore::modernDelete):
170         (WebCore::IDBObjectStore::clear):
171         (WebCore::IDBObjectStore::createIndex):
172         (WebCore::IDBObjectStore::count):
173         (WebCore::IDBObjectStore::doCount):
174         * Modules/indexeddb/IDBObjectStore.h:
175         * Modules/indexeddb/IDBObjectStore.idl:
176
177         * Modules/indexeddb/IDBTransaction.cpp:
178         (WebCore::IDBTransaction::requestOpenCursor):
179         (WebCore::IDBTransaction::doRequestOpenCursor):
180         (WebCore::IDBTransaction::requestGetRecord):
181         (WebCore::IDBTransaction::requestGetValue):
182         (WebCore::IDBTransaction::requestGetKey):
183         (WebCore::IDBTransaction::requestIndexRecord):
184         (WebCore::IDBTransaction::requestCount):
185         (WebCore::IDBTransaction::requestDeleteRecord):
186         (WebCore::IDBTransaction::requestClearObjectStore):
187         (WebCore::IDBTransaction::requestPutOrAdd):
188         * Modules/indexeddb/IDBTransaction.h:
189
190         * inspector/InspectorIndexedDBAgent.cpp:
191
192 2016-07-20  Wenson Hsieh  <wenson_hsieh@apple.com>
193
194         Media controls don't appear when pausing a small autoplaying video
195         https://bugs.webkit.org/show_bug.cgi?id=159972
196         <rdar://problem/27180657>
197
198         Reviewed by Beth Dakin.
199
200         When pausing an autoplaying video, remove behavior restrictions for the
201         initial user gesture and show media controls.
202
203         New WebKit API test. See VideoControlsManagerSingleSmallAutoplayingVideo.
204
205         * html/HTMLMediaElement.cpp:
206         (WebCore::HTMLMediaElement::pause):
207
208 2016-07-20  Chris Dumez  <cdumez@apple.com>
209
210         Fix null handling of HTMLMediaElement.mediaGroup
211         https://bugs.webkit.org/show_bug.cgi?id=159974
212
213         Reviewed by Eric Carlson.
214
215         Fix null handling of HTMLMediaElement.mediaGroup to match the specification:
216         - https://www.w3.org/TR/html5/embedded-content-0.html#media-elements
217
218         null is supposed to be treated as the String "null". This patch aligns
219         our behavior with the specification. I tested Firefox and Chrome but both
220         do not have this attribute on HTMLMediaElement.
221
222         Also remove support for [TreatNullAs=LegacyNullString] from our bindings
223         generator as HTMLMediaElement.mediaGroup was the last user.
224
225         No new tests, rebaselined existing test.
226
227         * bindings/scripts/CodeGeneratorJS.pm:
228         (JSValueToNative):
229         * bindings/scripts/IDLAttributes.txt:
230         * html/HTMLMediaElement.idl:
231
232 2016-07-20  Chris Dumez  <cdumez@apple.com>
233
234         CSSStyleDeclaration.setProperty() should be able to unset "important" on a property
235         https://bugs.webkit.org/show_bug.cgi?id=159959
236
237         Reviewed by Alexey Proskuryakov.
238
239         CSSStyleDeclaration.setProperty() should be able to unsert "important"
240         on a property as per the latest specification:
241         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-setproperty
242         - https://drafts.csswg.org/cssom/#dom-cssstyledeclaration-camel-cased-attribute
243
244         Firefox and Chrome match the specification here but WebKit was ignoring calls
245         to setProperty() if there is already an "important" property wit this name
246         and if the new property does not have the "important" flag set.
247
248         This behavior was added a long time ago via Bug 60007. However, it does not
249         match the latest specification or other browsers.
250
251         Test: fast/css/CSSStyleDeclaration-setProperty-unset-important.html
252
253         * css/StyleProperties.cpp:
254         (WebCore::MutableStyleProperties::addParsedProperty):
255         Drop code that was added via Bug 60007 as this behavior no longer matches the
256         specification or other browsers. The layout test added in Bug 60007 fails in
257         other browsers and was updated in this patch to match the specification.
258
259 2016-07-20  Commit Queue  <commit-queue@webkit.org>
260
261         Unreviewed, rolling out r203423.
262         https://bugs.webkit.org/show_bug.cgi?id=159977
263
264         The test for this change is failing on Mac Release WK2
265         (Requested by ryanhaddad on #webkit).
266
267         Reverted changeset:
268
269         "HTMLVideoElement frames do not update on iOS when src is a
270         MediaStream blob"
271         https://bugs.webkit.org/show_bug.cgi?id=159833
272         http://trac.webkit.org/changeset/203423
273
274 2016-07-20  Chris Dumez  <cdumez@apple.com>
275
276         Fix null handling of HTMLSelectElement.value attribute
277         https://bugs.webkit.org/show_bug.cgi?id=159925
278
279         Reviewed by Benjamin Poulain.
280
281         Fix null handling of HTMLSelectElement.value attribute:
282         - https://html.spec.whatwg.org/multipage/forms.html#htmlselectelement
283
284         We were treating null as the null String which would end up setting
285         selectedIndex to -1. However, we should treat null as the String "null"
286         which would set the selectedIndex to the index of the <option> element
287         whose value is "null".
288
289         Firefox and Chrome match the specification.
290
291         Test: fast/dom/HTMLSelectElement/value-null-handling.html
292
293         * html/HTMLSelectElement.cpp:
294         (WebCore::HTMLSelectElement::setValue):
295         * html/HTMLSelectElement.idl:
296
297 2016-07-20  Chris Dumez  <cdumez@apple.com>
298
299         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender is alive
300         https://bugs.webkit.org/show_bug.cgi?id=159962
301         <rdar://problem/21439264>
302
303         Reviewed by David Kilzer.
304
305         PostResolutionCallbackDisabler can resume pending requests while a ResourceLoadSuspender
306         is alive. We have both PostResolutionCallbackDisabler and ResourceLoadSuspender that
307         call LoaderStrategy::suspendPendingRequests() / LoaderStrategy::resumePendingRequests().
308         However, PostResolutionCallbackDisabler and ResourceLoadSuspender are not aware of each
309         other. It is therefore possible for a PostResolutionCallbackDisabler object to get
310         destroyed, causing LoaderStrategy::resumePendingRequests() to be called while a
311         ResourceLoadSuspender object is alive.
312
313         This leads to hard to investigate crashes where we end up re-entering WebKit and killing
314         the style resolver.
315
316         This patch drops ResourceLoadSuspender and uses PostResolutionCallbackDisabler instead.
317         There was only one user of ResourceLoadSuspender and PostResolutionCallbackDisabler
318         is better because it manages a resolutionNestingDepth counter internally to make sure
319         it only calls LoaderStrategy::resumePendingRequests() once all
320         PostResolutionCallbackDisabler instances are destroyed.
321
322         No new tests, there is no easy way to reproduce the crashes.
323
324         * dom/Document.cpp:
325         (WebCore::Document::styleForElementIgnoringPendingStylesheets):
326         * loader/LoaderStrategy.cpp:
327         (WebCore::ResourceLoadSuspender::ResourceLoadSuspender): Deleted.
328         (WebCore::ResourceLoadSuspender::~ResourceLoadSuspender): Deleted.
329         * loader/LoaderStrategy.h:
330
331 2016-07-19  Youenn Fablet  <youenn@apple.com>
332
333         [Fetch API] Add a JS builtin to implement https://fetch.spec.whatwg.org/#concept-headers-fill
334         https://bugs.webkit.org/show_bug.cgi?id=159932
335
336         Reviewed by Alex Christensen.
337
338         Covered by existing tests.
339
340         Refactoring Headers initializeWith to use the new built-in internal that implements
341         https://fetch.spec.whatwg.org/#concept-headers-fill.
342
343         Refactoring Response constructor to put more checks in the JS builtin fucntion called within constructor.
344         Making use of the new built-in internal that implements https://fetch.spec.whatwg.org/#concept-headers-fill.
345
346         * CMakeLists.txt: Adding FetchHeadersInternals.js
347         * DerivedSources.make: Ditto.
348         * Modules/fetch/FetchHeaders.js:
349         (initializeFetchHeaders): Using fillFetchHeaders new built-in internal.
350         * Modules/fetch/FetchInternals.js: Added.
351         (fillFetchHeaders):
352         * Modules/fetch/FetchResponse.cpp: Refactoring to do more in the JS built-in. Splitting of initializeWith so
353         that the checks are done in the order defined by the spec.
354         (WebCore::FetchResponse::setStatus):
355         (WebCore::FetchResponse::initializeWith):
356         (WebCore::isNullBodyStatus): Deleted.
357         * Modules/fetch/FetchResponse.h:
358         * Modules/fetch/FetchResponse.idl:
359         * Modules/fetch/FetchResponse.js:
360         (initializeFetchResponse): New built-in internal.
361         * WebCore.xcodeproj/project.pbxproj:
362         * bindings/js/WebCoreBuiltinNames.h:
363
364 2016-07-19  Chris Dumez  <cdumez@apple.com>
365
366         Fix null handling of SVGScriptElement.type attribute
367         https://bugs.webkit.org/show_bug.cgi?id=159927
368
369         Reviewed by Benjamin Poulain.
370
371         Fix null handling of SVGScriptElement.type attribute:
372         - https://www.w3.org/TR/SVG2/interact.html#InterfaceSVGScriptElement
373
374         We were treating null as the null String which would end up removing
375         the 'type' content attribute. However, we should treat null as the
376         String "null".
377
378         Firefox and Chrome match the specification.
379
380         No new tests, updated existing test.
381
382         * svg/SVGScriptElement.idl:
383
384 2016-07-19  Chris Dumez  <cdumez@apple.com>
385
386         Fix null handling of several HTMLDocument attributes
387         https://bugs.webkit.org/show_bug.cgi?id=159923
388
389         Reviewed by Benjamin Poulain.
390
391         Fix null handling of several HTMLDocument attributes:
392         - https://html.spec.whatwg.org/multipage/dom.html#document
393         - https://html.spec.whatwg.org/multipage/obsolete.html#document-partial
394
395         In particular, null handling was incorrect in WebKit for 'dir',
396         'bgColor', 'fgColor', 'alinkColor', 'linkColor' and 'vlinkColor'.
397
398         Firefox and Chrome match the specification.
399
400         Test: fast/dom/HTMLDocument/null-handling.html
401
402         * html/HTMLDocument.idl:
403
404 2016-07-19  Chris Dumez  <cdumez@apple.com>
405
406         Document.createElementNS() / createAttributeNS() parameters should be mandatory
407         https://bugs.webkit.org/show_bug.cgi?id=159938
408
409         Reviewed by Benjamin Poulain.
410
411         Document.createElementNS() / createAttributeNS() parameters should be mandatory:
412         - https://dom.spec.whatwg.org/#document
413
414         They were optional in WebKit. However, Firefox and Chrome both match the
415         specification.
416
417         No new tests, rebaselined existing tests.
418
419         * dom/Document.idl:
420
421 2016-07-19  Benjamin Poulain  <bpoulain@apple.com>
422
423         Use getElementById for attribute matching if the attribute name is html's id
424         https://bugs.webkit.org/show_bug.cgi?id=159960
425
426         Reviewed by Chris Dumez.
427
428         Elliott Sprehn discovered YUI makes heavy uses of querySelector with [id=value]
429         (https://bugs.chromium.org/p/chromium/issues/detail?id=627242).
430
431         If we are not in quirks mode, IdForStyleResolution has the same value
432         as the Id attribute. We can use the same optimization for both cases.
433
434         Tests: fast/selectors/id-attribute-querySelector-used-as-id-selector-quirks.html
435                fast/selectors/id-attribute-querySelector-used-as-id-selector.html
436
437         * dom/SelectorQuery.cpp:
438         (WebCore::canBeUsedForIdFastPath):
439         (WebCore::findIdMatchingType):
440         (WebCore::SelectorDataList::SelectorDataList):
441         (WebCore::selectorForIdLookup):
442         (WebCore::filterRootById):
443
444 2016-07-19  Chris Dumez  <cdumez@apple.com>
445
446         Drop SVGElement.xmlbase attribute
447         https://bugs.webkit.org/show_bug.cgi?id=159926
448
449         Reviewed by Benjamin Poulain.
450
451         Drop SVGElement.xmlbase attribute as it is no longer part of the
452         specification:
453         - https://www.w3.org/TR/SVG2/types.html#InterfaceSVGElement
454
455         Both Firefox and Chrome have already dropped support for
456         SVGElement.xmlbase.
457
458         Chrome's intent to remove:
459         https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TfwMq4d25hk/C-v_iC_wKfAJ
460
461         Test: svg/dom/SVGElement-xmlbase.html
462
463         * svg/SVGElement.cpp:
464         (WebCore::SVGElement::removedFrom): Deleted.
465         * svg/SVGElement.h:
466         * svg/SVGElement.idl:
467
468 2016-07-19  Chris Dumez  <cdumez@apple.com>
469
470         Align CSSStyleDeclaration.setProperty() with the specification
471         https://bugs.webkit.org/show_bug.cgi?id=159955
472
473         Reviewed by Benjamin Poulain.
474
475         Align CSSStyleDeclaration.setProperty() with the specification:
476         - https://drafts.csswg.org/cssom/#the-cssstyledeclaration-interface
477
478         In particular, the following changes were needed:
479         1. The 'value' parameter should not be optional
480         2. The 'priority' parameter should treat null as the empty string
481            rather than the string "null".
482         3. The 'priority' parameter's default value should be the empty string,
483            not the string "undefined".
484         4. CSSStyleDeclaration.setProperty() should return early if 'priority'
485            is not the empty string and is not an ASCII case-insensitive match
486            for the string "important".
487
488         Chrome matches the specification entirely.
489         Firefox matches the specification with the exception that it does a
490         case-sensitive match for "important".
491
492         Test: fast/css/CSSStyleDeclaration-setProperty.html
493
494         * css/CSSStyleDeclaration.idl:
495         * css/PropertySetCSSStyleDeclaration.cpp:
496         (WebCore::PropertySetCSSStyleDeclaration::setProperty):
497
498 2016-07-19  Daniel Bates  <dabates@apple.com>
499
500         CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec.
501         https://bugs.webkit.org/show_bug.cgi?id=159841
502         <rdar://problem/27381684>
503
504         Reviewed by Brent Fulgham.
505
506         Implement a first pass at sending multiple violation reports so as to more closely
507         conform to section Enforcing multiple policies of the Content Security Policy Level 2 spec.,
508         <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 25 April 2016).
509
510         Tests: http/tests/security/contentSecurityPolicy/1.1/script-blocked-sends-multiple-reports.php
511                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy.php
512                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
513                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
514                http/tests/security/contentSecurityPolicy/1.1/scripthash-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
515                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy.php
516                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
517                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
518                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
519                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
520                http/tests/security/contentSecurityPolicy/1.1/scripthash-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
521                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-enforced-policy-and-not-in-report-only.html
522                http/tests/security/contentSecurityPolicy/1.1/scripthash-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
523                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy.php
524                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-enforced-policy-and-blocked-by-report-policy2.php
525                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy.php
526                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-allowed-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
527                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy.php
528                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-enforced-policy-and-allowed-by-report-policy2.php
529                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy.php
530                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-allowed-by-report-policy2.php
531                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy.php
532                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-blocked-by-legacy-enforced-policy-and-blocked-by-report-policy2.php
533                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-enforced-policy-and-not-in-report-only.html
534                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-in-one-enforced-policy-neither-in-another-enforced-policy-nor-report-policy.html
535                http/tests/security/contentSecurityPolicy/1.1/scriptnonce-multiple-policies.html
536
537         * page/csp/ContentSecurityPolicy.cpp:
538         (WebCore::ContentSecurityPolicy::allPoliciesWithDispositionAllow): Added. Returns whether the resource
539         is allowed by all of the policies with the specified disposition.
540         (WebCore::ContentSecurityPolicy::allPoliciesAllow): Added. Returns whether the resource is allowed by
541         all of the enforced policies.
542         (WebCore::ContentSecurityPolicy::findHashOfContentInPolicies): Formerly named foundHashOfContentInAllPolicies.
543         Modified to return a ("has found hash in all enforced policies, "has found hash in all report-only policies)-pair
544         so that we can differentiate whether the hash violated an enforced policy or a report-only policy.
545         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
546         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers): Ditto.
547         (WebCore::ContentSecurityPolicy::allowScriptWithNonce): For now only accept a nonce if it is allowed by
548         all enforced policies. As a side effect of this change is that we only send a CSP violation report when a
549         nonce violates a report-only policy only if the nonce also violates one or more enforced policies. We will
550         address this limitation in <https://bugs.webkit.org/show_bug.cgi?id=159830>.
551         (WebCore::ContentSecurityPolicy::allowStyleWithNonce): Ditto.
552         (WebCore::ContentSecurityPolicy::allowInlineScript): Differentiate between a hash/'unsafe-inline' that
553         matches/is contained in all enforce policies and a hash/'unsafe-inline' that matches/is contained in all
554         report-only policies so that we only allow the resource for the former. As a side effect of this change
555         we may report that a resource violated a policy even if it contained the hash. See <https://bugs.webkit.org/show_bug.cgi?id=159832>
556         for more details.
557         (WebCore::ContentSecurityPolicy::allowInlineStyle): Ditto.
558         (WebCore::ContentSecurityPolicy::allowEval): Write in terms of ContentSecurityPolicy::allPoliciesAllow().
559         (WebCore::ContentSecurityPolicy::allowFrameAncestors): Ditto.
560         (WebCore::ContentSecurityPolicy::allowPluginType): Ditto.
561         (WebCore::ContentSecurityPolicy::allowScriptFromSource): Ditto.
562         (WebCore::ContentSecurityPolicy::allowObjectFromSource): Ditto.
563         (WebCore::ContentSecurityPolicy::allowChildFrameFromSource): Ditto.
564         (WebCore::ContentSecurityPolicy::allowChildContextFromSource): Ditto.
565         (WebCore::ContentSecurityPolicy::allowImageFromSource): Ditto.
566         (WebCore::ContentSecurityPolicy::allowStyleFromSource): Ditto.
567         (WebCore::ContentSecurityPolicy::allowFontFromSource): Ditto.
568         (WebCore::ContentSecurityPolicy::allowMediaFromSource): Ditto.
569         (WebCore::ContentSecurityPolicy::allowConnectToSource): Ditto.
570         (WebCore::ContentSecurityPolicy::allowFormAction): Ditto.
571         (WebCore::ContentSecurityPolicy::allowBaseURI): Ditto.
572         (WebCore::ContentSecurityPolicy::foundHashOfContentInAllPolicies): Deleted.
573         * page/csp/ContentSecurityPolicy.h:
574         (WebCore::ContentSecurityPolicy::violatedDirectiveInAnyPolicy): Deleted.
575
576 2016-07-19  Chris Dumez  <cdumez@apple.com>
577
578         Fix null handling of HTMLScriptElement.text attribute
579         https://bugs.webkit.org/show_bug.cgi?id=159943
580
581         Reviewed by Benjamin Poulain.
582
583         Fix null handling of HTMLScriptElement.text attribute:
584         - https://html.spec.whatwg.org/multipage/scripting.html#the-script-element
585
586         We should treat null as the "null" String but we were treating it as
587         the empty string.
588
589         Firefox and Chrome match the specification.
590
591         No new tests, rebaselined existing test.
592
593         * html/HTMLScriptElement.idl:
594
595 2016-07-19  Chris Dumez  <cdumez@apple.com>
596
597         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]
598         https://bugs.webkit.org/show_bug.cgi?id=159934
599
600         Reviewed by Benjamin Poulain.
601
602         autocapitalize attribute should not use [TreatNullAs=LegacyNullString]. This is
603         non-standard and we want to drop support for it from the bindings generator.
604
605         Instead, use [TreatNullAs=EmptyString] in order to maintain existing behavior
606         given that both a missing/empty attribute result in using the default
607         autocapitalization mode and that autocapitalize returns the empty string by
608         default.
609
610         Test: platform/ios-simulator/ios/fast/forms/autocapitalize-null.html
611
612         * html/HTMLFormElement.idl:
613         * html/HTMLInputElement.idl:
614         * html/HTMLTextAreaElement.idl:
615
616 2016-07-19  Zalan Bujtas  <zalan@apple.com>
617
618         REGRESSION(r203415): ASSERTION FAILED: !m_layoutRoot->container() || !m_layoutRoot->container()->needsLayout()
619         https://bugs.webkit.org/show_bug.cgi?id=159952
620
621         Reviewed by Simon Fraser.
622
623         Update ASSERTs to reflect new functionality, that is, now we can end up in a state
624         where the container (RenderView) of one of the dirty subtrees is dirty.
625         See r203415.
626  
627         Covered by editing/pasteboard/drag-drop-input-in-svg.svg
628
629         * page/FrameView.cpp:
630         (WebCore::FrameView::scheduleRelayoutOfSubtree):
631
632 2016-07-19  Dean Jackson  <dino@apple.com>
633
634         REGRESSION(202927): The first slide is the only displayed slide when Quicklooking a Keynote file
635         https://bugs.webkit.org/show_bug.cgi?id=159948
636         <rdar://problem/27391012>
637
638         Reviewed by Simon Fraser.
639
640         There is an iOS bug (<rdar://problem/27416744>) that is causing us
641         to not always get a color space on CGContextRefs. Investigation of this
642         exposed some optimizations we can take when we are creating ImageBuffers.
643         In particular, if we have a bitmap context or an IOSurfaceContext we
644         can simply copy their color space using API. Otherwise we stick with
645         the existing CGContextCopyDeviceColorSpace.
646
647         Lastly, if for some reason we are unable to copy the device color space,
648         we should fall back to sRGB.
649
650         * platform/graphics/cg/ImageBufferCG.cpp:
651         (WebCore::ImageBuffer::createCompatibleBuffer):
652         * platform/spi/cg/CoreGraphicsSPI.h: Add some SPI and enums.
653
654
655 2016-07-19  George Ruan  <gruan@apple.com>
656
657         HTMLVideoElement frames do not update on iOS when src is a MediaStream blob
658         https://bugs.webkit.org/show_bug.cgi?id=159833
659         <rdar://problem/27379487>
660
661         Reviewed by Eric Carlson.
662
663         Test: fast/mediastream/MediaStream-video-element-displays-buffer.html
664
665         * WebCore.xcodeproj/project.pbxproj:
666         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Change create to return a Ref<T> instead
667         of RefPtr<T>
668         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h: Make observer of
669         MediaStreamTrackPrivate and make MediaPlayer use an AVSampleBufferDisplayLayer instead of CALayer.
670         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm: Ditto.
671         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::~MediaPlayerPrivateMediaStreamAVFObjC): Clean up
672         observers and AVSampleBufferDisplayLayer
673         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Ensures AVSampleBufferDisplayLayer
674         is available.
675         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Placeholder.
676         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Responsible
677         for enqueuing sample buffers to the active video track.
678         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Ensures that an AVSampleBufferDisplayLayer
679         exists.
680         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Destroys the AVSampleBufferDisplayLayer.
681         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::platformLayer): Replace CALayer with AVSampleBufferDisplayLayer.
682         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentDisplayMode): Ditto.
683         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated): Called from MediaStreamTrackPrivate when a
684         new SampleBuffer is available.
685         (WebCore::updateTracksOfType): Manage adding and removing self as observer from tracks.
686         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks): Replace CALayer with AVSampleBufferDisplayLayer
687         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::acceleratedRenderingStateChanged): Copied from
688         MediaPlayerPrivateMediaSourceAVFObjC.mm
689         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::load): Deleted CALayer.
690         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateDisplayMode): Deleted process of updating CALayer.
691         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateIntrinsicSize): Deleted CALayer.
692         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::createPreviewLayers): Deleted.
693         * platform/mediastream/MediaStreamPrivate.cpp:
694         (WebCore::MediaStreamPrivate::updateActiveVideoTrack): Remove redundant check.
695         * platform/mediastream/MediaStreamTrackPrivate.cpp:
696         (WebCore::MediaStreamTrackPrivate::sourceHasMoreMediaData): Called from RealtimeMediaSource when a new SampleBuffer
697         is available.
698         * platform/mediastream/MediaStreamTrackPrivate.h:
699         (WebCore::MediaStreamTrackPrivate::Observer::sampleBufferUpdated): Relays to MediaPlayerPrivateMediaStream that
700         a new SampleBuffer is available to enqueue to the AVSampleBufferDisplayLayer.
701         * platform/mediastream/RealtimeMediaSource.cpp:
702         (WebCore::RealtimeMediaSource::mediaDataUpdated): Relays to all observers that a new SampleBuffer is available.
703         * platform/mediastream/RealtimeMediaSource.h:
704         * platform/mediastream/mac/AVVideoCaptureSource.mm:
705         (WebCore::AVVideoCaptureSource::processNewFrame): Calls mediaDataUpdated when a new SampleBuffer is captured.
706
707 2016-07-19  Anders Carlsson  <andersca@apple.com>
708
709         Get rid of a #define private public hack in WebCore
710         https://bugs.webkit.org/show_bug.cgi?id=159953
711
712         Reviewed by Dan Bernstein.
713
714         Use @package instead.
715
716         * bindings/objc/DOMInternal.h:
717         * bindings/objc/DOMObject.h:
718
719 2016-07-19  Andreas Kling  <akling@apple.com>
720
721         Fix SharedBuffer leak in MockContentFilter::replacementData().
722         <https://webkit.org/b/159945>
723
724         Reviewed by Andy Estes.
725
726         Spotted on leaks bot. This code was pretty explicit about how it's going to leak.
727         Since this is in the mock filter, it only affected layout tests.
728
729         * testing/MockContentFilter.cpp:
730         (WebCore::MockContentFilter::replacementData):
731
732 2016-07-19  Zalan Bujtas  <zalan@apple.com>
733
734         theguardian.co.uk crossword puzzles are sometimes not displaying text
735         https://bugs.webkit.org/show_bug.cgi?id=159924
736         <rdar://problem/27409483>
737
738         Reviewed by Simon Fraser.
739
740         This patch fixes the case when
741         - 2 disjoint subtrees are dirty
742         - RenderView is also dirty.
743         and we end up not laying out one of the 2 subtrees.
744
745         In FrameView::scheduleRelayoutOfSubtree, we assume that when the RenderView is dirty
746         we already have a pending full layout which means that any previous subtree layouts have already been
747         converted to full layouts.
748         However this assumption is incorrect. RenderView can get dirty without checking if there's
749         already a pending subtree layout.
750         One option to solve this problem would be to override RenderObject::setNeedsLayout in RenderView
751         so that when the RenderView gets dirty, we could also convert any pending subtree layout to full layout.
752         However RenderObject::setNeedsLayout is a hot function and making it virtual would impact performance.
753         The other option is to always normalize subtree layouts in FrameView::scheduleRelayoutOfSubtree().
754         This patch implements the second option.
755
756         Test: fast/misc/subtree-layouts.html
757
758         * page/FrameView.cpp:
759         (WebCore::FrameView::scheduleRelayoutOfSubtree):
760
761 2016-07-19  Anders Carlsson  <andersca@apple.com>
762
763         Some payment authorization status values should keep the sheet active
764         https://bugs.webkit.org/show_bug.cgi?id=159936
765         rdar://problem/26756701
766
767         Reviewed by Tim Horton.
768
769         * Modules/applepay/ApplePaySession.cpp:
770         (WebCore::ApplePaySession::completePayment):
771         Keep the sheet active if the status isn't a final state status.
772
773         * Modules/applepay/PaymentAuthorizationStatus.h:
774         (WebCore::isFinalStateStatus):
775         Add a new helper function that returns whether a given payment authorization status is "final",
776         meaning that once that status has been passed to completePayment, the session is finished.
777
778 2016-07-19  Nan Wang  <n_wang@apple.com>
779
780         AX: Incorrect behavior for word related text marker functions when there's collapsed whitespace
781         https://bugs.webkit.org/show_bug.cgi?id=159910
782
783         Reviewed by Chris Fleizach.
784
785         We are getting a bad CharacterOffset when there's collapsed whitespace. Added a TraverseOptionValidateOffset
786         option to make sure we are getting the correct CharacterOffset based on the corresponding Range offset. And
787         fixed a word navigation issue based on that.
788
789         Test: accessibility/mac/text-marker-word-nav-collapsed-whitespace.html
790
791         * accessibility/AXObjectCache.cpp:
792         (WebCore::AXObjectCache::traverseToOffsetInRange):
793         (WebCore::AXObjectCache::rangeForNodeContents):
794         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
795         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
796         (WebCore::AXObjectCache::rightWordRange):
797         (WebCore::AXObjectCache::previousBoundary):
798         * accessibility/AXObjectCache.h:
799         (WebCore::AXObjectCache::isNodeInUse):
800
801 2016-07-19  Youenn Fablet  <youenn@apple.com>
802
803         [Streams API] ReadableStreamController methods should throw if its stream is not readable
804         https://bugs.webkit.org/show_bug.cgi?id=159871
805
806         Reviewed by Xabier Rodriguez-Calvar.
807
808         Spec now mandates close and enqueue to throw if ReadableStream is not readable.
809         Covered by rebased and/or modified tests.
810
811         * Modules/streams/ReadableStreamController.js:
812         (enqueue): Throwing a TypeError if controlled stream is not readable.
813         (close): Ditto.
814
815 2016-07-19  Simon Fraser  <simon.fraser@apple.com>
816
817         Bubbles appear split for a brief moment in Messages
818         https://bugs.webkit.org/show_bug.cgi?id=159915
819         rdar://problem/27182267
820
821         Reviewed by David Hyatt.
822
823         RenderView::repaintRootContents() had a long-standing bug in WebView when the
824         view is scrolled. repaint() uses visualOverflowRect() but, for the 
825         RenderView, the visualOverflowRect() is the initial containing block
826         which is anchored at 0,0. When the view is scrolled it's clipped out and
827         calls to repaintRootContents() have no effect.
828         
829         Change repaintRootContents() to use layoutOverflowRect(). ScrollView::repaintContentRectangle()
830         will clip it to the view if necessary.
831
832         Test: fast/repaint/scrolled-view-full-repaint.html
833
834         * rendering/RenderView.cpp:
835         (WebCore::RenderView::repaintRootContents):
836
837 2016-07-19  Dan Bernstein  <mitz@apple.com>
838
839         <rdar://problem/27420308> WebCore-7602.1.42 fails to build: error: unused parameter 'vm'
840
841         * bindings/js/JSDOMGlobalObject.cpp:
842         (WebCore::JSDOMGlobalObject::addBuiltinGlobals): Fixed the !ENABLE(STREAMS_API) build.
843
844 2016-07-19  Youenn Fablet  <youenn@apple.com>
845
846         [Streams API] Make ReadableStream properties not enumerable
847         https://bugs.webkit.org/show_bug.cgi?id=159868
848
849         Reviewed by Darin Adler.
850
851         Covered by rebased tests.
852
853         Uopdating IDL definitions to mark all functions/attributes as not enumerable.
854         Updating IDL constructor definitions to correctly compute constructor length.
855         Updating built-in implementation to correctly compute pipeTo length to 1 (second parameter being optional).
856
857         * Modules/streams/ReadableStream.idl:
858         * Modules/streams/ReadableStream.js:
859         * Modules/streams/ReadableStreamController.idl:
860         * Modules/streams/ReadableStreamReader.idl:
861
862 2016-07-19  Chris Dumez  <cdumez@apple.com>
863
864         form.enctype / encoding / method should treat null as "null" string
865         https://bugs.webkit.org/show_bug.cgi?id=159916
866
867         Reviewed by Ryosuke Niwa.
868
869         form.enctype / encoding / method should treat null as "null" string:
870         - https://html.spec.whatwg.org/multipage/forms.html#htmlformelement
871
872         Previously, WebKit would treat null as the null String, which would
873         end up removing the existing attribute.
874
875         Firefox and Chrome match the specification.
876
877         Test: fast/dom/HTMLFormElement/null-handling.html
878
879         * html/HTMLFormElement.h:
880         * html/HTMLFormElement.idl:
881
882 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
883
884         All-in-one buildfix after r202439
885         https://bugs.webkit.org/show_bug.cgi?id=159877
886
887         Reviewed by Chris Dumez.
888
889         * Modules/webaudio/AudioDestinationNode.h:
890         (WebCore::AudioDestinationNode::resume):
891         (WebCore::AudioDestinationNode::suspend):
892         (WebCore::AudioDestinationNode::close):
893
894 2016-07-18  Frederic Wang  <fwang@igalia.com>
895
896         Move parsing of subscriptshift and superscriptshift from rendering to element classes
897         https://bugs.webkit.org/show_bug.cgi?id=159622
898
899         Reviewed by Darin Adler.
900
901         We introduce a new MathMLScriptsElement that is used for elements msub, msup, msubsup and
902         mmultiscripts in order to create RenderMathMLScripts and parse and expose the values of the
903         subscriptshift and superscriptshift attributes. This is one more step toward moving MathML
904         attribute parsing to the DOM (bug 156536).
905
906         No new tests, rendering is unchanged.
907
908         * CMakeLists.txt: Add MathMLScriptsElement files.
909         * WebCore.xcodeproj/project.pbxproj: Ditto.
910         * mathml/MathMLAllInOne.cpp: Ditto.
911         * mathml/MathMLInlineContainerElement.cpp: Remove handling of scripts.
912         (WebCore::MathMLInlineContainerElement::createElementRenderer): Deleted.
913         * mathml/MathMLScriptsElement.cpp: Added. New class to handle scripted elements supporting
914         parsing for the subscriptshift and superscriptshift MathML lengths.
915         (WebCore::MathMLScriptsElement::MathMLScriptsElement):
916         (WebCore::MathMLScriptsElement::create):
917         (WebCore::MathMLScriptsElement::subscriptShift): Expose the cached length for the shift,
918         parsing the attribute again if necessary.
919         (WebCore::MathMLScriptsElement::superscriptShift): Ditto.
920         (WebCore::MathMLScriptsElement::parseAttribute): Mark attributes dirty.
921         (WebCore::MathMLScriptsElement::createElementRenderer): Create RenderMathMLScripts.
922         * mathml/MathMLScriptsElement.h: Ditto.
923         * mathml/mathtags.in: Map msub, msup, msubsup and mmultiscripts to MathMLScriptsElement.
924         * rendering/mathml/RenderMathMLScripts.cpp:
925         (WebCore::RenderMathMLScripts::scriptsElement): Helper function to cast the node to a
926         MathMLScriptsElement.
927         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded): Resolve the attributes
928         using the functions from the MathMLScriptsElement class.
929         * rendering/mathml/RenderMathMLScripts.h: Declare scriptsElement.
930
931 2016-07-18  Frederic Wang  <fwang@igalia.com>
932
933         Do not store gap and shift parameters on RenderMathMLFraction
934         https://bugs.webkit.org/show_bug.cgi?id=159876
935
936         Reviewed by Darin Adler.
937
938         After r203285, the stack and fraction layout parameters are only used in layoutBlock so we
939         do not need to store them on the class. We remove them and split updateLayoutParameters into
940         three functions: one to update the linethickness and two others to retrieve the fraction and
941         stack respectively.
942
943         No new tests, rendering is unchanged.
944
945         * rendering/mathml/RenderMathMLFraction.cpp:
946         (WebCore::RenderMathMLFraction::updateLineThickness): Move code to update thickness members here.
947         (WebCore::RenderMathMLFraction::getFractionParameters): Move code to retrieve fraction parameters here.
948         (WebCore::RenderMathMLFraction::getStackParameters): Move code to retrieve stack parameters here.
949         (WebCore::RenderMathMLFraction::layoutBlock): Use the new helper functions and local variables
950         for fraction and stack parameters.
951         (WebCore::RenderMathMLFraction::updateLayoutParameters): Deleted.
952         * rendering/mathml/RenderMathMLFraction.h: Declare new helper functions and remove members
953         for stack and fraction parameters.
954
955 2016-07-18  Chris Dumez  <cdumez@apple.com>
956
957         input.formEnctype / formMethod and button.formEnctype / formMethod / type should treat null as "null"
958         https://bugs.webkit.org/show_bug.cgi?id=159908
959
960         Reviewed by Alex Christensen.
961
962         input.formEnctype / formMethod and button.formEnctype / formMethod / type
963         should treat null as "null" String:
964         - https://html.spec.whatwg.org/multipage/forms.html#htmlinputelement
965         - https://html.spec.whatwg.org/multipage/forms.html#htmlbuttonelement
966
967         In WebKit, we would treat null as a null String which would end up
968         removing the corresponding attribute. This does not match the
969         specification. Firefox and Chrome match the specification here.
970
971         Tests:
972         - fast/dom/HTMLButtonElement/null-handling.html
973         - fast/dom/HTMLInputElement/null-handling.html
974
975         * html/HTMLButtonElement.idl:
976         * html/HTMLInputElement.idl:
977
978 2016-07-18  Alex Christensen  <achristensen@webkit.org>
979
980         webbookmarksd needs to use the same AppCache directory as MobileSafari
981         https://bugs.webkit.org/show_bug.cgi?id=159912
982
983         Reviewed by Alexey Proskuryakov.
984
985         No new tests.  This only changes behavior for webbookmarksd.
986
987         * platform/RuntimeApplicationChecks.h:
988         * platform/RuntimeApplicationChecks.mm:
989         (WebCore::IOSApplication::isWebBookmarksD): Added.
990
991 2016-07-18  Chris Dumez  <cdumez@apple.com>
992
993         EventTarget.dispatchEvent() parameter should not be nullable
994         https://bugs.webkit.org/show_bug.cgi?id=159897
995
996         Reviewed by Benjamin Poulain.
997
998         EventTarget.dispatchEvent() parameter should not be nullable:
999         - https://dom.spec.whatwg.org/#interface-eventtarget
1000
1001         Even though the parameter was marked as nullable in our IDL, our
1002         implementation does a null check and we already throw a TypeError
1003         when calling dispatchEvent(null).
1004
1005         Update our IDL so that it matches the specification and so that
1006         the null check is generated in the bindings instead.
1007
1008         No new tests, rebaseline existing tests.
1009
1010         * dom/EventTarget.cpp:
1011         (WebCore::EventTarget::dispatchEventForBindings):
1012         * dom/EventTarget.h:
1013         * dom/EventTarget.idl:
1014
1015 2016-07-18  Chris Dumez  <cdumez@apple.com>
1016
1017         DocType's publicId / systemId should not be nullable
1018         https://bugs.webkit.org/show_bug.cgi?id=159901
1019
1020         Reviewed by Benjamin Poulain.
1021
1022         DocType's publicId / systemId should not be nullable. While they were
1023         not marked as nullable in our IDL, they could be stored as null Strings
1024         in our implementation depending on how the Node was constructed. This
1025         led to subtle bugs where String() != emptyString().
1026
1027         In particular, Node.isEqualNode() would return false when DocumentType
1028         nodes would mismatch because of their publicId / systemId being null
1029         instead of the emptyString.
1030
1031         Serialization would DocumentType nodes would also be wrong when
1032         publicId / systemId were empty Strings instead of null strings. The
1033         new behavior now matches:
1034         - https://www.w3.org/TR/DOM-Parsing/#dfn-concept-serialize-doctype (steps 7-9)
1035
1036         To address these issues, we now always store publicId / systemId as
1037         non-null Strings inside the DocumentType class.
1038
1039         Test: fast/dom/DocumentType/isEqualNode.html
1040
1041         * dom/DocumentType.cpp:
1042         (WebCore::DocumentType::DocumentType):
1043         * editing/MarkupAccumulator.cpp:
1044         (WebCore::MarkupAccumulator::appendDocumentType):
1045
1046 2016-07-18  Jeremy Jones  <jeremyj@apple.com>
1047
1048         If previous media session interruptions were prevented, still allow subsequent interruptions to try.
1049         https://bugs.webkit.org/show_bug.cgi?id=157553
1050         rdar://problem/25740804
1051
1052         Reviewed by Eric Carlson.
1053
1054         Test: platform/ios-simulator/media/video-interruption-suspendunderlock.html
1055
1056         When suspending under lock on iOS, there is first a resign active event, then a
1057         suspend under lock. PiP prevents resign active from interrupting playback. But it should allow the
1058         suspend under lock to interrupt playback.
1059
1060         Currently if there are nested interruptions only the first one is acted upon.
1061
1062         This change allows subsequent, nested interruptions to have a chance to interrupt playback if the
1063         previous interruptions were ignored.
1064
1065         This test is for iPad only, so it must be run manually.
1066
1067         * html/HTMLMediaElement.cpp:
1068         (WebCore::HTMLMediaElement::shouldOverrideBackgroundPlaybackRestriction):
1069         * platform/audio/PlatformMediaSession.cpp:
1070         (WebCore::PlatformMediaSession::beginInterruption):
1071         * testing/Internals.cpp:
1072         (WebCore::Internals::beginMediaSessionInterruption):
1073
1074 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1075
1076         Don't associate form-associated elements with forms in other trees.
1077         https://bugs.webkit.org/show_bug.cgi?id=119451
1078         <rdar://problem/27382946>
1079
1080         Change is based on the Blink change (patch by <adamk@chromium.org>):
1081         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1082
1083         Reviewed by Chris Dumez.
1084
1085         Prevent elements from being associated with forms that are not part of the same home subtree.
1086         This brings us in line with the WhatWG HTML specification as of September, 2013.
1087
1088         Tests: fast/forms/image-disconnected-during-parse.html
1089                fast/forms/input-disconnected-during-parse.html
1090
1091         * dom/Element.h:
1092         (WebCore::Node::rootElement): Added.
1093         * html/FormAssociatedElement.cpp:
1094         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1095         is not part of the same tree, remove the association.
1096         * html/HTMLImageElement.cpp:
1097         (WebCore::HTMLImageElement::insertedInto): Ditto.
1098
1099 2016-07-18  Anders Carlsson  <andersca@apple.com>
1100
1101         WebKit nightly fails to build on macOS Sierra
1102         https://bugs.webkit.org/show_bug.cgi?id=159902
1103         rdar://problem/27365672
1104
1105         Reviewed by Tim Horton.
1106
1107         * Modules/applepay/cocoa/PaymentCocoa.mm:
1108         * Modules/applepay/cocoa/PaymentContactCocoa.mm:
1109         * Modules/applepay/cocoa/PaymentMerchantSessionCocoa.mm:
1110         * Modules/applepay/cocoa/PaymentMethodCocoa.mm:
1111         Use new PassKitSPI header.
1112
1113         * WebCore.xcodeproj/project.pbxproj:
1114         Add new PassKitSPI header.
1115
1116         * icu/unicode/ucurr.h: Added.
1117         Add ucurr.h from ICU.
1118
1119         * platform/spi/cocoa/PassKitSPI.h: Added.
1120         Add new PassKitSPI header.
1121
1122 2016-07-18  Dean Jackson  <dino@apple.com>
1123
1124         REGRESSION (r202950): Image zoom animations are broken at medium.com (159861)
1125         https://bugs.webkit.org/show_bug.cgi?id=159906
1126         <rdar://problem/27391725>
1127
1128         Reviewed by Simon Fraser.
1129
1130         The fix for webkit.org/b/157569 in r200769 broke AMP pages.
1131         The followup fix for webkit.org/b/159450 in r202950 broke Medium pages.
1132
1133         Revert them both until we have better testing.
1134
1135         * css/CSSParser.cpp:
1136         (WebCore::CSSParser::addPropertyWithPrefixingVariant):
1137         (WebCore::CSSParser::parseValue):
1138         (WebCore::CSSParser::parseAnimationShorthand):
1139         (WebCore::CSSParser::parseTransitionShorthand): Deleted.
1140         * css/CSSPropertyNames.in:
1141         * css/PropertySetCSSStyleDeclaration.cpp:
1142         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValue):
1143         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValue):
1144         (WebCore::PropertySetCSSStyleDeclaration::getPropertyCSSValueInternal):
1145         (WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal):
1146         * css/StyleProperties.cpp:
1147         (WebCore::MutableStyleProperties::removeShorthandProperty):
1148         (WebCore::MutableStyleProperties::removeProperty):
1149         (WebCore::MutableStyleProperties::removePrefixedOrUnprefixedProperty):
1150         (WebCore::MutableStyleProperties::setProperty):
1151         (WebCore::getIndexInShorthandVectorForPrefixingVariant):
1152         (WebCore::MutableStyleProperties::appendPrefixingVariantProperty):
1153         (WebCore::MutableStyleProperties::setPrefixingVariantProperty):
1154         (WebCore::StyleProperties::asText): Deleted.
1155         * css/StyleProperties.h:
1156
1157 2016-07-18  Andreas Kling  <akling@apple.com>
1158
1159         There should be a way to simulate memory pressure in layout tests
1160         <https://webkit.org/b/159743>
1161
1162         Reviewed by Simon Fraser.
1163
1164         Add three window.internal APIs:
1165
1166             - boolean isUnderMemoryPressure (readonly attribute)
1167             - void beginSimulatedMemoryPressure()
1168             - void endSimulatedMemoryPressure()
1169
1170         These make it possible to write tests that exercise behaviors that only
1171         occur during memory pressure situations.
1172
1173         I also implemented the "org.WebKit.lowMemory" notification handler using the new API.
1174
1175         Test: memory/memory-pressure-simulation.html
1176
1177         * platform/MemoryPressureHandler.cpp:
1178         (WebCore::MemoryPressureHandler::beginSimulatedMemoryPressure):
1179         (WebCore::MemoryPressureHandler::endSimulatedMemoryPressure):
1180         * platform/MemoryPressureHandler.h:
1181         (WebCore::MemoryPressureHandler::isUnderMemoryPressure):
1182         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1183         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1184         (WebCore::MemoryPressureHandler::install):
1185         * testing/Internals.cpp:
1186         (WebCore::Internals::isUnderMemoryPressure):
1187         (WebCore::Internals::beginSimulatedMemoryPressure):
1188         (WebCore::Internals::endSimulatedMemoryPressure):
1189         * testing/Internals.h:
1190         * testing/Internals.idl:
1191
1192 2016-07-18  Said Abou-Hallawa  <sabouhallawa@apple,com>
1193
1194         [iOS] PDFDocumentImage should cache only a sub image of the PDF when caching the whole image is expensive
1195         https://bugs.webkit.org/show_bug.cgi?id=158715
1196
1197         Reviewed by Dean Jackson.
1198
1199         Test: fast/images/displaced-non-cached-pdf.html
1200
1201         For iOS, we need to ensure the size of the cached PDF images will not
1202         exceed some limit. Also we should be caching only a sub image of the PDF
1203         if caching the whole image will exceed the memory limit.
1204
1205         * page/Settings.cpp:
1206         (WebCore::Settings::Settings):
1207         (WebCore::Settings::setCachedPDFImageEnabled):
1208         * page/Settings.h:
1209         (WebCore::Settings::isCachedPDFImageEnabled):
1210             Add an option to disable caching the PDF images.
1211
1212         * platform/graphics/cg/PDFDocumentImage.cpp:
1213         (WebCore::PDFDocumentImage::setCachedPDFImageEnabled):
1214             Allow the caller of draw() to disable caching the PDF images.
1215         
1216         (WebCore::PDFDocumentImage::cacheParametersMatch):
1217             Match the context dirty rectangle with the cached image rectangle.
1218         
1219         (WebCore::transformContextForPainting):
1220             When preparing the context for drawing the PDF, take the location 
1221             of the destination rectangle into account. We do not need to scale
1222             the location of the source rectangle because we scale the size of
1223             the rectangle but we don't scale the whole coordinate system.
1224
1225         (WebCore::cachedImageRect):
1226             Calculate the rectangle of the cached image such that it does not
1227             exceed the limit. Start from the center of the dirty rectangle and
1228             then expand around it.
1229             
1230         (WebCore::PDFDocumentImage::decodedSizeChanged):
1231             In addition to notifying the ImageObserver, it keeps track of the size
1232             of all the cached PDF images.
1233
1234         (WebCore::PDFDocumentImage::updateCachedImageIfNeeded):
1235             Ensure the size of all the cached images does not exceed the limit
1236             
1237         (WebCore::PDFDocumentImage::destroyDecodedData):
1238         * platform/graphics/cg/PDFDocumentImage.h:
1239
1240         * rendering/RenderImage.cpp:
1241         (WebCore::RenderImage::paintIntoRect):
1242             Pass the option to disable caching the PDF images to PDFDocumentImage.
1243
1244         * testing/InternalSettings.cpp:
1245         (WebCore::InternalSettings::Backup::Backup):
1246         (WebCore::InternalSettings::Backup::restoreTo):
1247         (WebCore::InternalSettings::setCachedPDFImageEnabled):
1248         * testing/InternalSettings.h:
1249         * testing/InternalSettings.idl:
1250             Add an internal option to disable caching the PDF images.
1251
1252 2016-07-18  Chris Dumez  <cdumez@apple.com>
1253
1254         The 2 first parameters to addEventListener() / removeEventListener() should be mandatory
1255         https://bugs.webkit.org/show_bug.cgi?id=158008
1256
1257         Reviewed by Darin Adler.
1258
1259         The 2 first parameters to addEventListener() / removeEventListener() should be
1260         mandatory:
1261         - https://dom.spec.whatwg.org/#interface-eventtarget
1262
1263         Firefox 46 and Chrome 50 both match the specification and throw an exception when those
1264         parameters are omitted. However, those parameters were marked as optional in WebKit and
1265         the calls were no-ops if those parameters were omitted. This patch aligns our behavior
1266         with the specification and other browsers.
1267
1268         Test: fast/dom/eventtarget-api-parameters.html
1269
1270         * bindings/scripts/CodeGeneratorJS.pm:
1271         (GetFunctionLength): Deleted.
1272         * dom/EventTarget.idl:
1273
1274 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1275
1276         Unreviewed, rolling out r203373.
1277
1278         Unaddressed
1279
1280         Reverted changeset:
1281
1282         "Don't associate form-associated elements with forms in other
1283         trees."
1284         https://bugs.webkit.org/show_bug.cgi?id=119451
1285         http://trac.webkit.org/changeset/203373
1286
1287 2016-07-18  Brent Fulgham  <bfulgham@apple.com>
1288
1289         Don't associate form-associated elements with forms in other trees.
1290         https://bugs.webkit.org/show_bug.cgi?id=119451
1291         <rdar://problem/27382946>
1292
1293         Change is based on the Blink change (patch by <adamk@chromium.org>):
1294         <https://chromium.googlesource.com/chromium/blink/+/0b33128be67e7845d495d5219614c02ccfe7a414>
1295
1296         Reviewed by Zalan Bujtas.
1297
1298         Prevent elements from being associated with forms that are not part of the same home subtree.
1299         This brings us in line with the WhatWG HTML specification as of September, 2013.
1300
1301         Tests: fast/forms/image-disconnected-during-parse.html
1302                fast/forms/input-disconnected-during-parse.html
1303
1304         * dom/NodeTraversal.h:
1305         (WebCore::NodeTraversal::highestAncestorOrSelf): Added.
1306         * html/FormAssociatedElement.cpp:
1307         (WebCore::FormAssociatedElement::insertedInto): If the element is associated with a form that
1308         is not part of the same tree, remove the association.
1309         * html/HTMLImageElement.cpp:
1310         (WebCore::HTMLImageElement::insertedInto): Ditto.
1311
1312 2016-07-18  George Ruan  <gruan@apple.com>
1313
1314         Move MediaSampleAVFObjC into its own file
1315         https://bugs.webkit.org/show_bug.cgi?id=159796
1316         <rdar://problem/27362488>
1317
1318         In preparation for a feature that uses MediaSampleAVFObjC, but does
1319         not need SourceBufferPrivateAVFObjC, it is beneficial to move
1320         MediaSampleAVFObjC to its own file.
1321
1322         Reviewed by Eric Carlson.
1323
1324         * WebCore.xcodeproj/project.pbxproj:
1325         * platform/MediaSample.h: Allow setting trackID to associate
1326         MediaSample id with MediaStreamTrackPrivate id.
1327         * platform/graphics/avfoundation/MediaSampleAVFObjC.h: Added.
1328         * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm: Moved
1329         from MediaSampleAVFObjC
1330         (WebCore::MediaSampleAVFObjC::presentationTime):
1331         (WebCore::MediaSampleAVFObjC::decodeTime):
1332         (WebCore::MediaSampleAVFObjC::duration):
1333         (WebCore::MediaSampleAVFObjC::sizeInBytes):
1334         (WebCore::MediaSampleAVFObjC::platformSample):
1335         (WebCore::CMSampleBufferIsRandomAccess):
1336         (WebCore::MediaSampleAVFObjC::flags):
1337         (WebCore::MediaSampleAVFObjC::presentationSize):
1338         (WebCore::MediaSampleAVFObjC::dump):
1339         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy):
1340         (WebCore::MediaSampleAVFObjC::setTimestamps):
1341         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1342         Moved MediaSampleAVFObjC to its own file.
1343         (WebCore::MediaSampleAVFObjC::platformSample): Deleted.
1344         (WebCore::CMSampleBufferIsRandomAccess): Deleted.
1345         (WebCore::MediaSampleAVFObjC::flags): Deleted.
1346         (WebCore::MediaSampleAVFObjC::presentationSize): Deleted.
1347         (WebCore::MediaSampleAVFObjC::dump): Deleted.
1348         (WebCore::MediaSampleAVFObjC::offsetTimestampsBy): Deleted.
1349         (WebCore::MediaSampleAVFObjC::setTimestamps): Deleted.
1350         * platform/mock/mediasource/MockSourceBufferPrivate.cpp:
1351
1352 2016-07-18  Eric Carlson  <eric.carlson@apple.com>
1353
1354         [MSE][Mac] Pass AVSampleBufferDisplayLayer HDCP status to a newly created key session
1355         https://bugs.webkit.org/show_bug.cgi?id=159812
1356         <rdar://problem/27371624>
1357
1358         Reviewed by Jon Lee.
1359
1360         No new tests, it isn't possible to test this with our current testing infrastructure.
1361
1362         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
1363         * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
1364         (WebCore::SourceBufferPrivateAVFObjC::setCDMSession): Call layerDidReceiveError if there has
1365         been an HDCP error.
1366         (WebCore::SourceBufferPrivateAVFObjC::rendererDidReceiveError): Remember an HDCP error.
1367
1368 2016-07-18  Yoav Weiss  <yoav@yoav.ws>
1369
1370         Add preload to features.json
1371         https://bugs.webkit.org/show_bug.cgi?id=159872
1372
1373         Reviewed by Darin Adler.
1374
1375         No new tests but no functional change.
1376
1377         * features.json:
1378
1379 2016-07-18  Youenn Fablet  <youenn@apple.com>
1380
1381         [Streams API] ReadableStream should throw a RangeError in case of NaN highWaterMark
1382         https://bugs.webkit.org/show_bug.cgi?id=159870
1383
1384         Reviewed by Xabier Rodriguez-Calvar.
1385
1386         Covered by rebased test.
1387
1388         * Modules/streams/StreamInternals.js:
1389         (validateAndNormalizeQueuingStrategy): Throwing a RangeError in lieu of a TypeError in case of NaN highWaterMark.
1390
1391 2016-07-18  Csaba Osztrogon√°c  <ossy@webkit.org>
1392
1393         Windows buildfix after r203338
1394         https://bugs.webkit.org/show_bug.cgi?id=159875
1395
1396         Unreviewed buildfix.
1397
1398         * dom/UserGestureIndicator.h:
1399         (WebCore::UserGestureToken::addDestructionObserver):
1400
1401 2016-07-18  Carlos Garcia Campos  <cgarcia@igalia.com>
1402
1403         MemoryPressureHandler doesn't work if cgroups aren't present in Linux
1404         https://bugs.webkit.org/show_bug.cgi?id=155255
1405
1406         Reviewed by Sergio Villar Senin.
1407
1408         Allow to pass an eventFD file descriptor to the MemoryPressureHandler to be monitorized in case cgroups are not
1409         available.
1410
1411         * platform/MemoryPressureHandler.h:
1412         * platform/linux/MemoryPressureHandlerLinux.cpp:
1413
1414 2016-07-17  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1415
1416         Clean up PassRefPtr uses in Modules/encryptedmedia, Modules/speech, and Modules/quota
1417         https://bugs.webkit.org/show_bug.cgi?id=159701
1418
1419         Reviewed by Alex Christensen.
1420
1421         No new tests, no behavior changes.
1422
1423         * Modules/encryptedmedia/CDM.h:
1424         * Modules/encryptedmedia/MediaKeySession.h:
1425         * Modules/encryptedmedia/MediaKeys.h:
1426         * Modules/quota/DOMWindowQuota.cpp:
1427         * Modules/quota/StorageErrorCallback.cpp:
1428         (WebCore::StorageErrorCallback::CallbackTask::CallbackTask):
1429         * Modules/quota/StorageErrorCallback.h:
1430         * Modules/quota/StorageInfo.h:
1431         * Modules/quota/StorageQuota.h:
1432         * Modules/speech/DOMWindowSpeechSynthesis.cpp:
1433         * Modules/speech/SpeechSynthesis.cpp:
1434         (WebCore::SpeechSynthesis::getVoices):
1435         (WebCore::SpeechSynthesis::startSpeakingImmediately):
1436         (WebCore::SpeechSynthesis::speak):
1437         (WebCore::SpeechSynthesis::cancel):
1438         (WebCore::SpeechSynthesis::handleSpeakingCompleted):
1439         (WebCore::SpeechSynthesis::boundaryEventOccurred):
1440         (WebCore::SpeechSynthesis::didStartSpeaking):
1441         (WebCore::SpeechSynthesis::didPauseSpeaking):
1442         (WebCore::SpeechSynthesis::didResumeSpeaking):
1443         (WebCore::SpeechSynthesis::didFinishSpeaking):
1444         (WebCore::SpeechSynthesis::speakingErrorOccurred):
1445         * Modules/speech/SpeechSynthesis.h:
1446         * Modules/speech/SpeechSynthesisEvent.h:
1447         * Modules/speech/SpeechSynthesisUtterance.h:
1448         * Modules/speech/SpeechSynthesisVoice.cpp:
1449         (WebCore::SpeechSynthesisVoice::create):
1450         (WebCore::SpeechSynthesisVoice::SpeechSynthesisVoice):
1451         * Modules/speech/SpeechSynthesisVoice.h:
1452         * platform/PlatformSpeechSynthesizer.h:
1453         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
1454         (WebCore::PlatformSpeechSynthesisProviderEfl::fireSpeechEvent):
1455         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
1456         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
1457         (WebCore::PlatformSpeechSynthesizerMock::speak):
1458         (WebCore::PlatformSpeechSynthesizerMock::cancel):
1459         (WebCore::PlatformSpeechSynthesizerMock::pause):
1460         (WebCore::PlatformSpeechSynthesizerMock::resume):
1461
1462 2016-07-16  Sam Weinig  <sam@webkit.org>
1463
1464         [WebKit API] Add SPI to track multiple navigations caused by a single user gesture
1465         <rdar://problem/26554137>
1466         https://bugs.webkit.org/show_bug.cgi?id=159856
1467
1468         Reviewed by Dan Bernstein.
1469
1470         - Adds a new RefCounted object to represent a unique user gesture, called UserGestureToken.
1471         - Makes UserGestureIndicator track UserGestureToken.
1472         - Refines UserGestureIndicator's interface to use Optional and a smaller enum set
1473           to represent the different initial states.
1474         - Stores UserGestureTokens on objects that want to forward user gesture state (DOMTimer, 
1475           postMessage, and ScheduledNavigation) rather than just a boolean.
1476
1477         * accessibility/AccessibilityNodeObject.cpp:
1478         (WebCore::AccessibilityNodeObject::increment):
1479         (WebCore::AccessibilityNodeObject::decrement):
1480         * accessibility/AccessibilityObject.cpp:
1481         (WebCore::AccessibilityObject::press):
1482         * bindings/js/ScriptController.cpp:
1483         (WebCore::ScriptController::executeScriptInWorld):
1484         (WebCore::ScriptController::executeScript):
1485         Update for new UserGestureIndicator interface.
1486
1487         * dom/UserGestureIndicator.cpp:
1488         (WebCore::currentToken):
1489         (WebCore::UserGestureToken::~UserGestureToken):
1490         (WebCore::UserGestureIndicator::UserGestureIndicator):
1491         (WebCore::UserGestureIndicator::~UserGestureIndicator):
1492         (WebCore::UserGestureIndicator::currentUserGesture):
1493         (WebCore::UserGestureIndicator::processingUserGesture):
1494         (WebCore::UserGestureIndicator::processingUserGestureForMedia):
1495         (WebCore::isDefinite): Deleted.
1496         * dom/UserGestureIndicator.h:
1497         (WebCore::UserGestureToken::create):
1498         (WebCore::UserGestureToken::state):
1499         (WebCore::UserGestureToken::processingUserGesture):
1500         (WebCore::UserGestureToken::processingUserGestureForMedia):
1501         (WebCore::UserGestureToken::addDestructionObserver):
1502         (WebCore::UserGestureToken::UserGestureToken):
1503         Add UserGestureToken and track the current one explicitly.
1504
1505         * html/HTMLMediaElement.cpp:
1506         (WebCore::HTMLMediaElement::didReceiveRemoteControlCommand):
1507         * inspector/InspectorFrontendClientLocal.cpp:
1508         (WebCore::InspectorFrontendClientLocal::openInNewTab):
1509         * inspector/InspectorFrontendHost.cpp:
1510         * inspector/InspectorPageAgent.cpp:
1511         (WebCore::InspectorPageAgent::navigate):
1512         Update for new UserGestureIndicator interface.
1513
1514         * loader/NavigationAction.cpp:
1515         (WebCore::NavigationAction::NavigationAction):
1516         * loader/NavigationAction.h:
1517         (WebCore::NavigationAction::userGestureToken):
1518         (WebCore::NavigationAction::processingUserGesture):
1519         * loader/NavigationScheduler.cpp:
1520         (WebCore::ScheduledNavigation::ScheduledNavigation):
1521         (WebCore::ScheduledNavigation::~ScheduledNavigation):
1522         (WebCore::ScheduledNavigation::lockBackForwardList):
1523         (WebCore::ScheduledNavigation::wasDuringLoad):
1524         (WebCore::ScheduledNavigation::isLocationChange):
1525         (WebCore::ScheduledNavigation::userGestureToForward):
1526         (WebCore::ScheduledNavigation::clearUserGesture):
1527         (WebCore::NavigationScheduler::mustLockBackForwardList):
1528         (WebCore::NavigationScheduler::scheduleFormSubmission):
1529         (WebCore::ScheduledNavigation::wasUserGesture): Deleted.
1530         * page/DOMTimer.cpp:
1531         (WebCore::shouldForwardUserGesture):
1532         (WebCore::userGestureTokenToForward):
1533         (WebCore::DOMTimer::DOMTimer):
1534         (WebCore::DOMTimer::fired):
1535         * page/DOMTimer.h:
1536         * page/DOMWindow.cpp:
1537         (WebCore::PostMessageTimer::PostMessageTimer):
1538         Store the active UserGestureToken rather than just a bit.
1539
1540         * page/EventHandler.cpp:
1541         (WebCore::EventHandler::handleMousePressEvent):
1542         (WebCore::EventHandler::handleMouseDoubleClickEvent):
1543         (WebCore::EventHandler::handleMouseReleaseEvent):
1544         (WebCore::EventHandler::keyEvent):
1545         (WebCore::EventHandler::handleTouchEvent):
1546         * rendering/HitTestResult.cpp:
1547         (WebCore::HitTestResult::toggleMediaFullscreenState):
1548         (WebCore::HitTestResult::enterFullscreenForVideo):
1549         (WebCore::HitTestResult::toggleEnhancedFullscreenForVideo):
1550         Update for new UserGestureIndicator interface.
1551
1552 2016-07-17  Ryosuke Niwa  <rniwa@webkit.org>
1553
1554         Rename fastHasAttribute to hasAttributeWithoutSynchronization
1555         https://bugs.webkit.org/show_bug.cgi?id=159864
1556
1557         Reviewed by Chris Dumez.
1558
1559         Renamed Rename fastHasAttribute to hasAttributeWithoutSynchronization for clarity.
1560
1561         * accessibility/AccessibilityListBoxOption.cpp:
1562         (WebCore::AccessibilityListBoxOption::isEnabled):
1563         * accessibility/AccessibilityObject.cpp:
1564         (WebCore::AccessibilityObject::hasAttribute):
1565         (WebCore::AccessibilityObject::getAttribute):
1566         * accessibility/AccessibilityRenderObject.cpp:
1567         (WebCore::AccessibilityRenderObject::determineAccessibilityRole):
1568         * bindings/scripts/CodeGenerator.pm:
1569         (GetterExpression):
1570         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
1571         * bindings/scripts/test/JS/JSTestObj.cpp:
1572         (WebCore::jsTestObjReflectedBooleanAttr):
1573         (WebCore::jsTestObjReflectedCustomBooleanAttr):
1574         * bindings/scripts/test/ObjC/DOMTestObj.mm:
1575         (-[DOMTestObj reflectedBooleanAttr]):
1576         (-[DOMTestObj setReflectedBooleanAttr:]):
1577         (-[DOMTestObj reflectedCustomBooleanAttr]):
1578         (-[DOMTestObj setReflectedCustomBooleanAttr:]):
1579         * dom/Document.cpp:
1580         (WebCore::Document::hasManifest):
1581         (WebCore::Document::doctype):
1582         * dom/Element.h:
1583         (WebCore::Node::parentElement):
1584         (WebCore::Element::hasAttributeWithoutSynchronization):
1585         (WebCore::Element::fastHasAttribute): Deleted.
1586         * editing/ApplyStyleCommand.cpp:
1587         (WebCore::ApplyStyleCommand::removeEmbeddingUpToEnclosingBlock):
1588         * editing/DeleteSelectionCommand.cpp:
1589         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
1590         * editing/markup.cpp:
1591         (WebCore::createMarkupInternal):
1592         * html/ColorInputType.cpp:
1593         (WebCore::ColorInputType::shouldShowSuggestions):
1594         * html/FileInputType.cpp:
1595         (WebCore::FileInputType::handleDOMActivateEvent):
1596         (WebCore::FileInputType::receiveDroppedFiles):
1597         * html/FormAssociatedElement.cpp:
1598         (WebCore::FormAssociatedElement::didMoveToNewDocument):
1599         (WebCore::FormAssociatedElement::insertedInto):
1600         (WebCore::FormAssociatedElement::removedFrom):
1601         (WebCore::FormAssociatedElement::formAttributeChanged):
1602         * html/FormController.cpp:
1603         (WebCore::ownerFormForState):
1604         * html/GenericCachedHTMLCollection.cpp:
1605         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
1606         * html/HTMLAnchorElement.cpp:
1607         (WebCore::HTMLAnchorElement::draggable):
1608         (WebCore::HTMLAnchorElement::href):
1609         (WebCore::HTMLAnchorElement::sendPings):
1610         * html/HTMLAppletElement.cpp:
1611         (WebCore::HTMLAppletElement::rendererIsNeeded):
1612         * html/HTMLElement.cpp:
1613         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
1614         (WebCore::elementAffectsDirectionality):
1615         (WebCore::setHasDirAutoFlagRecursively):
1616         * html/HTMLEmbedElement.cpp:
1617         (WebCore::HTMLEmbedElement::rendererIsNeeded):
1618         * html/HTMLFieldSetElement.cpp:
1619         (WebCore::updateFromControlElementsAncestorDisabledStateUnder):
1620         (WebCore::HTMLFieldSetElement::disabledAttributeChanged):
1621         (WebCore::HTMLFieldSetElement::disabledStateChanged):
1622         (WebCore::HTMLFieldSetElement::childrenChanged):
1623         * html/HTMLFormControlElement.cpp:
1624         (WebCore::HTMLFormControlElement::formNoValidate):
1625         (WebCore::HTMLFormControlElement::formAction):
1626         (WebCore::HTMLFormControlElement::computeIsDisabledByFieldsetAncestor):
1627         (WebCore::shouldAutofocus):
1628         * html/HTMLFormElement.cpp:
1629         (WebCore::HTMLFormElement::formElementIndex):
1630         (WebCore::HTMLFormElement::noValidate):
1631         * html/HTMLFrameElement.cpp:
1632         (WebCore::HTMLFrameElement::noResize):
1633         (WebCore::HTMLFrameElement::didAttachRenderers):
1634         * html/HTMLFrameElementBase.cpp:
1635         (WebCore::HTMLFrameElementBase::parseAttribute):
1636         (WebCore::HTMLFrameElementBase::location):
1637         * html/HTMLHRElement.cpp:
1638         (WebCore::HTMLHRElement::collectStyleForPresentationAttribute):
1639         * html/HTMLImageElement.cpp:
1640         (WebCore::HTMLImageElement::isServerMap):
1641         * html/HTMLInputElement.cpp:
1642         (WebCore::HTMLInputElement::finishParsingChildren):
1643         (WebCore::HTMLInputElement::matchesDefaultPseudoClass):
1644         (WebCore::HTMLInputElement::isActivatedSubmit):
1645         (WebCore::HTMLInputElement::reset):
1646         (WebCore::HTMLInputElement::multiple):
1647         (WebCore::HTMLInputElement::setSize):
1648         (WebCore::HTMLInputElement::shouldUseMediaCapture):
1649         * html/HTMLMarqueeElement.cpp:
1650         (WebCore::HTMLMarqueeElement::minimumDelay):
1651         * html/HTMLMediaElement.cpp:
1652         (WebCore::HTMLMediaElement::insertedInto):
1653         (WebCore::HTMLMediaElement::selectMediaResource):
1654         (WebCore::HTMLMediaElement::loadResource):
1655         (WebCore::HTMLMediaElement::autoplay):
1656         (WebCore::HTMLMediaElement::preload):
1657         (WebCore::HTMLMediaElement::loop):
1658         (WebCore::HTMLMediaElement::setLoop):
1659         (WebCore::HTMLMediaElement::controls):
1660         (WebCore::HTMLMediaElement::setControls):
1661         (WebCore::HTMLMediaElement::muted):
1662         (WebCore::HTMLMediaElement::setMuted):
1663         (WebCore::HTMLMediaElement::selectNextSourceChild):
1664         (WebCore::HTMLMediaElement::sourceWasAdded):
1665         (WebCore::HTMLMediaElement::mediaSessionTitle):
1666         * html/HTMLObjectElement.cpp:
1667         (WebCore::HTMLObjectElement::parseAttribute):
1668         * html/HTMLOptGroupElement.cpp:
1669         (WebCore::HTMLOptGroupElement::isDisabledFormControl):
1670         (WebCore::HTMLOptGroupElement::isFocusable):
1671         * html/HTMLOptionElement.cpp:
1672         (WebCore::HTMLOptionElement::matchesDefaultPseudoClass):
1673         (WebCore::HTMLOptionElement::text):
1674         * html/HTMLProgressElement.cpp:
1675         (WebCore::HTMLProgressElement::isDeterminate):
1676         (WebCore::HTMLProgressElement::didElementStateChange):
1677         * html/HTMLScriptElement.cpp:
1678         (WebCore::HTMLScriptElement::async):
1679         (WebCore::HTMLScriptElement::setCrossOrigin):
1680         (WebCore::HTMLScriptElement::asyncAttributeValue):
1681         (WebCore::HTMLScriptElement::deferAttributeValue):
1682         (WebCore::HTMLScriptElement::hasSourceAttribute):
1683         (WebCore::HTMLScriptElement::dispatchLoadEvent):
1684         * html/HTMLSelectElement.cpp:
1685         (WebCore::HTMLSelectElement::reset):
1686         * html/HTMLTrackElement.cpp:
1687         (WebCore::HTMLTrackElement::isDefault):
1688         (WebCore::HTMLTrackElement::ensureTrack):
1689         (WebCore::HTMLTrackElement::loadTimerFired):
1690         * html/MediaElementSession.cpp:
1691         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
1692         (WebCore::MediaElementSession::requiresFullscreenForVideoPlayback):
1693         (WebCore::MediaElementSession::allowsAutomaticMediaDataLoading):
1694         * html/SearchInputType.cpp:
1695         (WebCore::SearchInputType::searchEventsShouldBeDispatched):
1696         (WebCore::SearchInputType::didSetValueByUserEdit):
1697         * inspector/InspectorDOMAgent.cpp:
1698         (WebCore::InspectorDOMAgent::buildObjectForNode):
1699         * loader/FrameLoader.cpp:
1700         (WebCore::FrameLoader::shouldTreatURLAsSrcdocDocument):
1701         (WebCore::FrameLoader::findFrameForNavigation):
1702         * loader/ImageLoader.cpp:
1703         (WebCore::ImageLoader::notifyFinished):
1704         * mathml/MathMLSelectElement.cpp:
1705         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
1706         * rendering/RenderTableCell.cpp:
1707         (WebCore::RenderTableCell::computePreferredLogicalWidths):
1708         * rendering/RenderThemeIOS.mm:
1709         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
1710         * rendering/SimpleLineLayout.cpp:
1711         (WebCore::SimpleLineLayout::canUseForWithReason):
1712         * rendering/svg/RenderSVGResourceClipper.cpp:
1713         (WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
1714         * svg/SVGAnimateMotionElement.cpp:
1715         (WebCore::SVGAnimateMotionElement::updateAnimationPath):
1716         * svg/SVGAnimationElement.cpp:
1717         (WebCore::SVGAnimationElement::startedActiveInterval):
1718         (WebCore::SVGAnimationElement::updateAnimation):
1719         * svg/animation/SVGSMILElement.cpp:
1720         (WebCore::SVGSMILElement::insertedInto):
1721
1722 2016-07-17  Brady Eidson  <beidson@apple.com>
1723
1724         Exceptions logged to the JS console should use toString().
1725         https://bugs.webkit.org/show_bug.cgi?id=159855
1726
1727         Reviewed by Darin Adler.
1728
1729         No new tests (No change in behavior).
1730
1731         * bindings/js/JSDOMBinding.cpp:
1732         (WebCore::reportException):
1733
1734         * dom/DOMCoreException.h:
1735         (WebCore::DOMCoreException::DOMCoreException):
1736
1737         * dom/ExceptionBase.cpp:
1738         (WebCore::ExceptionBase::ExceptionBase):
1739         (WebCore::ExceptionBase::toString):
1740         (WebCore::ExceptionBase::consoleErrorMessage): Deleted.
1741         * dom/ExceptionBase.h:
1742         (WebCore::ExceptionBase::description): Deleted.
1743
1744         * svg/SVGException.h:
1745
1746         * xml/XPathException.h:
1747         (WebCore::XPathException::XPathException):
1748
1749 2016-07-17  Brady Eidson  <beidson@apple.com>
1750
1751         Update DOMCoreException to use the description in toString().
1752         https://bugs.webkit.org/show_bug.cgi?id=159857
1753
1754         Reviewed by Darin Adler.
1755
1756         No new tests (Covered by changes to existing tests).
1757
1758         * bindings/js/JSDOMBinding.cpp:
1759         (WebCore::createDOMException):
1760
1761         * dom/DOMCoreException.h:
1762         (WebCore::DOMCoreException::DOMCoreException):
1763         (WebCore::DOMCoreException::createWithDescriptionAsMessage): Deleted.
1764
1765 2016-07-17  Myles C. Maxfield  <mmaxfield@apple.com>
1766
1767         Support new emoji group candidates
1768         https://bugs.webkit.org/show_bug.cgi?id=159755
1769         <rdar://problem/27325521>
1770
1771         Reviewed by Dean Jackson.
1772
1773         There are a few code points which should be able to be joined (with ZWJ) to
1774         either U+2640 or U+2642 to change the gender of the emoji. These patterns
1775         should also work with an additional 0xFE0F variation selector. This patch
1776         adds these new patterns to our existing emoji group candidate infrastructure.
1777
1778         Tests: fast/text/emoji-gender-2-3.html
1779                fast/text/emoji-gender-2-4.html
1780                fast/text/emoji-gender-2-5.html
1781                fast/text/emoji-gender-2-6.html
1782                fast/text/emoji-gender-2-7.html
1783                fast/text/emoji-gender-2-8.html
1784                fast/text/emoji-gender-2-9.html
1785                fast/text/emoji-gender-2.html
1786                fast/text/emoji-gender-3.html
1787                fast/text/emoji-gender-4.html
1788                fast/text/emoji-gender-5.html
1789                fast/text/emoji-gender-6.html
1790                fast/text/emoji-gender-7.html
1791                fast/text/emoji-gender-8.html
1792                fast/text/emoji-gender-9.html
1793                fast/text/emoji-gender-fe0f-3.html
1794                fast/text/emoji-gender-fe0f-4.html
1795                fast/text/emoji-gender-fe0f-5.html
1796                fast/text/emoji-gender-fe0f-6.html
1797                fast/text/emoji-gender-fe0f-7.html
1798                fast/text/emoji-gender-fe0f-8.html
1799                fast/text/emoji-gender-fe0f-9.html
1800                fast/text/emoji-gender.html
1801                fast/text/emoji-num-glyphs.html
1802                fast/text/emoji-single-parent-family-2.html
1803                fast/text/emoji-single-parent-family.html
1804
1805         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
1806         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
1807         * platform/graphics/FontCascade.cpp:
1808         (WebCore::FontCascade::characterRangeCodePath):
1809         * platform/text/CharacterProperties.h:
1810         (WebCore::isEmojiGroupCandidate):
1811
1812 2016-07-16  Brady Eidson  <beidson@apple.com>
1813
1814         Update SVGException to use the description in toString().
1815         https://bugs.webkit.org/show_bug.cgi?id=159847
1816
1817         Reviewed by Darin Adler.
1818
1819         No new tests (Covered by changes to existing tests).
1820
1821         * bindings/js/JSDOMBinding.cpp:
1822         (WebCore::reportException): use consoleErrorMessage for now.
1823
1824         * dom/ExceptionBase.cpp:
1825         (WebCore::ExceptionBase::consoleErrorMessage):
1826         * dom/ExceptionBase.h:
1827
1828         * svg/SVGException.h:
1829
1830 2016-07-16  Chris Dumez  <cdumez@apple.com>
1831
1832         Use fastHasAttribute() when possible
1833         https://bugs.webkit.org/show_bug.cgi?id=159838
1834
1835         Reviewed by Ryosuke Niwa.
1836
1837         Use fastHasAttribute() when possible, for performance.
1838
1839         * editing/DeleteSelectionCommand.cpp:
1840         (WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):
1841         * editing/markup.cpp:
1842         (WebCore::createMarkupInternal):
1843         * html/HTMLAnchorElement.cpp:
1844         (WebCore::HTMLAnchorElement::draggable):
1845         * html/HTMLFrameElementBase.cpp:
1846         (WebCore::HTMLFrameElementBase::parseAttribute):
1847         * mathml/MathMLSelectElement.cpp:
1848         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
1849         * rendering/RenderThemeIOS.mm:
1850         (WebCore::RenderThemeIOS::adjustMenuListButtonStyle):
1851
1852 2016-07-16  Ryosuke Niwa  <rniwa@webkit.org>
1853
1854         Rename fastGetAttribute to attributeWithoutSynchronization
1855         https://bugs.webkit.org/show_bug.cgi?id=159852
1856
1857         Reviewed by Darin Adler.
1858
1859         Renamed fastGetAttribute to attributeWithoutSynchronization for clarity.
1860
1861         * accessibility/AXObjectCache.cpp:
1862         (WebCore::AXObjectCache::findAriaModalNodes):
1863         (WebCore::nodeHasRole):
1864         (WebCore::AXObjectCache::handleLiveRegionCreated):
1865         (WebCore::AXObjectCache::handleMenuItemSelected):
1866         (WebCore::AXObjectCache::handleAriaModalChange):
1867         (WebCore::isNodeAriaVisible):
1868         * accessibility/AccessibilityNodeObject.cpp:
1869         (WebCore::siblingWithAriaRole):
1870         (WebCore::AccessibilityNodeObject::titleElementText):
1871         (WebCore::AccessibilityNodeObject::alternativeTextForWebArea):
1872         (WebCore::AccessibilityNodeObject::hierarchicalLevel):
1873         (WebCore::AccessibilityNodeObject::stringValue):
1874         (WebCore::accessibleNameForNode):
1875         * accessibility/AccessibilityObject.cpp:
1876         (WebCore::AccessibilityObject::contentEditableAttributeIsEnabled):
1877         (WebCore::AccessibilityObject::getAttribute):
1878         * accessibility/AccessibilityRenderObject.cpp:
1879         (WebCore::AccessibilityRenderObject::stringValue):
1880         (WebCore::AccessibilityRenderObject::exposesTitleUIElement):
1881         * accessibility/AccessibilitySVGElement.cpp:
1882         (WebCore::AccessibilitySVGElement::childElementWithMatchingLanguage):
1883         (WebCore::AccessibilitySVGElement::accessibilityDescription):
1884         * bindings/objc/DOM.mm:
1885         (-[DOMHTMLLinkElement _mediaQueryMatches]):
1886         * bindings/scripts/CodeGenerator.pm:
1887         (GetterExpression):
1888         * bindings/scripts/CodeGeneratorObjC.pm:
1889         (GenerateImplementation):
1890         * bindings/scripts/test/GObject/WebKitDOMTestObj.cpp:
1891         * bindings/scripts/test/JS/JSTestObj.cpp:
1892         (WebCore::jsTestObjReflectedStringAttr):
1893         * dom/AuthorStyleSheets.cpp:
1894         (WebCore::AuthorStyleSheets::collectActiveStyleSheets):
1895         * dom/Document.cpp:
1896         (WebCore::Document::buildAccessKeyMap):
1897         (WebCore::Document::processBaseElement):
1898         * dom/DocumentOrderedMap.cpp:
1899         (WebCore::DocumentOrderedMap::getElementByLabelForAttribute):
1900         * dom/Element.cpp:
1901         (WebCore::Element::imageSourceURL):
1902         (WebCore::Element::rendererIsNeeded):
1903         (WebCore::Element::insertedInto):
1904         (WebCore::Element::removedFrom):
1905         (WebCore::Element::pseudo):
1906         (WebCore::Element::setPseudo):
1907         (WebCore::Element::spellcheckAttributeState):
1908         (WebCore::Element::canContainRangeEndPoint):
1909         (WebCore::Element::completeURLsInAttributeValue):
1910         * dom/Element.h:
1911         (WebCore::Element::fastHasAttribute):
1912         (WebCore::Element::attributeWithoutSynchronization):
1913         (WebCore::Element::fastGetAttribute): Deleted.
1914         * dom/InlineStyleSheetOwner.cpp:
1915         (WebCore::InlineStyleSheetOwner::createSheet):
1916         * dom/ScriptElement.cpp:
1917         (WebCore::ScriptElement::requestScript):
1918         (WebCore::ScriptElement::executeScript):
1919         * dom/SlotAssignment.cpp:
1920         (WebCore::slotNameFromSlotAttribute):
1921         (WebCore::SlotAssignment::SlotAssignment):
1922         (WebCore::recursivelyFireSlotChangeEvent):
1923         (WebCore::SlotAssignment::didChangeSlot):
1924         (WebCore::SlotAssignment::hostChildElementDidChange):
1925         (WebCore::SlotAssignment::assignedNodesForSlot):
1926         (WebCore::SlotAssignment::resolveAllSlotElements):
1927         * dom/TreeScope.cpp:
1928         (WebCore::TreeScope::labelElementForId):
1929         * dom/VisitedLinkState.cpp:
1930         (WebCore::linkAttribute):
1931         * editing/ApplyStyleCommand.cpp:
1932         (WebCore::isLegacyAppleStyleSpan):
1933         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
1934         * editing/EditingStyle.cpp:
1935         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
1936         * editing/ReplaceSelectionCommand.cpp:
1937         (WebCore::isInterchangeNewlineNode):
1938         (WebCore::isInterchangeConvertedSpaceSpan):
1939         (WebCore::positionAvoidingPrecedingNodes):
1940         (WebCore::isMailPasteAsQuotationNode):
1941         (WebCore::isHeaderElement):
1942         (WebCore::isInlineNodeWithStyle):
1943         * editing/TextIterator.cpp:
1944         (WebCore::isRendererReplacedElement):
1945         * editing/cocoa/DataDetection.mm:
1946         (WebCore::DataDetection::isDataDetectorLink):
1947         (WebCore::DataDetection::requiresExtendedContext):
1948         (WebCore::DataDetection::dataDetectorIdentifier):
1949         (WebCore::DataDetection::shouldCancelDefaultAction):
1950         (WebCore::removeResultLinksFromAnchor):
1951         (WebCore::searchForLinkRemovingExistingDDLinks):
1952         * editing/gtk/EditorGtk.cpp:
1953         (WebCore::elementURL):
1954         * editing/htmlediting.cpp:
1955         (WebCore::isTabSpanNode):
1956         (WebCore::isTabSpanTextNode):
1957         (WebCore::isMailBlockquote):
1958         (WebCore::caretMinOffset):
1959         * editing/markup.cpp:
1960         (WebCore::createFragmentFromMarkup):
1961         * html/Autofill.cpp:
1962         (WebCore::AutofillData::createFromHTMLFormControlElement):
1963         * html/BaseTextInputType.cpp:
1964         (WebCore::BaseTextInputType::patternMismatch):
1965         * html/DateInputType.cpp:
1966         (WebCore::DateInputType::createStepRange):
1967         * html/DateTimeInputType.cpp:
1968         (WebCore::DateTimeInputType::createStepRange):
1969         * html/DateTimeLocalInputType.cpp:
1970         (WebCore::DateTimeLocalInputType::createStepRange):
1971         * html/FormAssociatedElement.cpp:
1972         (WebCore::FormAssociatedElement::findAssociatedForm):
1973         (WebCore::FormAssociatedElement::resetFormAttributeTargetObserver):
1974         (WebCore::FormAssociatedElement::formAttributeTargetChanged):
1975         * html/HTMLAnchorElement.cpp:
1976         (WebCore::HTMLAnchorElement::draggable):
1977         (WebCore::HTMLAnchorElement::href):
1978         (WebCore::HTMLAnchorElement::setHref):
1979         (WebCore::HTMLAnchorElement::target):
1980         (WebCore::HTMLAnchorElement::origin):
1981         (WebCore::HTMLAnchorElement::sendPings):
1982         (WebCore::HTMLAnchorElement::handleClick):
1983         * html/HTMLAnchorElement.h:
1984         (WebCore::HTMLAnchorElement::visitedLinkHash):
1985         * html/HTMLAppletElement.cpp:
1986         (WebCore::HTMLAppletElement::updateWidget):
1987         * html/HTMLAreaElement.cpp:
1988         (WebCore::HTMLAreaElement::target):
1989         * html/HTMLAttachmentElement.cpp:
1990         (WebCore::HTMLAttachmentElement::attachmentTitle):
1991         (WebCore::HTMLAttachmentElement::attachmentType):
1992         * html/HTMLBaseElement.cpp:
1993         (WebCore::HTMLBaseElement::target):
1994         (WebCore::HTMLBaseElement::href):
1995         * html/HTMLBodyElement.cpp:
1996         (WebCore::HTMLBodyElement::addSubresourceAttributeURLs):
1997         * html/HTMLButtonElement.cpp:
1998         (WebCore::HTMLButtonElement::value):
1999         (WebCore::HTMLButtonElement::computeWillValidate):
2000         * html/HTMLCanvasElement.cpp:
2001         (WebCore::HTMLCanvasElement::reset):
2002         * html/HTMLDocument.cpp:
2003         (WebCore::HTMLDocument::bgColor):
2004         (WebCore::HTMLDocument::setBgColor):
2005         (WebCore::HTMLDocument::fgColor):
2006         (WebCore::HTMLDocument::setFgColor):
2007         (WebCore::HTMLDocument::alinkColor):
2008         (WebCore::HTMLDocument::setAlinkColor):
2009         (WebCore::HTMLDocument::linkColor):
2010         (WebCore::HTMLDocument::setLinkColor):
2011         (WebCore::HTMLDocument::vlinkColor):
2012         (WebCore::HTMLDocument::setVlinkColor):
2013         * html/HTMLElement.cpp:
2014         (WebCore::contentEditableType):
2015         (WebCore::HTMLElement::collectStyleForPresentationAttribute):
2016         (WebCore::HTMLElement::dir):
2017         (WebCore::HTMLElement::setDir):
2018         (WebCore::HTMLElement::draggable):
2019         (WebCore::HTMLElement::setDraggable):
2020         (WebCore::HTMLElement::title):
2021         (WebCore::HTMLElement::tabIndex):
2022         (WebCore::HTMLElement::translateAttributeMode):
2023         (WebCore::HTMLElement::hasDirectionAuto):
2024         (WebCore::HTMLElement::directionality):
2025         * html/HTMLEmbedElement.cpp:
2026         (WebCore::HTMLEmbedElement::imageSourceURL):
2027         (WebCore::HTMLEmbedElement::addSubresourceAttributeURLs):
2028         * html/HTMLFormControlElement.cpp:
2029         (WebCore::HTMLFormControlElement::formEnctype):
2030         (WebCore::HTMLFormControlElement::formMethod):
2031         (WebCore::HTMLFormControlElement::formAction):
2032         (WebCore::HTMLFormControlElement::autocorrect):
2033         (WebCore::HTMLFormControlElement::autocapitalizeType):
2034         * html/HTMLFormElement.cpp:
2035         (WebCore::HTMLFormElement::autocorrect):
2036         (WebCore::HTMLFormElement::autocapitalizeType):
2037         (WebCore::HTMLFormElement::autocapitalize):
2038         (WebCore::HTMLFormElement::action):
2039         (WebCore::HTMLFormElement::setAction):
2040         (WebCore::HTMLFormElement::target):
2041         (WebCore::HTMLFormElement::wasUserSubmitted):
2042         (WebCore::HTMLFormElement::shouldAutocomplete):
2043         (WebCore::HTMLFormElement::finishParsingChildren):
2044         (WebCore::HTMLFormElement::autocomplete):
2045         * html/HTMLFrameElementBase.cpp:
2046         (WebCore::HTMLFrameElementBase::location):
2047         (WebCore::HTMLFrameElementBase::setLocation):
2048         * html/HTMLHtmlElement.cpp:
2049         (WebCore::HTMLHtmlElement::insertedByParser):
2050         * html/HTMLImageElement.cpp:
2051         (WebCore::HTMLImageElement::imageSourceURL):
2052         (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate):
2053         (WebCore::HTMLImageElement::bestFitSourceFromPictureElement):
2054         (WebCore::HTMLImageElement::selectImageSource):
2055         (WebCore::HTMLImageElement::altText):
2056         (WebCore::HTMLImageElement::createElementRenderer):
2057         (WebCore::HTMLImageElement::width):
2058         (WebCore::HTMLImageElement::height):
2059         (WebCore::HTMLImageElement::alt):
2060         (WebCore::HTMLImageElement::draggable):
2061         (WebCore::HTMLImageElement::setHeight):
2062         (WebCore::HTMLImageElement::src):
2063         (WebCore::HTMLImageElement::setSrc):
2064         (WebCore::HTMLImageElement::addSubresourceAttributeURLs):
2065         (WebCore::HTMLImageElement::didMoveToNewDocument):
2066         (WebCore::HTMLImageElement::isServerMap):
2067         (WebCore::HTMLImageElement::crossOrigin):
2068         * html/HTMLInputElement.cpp:
2069         (WebCore::HTMLInputElement::updateType):
2070         (WebCore::HTMLInputElement::initializeInputType):
2071         (WebCore::HTMLInputElement::altText):
2072         (WebCore::HTMLInputElement::value):
2073         (WebCore::HTMLInputElement::defaultValue):
2074         (WebCore::HTMLInputElement::setDefaultValue):
2075         (WebCore::HTMLInputElement::acceptMIMETypes):
2076         (WebCore::HTMLInputElement::acceptFileExtensions):
2077         (WebCore::HTMLInputElement::accept):
2078         (WebCore::HTMLInputElement::alt):
2079         (WebCore::HTMLInputElement::effectiveMaxLength):
2080         (WebCore::HTMLInputElement::src):
2081         (WebCore::HTMLInputElement::setAutoFilled):
2082         (WebCore::HTMLInputElement::dataList):
2083         (WebCore::HTMLInputElement::resetListAttributeTargetObserver):
2084         * html/HTMLKeygenElement.cpp:
2085         (WebCore::HTMLKeygenElement::isKeytypeRSA):
2086         (WebCore::HTMLKeygenElement::appendFormData):
2087         * html/HTMLLIElement.cpp:
2088         (WebCore::HTMLLIElement::didAttachRenderers):
2089         (WebCore::HTMLLIElement::parseValue):
2090         * html/HTMLLabelElement.cpp:
2091         (WebCore::HTMLLabelElement::control):
2092         * html/HTMLLinkElement.cpp:
2093         (WebCore::HTMLLinkElement::crossOrigin):
2094         (WebCore::HTMLLinkElement::process):
2095         (WebCore::HTMLLinkElement::href):
2096         (WebCore::HTMLLinkElement::rel):
2097         (WebCore::HTMLLinkElement::target):
2098         (WebCore::HTMLLinkElement::type):
2099         (WebCore::HTMLLinkElement::iconType):
2100         * html/HTMLMarqueeElement.cpp:
2101         (WebCore::HTMLMarqueeElement::scrollAmount):
2102         (WebCore::HTMLMarqueeElement::setScrollAmount):
2103         (WebCore::HTMLMarqueeElement::scrollDelay):
2104         (WebCore::HTMLMarqueeElement::setScrollDelay):
2105         (WebCore::HTMLMarqueeElement::loop):
2106         * html/HTMLMediaElement.cpp:
2107         (WebCore::HTMLMediaElement::insertedInto):
2108         (WebCore::HTMLMediaElement::crossOrigin):
2109         (WebCore::HTMLMediaElement::networkState):
2110         (WebCore::HTMLMediaElement::mediaSessionTitle):
2111         (WebCore::HTMLMediaElement::doesHaveAttribute):
2112         * html/HTMLMetaElement.cpp:
2113         (WebCore::HTMLMetaElement::process):
2114         (WebCore::HTMLMetaElement::content):
2115         (WebCore::HTMLMetaElement::httpEquiv):
2116         (WebCore::HTMLMetaElement::name):
2117         * html/HTMLMeterElement.cpp:
2118         (WebCore::HTMLMeterElement::min):
2119         (WebCore::HTMLMeterElement::setMin):
2120         (WebCore::HTMLMeterElement::max):
2121         (WebCore::HTMLMeterElement::setMax):
2122         (WebCore::HTMLMeterElement::value):
2123         (WebCore::HTMLMeterElement::low):
2124         (WebCore::HTMLMeterElement::high):
2125         (WebCore::HTMLMeterElement::optimum):
2126         * html/HTMLObjectElement.cpp:
2127         (WebCore::HTMLObjectElement::shouldAllowQuickTimeClassIdQuirk):
2128         (WebCore::HTMLObjectElement::hasValidClassId):
2129         (WebCore::HTMLObjectElement::imageSourceURL):
2130         (WebCore::HTMLObjectElement::renderFallbackContent):
2131         (WebCore::HTMLObjectElement::containsJavaApplet):
2132         (WebCore::HTMLObjectElement::addSubresourceAttributeURLs):
2133         * html/HTMLOptGroupElement.cpp:
2134         (WebCore::HTMLOptGroupElement::groupLabelText):
2135         * html/HTMLOptionElement.cpp:
2136         (WebCore::HTMLOptionElement::value):
2137         (WebCore::HTMLOptionElement::label):
2138         * html/HTMLParamElement.cpp:
2139         (WebCore::HTMLParamElement::value):
2140         (WebCore::HTMLParamElement::isURLParameter):
2141         * html/HTMLProgressElement.cpp:
2142         (WebCore::HTMLProgressElement::value):
2143         (WebCore::HTMLProgressElement::max):
2144         * html/HTMLScriptElement.cpp:
2145         (WebCore::HTMLScriptElement::crossOrigin):
2146         (WebCore::HTMLScriptElement::src):
2147         (WebCore::HTMLScriptElement::sourceAttributeValue):
2148         (WebCore::HTMLScriptElement::charsetAttributeValue):
2149         (WebCore::HTMLScriptElement::typeAttributeValue):
2150         (WebCore::HTMLScriptElement::languageAttributeValue):
2151         (WebCore::HTMLScriptElement::forAttributeValue):
2152         (WebCore::HTMLScriptElement::eventAttributeValue):
2153         (WebCore::HTMLScriptElement::asyncAttributeValue):
2154         * html/HTMLSlotElement.cpp:
2155         (WebCore::HTMLSlotElement::insertedInto):
2156         (WebCore::HTMLSlotElement::removedFrom):
2157         * html/HTMLSourceElement.cpp:
2158         (WebCore::HTMLSourceElement::media):
2159         (WebCore::HTMLSourceElement::setMedia):
2160         (WebCore::HTMLSourceElement::type):
2161         (WebCore::HTMLSourceElement::setType):
2162         * html/HTMLTableCellElement.cpp:
2163         (WebCore::HTMLTableCellElement::colSpanForBindings):
2164         (WebCore::HTMLTableCellElement::rowSpan):
2165         (WebCore::HTMLTableCellElement::rowSpanForBindings):
2166         (WebCore::HTMLTableCellElement::cellIndex):
2167         (WebCore::HTMLTableCellElement::abbr):
2168         (WebCore::HTMLTableCellElement::axis):
2169         (WebCore::HTMLTableCellElement::setColSpanForBindings):
2170         (WebCore::HTMLTableCellElement::headers):
2171         (WebCore::HTMLTableCellElement::setRowSpanForBindings):
2172         (WebCore::HTMLTableCellElement::scope):
2173         (WebCore::HTMLTableCellElement::addSubresourceAttributeURLs):
2174         (WebCore::HTMLTableCellElement::cellAbove):
2175         * html/HTMLTableColElement.cpp:
2176         (WebCore::HTMLTableColElement::width):
2177         * html/HTMLTableElement.cpp:
2178         (WebCore::HTMLTableElement::rules):
2179         (WebCore::HTMLTableElement::summary):
2180         (WebCore::HTMLTableElement::addSubresourceAttributeURLs):
2181         * html/HTMLTableSectionElement.cpp:
2182         (WebCore::HTMLTableSectionElement::align):
2183         (WebCore::HTMLTableSectionElement::setAlign):
2184         (WebCore::HTMLTableSectionElement::ch):
2185         (WebCore::HTMLTableSectionElement::setCh):
2186         (WebCore::HTMLTableSectionElement::chOff):
2187         (WebCore::HTMLTableSectionElement::setChOff):
2188         (WebCore::HTMLTableSectionElement::vAlign):
2189         (WebCore::HTMLTableSectionElement::setVAlign):
2190         * html/HTMLTextAreaElement.cpp:
2191         (WebCore::HTMLTextAreaElement::appendFormData):
2192         * html/HTMLTextFormControlElement.cpp:
2193         (WebCore::HTMLTextFormControlElement::strippedPlaceholder):
2194         (WebCore::HTMLTextFormControlElement::isPlaceholderEmpty):
2195         (WebCore::HTMLTextFormControlElement::directionForFormData):
2196         * html/HTMLTrackElement.cpp:
2197         (WebCore::HTMLTrackElement::srclang):
2198         (WebCore::HTMLTrackElement::label):
2199         (WebCore::HTMLTrackElement::isDefault):
2200         (WebCore::HTMLTrackElement::ensureTrack):
2201         (WebCore::HTMLTrackElement::mediaElementCrossOriginAttribute):
2202         * html/HTMLVideoElement.cpp:
2203         (WebCore::HTMLVideoElement::parseAttribute):
2204         (WebCore::HTMLVideoElement::imageSourceURL):
2205         * html/ImageInputType.cpp:
2206         (WebCore::ImageInputType::height):
2207         (WebCore::ImageInputType::width):
2208         * html/InputType.cpp:
2209         (WebCore::InputType::applyStep):
2210         * html/MediaElementSession.cpp:
2211         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled):
2212         * html/MonthInputType.cpp:
2213         (WebCore::MonthInputType::createStepRange):
2214         * html/NumberInputType.cpp:
2215         (WebCore::NumberInputType::createStepRange):
2216         (WebCore::NumberInputType::sizeShouldIncludeDecoration):
2217         * html/RangeInputType.cpp:
2218         (WebCore::RangeInputType::createStepRange):
2219         (WebCore::RangeInputType::handleKeydownEvent):
2220         * html/TextFieldInputType.cpp:
2221         (WebCore::TextFieldInputType::appendFormData):
2222         (WebCore::TextFieldInputType::updateAutoFillButton):
2223         * html/TimeInputType.cpp:
2224         (WebCore::TimeInputType::createStepRange):
2225         * html/ValidationMessage.cpp:
2226         (WebCore::ValidationMessage::updateValidationMessage):
2227         * html/WeekInputType.cpp:
2228         (WebCore::WeekInputType::createStepRange):
2229         * html/track/WebVTTElement.cpp:
2230         (WebCore::WebVTTElement::createEquivalentHTMLElement):
2231         * inspector/InspectorPageAgent.cpp:
2232         (WebCore::InspectorPageAgent::buildObjectForFrame):
2233         * loader/FormSubmission.cpp:
2234         (WebCore::FormSubmission::create):
2235         * loader/FrameLoader.cpp:
2236         (WebCore::FrameLoader::defaultSubstituteDataForURL):
2237         * loader/ImageLoader.cpp:
2238         (WebCore::ImageLoader::updateFromElement):
2239         * loader/SubframeLoader.cpp:
2240         (WebCore::SubframeLoader::isPluginContentAllowedByContentSecurityPolicy):
2241         * mathml/MathMLElement.cpp:
2242         (WebCore::MathMLElement::colSpan):
2243         (WebCore::MathMLElement::rowSpan):
2244         (WebCore::MathMLElement::childShouldCreateRenderer):
2245         (WebCore::MathMLElement::defaultEventHandler):
2246         (WebCore::MathMLElement::cachedMathMLLength):
2247         * mathml/MathMLFractionElement.cpp:
2248         (WebCore::MathMLFractionElement::lineThickness):
2249         (WebCore::MathMLFractionElement::cachedFractionAlignment):
2250         * mathml/MathMLSelectElement.cpp:
2251         (WebCore::MathMLSelectElement::getSelectedActionChildAndIndex):
2252         (WebCore::MathMLSelectElement::getSelectedActionChild):
2253         (WebCore::MathMLSelectElement::getSelectedSemanticsChild):
2254         (WebCore::MathMLSelectElement::defaultEventHandler):
2255         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents):
2256         (WebCore::MathMLSelectElement::toggle):
2257         * page/EventHandler.cpp:
2258         (WebCore::findDropZone):
2259         * page/Frame.cpp:
2260         (WebCore::Frame::matchLabelsAgainstElement):
2261         * page/PageSerializer.cpp:
2262         (WebCore::PageSerializer::serializeFrame):
2263         * platform/win/PasteboardWin.cpp:
2264         (WebCore::Pasteboard::writeImageToDataObject):
2265         * rendering/HitTestResult.cpp:
2266         (WebCore::HitTestResult::altDisplayString):
2267         * rendering/RenderDetailsMarker.cpp:
2268         (WebCore::RenderDetailsMarker::isOpen):
2269         * rendering/RenderImage.cpp:
2270         (WebCore::RenderImage::imageMap):
2271         (WebCore::RenderImage::nodeAtPoint):
2272         * rendering/RenderMenuList.cpp:
2273         (RenderMenuList::itemAccessibilityText):
2274         (RenderMenuList::itemToolTip):
2275         * rendering/RenderSearchField.cpp:
2276         (WebCore::RenderSearchField::autosaveName):
2277         * rendering/RenderThemeIOS.mm:
2278         (WebCore::getAttachmentProgress):
2279         (WebCore::AttachmentInfo::AttachmentInfo):
2280         * rendering/RenderThemeMac.mm:
2281         (WebCore::AttachmentLayout::layOutSubtitle):
2282         (WebCore::RenderThemeMac::paintAttachment):
2283         * rendering/mathml/MathMLStyle.cpp:
2284         (WebCore::MathMLStyle::resolveMathMLStyle):
2285         * rendering/mathml/RenderMathMLFenced.cpp:
2286         (WebCore::RenderMathMLFenced::updateFromElement):
2287         * rendering/mathml/RenderMathMLOperator.cpp:
2288         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttribute):
2289         (WebCore::RenderMathMLOperator::setOperatorFlagFromAttributeValue):
2290         (WebCore::RenderMathMLOperator::setOperatorProperties):
2291         * rendering/mathml/RenderMathMLScripts.cpp:
2292         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
2293         * rendering/mathml/RenderMathMLUnderOver.cpp:
2294         (WebCore::RenderMathMLUnderOver::hasAccent):
2295         * style/StyleSharingResolver.cpp:
2296         (WebCore::Style::SharingResolver::canShareStyleWithElement):
2297         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
2298         * svg/SVGAElement.cpp:
2299         (WebCore::SVGAElement::title):
2300         (WebCore::SVGAElement::defaultEventHandler):
2301         * svg/SVGAltGlyphElement.cpp:
2302         (WebCore::SVGAltGlyphElement::glyphRef):
2303         (WebCore::SVGAltGlyphElement::setFormat):
2304         (WebCore::SVGAltGlyphElement::format):
2305         (WebCore::SVGAltGlyphElement::childShouldCreateRenderer):
2306         * svg/SVGAnimationElement.cpp:
2307         (WebCore::SVGAnimationElement::toValue):
2308         (WebCore::SVGAnimationElement::byValue):
2309         (WebCore::SVGAnimationElement::fromValue):
2310         (WebCore::SVGAnimationElement::isAdditive):
2311         (WebCore::SVGAnimationElement::isAccumulated):
2312         * svg/SVGElement.cpp:
2313         (WebCore::SVGElement::xmlbase):
2314         (WebCore::SVGElement::setXmlbase):
2315         * svg/SVGFontFaceElement.cpp:
2316         (WebCore::SVGFontFaceElement::unitsPerEm):
2317         (WebCore::SVGFontFaceElement::xHeight):
2318         (WebCore::SVGFontFaceElement::capHeight):
2319         (WebCore::SVGFontFaceElement::horizontalOriginX):
2320         (WebCore::SVGFontFaceElement::horizontalOriginY):
2321         (WebCore::SVGFontFaceElement::horizontalAdvanceX):
2322         (WebCore::SVGFontFaceElement::verticalOriginX):
2323         (WebCore::SVGFontFaceElement::verticalOriginY):
2324         (WebCore::SVGFontFaceElement::verticalAdvanceY):
2325         (WebCore::SVGFontFaceElement::ascent):
2326         (WebCore::SVGFontFaceElement::descent):
2327         * svg/SVGFontFaceNameElement.cpp:
2328         (WebCore::SVGFontFaceNameElement::srcValue):
2329         * svg/SVGFontFaceUriElement.cpp:
2330         (WebCore::SVGFontFaceUriElement::srcValue):
2331         * svg/SVGGlyphRefElement.cpp:
2332         (WebCore::SVGGlyphRefElement::glyphRef):
2333         (WebCore::SVGGlyphRefElement::setGlyphRef):
2334         * svg/SVGHKernElement.cpp:
2335         (WebCore::SVGHKernElement::buildHorizontalKerningPair):
2336         * svg/SVGSVGElement.cpp:
2337         (WebCore::SVGSVGElement::contentScriptType):
2338         (WebCore::SVGSVGElement::contentStyleType):
2339         * svg/SVGStyleElement.cpp:
2340         (WebCore::SVGStyleElement::media):
2341         (WebCore::SVGStyleElement::title):
2342         (WebCore::SVGStyleElement::setTitle):
2343         * svg/SVGToOTFFontConversion.cpp:
2344         (WebCore::SVGToOTFFontConverter::appendOS2Table):
2345         (WebCore::SVGToOTFFontConverter::appendCFFTable):
2346         (WebCore::SVGToOTFFontConverter::appendArabicReplacementSubtable):
2347         (WebCore::SVGToOTFFontConverter::appendVORGTable):
2348         (WebCore::SVGToOTFFontConverter::transcodeGlyphPaths):
2349         (WebCore::SVGToOTFFontConverter::processGlyphElement):
2350         (WebCore::SVGToOTFFontConverter::compareCodepointsLexicographically):
2351         (WebCore::SVGToOTFFontConverter::SVGToOTFFontConverter):
2352         * svg/SVGVKernElement.cpp:
2353         (WebCore::SVGVKernElement::buildVerticalKerningPair):
2354         * svg/animation/SVGSMILElement.cpp:
2355         (WebCore::SVGSMILElement::insertedInto):
2356         (WebCore::SVGSMILElement::parseAttribute):
2357         (WebCore::SVGSMILElement::svgAttributeChanged):
2358         (WebCore::SVGSMILElement::restart):
2359         (WebCore::SVGSMILElement::fill):
2360         (WebCore::SVGSMILElement::dur):
2361         (WebCore::SVGSMILElement::repeatDur):
2362         (WebCore::SVGSMILElement::repeatCount):
2363         (WebCore::SVGSMILElement::maxValue):
2364         (WebCore::SVGSMILElement::minValue):
2365
2366 2016-07-16  Carlos Garcia Campos  <cgarcia@igalia.com>
2367
2368         ASSERTION FAILED: isMainThread() in ~UniqueIDBDatabase() since r201997
2369         https://bugs.webkit.org/show_bug.cgi?id=159809
2370
2371         Reviewed by Brady Eidson.
2372
2373         In r201997 the UniqueIDBDatabase was protected in executeNextDatabaseTask() because the last reference could be
2374         removed while the task is performed. However UniqueIDBDatabase is expected to be deleted in the main thread, and
2375         the destructor asserts when not called in the main thread, but executeNextDatabaseTask() is always called on a
2376         secondary thread. So, if the protector contains the last reference, the object is deleted in the secondary thread.
2377
2378         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2379         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTask): Use callOnMainThread to ensure the object is
2380         deleted in the main thread in case the protector contains the last reference.
2381
2382 2016-07-15  Chris Dumez  <cdumez@apple.com>
2383
2384         Use emptyString() / nullAtom when possible
2385         https://bugs.webkit.org/show_bug.cgi?id=159850
2386
2387         Reviewed by Ryosuke Niwa.
2388
2389         Use emptyString() / nullAtom when possible, for performance.
2390
2391         * Modules/webaudio/AudioNode.cpp:
2392         (WebCore::AudioNode::channelCountMode):
2393         (WebCore::AudioNode::channelInterpretation):
2394         * Modules/webdatabase/DatabaseTracker.cpp:
2395         (WebCore::DatabaseTracker::tracker):
2396         * Modules/websockets/WebSocket.cpp:
2397         (WebCore::WebSocket::WebSocket):
2398         (WebCore::WebSocket::didConnect):
2399         * Modules/websockets/WebSocketChannel.cpp:
2400         (WebCore::WebSocketChannel::subprotocol):
2401         (WebCore::WebSocketChannel::extensions):
2402         * accessibility/AccessibilityObject.cpp:
2403         (WebCore::AccessibilityObject::supportsPressAction):
2404         * accessibility/mac/AXObjectCacheMac.mm:
2405         (WebCore::AXObjectCache::postTextStateChangePlatformNotification):
2406         * css/CSSPropertySourceData.cpp:
2407         (WebCore::CSSPropertySourceData::CSSPropertySourceData):
2408         * css/PageRuleCollector.cpp:
2409         (WebCore::PageRuleCollector::pageName):
2410         * css/PropertySetCSSStyleDeclaration.cpp:
2411         (WebCore::PropertySetCSSStyleDeclaration::getPropertyPriority):
2412         * dom/DocumentMarkerController.cpp:
2413         (WebCore::DocumentMarkerController::addDictationPhraseWithAlternativesMarker):
2414         * dom/Element.cpp:
2415         (WebCore::Element::setPrefix):
2416         * editing/AlternativeTextController.cpp:
2417         (WebCore::AlternativeTextController::respondToMarkerAtEndOfWord):
2418         (WebCore::AlternativeTextController::markerDescriptionForAppliedAlternativeText):
2419         * editing/CompositeEditCommand.cpp:
2420         (WebCore::CompositeEditCommand::removeNodeAttribute):
2421         (WebCore::CompositeEditCommand::moveParagraphs):
2422         * editing/InsertTextCommand.cpp:
2423         (WebCore::InsertTextCommand::positionInsideTextNode):
2424         * editing/TextCheckingHelper.cpp:
2425         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
2426         * editing/TypingCommand.cpp:
2427         (WebCore::TypingCommand::deleteSelection):
2428         (WebCore::TypingCommand::deleteKeyPressed):
2429         (WebCore::TypingCommand::forwardDeleteKeyPressed):
2430         (WebCore::TypingCommand::insertLineBreak):
2431         (WebCore::TypingCommand::insertParagraphSeparator):
2432         * editing/cocoa/EditorCocoa.mm:
2433         (WebCore::Editor::styleForSelectionStart):
2434         * editing/mac/EditorMac.mm:
2435         (WebCore::Editor::stringSelectionForPasteboard):
2436         (WebCore::Editor::stringSelectionForPasteboardWithImageAltText):
2437         * fileapi/FileReaderLoader.cpp:
2438         (WebCore::FileReaderLoader::FileReaderLoader):
2439         * html/FileInputType.cpp:
2440         (WebCore::FileInputType::appendFormData):
2441         * html/HTMLMediaElement.cpp:
2442         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus):
2443         * html/HTMLOutputElement.cpp:
2444         (WebCore::HTMLOutputElement::HTMLOutputElement):
2445         * html/SearchInputType.cpp:
2446         (WebCore::SearchInputType::handleKeydownEvent):
2447         * html/TextFieldInputType.cpp:
2448         (WebCore::autoFillButtonTypeToAccessibilityLabel):
2449         * html/canvas/WebGLDebugShaders.cpp:
2450         (WebCore::WebGLDebugShaders::getTranslatedShaderSource):
2451         * html/canvas/WebGLRenderingContextBase.cpp:
2452         (WebCore::WebGLRenderingContextBase::dispatchContextLostEvent):
2453         (WebCore::WebGLRenderingContextBase::maybeRestoreContext):
2454         * html/canvas/WebGLShader.cpp:
2455         (WebCore::WebGLShader::WebGLShader):
2456         * html/shadow/MediaControlElements.cpp:
2457         (WebCore::MediaControlStatusDisplayElement::update):
2458         * html/track/TextTrack.cpp:
2459         (WebCore::TextTrack::captionMenuOffItem):
2460         (WebCore::TextTrack::captionMenuAutomaticItem):
2461         * html/track/VTTRegion.cpp:
2462         (WebCore::VTTRegion::scroll):
2463         * html/track/VTTRegion.h:
2464         * inspector/InspectorDOMAgent.cpp:
2465         (WebCore::InspectorDOMAgent::toErrorString):
2466         (WebCore::InspectorDOMAgent::resolveNode):
2467         (WebCore::InspectorDOMAgent::documentURLString):
2468         (WebCore::documentBaseURLString):
2469         * inspector/InspectorDOMDebuggerAgent.cpp:
2470         (WebCore::domTypeName):
2471         * inspector/InspectorFrontendHost.cpp:
2472         (WebCore::InspectorFrontendHost::localizedStringsURL):
2473         * inspector/InspectorHistory.cpp:
2474         (WebCore::InspectorHistory::Action::mergeId):
2475         * inspector/InspectorPageAgent.cpp:
2476         (WebCore::InspectorPageAgent::reload):
2477         (WebCore::InspectorPageAgent::frameId):
2478         (WebCore::InspectorPageAgent::loaderId):
2479         * inspector/InspectorStyleSheet.cpp:
2480         (WebCore::InspectorStyleSheet::ruleSelector):
2481         * loader/EmptyClients.h:
2482         * loader/FrameLoader.cpp:
2483         (WebCore::FrameLoader::referrer):
2484         * loader/ImageLoader.cpp:
2485         (WebCore::ImageLoader::clearFailedLoadURL):
2486         * loader/ResourceLoader.cpp:
2487         (WebCore::ResourceLoader::didReceiveResponse):
2488         * page/ContextMenuController.cpp:
2489         (WebCore::ContextMenuController::contextMenuItemSelected):
2490         * page/FrameTree.cpp:
2491         (WebCore::FrameTree::setName):
2492         (WebCore::FrameTree::clearName):
2493         * page/Location.cpp:
2494         (WebCore::Location::port):
2495         * platform/network/ProtectionSpaceBase.cpp:
2496         (WebCore::ProtectionSpaceBase::ProtectionSpaceBase):
2497         * xml/parser/XMLDocumentParserLibxml2.cpp:
2498         (WebCore::handleElementAttributes):
2499
2500 2016-07-15  Simon Fraser  <simon.fraser@apple.com>
2501
2502         Repaints rects drawn incorrectly when inspecting a WebView on a Retina display
2503         https://bugs.webkit.org/show_bug.cgi?id=159824
2504         rdar://problem/27376305
2505
2506         Reviewed by Brian Burg.
2507
2508         InspectorOverlayPage.js set up the canvases with a deviceScaleFactor passed into
2509         reset(), which comes from the overlay's m_page.deviceScaleFactor(). However, updatePaintRects()
2510         used window.devicePixelRatio which was always 1.
2511
2512         Fix by setting the deviceScaleFactor on the m_overlayPage.
2513
2514         * inspector/InspectorOverlay.cpp:
2515         (WebCore::InspectorOverlay::overlayPage):
2516
2517 2016-07-15  Myles C. Maxfield  <mmaxfield@apple.com>
2518
2519         [macOS] Work around crash in [NSAttributedString nextWordFromIndex:forward:]
2520         https://bugs.webkit.org/show_bug.cgi?id=159842
2521
2522         Reviewed by Jon Lee.
2523
2524         <rdar://problem/27380532> describes a crash inside [NSAttributedString nextWordFromIndex:forward:].
2525         This must be worked around for https://bugs.webkit.org/show_bug.cgi?id=159755 and
2526         <rdar://problem/27325521>.
2527
2528         * platform/text/mac/TextBoundaries.mm:
2529         (WebCore::findNextWordFromIndex):
2530
2531 2016-07-15  Brady Eidson  <beidson@apple.com>
2532
2533         Update XPathException to use the description in toString().
2534         https://bugs.webkit.org/show_bug.cgi?id=159848
2535
2536         Reviewed by Alex Christensen.
2537
2538         No new tests (Covered by changes to existing tests).
2539
2540         * bindings/js/JSDOMBinding.cpp:
2541         (WebCore::createDOMException):
2542         * xml/XPathException.h:
2543         (WebCore::XPathException::XPathException):
2544
2545 2016-07-15  Brady Eidson  <beidson@apple.com>
2546
2547         Change toString() behavior for exceptions constructed with "createWithDescriptionAsMessage".
2548         https://bugs.webkit.org/show_bug.cgi?id=159839
2549
2550         Reviewed by Alex Christensen.
2551
2552         No new tests (Covered by changes to existing tests).
2553
2554         This is the first step towards extended exception messages for all exception types.
2555
2556         * dom/ExceptionBase.cpp:
2557         (WebCore::ExceptionBase::ExceptionBase):
2558         (WebCore::ExceptionBase::toString):
2559         * dom/ExceptionBase.h:
2560
2561 2016-07-15  Geoffrey Garen  <ggaren@apple.com>
2562
2563         Added a makeRef<T> helper
2564         https://bugs.webkit.org/show_bug.cgi?id=159835
2565
2566         Reviewed by Andreas Kling.
2567
2568         Anders told me to!
2569
2570         * Modules/indexeddb/IDBTransaction.cpp:
2571         (WebCore::IDBTransaction::putOrAddOnServer):
2572         * Modules/indexeddb/shared/InProcessIDBServer.cpp:
2573         (WebCore::InProcessIDBServer::deleteDatabase):
2574         (WebCore::InProcessIDBServer::didDeleteDatabase):
2575         (WebCore::InProcessIDBServer::openDatabase):
2576         (WebCore::InProcessIDBServer::didOpenDatabase):
2577         (WebCore::InProcessIDBServer::didAbortTransaction):
2578         (WebCore::InProcessIDBServer::didCommitTransaction):
2579         (WebCore::InProcessIDBServer::didCreateObjectStore):
2580         (WebCore::InProcessIDBServer::didDeleteObjectStore):
2581         (WebCore::InProcessIDBServer::didClearObjectStore):
2582         (WebCore::InProcessIDBServer::didCreateIndex):
2583         (WebCore::InProcessIDBServer::didDeleteIndex):
2584         (WebCore::InProcessIDBServer::didPutOrAdd):
2585         (WebCore::InProcessIDBServer::didGetRecord):
2586         (WebCore::InProcessIDBServer::didGetCount):
2587         (WebCore::InProcessIDBServer::didDeleteRecord):
2588         (WebCore::InProcessIDBServer::didOpenCursor):
2589         (WebCore::InProcessIDBServer::didIterateCursor):
2590         (WebCore::InProcessIDBServer::abortTransaction):
2591         (WebCore::InProcessIDBServer::commitTransaction):
2592         (WebCore::InProcessIDBServer::didFinishHandlingVersionChangeTransaction):
2593         (WebCore::InProcessIDBServer::createObjectStore):
2594         (WebCore::InProcessIDBServer::deleteObjectStore):
2595         (WebCore::InProcessIDBServer::clearObjectStore):
2596         (WebCore::InProcessIDBServer::createIndex):
2597         (WebCore::InProcessIDBServer::deleteIndex):
2598         (WebCore::InProcessIDBServer::putOrAdd):
2599         (WebCore::InProcessIDBServer::getRecord):
2600         (WebCore::InProcessIDBServer::getCount):
2601         (WebCore::InProcessIDBServer::deleteRecord):
2602         (WebCore::InProcessIDBServer::openCursor):
2603         (WebCore::InProcessIDBServer::iterateCursor):
2604         (WebCore::InProcessIDBServer::establishTransaction):
2605         (WebCore::InProcessIDBServer::fireVersionChangeEvent):
2606         (WebCore::InProcessIDBServer::didStartTransaction):
2607         (WebCore::InProcessIDBServer::didCloseFromServer):
2608         (WebCore::InProcessIDBServer::notifyOpenDBRequestBlocked):
2609         (WebCore::InProcessIDBServer::databaseConnectionClosed):
2610         (WebCore::InProcessIDBServer::abortOpenAndUpgradeNeeded):
2611         (WebCore::InProcessIDBServer::didFireVersionChangeEvent):
2612         (WebCore::InProcessIDBServer::openDBRequestCancelled):
2613         (WebCore::InProcessIDBServer::confirmDidCloseFromServer):
2614         (WebCore::InProcessIDBServer::getAllDatabaseNames):
2615         (WebCore::InProcessIDBServer::didGetAllDatabaseNames):
2616         * Modules/mediastream/MediaDevicesRequest.cpp:
2617         (WebCore::MediaDevicesRequest::didCompleteTrackSourceInfoRequest):
2618         * Modules/mediastream/UserMediaRequest.cpp:
2619         (WebCore::UserMediaRequest::constraintsValidated):
2620         (WebCore::UserMediaRequest::userMediaAccessGranted):
2621         * Modules/webaudio/AudioContext.cpp:
2622         (WebCore::AudioContext::scheduleNodeDeletion):
2623         (WebCore::AudioContext::isPlayingAudioDidChange):
2624         (WebCore::AudioContext::suspend):
2625         (WebCore::AudioContext::resume):
2626         (WebCore::AudioContext::close):
2627         (WebCore::AudioContext::suspendPlayback):
2628         (WebCore::AudioContext::mayResumePlayback):
2629         * Modules/websockets/ThreadableWebSocketChannelClientWrapper.cpp:
2630         (WebCore::ThreadableWebSocketChannelClientWrapper::didConnect):
2631         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessage):
2632         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveBinaryData):
2633         (WebCore::ThreadableWebSocketChannelClientWrapper::didUpdateBufferedAmount):
2634         (WebCore::ThreadableWebSocketChannelClientWrapper::didStartClosingHandshake):
2635         (WebCore::ThreadableWebSocketChannelClientWrapper::didClose):
2636         (WebCore::ThreadableWebSocketChannelClientWrapper::didReceiveMessageError):
2637         (WebCore::ThreadableWebSocketChannelClientWrapper::processPendingTasks):
2638         * Modules/websockets/WebSocket.cpp:
2639         (WebCore::WebSocket::connect):
2640         * bindings/js/JSEventListener.h:
2641         (WebCore::JSEventListener::jsFunction):
2642         * dom/Node.cpp:
2643         (WebCore::Node::setTextContent):
2644         * html/HTMLMediaElement.cpp:
2645         (WebCore::HTMLMediaElement::layoutSizeChanged):
2646         * inspector/CommandLineAPIHost.cpp:
2647         (WebCore::CommandLineAPIHost::wrapper):
2648         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
2649         (WebCore::AudioSourceProviderAVFObjC::prepare):
2650         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
2651         (WebCore::WebCoreAVCFResourceLoader::invalidate):
2652         * platform/graphics/avfoundation/objc/WebCoreAVFResourceLoader.mm:
2653         (WebCore::WebCoreAVFResourceLoader::invalidate):
2654         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
2655         (WebVideoFullscreenControllerContext::setExternalPlayback):
2656         * platform/network/BlobResourceHandle.cpp:
2657         (WebCore::BlobResourceHandle::start):
2658         (WebCore::BlobResourceHandle::notifyFinish):
2659         * platform/network/SocketStreamHandleBase.cpp:
2660         (WebCore::SocketStreamHandleBase::disconnect):
2661         * platform/network/curl/CurlDownload.cpp:
2662         (WebCore::CurlDownload::didReceiveHeader):
2663
2664 2016-07-15  Chris Dumez  <cdumez@apple.com>
2665
2666         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible
2667         https://bugs.webkit.org/show_bug.cgi?id=159793
2668
2669         Reviewed by Ryosuke Niwa.
2670
2671         Use fastGetAttribute() / setAttributeWithoutSynchronization() when possible, for performance.
2672
2673         * Modules/plugins/YouTubePluginReplacement.cpp:
2674         (WebCore::YouTubePluginReplacement::installReplacement):
2675         * dom/Element.h:
2676         (WebCore::Element::setIdAttribute):
2677         * editing/ApplyStyleCommand.cpp:
2678         (WebCore::hasNoAttributeOrOnlyStyleAttribute):
2679         (WebCore::createFontElement):
2680         (WebCore::ApplyStyleCommand::applyInlineStyleChange):
2681         * editing/EditingStyle.cpp:
2682         (WebCore::EditingStyle::elementIsStyledSpanOrHTMLEquivalent):
2683         * editing/Editor.cpp:
2684         (WebCore::Editor::setBaseWritingDirection):
2685         * editing/ReplaceSelectionCommand.cpp:
2686         (WebCore::isMailPasteAsQuotationNode):
2687         (WebCore::isInlineNodeWithStyle):
2688         * editing/cocoa/DataDetection.mm:
2689         (WebCore::DataDetection::detectContentInRange):
2690         * editing/htmlediting.cpp:
2691         (WebCore::createTabSpanElement):
2692         * editing/ios/EditorIOS.mm:
2693         (WebCore::Editor::setTextAlignmentForChangedBaseWritingDirection):
2694         (WebCore::Editor::WebContentReader::readURL):
2695         * editing/mac/EditorMac.mm:
2696         (WebCore::Editor::WebContentReader::readURL):
2697         * editing/markup.cpp:
2698         (WebCore::createFragmentFromText):
2699         * html/BaseButtonInputType.cpp:
2700         (WebCore::BaseButtonInputType::setValue):
2701         * html/BaseCheckableInputType.cpp:
2702         (WebCore::BaseCheckableInputType::setValue):
2703         * html/FTPDirectoryDocument.cpp:
2704         (WebCore::FTPDirectoryDocumentParser::appendEntry):
2705         (WebCore::FTPDirectoryDocumentParser::createTDForFilename):
2706         (WebCore::FTPDirectoryDocumentParser::loadDocumentTemplate):
2707         (WebCore::FTPDirectoryDocumentParser::createBasicDocument):
2708         * html/HTMLAnchorElement.cpp:
2709         (WebCore::HTMLAnchorElement::href):
2710         (WebCore::HTMLAnchorElement::setHref):
2711         (WebCore::HTMLAnchorElement::target):
2712         * html/HTMLAreaElement.cpp:
2713         (WebCore::HTMLAreaElement::target):
2714         * html/HTMLBaseElement.cpp:
2715         (WebCore::HTMLBaseElement::setHref):
2716         * html/HTMLButtonElement.cpp:
2717         (WebCore::HTMLButtonElement::setType):
2718         * html/HTMLDetailsElement.cpp:
2719         (WebCore::HTMLDetailsElement::didAddUserAgentShadowRoot):
2720         (WebCore::HTMLDetailsElement::toggleOpen):
2721         * html/HTMLDocument.cpp:
2722         (WebCore::HTMLDocument::setBgColor):
2723         (WebCore::HTMLDocument::setFgColor):
2724         (WebCore::HTMLDocument::setAlinkColor):
2725         (WebCore::HTMLDocument::setLinkColor):
2726         (WebCore::HTMLDocument::setVlinkColor):
2727         * html/HTMLElement.cpp:
2728         (WebCore::HTMLElement::setDir):
2729         (WebCore::HTMLElement::setContentEditable):
2730         (WebCore::HTMLElement::setDraggable):
2731         (WebCore::HTMLElement::setSpellcheck):
2732         (WebCore::HTMLElement::setTranslate):
2733         * html/HTMLFormControlElement.cpp:
2734         (WebCore::HTMLFormControlElement::setFormEnctype):
2735         (WebCore::HTMLFormControlElement::setFormMethod):
2736         (WebCore::HTMLFormControlElement::setAutocorrect):
2737         (WebCore::HTMLFormControlElement::setAutocapitalize):
2738         (WebCore::HTMLFormControlElement::setAutocomplete):
2739         * html/HTMLFormElement.cpp:
2740         (WebCore::HTMLFormElement::setAutocorrect):
2741         (WebCore::HTMLFormElement::setAutocapitalize):
2742         (WebCore::HTMLFormElement::setAction):
2743         (WebCore::HTMLFormElement::setEnctype):
2744         (WebCore::HTMLFormElement::setMethod):
2745         (WebCore::HTMLFormElement::target):
2746         * html/HTMLImageElement.cpp:
2747         (WebCore::HTMLImageElement::width):
2748         (WebCore::HTMLImageElement::height):
2749         (WebCore::HTMLImageElement::setSrc):
2750         * html/HTMLInputElement.cpp:
2751         (WebCore::HTMLInputElement::setType):
2752         (WebCore::HTMLInputElement::updateType):
2753         (WebCore::HTMLInputElement::altText):
2754         (WebCore::HTMLInputElement::setDefaultValue):
2755         * html/HTMLLinkElement.cpp:
2756         (WebCore::HTMLLinkElement::href):
2757         (WebCore::HTMLLinkElement::target):
2758         (WebCore::HTMLLinkElement::type):
2759         * html/HTMLMediaElement.cpp:
2760         (WebCore::HTMLMediaElement::setSrc):
2761         (WebCore::HTMLMediaElement::setPreload):
2762         * html/HTMLMeterElement.cpp:
2763         (WebCore::HTMLMeterElement::min):
2764         (WebCore::HTMLMeterElement::setMin):
2765         (WebCore::HTMLMeterElement::max):
2766         (WebCore::HTMLMeterElement::setMax):
2767         (WebCore::HTMLMeterElement::value):
2768         (WebCore::HTMLMeterElement::setValue):
2769         (WebCore::HTMLMeterElement::low):
2770         (WebCore::HTMLMeterElement::setLow):
2771         (WebCore::HTMLMeterElement::high):
2772         (WebCore::HTMLMeterElement::setHigh):
2773         (WebCore::HTMLMeterElement::optimum):
2774         (WebCore::HTMLMeterElement::setOptimum):
2775         * html/HTMLObjectElement.cpp:
2776         (WebCore::HTMLObjectElement::containsJavaApplet):
2777         * html/HTMLOptionElement.cpp:
2778         (WebCore::HTMLOptionElement::createForJSConstructor):
2779         (WebCore::HTMLOptionElement::setValue):
2780         (WebCore::HTMLOptionElement::setLabel):
2781         * html/HTMLProgressElement.cpp:
2782         (WebCore::HTMLProgressElement::setValue):
2783         (WebCore::HTMLProgressElement::setMax):
2784         * html/HTMLScriptElement.cpp:
2785         (WebCore::HTMLScriptElement::typeAttributeValue):
2786         * html/HTMLSelectElement.cpp:
2787         (WebCore::HTMLSelectElement::setMultiple):
2788         * html/HTMLSourceElement.cpp:
2789         (WebCore::HTMLSourceElement::setSrc):
2790         (WebCore::HTMLSourceElement::media):
2791         (WebCore::HTMLSourceElement::setMedia):
2792         (WebCore::HTMLSourceElement::type):
2793         (WebCore::HTMLSourceElement::setType):
2794         * html/HTMLTableSectionElement.cpp:
2795         (WebCore::HTMLTableSectionElement::setAlign):
2796         (WebCore::HTMLTableSectionElement::setCh):
2797         (WebCore::HTMLTableSectionElement::chOff):
2798         (WebCore::HTMLTableSectionElement::setChOff):
2799         (WebCore::HTMLTableSectionElement::setVAlign):
2800         * html/HTMLTextFormControlElement.cpp:
2801         (WebCore::HTMLTextFormControlElement::updateInnerTextElementEditability):
2802         * html/HTMLVideoElement.cpp:
2803         (WebCore::HTMLVideoElement::imageSourceURL):
2804         * html/HiddenInputType.cpp:
2805         (WebCore::HiddenInputType::restoreFormControlState):
2806         (WebCore::HiddenInputType::setValue):
2807         * html/MediaDocument.cpp:
2808         (WebCore::MediaDocumentParser::createDocumentStructure):
2809         (WebCore::MediaDocument::replaceMediaElementTimerFired):
2810         * html/PluginDocument.cpp:
2811         (WebCore::PluginDocumentParser::createDocumentStructure):
2812         * html/TextFieldInputType.cpp:
2813         (WebCore::TextFieldInputType::createAutoFillButton):
2814         (WebCore::TextFieldInputType::updateAutoFillButton):
2815         * html/parser/HTMLTreeBuilder.cpp:
2816         (WebCore::HTMLTreeBuilder::processIsindexStartTagForInBody):
2817         * html/shadow/MediaControlElements.cpp:
2818         (WebCore::MediaControlClosedCaptionsContainerElement::create):
2819         (WebCore::MediaControlTimelineElement::create):
2820         (WebCore::MediaControlPanelVolumeSliderElement::create):
2821         (WebCore::MediaControlFullscreenVolumeSliderElement::create):
2822         * html/shadow/TextControlInnerElements.cpp:
2823         (WebCore::SearchFieldCancelButtonElement::SearchFieldCancelButtonElement):
2824         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
2825         (WebCore::ImageControlsButtonElementMac::tryCreate):
2826         * html/shadow/mac/ImageControlsRootElementMac.cpp:
2827         (WebCore::ImageControlsRootElement::tryCreate):
2828         * html/track/WebVTTElement.cpp:
2829         (WebCore::WebVTTElement::createEquivalentHTMLElement):
2830         * html/track/WebVTTParser.cpp:
2831         (WebCore::WebVTTTreeBuilder::constructTreeFromToken):
2832         * inspector/InspectorCSSAgent.cpp:
2833         (WebCore::InspectorCSSAgent::createInspectorStyleSheetForDocument):
2834         * inspector/InspectorPageAgent.cpp:
2835         (WebCore::InspectorPageAgent::buildObjectForFrame):
2836         * mathml/MathMLSelectElement.cpp:
2837         (WebCore::MathMLSelectElement::toggle):
2838         * page/PageSerializer.cpp:
2839         (WebCore::PageSerializer::serializeFrame):
2840         * rendering/RenderDetailsMarker.cpp:
2841         (WebCore::RenderDetailsMarker::isOpen):
2842         * rendering/mathml/RenderMathMLFraction.cpp:
2843         (WebCore::RenderMathMLFraction::updateFromElement):
2844         * svg/SVGElement.cpp:
2845         (WebCore::SVGElement::setXmlbase):
2846         * svg/SVGSVGElement.cpp:
2847         (WebCore::SVGSVGElement::setContentScriptType):
2848         (WebCore::SVGSVGElement::setContentStyleType):
2849         * svg/SVGStyleElement.cpp:
2850         (WebCore::SVGStyleElement::setMedia):
2851         (WebCore::SVGStyleElement::setTitle):
2852
2853 2016-07-15  Chris Dumez  <cdumez@apple.com>
2854
2855         Modernize StaticNodeList / StaticElementList
2856         https://bugs.webkit.org/show_bug.cgi?id=159831
2857
2858         Reviewed by Ryosuke Niwa.
2859
2860         Modernize StaticNodeList / StaticElementList. Pass vector to adopt
2861         as an rvalue reference instead of a non-const reference.
2862
2863         * bindings/js/JSHTMLAllCollectionCustom.cpp:
2864         (WebCore::namedItems):
2865         * dom/ChildListMutationScope.cpp:
2866         (WebCore::ChildListMutationAccumulator::enqueueMutationRecord):
2867         * dom/MutationRecord.cpp:
2868         * dom/SelectorQuery.cpp:
2869         (WebCore::SelectorDataList::queryAll):
2870         * dom/StaticNodeList.h:
2871         * dom/WebKitNamedFlow.cpp:
2872         (WebCore::WebKitNamedFlow::getRegionsByContent):
2873         (WebCore::WebKitNamedFlow::getRegions):
2874         (WebCore::WebKitNamedFlow::getContent):
2875         * svg/SVGSVGElement.cpp:
2876         (WebCore::SVGSVGElement::collectIntersectionOrEnclosureList):
2877         * testing/Internals.cpp:
2878         (WebCore::Internals::nodesFromRect):
2879
2880 2016-07-15  Brent Fulgham  <bfulgham@apple.com>
2881
2882         Block insecure script running in a data: frame when the top-level page is HTTPS
2883         https://bugs.webkit.org/show_bug.cgi?id=125806
2884         <rdar://problem/27331825>
2885
2886         Reviewed by Brady Eidson.
2887
2888         Fix based on a Blink change (patch by <tsepez@chromium.org>):
2889         <https://chromium.googlesource.com/chromium/blink/+/33e553bd96e040151c1472289a0d80803bfca3a5>
2890
2891         Test: http/tests/security/mixedContent/insecure-script-in-data-iframe-in-main-frame-blocked.html
2892
2893         * loader/cache/CachedResourceLoader.cpp:
2894         (WebCore::CachedResourceLoader::checkInsecureContent): Check the top-level frame's security state
2895         before allowing insecure scripts to be used.        
2896
2897 2016-07-15  Chris Dumez  <cdumez@apple.com>
2898
2899         Let the compiler generate QualifiedName copy constructor and assignment operator
2900         https://bugs.webkit.org/show_bug.cgi?id=159826
2901
2902         Reviewed by Alex Christensen.
2903
2904         Let the compiler generate QualifiedName copy constructor and assignment operator
2905         as our custom implementation does nothing special. This also makes QualifiedName
2906         movable as the compiler is now able to generate the move constructor / assignment
2907         operator as well.
2908
2909         * dom/QualifiedName.h:
2910         (WebCore::QualifiedName::QualifiedName): Deleted.
2911         (WebCore::QualifiedName::operator=): Deleted.
2912
2913 2016-07-15  Antonio Gomes  <tonikitoo@igalia.com>
2914
2915         ScrollView::setHasHorizontalScrollbar / setHasVerticalScrollbar duplicate their logic
2916         https://bugs.webkit.org/show_bug.cgi?id=159825
2917
2918         Patch introduces a (private) method to ScrollView
2919         to share the code/logic of setHas{Horizontal,Vertical}Scrollbar.
2920
2921         Reviewed by Simon Fraser.
2922
2923         No new tests needed.
2924
2925         * platform/ScrollView.cpp:
2926         (WebCore::ScrollView::setHasScrollbarInternal):
2927         (WebCore::ScrollView::setHasHorizontalScrollbar):
2928         (WebCore::ScrollView::setHasVerticalScrollbar):
2929         * platform/ScrollView.h:
2930
2931 2016-07-15  Frederic Wang  <fwang@igalia.com>
2932
2933         MathOperator: Improve alignment for vertical size variant
2934         https://bugs.webkit.org/show_bug.cgi?id=158866
2935
2936         Reviewed by Brent Fulgham.
2937
2938         The MathOperator class may stretch operators with either a large glyph or a glyph assembly.
2939         In the latter case, the assembly is adjusted to match the stretch ascent and descent
2940         requested by the callers. But in the former case the glyph ascent and descent are used
2941         instead. We solve this by making MathOperator::stretchTo only take a targetSize and let
2942         callers do the vertical alignment they want. This improves the rendering of fences with some
2943         math fonts (e.g. XITS) and allows to pass the two cases of mo-axis-height-1.html.
2944
2945         Test: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
2946
2947         * rendering/mathml/MathOperator.cpp:
2948         (WebCore::MathOperator::stretchTo): Merge vertical and horizontal stretching into the same
2949         function with only the targetSize as a parameter.
2950         * rendering/mathml/RenderMathMLOperator.cpp:
2951         (WebCore::RenderMathMLOperator::stretchTo): Updated to use the new signature.
2952         (WebCore::RenderMathMLOperator::verticalStretchedOperatorShift): Helper function to calculate
2953         the shift necessary to align the baseline of the MathOperator instance with the one of the
2954         RenderMathMLOperator.
2955         (WebCore::RenderMathMLOperator::firstLineBaseline): Adjust the baseline.
2956         * rendering/mathml/RenderMathMLOperator.h: Declare verticalStretchedOperatorShift.
2957         * rendering/mathml/RenderMathMLRoot.cpp:
2958         (WebCore::RenderMathMLRoot::layoutBlock): Use the new signature. This function aligns the top
2959         of the radical with the overbar so we do not need to adjust baseline alignment here.
2960
2961 2016-07-15  Brady Eidson  <beidson@apple.com>
2962
2963         WebKit should prevent push/replace state with username in URL.
2964         <rdar://problem/27361737> and https://bugs.webkit.org/show_bug.cgi?id=159818
2965
2966         Reviewed by Brent Fulgham.
2967
2968         Test: http/tests/security/history-username-password.html
2969
2970         * page/History.cpp:
2971         (WebCore::History::stateObjectAdded): Don't allow URLs with usernames/passwords.
2972
2973 2016-07-15  Ryan Haddad  <ryanhaddad@apple.com>
2974
2975         Unreviewed, rolling out r203266.
2976
2977         This change caused editing/deleting/delete-emoji.html to time
2978         out on El Capitan, crash under GuardMalloc
2979
2980         Reverted changeset:
2981
2982         "Support new emoji group candidates"
2983         https://bugs.webkit.org/show_bug.cgi?id=159755
2984         http://trac.webkit.org/changeset/203266
2985
2986 2016-07-15  Frederic Wang  <fwang@igalia.com>
2987
2988         Move parsing of mfrac attributes into a MathMLFractionElement class
2989         https://bugs.webkit.org/show_bug.cgi?id=159624
2990
2991         Reviewed by Brent Fulgham.
2992
2993         We move the parsing of mfrac attributes to a MathMLFractionElement class. This allows to
2994         minimize the updates in RenderMathMLFraction and to remove the alignment members. Many of
2995         the members in updateLayoutParameters are actually only used in layoutBlock and could be
2996         removed in a follow-up patch. We also improve the resolution of negative line thickness value
2997         since the MathML recommendation says it should be rounded up to the nearest valid
2998         value (which is zero) instead of ignoring the attribute and using the line thickness.
2999
3000         No new tests, already covered by existing tests.
3001
3002         * CMakeLists.txt: Add MathMLFractionElement.
3003         * WebCore.xcodeproj/project.pbxproj: Ditto.
3004         * mathml/MathMLAllInOne.cpp: Ditto.
3005         * mathml/MathMLFractionElement.cpp: Added.
3006         (WebCore::MathMLFractionElement::MathMLFractionElement):
3007         (WebCore::MathMLFractionElement::create):
3008         (WebCore::MathMLFractionElement::lineThickness): Return the cached linethickness length,
3009         parsing it again if it is dirty. This handles the special values "thin", "medium" and "thick"
3010         or fallback to the general parseMathMLLength for MathML lengths.
3011         (WebCore::MathMLFractionElement::cachedFractionAlignment): Return the cached alignment value,
3012         parsing it again if it is dirty.
3013         (WebCore::MathMLFractionElement::numeratorAlignment): Return the cached alignment.
3014         (WebCore::MathMLFractionElement::denominatorAlignment): Ditto.
3015         (WebCore::MathMLFractionElement::parseAttribute): Make attributes dirty.
3016         (WebCore::MathMLFractionElement::createElementRenderer): Create a RenderMathMLFraction.
3017         * mathml/MathMLFractionElement.h: Added.
3018         * mathml/MathMLInlineContainerElement.cpp: We no longer need to handle fraction here.
3019         (WebCore::MathMLInlineContainerElement::createElementRenderer):
3020         * mathml/mathtags.in: Use MathMLFractionElement for mfrac.
3021         * rendering/mathml/RenderMathMLFraction.cpp:
3022         (WebCore::RenderMathMLFraction::updateLayoutParameters): New helper function to set the
3023         layout parameters, replacing updateFromElement. We no longer parse and store the alignment
3024         values here. We also change the resolution of negative values.
3025         (WebCore::RenderMathMLFraction::horizontalOffset): Use the enum from MathMLFractionElement.
3026         (WebCore::RenderMathMLFraction::layoutBlock): We call updateLayoutParameters instead of
3027         updateFromElement. The numerator and denominator alignments are resolved here.
3028         (WebCore::RenderMathMLFraction::parseAlignmentAttribute): Deleted. Parsing of alignment
3029         attribute is now handled in MathMLFractionElement.
3030         (WebCore::RenderMathMLFraction::updateFromElement): Deleted. Attribute changes are now
3031         handled in MathMLFractionElement.
3032         (WebCore::RenderMathMLFraction::styleDidChange): Deleted. Font changes are properly handled.
3033         * rendering/mathml/RenderMathMLFraction.h: Update declarations.
3034
3035 2016-07-15  Frederic Wang  <fwang@igalia.com>
3036
3037         Check whether font is nonnull for GlyphData instead of calling GlyphData::isValid()
3038         https://bugs.webkit.org/show_bug.cgi?id=159783
3039
3040         Reviewed by Brent Fulgham.
3041
3042         GlyphData::isValid() returns true for GlyphData with null 'font' pointer when the 'glyph'
3043         index is nonzero. This behavior is not expected by the MathML code and we have had crashes
3044         in our test suite in the past on Windows (e.g. bug 140653). We thus replace the call to
3045         GlyphData::isValid() with a stronger verification: Whether the 'font' pointer is nonzero.
3046
3047         No new tests, this only makes null pointer checks stronger.
3048
3049         * rendering/mathml/MathOperator.cpp:
3050         (WebCore::boundsForGlyph):
3051         (WebCore::advanceWidthForGlyph):
3052         (WebCore::MathOperator::getBaseGlyph):
3053         (WebCore::MathOperator::setSizeVariant):
3054         (WebCore::MathOperator::fillWithVerticalExtensionGlyph):
3055         (WebCore::MathOperator::fillWithHorizontalExtensionGlyph):
3056         (WebCore::MathOperator::paintVerticalGlyphAssembly):
3057         (WebCore::MathOperator::paintHorizontalGlyphAssembly):
3058         (WebCore::MathOperator::paint):
3059         * rendering/mathml/RenderMathMLOperator.cpp:
3060         (WebCore::RenderMathMLOperator::computePreferredLogicalWidths):
3061         * rendering/mathml/RenderMathMLToken.cpp:
3062         (WebCore::RenderMathMLToken::computePreferredLogicalWidths):
3063         (WebCore::RenderMathMLToken::firstLineBaseline):
3064         (WebCore::RenderMathMLToken::layoutBlock):
3065         (WebCore::RenderMathMLToken::paint):
3066         (WebCore::RenderMathMLToken::paintChildren):
3067
3068 2016-07-15  Frederic Wang  <fwang@igalia.com>
3069
3070         Add DejaVu Math TeX Gyre to the list of math fonts.
3071         https://bugs.webkit.org/show_bug.cgi?id=159805
3072
3073         Reviewed by Brent Fulgham.
3074
3075         DejaVu 2.36 has a new math font that can be used for MathML rendering. Because this font is
3076         likely to be installed on many systems (Linux, LibreOffice, etc) we include it in the default
3077         list of font-families in mathml.css in order to increase the chance to find a math font.
3078
3079         No new tests, it only affects rendering when DejaVu Math TeX Gyre is installed on the system.
3080
3081         * css/mathml.css:
3082         (math):
3083
3084 2016-07-15  Eric Carlson  <eric.carlson@apple.com>
3085
3086         [MSE] Increase the SourceBuffer "fudge factor"
3087         https://bugs.webkit.org/show_bug.cgi?id=159813
3088         <rdar://problem/27372033>
3089
3090         Reviewed by Jon Lee.
3091         
3092         Some media encoding/conversion pipelines are sloppy when doing sample time/timescale
3093         math, and the error accumulation results in small gaps in the media timeline. r202641
3094         increased the maximum allowable gap from 0.01 second to one 24fps frame, but it turns
3095         out that at least one large provider has a significant amount of content encoded with
3096         up to two 24fps frames.
3097
3098         No new tests, updated media/media-source/media-source-small-gap.html.
3099
3100         * Modules/mediasource/SourceBuffer.cpp:
3101         (WebCore::currentTimeFudgeFactor): Increase maximum gap to 2002 / 24000 frames.
3102
3103 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3104
3105         Add final keyword to WebCore/svg classes
3106         https://bugs.webkit.org/show_bug.cgi?id=159802
3107
3108         Reviewed by Youenn Fablet.
3109
3110         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
3111
3112         * svg/SVGException.h:
3113         * svg/SVGLengthList.h:
3114         * svg/SVGMatrix.h:
3115         * svg/SVGNumberList.h:
3116         * svg/SVGPaint.h:
3117         * svg/SVGPathBuilder.h:
3118         * svg/SVGPathByteStreamBuilder.h:
3119         * svg/SVGPathByteStreamSource.h:
3120         * svg/SVGPathSegArcAbs.h:
3121         * svg/SVGPathSegArcRel.h:
3122         * svg/SVGPathSegClosePath.h:
3123         * svg/SVGPathSegCurvetoCubicAbs.h:
3124         * svg/SVGPathSegCurvetoCubicRel.h:
3125         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
3126         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
3127         * svg/SVGPathSegCurvetoQuadraticAbs.h:
3128         * svg/SVGPathSegCurvetoQuadraticRel.h:
3129         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
3130         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
3131         * svg/SVGPathSegLinetoAbs.h:
3132         * svg/SVGPathSegLinetoHorizontalAbs.h:
3133         * svg/SVGPathSegLinetoHorizontalRel.h:
3134         * svg/SVGPathSegLinetoRel.h:
3135         * svg/SVGPathSegLinetoVerticalAbs.h:
3136         * svg/SVGPathSegLinetoVerticalRel.h:
3137         * svg/SVGPathSegListBuilder.h:
3138         * svg/SVGPathSegListSource.h:
3139         * svg/SVGPathSegMovetoAbs.h:
3140         * svg/SVGPathSegMovetoRel.h:
3141         * svg/SVGPathStringSource.h:
3142         * svg/SVGPathTraversalStateBuilder.h:
3143         * svg/SVGPointList.h:
3144         * svg/SVGRenderingIntent.h:
3145         * svg/SVGStringList.h:
3146         * svg/SVGTRefElement.cpp:
3147         * svg/SVGToOTFFontConversion.cpp:
3148         * svg/SVGTransformList.h:
3149         * svg/SVGUnitTypes.h:
3150         * svg/SVGViewSpec.h:
3151         * svg/SVGZoomEvent.h:
3152         * svg/animation/SMILTimeContainer.h:
3153         * svg/animation/SVGSMILElement.cpp:
3154         * svg/graphics/filters/SVGFEImage.h:
3155         * svg/graphics/filters/SVGFilter.h:
3156         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
3157         * svg/properties/SVGAnimatedPropertyTearOff.h:
3158         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
3159         * svg/properties/SVGMatrixTearOff.h:
3160         * svg/properties/SVGPathSegListPropertyTearOff.h:
3161         * svg/properties/SVGStaticListPropertyTearOff.h:
3162         * svg/properties/SVGStaticPropertyTearOff.h:
3163         * svg/properties/SVGTransformListPropertyTearOff.h:
3164
3165 2016-07-15  Per Arne Vollan  <pvollan@apple.com>
3166
3167         Uninitialized variable in DIBPixelData can cause a dangerous memory write
3168         https://bugs.webkit.org/show_bug.cgi?id=159414
3169
3170         Reviewed by Brent Fulgham.
3171
3172         Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
3173         fails to do so, because the bitmap handle is invalid.
3174
3175         Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp
3176
3177         * platform/graphics/win/DIBPixelData.cpp:
3178         (WebCore::DIBPixelData::initialize): Initialize local variable.
3179         (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
3180         * platform/graphics/win/DIBPixelData.h: Link fix.
3181
3182 2016-07-14  Yoav Weiss  <yoav@yoav.ws>
3183
3184         Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
3185         https://bugs.webkit.org/show_bug.cgi?id=159666
3186
3187         Reviewed by Michael Catanzaro.
3188
3189         Tests:
3190             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
3191
3192         * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
3193         * css/CSSParser.cpp:
3194         (WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.
3195         * css/CSSParser.h:
3196
3197 2016-07-14  Antonio Gomes  <tonikitoo@igalia.com>
3198
3199         [RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
3200         https://bugs.webkit.org/show_bug.cgi?id=158252
3201
3202         Reviewed by Myles C. Maxfield.
3203
3204         When the 'dir' attribute changes either on body or on the document
3205         element level, the associated FrameView does not trigger an update on
3206         the frame level vertical scrollbar.
3207
3208         Patch adds a 'hook' so that RenderBox::styleDidChange can call in
3209         order to get the document level scrollbar placed properly in the next
3210         layout.
3211
3212         Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html
3213               fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
3214               fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html
3215
3216         * page/FrameView.cpp:
3217         (WebCore::FrameView::topContentDirectionDidChange):
3218         * page/FrameView.h:
3219         * rendering/RenderBox.cpp:
3220         (WebCore::RenderBox::styleDidChange):
3221
3222 2016-07-14  Myles C. Maxfield  <mmaxfield@apple.com>
3223
3224         Support new emoji group candidates
3225         https://bugs.webkit.org/show_bug.cgi?id=159755
3226         <rdar://problem/27325521>
3227
3228         Reviewed by Dean Jackson.
3229
3230         There are a few code points which should be able to be joined (with ZWJ) to
3231         either U+2640 or U+2642 to change the gender of the emoji. These patterns
3232         should also work with an additional 0xFE0F variation selector. This patch
3233         adds these new patterns to our existing emoji group candidate infrastructure.
3234
3235         Tests: fast/text/emoji-gender-2-3.html
3236                fast/text/emoji-gender-2-4.html
3237                fast/text/emoji-gender-2-5.html
3238                fast/text/emoji-gender-2-6.html
3239                fast/text/emoji-gender-2-7.html
3240                fast/text/emoji-gender-2-8.html
3241                fast/text/emoji-gender-2-9.html
3242                fast/text/emoji-gender-2.html
3243                fast/text/emoji-gender-3.html
3244                fast/text/emoji-gender-4.html
3245                fast/text/emoji-gender-5.html
3246                fast/text/emoji-gender-6.html
3247                fast/text/emoji-gender-7.html
3248                fast/text/emoji-gender-8.html
3249                fast/text/emoji-gender-9.html
3250                fast/text/emoji-gender-fe0f-3.html
3251                fast/text/emoji-gender-fe0f-4.html
3252                fast/text/emoji-gender-fe0f-5.html
3253                fast/text/emoji-gender-fe0f-6.html
3254                fast/text/emoji-gender-fe0f-7.html
3255                fast/text/emoji-gender-fe0f-8.html
3256                fast/text/emoji-gender-fe0f-9.html
3257                fast/text/emoji-gender.html
3258                fast/text/emoji-num-glyphs.html
3259                fast/text/emoji-single-parent-family-2.html
3260                fast/text/emoji-single-parent-family.html
3261
3262         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
3263         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
3264         * platform/graphics/FontCascade.cpp:
3265         (WebCore::FontCascade::characterRangeCodePath):
3266         * platform/text/CharacterProperties.h:
3267         (WebCore::isEmojiGroupCandidate):
3268
3269 2016-07-14  Dean Jackson  <dino@apple.com>
3270
3271         CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
3272         https://bugs.webkit.org/show_bug.cgi?id=159799
3273         <rdar://problem/27346959>
3274
3275         Reviewed by Myles Maxfield.
3276
3277         Speculative fix for this crash, which seems to happen when asking for the Node's
3278         renderer(). From the incoming crash logs, it is triggered by mutations on
3279         a <picture> or <img> element, which would require choosing a new source,
3280         and causing some media queries to evaluate.
3281
3282         The only place in MediaQueryEvaluator that has anything to do with
3283         renderers is when gathering up some style information to pass to the
3284         actual evaluation function. I put a guard against a missing documentElement
3285         in there.
3286
3287         * css/MediaQueryEvaluator.cpp:
3288         (WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
3289         null.
3290
3291 2016-07-14  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
3292
3293         Update HTML*Element class override methods in final classes
3294         https://bugs.webkit.org/show_bug.cgi?id=159456
3295
3296         Reviewed by Youenn Fablet.
3297
3298         Update HTML*Element classes so that overriden methods in final classes are marked final.
3299         Also marked HTMLDivElement overriden methods as final since they are not overridden by derived classes.
3300
3301         * html/HTMLAppletElement.h:
3302         * html/HTMLAreaElement.h:
3303         * html/HTMLAttachmentElement.h:
3304         * html/HTMLAudioElement.h:
3305         * html/HTMLBRElement.h:
3306         * html/HTMLBaseElement.h:
3307         * html/HTMLBodyElement.h:
3308         * html/HTMLButtonElement.h:
3309         * html/HTMLCanvasElement.h:
3310         * html/HTMLDataElement.h:
3311         * html/HTMLDetailsElement.h:
3312         * html/HTMLDivElement.h:
3313         * html/HTMLEmbedElement.h:
3314         * html/HTMLFieldSetElement.h:
3315         * html/HTMLFontElement.h:
3316         * html/HTMLFormElement.h:
3317         * html/HTMLFrameSetElement.h:
3318         * html/HTMLHRElement.h:
3319         * html/HTMLHtmlElement.h:
3320         * html/HTMLKeygenElement.h:
3321         * html/HTMLLIElement.h:
3322         * html/HTMLLabelElement.h:
3323         * html/HTMLLegendElement.h:
3324         * html/HTMLLinkElement.h:
3325         * html/HTMLMapElement.h:
3326         * html/HTMLMarqueeElement.h:
3327         * html/HTMLMetaElement.h:
3328         * html/HTMLMeterElement.h:
3329         * html/HTMLModElement.h:
3330         * html/HTMLOListElement.h:
3331         * html/HTMLObjectElement.h:
3332         * html/HTMLOptGroupElement.h:
3333         * html/HTMLOptionElement.h:
3334         * html/HTMLOutputElement.h:
3335         * html/HTMLParagraphElement.h:
3336         * html/HTMLParamElement.h:
3337         * html/HTMLPreElement.h:
3338         * html/HTMLProgressElement.h:
3339         * html/HTMLQuoteElement.h:
3340         * html/HTMLScriptElement.h:
3341         * html/HTMLSourceElement.h:
3342         * html/HTMLStyleElement.h:
3343         * html/HTMLSummaryElement.h:
3344         * html/HTMLTableCaptionElement.h:
3345         * html/HTMLTableColElement.h:
3346         * html/HTMLTableElement.h:
3347         * html/HTMLTableSectionElement.h:
3348         * html/HTMLTemplateElement.h:
3349         * html/HTMLTextAreaElement.h:
3350         * html/HTMLTitleElement.h:
3351         * html/HTMLUListElement.h:
3352         * html/HTMLUnknownElement.h:
3353         * html/HTMLVideoElement.h:
3354         * html/HTMLWBRElement.h:
3355
3356 2016-07-14  Chris Dumez  <cdumez@apple.com>
3357
3358         Modernize GlyphMetricsMap
3359         https://bugs.webkit.org/show_bug.cgi?id=159788
3360
3361         Reviewed by Darin Adler.
3362
3363         Modernize GlyphMetricsMap a bit.
3364
3365         * platform/graphics/GlyphMetricsMap.h:
3366         - Drop WTF_MAKE_NONCOPYABLE as the class is already non-copyable due to having
3367           to having a std::unique_ptr data member.
3368         - Drop GlyphMetricsMap default constructor and let the compiler generate it
3369           instead. This required using inline initialization for m_filledPrimaryPage.
3370
3371         (WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):
3372         - Make m_metrics data member private as it does not need to be public.
3373         - Make setMetricsForIndex(unsigned index, const T& metrics) setter private
3374           as it does not need to be public.
3375         - Make GlyphMetricsPage(const T& initialValue) constructor explicit as it
3376           takes only 1 parameter.
3377
3378         (WebCore::GlyphMetricsMap<T>::locatePageSlowCase):
3379         - Use HashMap::ensure() to make the code a bit nicer.
3380
3381 2016-07-14  Simon Fraser  <simon.fraser@apple.com>
3382
3383         [iOS WK2] When scrolling apple.com/music on iPad Pro in landscape, left-hand tiles appear first
3384         https://bugs.webkit.org/show_bug.cgi?id=159798
3385         rdar://problem/27362717
3386
3387         Reviewed by Tim Horton.
3388
3389         In out-of-visible tiled layers, we always allocated the top-left tile, wasting
3390         memory and causing ugliness when scrolling that layer into view. This happened
3391         because getTileIndexRangeForRect() had no way to express the fact that no tiles
3392         should be created.
3393
3394         Fix getTileIndexRangeForRect() to return a bool, and fix callers to respect the
3395         return value.
3396
3397         Test: compositing/tiling/offscreen-tiled-layer.html
3398
3399         * platform/graphics/ca/GraphicsLayerCA.cpp:
3400         (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
3401         * platform/graphics/ca/TileGrid.cpp:
3402         (WebCore::TileGrid::setNeedsDisplayInRect):
3403         (WebCore::TileGrid::tilesWouldChangeForCoverageRect):
3404         (WebCore::TileGrid::getTileIndexRangeForRect):
3405         (WebCore::TileGrid::revalidateTiles):
3406         (WebCore::TileGrid::ensureTilesForRect):
3407         (WebCore::TileGrid::extent):
3408         * platform/graphics/ca/TileGrid.h:
3409
3410 2016-07-14  John Wilander  <wilander@apple.com>
3411
3412         Remove credentials in URL when accessed through location.href
3413         https://bugs.webkit.org/show_bug.cgi?id=139562
3414         <rdar://problem/27331164>
3415
3416         Reviewed by Brent Fulgham.
3417
3418         Test: http/tests/security/location-href-clears-username-password.html
3419
3420         The reason for this change is to not allow scripts on the page to
3421         exfiltrate username and password from the URL.
3422
3423         * page/Location.cpp:
3424         (WebCore::Location::href):
3425             Now checks if there is a username or password in the URL. If so,
3426             it copies the URL and removes the username and password.
3427
3428 2016-07-14  Javier Fernandez  <jfernandez@igalia.com>
3429
3430         [css-grid] Handle min-content/max-content with orthogonal flows
3431         https://bugs.webkit.org/show_bug.cgi?id=159294
3432
3433      &nbs