2011-01-29 Sheriff Bot <webkit.review.bot@gmail.com>
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2011-01-29  Sheriff Bot  <webkit.review.bot@gmail.com>
2
3         Unreviewed, rolling out r77050.
4         http://trac.webkit.org/changeset/77050
5         https://bugs.webkit.org/show_bug.cgi?id=53371
6
7         Caused a crash in Chromium's test_shell_tests (Requested by
8         rniwa on #webkit).
9
10         * html/parser/HTMLTreeBuilder.cpp:
11         (WebCore::HTMLTreeBuilder::FragmentParsingContext::FragmentParsingContext):
12         (WebCore::HTMLTreeBuilder::FragmentParsingContext::document):
13         (WebCore::HTMLTreeBuilder::FragmentParsingContext::finished):
14         * html/parser/HTMLTreeBuilder.h:
15
16 2011-01-28  Eric Seidel  <eric@webkit.org>
17
18         Reviewed by Darin Adler.
19
20         HTML5 TreeBuilder regressed a Peacekeeper DOM test by 40%
21         https://bugs.webkit.org/show_bug.cgi?id=48719
22
23         It's unclear exactly what the Peacekeeper benchmark is testing,
24         because I haven't found a way to run it myself.
25
26         However, I constructed a benchmark which shows at least one possible slow point.
27         The HTML5 spec talks about creating a new document for every time we use
28         the fragment parsing algorithm.  Document() it turns out, it a huge bloated
29         mess, and the constructor and destructor do a huge amount of work.
30         To avoid constructing (or destructing) documents for each innerHTML call,
31         this patch adds a shared dummy document used by all innerHTML calls.
32
33         This patch brings us from 7x slower than Safari 5 on tiny-innerHTML
34         to only 1.5x slower than Safari 5.  I'm sure there is more work to do here.
35
36         Saving a shared Document like this is error prone.  Currently
37         DummyDocumentFactory::releaseDocument() calls removeAllChildren()
38         in an attempt to clear the Document's state. However it's possible
39         that that call is not sufficient and we'll have future bugs here.
40
41         * html/parser/HTMLTreeBuilder.cpp:
42         (WebCore::DummyDocumentFactory::createDummyDocument):
43         (WebCore::DummyDocumentFactory::releaseDocument):
44         (WebCore::HTMLTreeBuilder::FragmentParsingContext::FragmentParsingContext):
45         (WebCore::HTMLTreeBuilder::FragmentParsingContext::document):
46         (WebCore::HTMLTreeBuilder::FragmentParsingContext::finished):
47         * html/parser/HTMLTreeBuilder.h:
48
49 2011-01-28  Johnny Ding  <jnd@chromium.org>
50
51         Reviewed by Adam Barth.
52
53         Gesture API: Don't use current gesture status to set "forceUserGesture" parameter when calling ScriptController::executeScript.
54         The "forceUserGesture" parameter should be only set when you are definitely sure that the running script is from a hyper-link.
55         https://bugs.webkit.org/show_bug.cgi?id=53244
56
57         Test: fast/events/popup-blocked-from-iframe-src.html
58
59         * bindings/ScriptControllerBase.cpp:
60         (WebCore::ScriptController::executeIfJavaScriptURL):
61
62 2011-01-28  Simon Fraser  <simon.fraser@apple.com>
63
64         Reviewed by Gavin Barraclough.
65
66         Add various clampToInt() methods to MathExtras.h
67         https://bugs.webkit.org/show_bug.cgi?id=52910
68
69         Use clampToInteger() from MathExtras.h
70
71         * css/CSSParser.cpp:
72         (WebCore::CSSParser::parseCounter):
73
74 2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
75
76         Unreviewed, rolling out r77006 and r77020.
77         http://trac.webkit.org/changeset/77006
78         http://trac.webkit.org/changeset/77020
79         https://bugs.webkit.org/show_bug.cgi?id=53360
80
81         "Broke Windows tests" (Requested by rniwa on #webkit).
82
83         * ForwardingHeaders/runtime/WriteBarrier.h: Removed.
84         * WebCore.exp.in:
85         * bindings/js/DOMWrapperWorld.h:
86         * bindings/js/JSAudioConstructor.cpp:
87         (WebCore::JSAudioConstructor::JSAudioConstructor):
88         * bindings/js/JSDOMBinding.cpp:
89         (WebCore::markDOMNodesForDocument):
90         (WebCore::markDOMObjectWrapper):
91         (WebCore::markDOMNodeWrapper):
92         * bindings/js/JSDOMGlobalObject.cpp:
93         (WebCore::JSDOMGlobalObject::markChildren):
94         (WebCore::JSDOMGlobalObject::setInjectedScript):
95         (WebCore::JSDOMGlobalObject::injectedScript):
96         * bindings/js/JSDOMGlobalObject.h:
97         (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData):
98         (WebCore::getDOMConstructor):
99         * bindings/js/JSDOMWindowCustom.cpp:
100         (WebCore::JSDOMWindow::setLocation):
101         (WebCore::DialogHandler::dialogCreated):
102         * bindings/js/JSDOMWindowShell.cpp:
103         (WebCore::JSDOMWindowShell::JSDOMWindowShell):
104         (WebCore::JSDOMWindowShell::setWindow):
105         (WebCore::JSDOMWindowShell::markChildren):
106         (WebCore::JSDOMWindowShell::unwrappedObject):
107         * bindings/js/JSDOMWindowShell.h:
108         (WebCore::JSDOMWindowShell::window):
109         (WebCore::JSDOMWindowShell::setWindow):
110         * bindings/js/JSDeviceMotionEventCustom.cpp:
111         (WebCore::createAccelerationObject):
112         (WebCore::createRotationRateObject):
113         * bindings/js/JSEventListener.cpp:
114         (WebCore::JSEventListener::JSEventListener):
115         (WebCore::JSEventListener::markJSFunction):
116         * bindings/js/JSEventListener.h:
117         (WebCore::JSEventListener::jsFunction):
118         * bindings/js/JSHTMLDocumentCustom.cpp:
119         (WebCore::JSHTMLDocument::setAll):
120         * bindings/js/JSImageConstructor.cpp:
121         (WebCore::JSImageConstructor::JSImageConstructor):
122         * bindings/js/JSImageDataCustom.cpp:
123         (WebCore::toJS):
124         * bindings/js/JSJavaScriptCallFrameCustom.cpp:
125         (WebCore::JSJavaScriptCallFrame::scopeChain):
126         (WebCore::JSJavaScriptCallFrame::scopeType):
127         * bindings/js/JSNodeFilterCondition.cpp:
128         (WebCore::JSNodeFilterCondition::markAggregate):
129         (WebCore::JSNodeFilterCondition::acceptNode):
130         * bindings/js/JSNodeFilterCondition.h:
131         * bindings/js/JSNodeFilterCustom.cpp:
132         * bindings/js/JSOptionConstructor.cpp:
133         (WebCore::JSOptionConstructor::JSOptionConstructor):
134         * bindings/js/JSSQLResultSetRowListCustom.cpp:
135         (WebCore::JSSQLResultSetRowList::item):
136         * bindings/js/ScriptCachedFrameData.cpp:
137         (WebCore::ScriptCachedFrameData::restore):
138         * bindings/js/ScriptObject.cpp:
139         (WebCore::ScriptGlobalObject::set):
140         * bindings/js/SerializedScriptValue.cpp:
141         (WebCore::CloneDeserializer::putProperty):
142         * bindings/scripts/CodeGeneratorJS.pm:
143         * bridge/qt/qt_runtime.cpp:
144         (JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
145         (JSC::Bindings::QtRuntimeMetaMethod::markChildren):
146         (JSC::Bindings::QtRuntimeMetaMethod::connectGetter):
147         (JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter):
148         * bridge/qt/qt_runtime.h:
149         * bridge/runtime_root.cpp:
150         (JSC::Bindings::RootObject::invalidate):
151         * bridge/runtime_root.h:
152         * dom/Document.h:
153
154 2011-01-28  Adam Barth  <abarth@webkit.org>
155
156         Reviewed by Eric Seidel.
157
158         XSSFilter should log to the console when it blocks something
159         https://bugs.webkit.org/show_bug.cgi?id=53354
160
161         This patch refactors a bunch of methods in XSSFilter to return a bool
162         indicating whether they blocked anything.  Using this bool, we decide
163         whether to log to the console.  We're using the same log message as the
164         XSSAuditor, but it seems likely we can improve this message in the
165         future (especially by piping in the correct line number, which is now
166         accessible via the parser).
167
168         * html/parser/XSSFilter.cpp:
169         (WebCore::HTMLNames::isNameOfInlineEventHandler):
170         (WebCore::XSSFilter::filterToken):
171         (WebCore::XSSFilter::filterTokenInitial):
172         (WebCore::XSSFilter::filterTokenAfterScriptStartTag):
173         (WebCore::XSSFilter::filterScriptToken):
174         (WebCore::XSSFilter::filterObjectToken):
175         (WebCore::XSSFilter::filterEmbedToken):
176         (WebCore::XSSFilter::filterAppletToken):
177         (WebCore::XSSFilter::filterMetaToken):
178         (WebCore::XSSFilter::filterBaseToken):
179         (WebCore::XSSFilter::eraseInlineEventHandlersIfInjected):
180         * html/parser/XSSFilter.h:
181
182 2011-01-28  Adam Barth  <abarth@webkit.org>
183
184         Reviewed by Daniel Bates.
185
186         Wire up settings->xssAuditorEnabled to XSSFilter
187         https://bugs.webkit.org/show_bug.cgi?id=53345
188
189         * html/parser/XSSFilter.cpp:
190         (WebCore::XSSFilter::XSSFilter):
191         (WebCore::XSSFilter::filterToken):
192         * html/parser/XSSFilter.h:
193
194 2011-01-28  Adam Barth  <abarth@webkit.org>
195
196         Reviewed by Daniel Bates.
197
198         Teach XSSFilter about <meta> and <base> tags
199         https://bugs.webkit.org/show_bug.cgi?id=53339
200
201         I'm not 100% sure we need to block <meta http-equiv>, but it seems
202         prudent given how powerful that attribute is.  We definitely need to
203         block injection of <base href> because that can redirect script tags
204         that use relative URLs.
205
206         * html/parser/XSSFilter.cpp:
207         (WebCore::XSSFilter::filterToken):
208         (WebCore::XSSFilter::filterMetaToken):
209         (WebCore::XSSFilter::filterBaseToken):
210         * html/parser/XSSFilter.h:
211
212 2011-01-28  Adam Barth  <abarth@webkit.org>
213
214         Reviewed by Daniel Bates.
215
216         Teach XSSFilter about <applet>
217         https://bugs.webkit.org/show_bug.cgi?id=53338
218
219         HTML5 is pretty light on information about how the <applet> tag works.
220         According to this site:
221
222         http://download.oracle.com/javase/1.4.2/docs/guide/misc/applet.html
223
224         The "code" and "object" attributes are the essential attributes for
225         determining which piece of Java to run.  We might need to expand to the
226         codebase and archive attributes at some point, but hopefully code and
227         object will be sufficient.
228
229         * html/parser/XSSFilter.cpp:
230         (WebCore::XSSFilter::filterToken):
231         (WebCore::XSSFilter::filterAppletToken):
232         * html/parser/XSSFilter.h:
233
234 2011-01-28  Adam Barth  <abarth@webkit.org>
235
236         Reviewed by Daniel Bates.
237
238         Teach the XSSFilter about object and embed tags
239         https://bugs.webkit.org/show_bug.cgi?id=53336
240
241         For <object> and <embed>, we filter out attribute values that either
242         indicate which piece of media to load or which plugin to load.  In a
243         perfect world, we'd only need to filter out the URLs of the media, but
244         some plug-ins (like Flash) have lots of fun places you can hide the
245         URL (e.g., the "movie" <param>).
246
247         * html/parser/XSSFilter.cpp:
248         (WebCore::XSSFilter::filterToken):
249         (WebCore::XSSFilter::filterScriptToken):
250         (WebCore::XSSFilter::filterObjectToken):
251         (WebCore::XSSFilter::filterEmbedToken):
252         (WebCore::XSSFilter::eraseAttributeIfInjected):
253         * html/parser/XSSFilter.h:
254
255 2011-01-28  Oliver Hunt  <oliver@apple.com>
256
257         Fix Qt build.
258
259         * bridge/qt/qt_runtime.cpp:
260         (JSC::Bindings::QtRuntimeMetaMethod::QtRuntimeMetaMethod):
261         (JSC::Bindings::QtRuntimeMetaMethod::markChildren):
262         (JSC::Bindings::QtRuntimeMetaMethod::connectGetter):
263         (JSC::Bindings::QtRuntimeMetaMethod::disconnectGetter):
264         * bridge/qt/qt_runtime.h:
265
266 2011-01-28  Antti Koivisto  <antti@apple.com>
267
268         Reviewed by Simon Fraser.
269
270         CSS styles are shared based on uninitialized property values
271         https://bugs.webkit.org/show_bug.cgi?id=53285
272         
273         Null test.
274
275         * dom/NamedNodeMap.cpp:
276         (WebCore::NamedNodeMap::mappedMapsEquivalent):
277
278 2011-01-27  Oliver Hunt  <oliver@apple.com>
279
280         Reviewed by Geoffrey Garen.
281
282         Convert markstack to a slot visitor API
283         https://bugs.webkit.org/show_bug.cgi?id=53219
284
285         Update WebCore to the new marking apis, correct bindings
286         codegen. 
287
288         * ForwardingHeaders/runtime/WriteBarrier.h: Added.
289         * WebCore.exp.in:
290         * bindings/js/DOMWrapperWorld.h:
291         (WebCore::DOMWrapperWorld::globalData):
292         * bindings/js/JSAudioConstructor.cpp:
293         (WebCore::JSAudioConstructor::JSAudioConstructor):
294         * bindings/js/JSDOMBinding.cpp:
295         (WebCore::markDOMNodesForDocument):
296         (WebCore::markDOMObjectWrapper):
297         (WebCore::markDOMNodeWrapper):
298         * bindings/js/JSDOMGlobalObject.cpp:
299         (WebCore::JSDOMGlobalObject::markChildren):
300         (WebCore::JSDOMGlobalObject::setInjectedScript):
301         (WebCore::JSDOMGlobalObject::injectedScript):
302         * bindings/js/JSDOMGlobalObject.h:
303         (WebCore::JSDOMGlobalObject::JSDOMGlobalObjectData::JSDOMGlobalObjectData):
304         (WebCore::getDOMConstructor):
305         * bindings/js/JSDOMWindowCustom.cpp:
306         (WebCore::JSDOMWindow::setLocation):
307         (WebCore::DialogHandler::dialogCreated):
308         * bindings/js/JSDOMWindowShell.cpp:
309         (WebCore::JSDOMWindowShell::JSDOMWindowShell):
310         (WebCore::JSDOMWindowShell::setWindow):
311         (WebCore::JSDOMWindowShell::markChildren):
312         (WebCore::JSDOMWindowShell::unwrappedObject):
313         * bindings/js/JSDOMWindowShell.h:
314         (WebCore::JSDOMWindowShell::window):
315         (WebCore::JSDOMWindowShell::setWindow):
316         * bindings/js/JSEventListener.cpp:
317         (WebCore::JSEventListener::JSEventListener):
318         (WebCore::JSEventListener::markJSFunction):
319         * bindings/js/JSEventListener.h:
320         (WebCore::JSEventListener::jsFunction):
321         * bindings/js/JSHTMLDocumentCustom.cpp:
322         (WebCore::JSHTMLDocument::setAll):
323         * bindings/js/JSImageConstructor.cpp:
324         (WebCore::JSImageConstructor::JSImageConstructor):
325         * bindings/js/JSImageDataCustom.cpp:
326         (WebCore::toJS):
327         * bindings/js/JSJavaScriptCallFrameCustom.cpp:
328         (WebCore::JSJavaScriptCallFrame::scopeChain):
329         (WebCore::JSJavaScriptCallFrame::scopeType):
330         * bindings/js/JSNodeFilterCondition.cpp:
331         (WebCore::JSNodeFilterCondition::markAggregate):
332         (WebCore::JSNodeFilterCondition::acceptNode):
333         * bindings/js/JSNodeFilterCondition.h:
334         * bindings/js/JSNodeFilterCustom.cpp:
335         * bindings/js/JSOptionConstructor.cpp:
336         (WebCore::JSOptionConstructor::JSOptionConstructor):
337         * bindings/js/JSSQLResultSetRowListCustom.cpp:
338         (WebCore::JSSQLResultSetRowList::item):
339         * bindings/js/ScriptCachedFrameData.cpp:
340         (WebCore::ScriptCachedFrameData::restore):
341         * bindings/js/ScriptObject.cpp:
342         (WebCore::ScriptGlobalObject::set):
343         * bindings/js/SerializedScriptValue.cpp:
344         (WebCore::CloneDeserializer::putProperty):
345         * bindings/scripts/CodeGeneratorJS.pm:
346         * dom/Document.h:
347
348 2011-01-28  Sam Weinig  <sam@webkit.org>
349
350         Reviewed by Anders Carlsson.
351
352         Keyboard scrolling doesn’t work in WebKit2
353         <rdar://problem/8909672>
354
355         * platform/mac/ScrollAnimatorMac.mm:
356         (-[ScrollAnimationHelperDelegate convertSizeToBacking:]):
357         (-[ScrollAnimationHelperDelegate convertSizeFromBacking:]):
358         Add additional necessary delegate methods.
359
360 2011-01-29  Darin Adler  <darin@apple.com>
361
362         Reviewed by Dan Bernstein.
363
364         Re-land this patch with the missing null check that caused crashes in layout tests.
365
366         Changing cursor style has no effect until the mouse moves
367         https://bugs.webkit.org/show_bug.cgi?id=14344
368         rdar://problem/7563712
369
370         No tests added because we don't have infrastructure for testing actual cursor
371         changes (as opposed to cursor style computation) at this time. We might add it later.
372
373         * page/EventHandler.cpp:
374         (WebCore::EventHandler::dispatchFakeMouseMoveEventSoon): Added.
375         * page/EventHandler.h: Ditto.
376
377         * rendering/RenderObject.cpp:
378         (WebCore::areNonIdenticalCursorListsEqual): Added.
379         (WebCore::areCursorsEqual): Added.
380         (WebCore::RenderObject::styleDidChange): Call dispatchFakeMouseMoveEventSoon if
381         cursor styles changed.
382
383 2011-01-28  Justin Schuh  <jschuh@chromium.org>
384
385         Reviewed by Eric Seidel.
386
387         We should hold RefPtrs to SVG font faces
388         https://bugs.webkit.org/show_bug.cgi?id=53270
389
390         Test: svg/custom/use-multiple-on-nested-disallowed-font.html
391
392         * css/CSSFontFaceSource.cpp:
393         (WebCore::CSSFontFaceSource::getFontData):
394         * css/CSSFontFaceSource.h:
395         * svg/SVGFontFaceElement.cpp:
396         (WebCore::SVGFontFaceElement::associatedFontElement):
397         * svg/SVGFontFaceElement.h:
398
399 2011-01-28  Zhenyao Mo  <zmo@google.com>
400
401         Reviewed by Kenneth Russell.
402
403         uniformN*v should generate INVALID_VALUE of the array size is not a multiple of N
404         https://bugs.webkit.org/show_bug.cgi?id=53306
405
406         * html/canvas/WebGLRenderingContext.cpp:
407         (WebCore::WebGLRenderingContext::validateUniformMatrixParameters):
408
409 2011-01-28  Tom Sepez  <tsepez@chromium.org>
410
411         Reviewed by Eric Seidel.
412
413         NULL pointer crash in TextIterator::handleTextBox()
414         https://bugs.webkit.org/show_bug.cgi?id=53267
415
416         Test: fast/css/rtl-nth-child-first-letter-crash.html
417
418         * editing/TextIterator.cpp:
419         (WebCore::TextIterator::handleTextBox):
420
421 2011-01-28  Adrienne Walker  <enne@google.com>
422
423         Reviewed by Kenneth Russell.
424
425         [chromium] Remove a spurious diagnostic CRASH check.
426         https://bugs.webkit.org/show_bug.cgi?id=52379
427
428         * platform/graphics/chromium/LayerTilerChromium.cpp:
429         (WebCore::LayerTilerChromium::invalidateRect):
430
431 2011-01-28  Dan Bernstein  <mitz@apple.com>
432
433         Reviewed by Sam Weinig.
434
435         <rdar://problem/4761512> <select> can't display right-to-left (rtl) languages
436         https://bugs.webkit.org/show_bug.cgi?id=19785
437
438         Changed <select> pop-up menus on Mac OS X Snow Leopard and later to have their items aligned in the
439         direction corresponding to the writing direction of the <select> element, with the checkmarks
440         on the "start" side, and use the <option>'s writing direction rather than "natural". Made the
441         pop-up button match the menu by adding a Chrome boolean function, selectItemAlignmentFollowsMenuWritingDirection(),
442         which returns true for this pop-up behavior.
443
444         * loader/EmptyClients.h:
445         (WebCore::EmptyChromeClient::selectItemAlignmentFollowsMenuWritingDirection): Added.
446         * manual-tests/pop-up-alignment-and-direction.html: Added.
447         * page/Chrome.cpp:
448         (WebCore::Chrome::selectItemAlignmentFollowsMenuWritingDirection): Added. Calls through to the
449         client.
450         * page/Chrome.h:
451         * page/ChromeClient.h:
452         * platform/PopupMenuStyle.h:
453         (WebCore::PopupMenuStyle::PopupMenuStyle): Added hasTextDirectionOverride parameter and member
454         variable initialization.
455         (WebCore::PopupMenuStyle::hasTextDirectionOverride): Added this accessor.
456         * platform/mac/PopupMenuMac.mm:
457         (WebCore::PopupMenuMac::populate): Set the pop-up's layout direction and items' text alignment
458         to match the menu's writing direction. Set items' writing direction and direction override
459         according to their styles.
460         * rendering/RenderMenuList.cpp:
461         (WebCore::RenderMenuList::RenderMenuList): Removed unncesaary initialization of a smart pointer.
462         (WebCore::RenderMenuList::adjustInnerStyle): If the alignment of items in the menu follows the
463         menu's writing direction, use that alignment for the button as well. Also in this mode, use the
464         item's writing direction and override setting.
465         (WebCore::RenderMenuList::setTextFromOption): Store the option element's style.
466         (WebCore::RenderMenuList::itemStyle): Pass the text direction override value.
467         (WebCore::RenderMenuList::menuStyle): Ditto. Also use the button's direction, not the inner text's.
468         * rendering/RenderMenuList.h:
469         * rendering/RenderTextControlSingleLine.cpp:
470         (WebCore::RenderTextControlSingleLine::menuStyle): Pass the text direction override value.
471
472 2011-01-28  Adam Barth  <abarth@webkit.org>
473
474         Reviewed by Daniel Bates.
475
476         Teach XSSFilter how to filter <script> elements
477         https://bugs.webkit.org/show_bug.cgi?id=53279
478
479         This patch adds the ability for the XSSFilter to block injected
480         <script> elements.  Handling script elements is slightly subtle because
481         these elements act very differently depending on whether they have a
482         src attribute.
483         
484         In the "src case", which check whether the src attribute was present in
485         the request.  In the "non-src case", we check whether the start tag and
486         the body of the script element was included in the request.  Checking
487         for the whole start tag means we miss out on some attribute splitting
488         attacks inside of script tags, but that doesn't seem like that big a
489         deal.
490
491         This patch also introduces some amount of state into the XSSFilter
492         because inline script elements span multiple tokens.  There's a lot of
493         tuning and optimization left in these cases, some of which I've noted
494         with FIXMEs.
495
496         To test this patch, I played around with some of the existing
497         XSSAuditor tests.  Hopefully I'll be able to run the test suite more
498         systematically in the future.
499
500         * html/parser/HTMLToken.h:
501         (WebCore::HTMLToken::eraseCharacters):
502         (WebCore::HTMLToken::eraseValueOfAttribute):
503         * html/parser/XSSFilter.cpp:
504         (WebCore::HTMLNames::hasName):
505         (WebCore::HTMLNames::findAttributeWithName):
506         (WebCore::HTMLNames::isNameOfScriptCarryingAttribute):
507         (WebCore::XSSFilter::XSSFilter):
508         (WebCore::XSSFilter::filterToken):
509         (WebCore::XSSFilter::filterTokenAfterScriptStartTag):
510         (WebCore::XSSFilter::filterScriptToken):
511         (WebCore::XSSFilter::snippetForRange):
512         (WebCore::XSSFilter::snippetForAttribute):
513         * html/parser/XSSFilter.h:
514
515 2011-01-28  Adam Barth  <abarth@webkit.org>
516
517         Reviewed by Daniel Bates.
518
519         Sketch out new XSS filter design (disabled by default)
520         https://bugs.webkit.org/show_bug.cgi?id=53205
521
522         This patch adds a basic sketch of the new XSS filter design.  Rather
523         than watching scripts as they execute, in this design, we watch tokens
524         emitted by the tokenizer.  We then map the tokens directly back into
525         input characters, which lets us skip all the complicated logic related
526         to HTML entities and double-decoding of JavaScript URLs.
527
528         This patch contains only the bare essentially machinery.  I'll add more
529         in future patches and eventually remove the previous code once this
530         code is up and running correctly.
531
532         * Android.mk:
533         * CMakeLists.txt:
534         * GNUmakefile.am:
535         * WebCore.gypi:
536         * WebCore.pro:
537         * WebCore.vcproj/WebCore.vcproj:
538         * WebCore.xcodeproj/project.pbxproj:
539         * html/parser/HTMLDocumentParser.cpp:
540         (WebCore::HTMLDocumentParser::HTMLDocumentParser):
541         (WebCore::HTMLDocumentParser::pumpTokenizer):
542         (WebCore::HTMLDocumentParser::sourceForToken):
543         * html/parser/HTMLDocumentParser.h:
544         * html/parser/XSSFilter.cpp: Added.
545         * html/parser/XSSFilter.h: Added.
546
547 2011-01-28  Michael Saboff  <msaboff@apple.com>
548
549         Reviewed by Geoffrey Garen.
550
551         Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
552         https://bugs.webkit.org/show_bug.cgi?id=53271
553
554         Reapplying this patch with the change that the second ASSERT in 
555         RootObject::removeRuntimeObject was changed to use
556         .uncheckedGet() instead of the failing .get().  The object in question
557         could be in the process of being GC'ed.  The get() call will not return
558         such an object while the uncheckedGet() call will return the (unsafe) 
559         object.  This is the behavior we want.
560
561         Precautionary change.
562         Changed RootObject to use WeakGCMap instead of HashSet.
563         Found will looking for another issue, but can't produce a test case
564         that is problematic.  THerefore there aren't any new tests.
565
566         * bridge/runtime_root.cpp:
567         (JSC::Bindings::RootObject::invalidate):
568         (JSC::Bindings::RootObject::addRuntimeObject):
569         (JSC::Bindings::RootObject::removeRuntimeObject):
570         * bridge/runtime_root.h:
571
572 2011-01-28  Adam Roben  <aroben@apple.com>
573
574         Notify CACFLayerTreeHost when the context is flushed
575
576         LegacyCACFLayerTreeHost was keeping this a secret, which meant that WebCore's animation
577         timers were never starting.
578
579         Fixes <http://webkit.org/b/53302> [Windows 7 Release Tests] changesets 76853, 76856, and
580         76858 broke ~36 animations, compositing, and transitions tests
581
582         Reviewed by Sam Weinig.
583
584         * platform/graphics/ca/win/LegacyCACFLayerTreeHost.cpp:
585         (WebCore::LegacyCACFLayerTreeHost::contextDidChange): Call up to the base class after we
586         start our render timer.
587
588 2011-01-28  Antti Koivisto  <antti@apple.com>
589
590         Reviewed by Dan Bernstein.
591
592         Remove dead code that tried to map from CSS values to parser values
593         https://bugs.webkit.org/show_bug.cgi?id=53318
594
595         * css/CSSFunctionValue.cpp:
596         * css/CSSFunctionValue.h:
597         * css/CSSPrimitiveValue.cpp:
598         * css/CSSPrimitiveValue.h:
599         * css/CSSValue.h:
600         * css/CSSValueList.cpp:
601         * css/CSSValueList.h:
602
603 2011-01-28  Enrica Casucci  <enrica@apple.com>
604
605         Reviewed by Adam Roben.
606
607         Some drag and drop tests fail since r76824
608         https://bugs.webkit.org/show_bug.cgi?id=53304
609
610         There were '||' instead of '&&' in the checks for valid
611         clipboard content.
612         
613         * platform/win/ClipboardWin.cpp:
614         (WebCore::ClipboardWin::getData):
615         (WebCore::ClipboardWin::types):
616         (WebCore::ClipboardWin::files):
617
618 2011-01-28  Martin Robinson  <mrobinson@igalia.com>
619
620         [GTK] AudioProcessingEvent.h and JSJavaScriptAudioNode.h: No such file or directory
621         https://bugs.webkit.org/show_bug.cgi?id=52889
622
623         Build fix for WebAudio. Include WebAudio source files on the source
624         list when WebAudio is enabled.
625
626         * GNUmakefile.am: Include missing source files.
627
628 2011-01-28  Sam Weinig  <sam@webkit.org>
629
630         Reviewed by Maciej Stachowiak.
631
632         Add basic rubber banding support
633         <rdar://problem/8219429>
634         https://bugs.webkit.org/show_bug.cgi?id=53277
635
636         * page/EventHandler.cpp:
637         (WebCore::EventHandler::handleGestureEvent):
638         Pass gesture events to the FrameView.
639
640         * platform/ScrollAnimator.cpp:
641         (WebCore::ScrollAnimator::handleGestureEvent):
642         * platform/ScrollAnimator.h:
643         Add stubbed out implementation.
644
645         * platform/ScrollView.cpp:
646         (WebCore::ScrollView::ScrollView):
647         (WebCore::ScrollView::overhangAmount):
648         (WebCore::ScrollView::wheelEvent):
649         * platform/ScrollView.h:
650         * platform/ScrollableArea.cpp:
651         (WebCore::ScrollableArea::ScrollableArea):
652         (WebCore::ScrollableArea::handleGestureEvent):
653         * platform/ScrollableArea.h:
654         (WebCore::ScrollableArea::constrainsScrollingToContentEdge):
655         (WebCore::ScrollableArea::setConstrainsScrollingToContentEdge):
656         Move constrains scrolling bit to ScrollableArea from ScrollView.
657
658         (WebCore::ScrollableArea::contentsSize):
659         (WebCore::ScrollableArea::overhangAmount):
660         Add additional virtual functions for information needed by the animator.
661
662         * platform/mac/ScrollAnimatorMac.h:
663         * platform/mac/ScrollAnimatorMac.mm:
664         (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
665         (WebCore::ScrollAnimatorMac::immediateScrollByDeltaX):
666         (WebCore::ScrollAnimatorMac::immediateScrollByDeltaY):
667         (WebCore::elasticDeltaForTimeDelta):
668         (WebCore::elasticDeltaForReboundDelta):
669         (WebCore::reboundDeltaForElasticDelta):
670         (WebCore::scrollWheelMultiplier):
671         (WebCore::ScrollAnimatorMac::handleWheelEvent):
672         (WebCore::ScrollAnimatorMac::handleGestureEvent):
673         (WebCore::ScrollAnimatorMac::pinnedInDirection):
674         (WebCore::ScrollAnimatorMac::allowsVerticalStretching):
675         (WebCore::ScrollAnimatorMac::allowsHorizontalStretching):
676         (WebCore::ScrollAnimatorMac::smoothScrollWithEvent):
677         (WebCore::ScrollAnimatorMac::beginScrollGesture):
678         (WebCore::ScrollAnimatorMac::endScrollGesture):
679         (WebCore::ScrollAnimatorMac::snapRubberBand):
680         (WebCore::roundTowardZero):
681         (WebCore::roundToDevicePixelTowardZero):
682         (WebCore::ScrollAnimatorMac::snapRubberBandTimerFired):
683         Implement basic rubber banding.
684
685 2011-01-28  Dan Bernstein  <mitz@apple.com>
686
687         Reviewed by Anders Carlsson.
688
689         Changing unicode-bidi doesn’t force layout
690         https://bugs.webkit.org/show_bug.cgi?id=53311
691
692         Test: fast/dynamic/unicode-bidi.html
693
694         * rendering/style/RenderStyle.cpp:
695         (WebCore::RenderStyle::diff): Return a layout difference if unicode-bidi values differ.
696
697 2011-01-27  Dimitri Glazkov  <dglazkov@chromium.org>
698
699         Reviewed by Kent Tamura.
700
701         Change HTMLInputElement-derived parts of media element shadow DOM to use shadowPseudoId.
702         https://bugs.webkit.org/show_bug.cgi?id=53122
703
704         This is the first step in converting HTMLMediaElement to the new shadow DOM.
705
706         Should not regress any existing tests. No observable change in behavior.
707
708         * css/CSSSelector.cpp:
709         (WebCore::CSSSelector::pseudoId): Removed now-unnecessary hard-coded pseudo-element selectors.
710         (WebCore::nameToPseudoTypeMap): Ditto.
711         (WebCore::CSSSelector::extractPseudoType): Ditto.
712         * css/CSSSelector.h: Ditto.
713         * css/mediaControls.css: Added proper initial values, now that elements use the proper selector pipeline.
714         * rendering/MediaControlElements.cpp:
715         (WebCore::MediaControlInputElement::MediaControlInputElement): Removed the switch statement,
716             which is now replaced with virtual shadowPseudoId on each corresponding class.
717         (WebCore::MediaControlInputElement::styleForElement): Changed to use element pipeline.
718         (WebCore::MediaControlMuteButtonElement::MediaControlMuteButtonElement): Changed to set
719             display type in constructor.
720         (WebCore::MediaControlMuteButtonElement::create): Changed to not take PseudoId as
721             constructor argument.
722         (WebCore::MediaControlMuteButtonElement::shadowPseudoId): Added.
723         (WebCore::MediaControlVolumeSliderMuteButtonElement::MediaControlVolumeSliderMuteButtonElement): Added
724             to disambiguate from the MediaControlMuteButtonElement.
725         (WebCore::MediaControlVolumeSliderMuteButtonElement::create): Added.
726         (WebCore::MediaControlVolumeSliderMuteButtonElement::shadowPseudoId): Added.
727         (WebCore::MediaControlPlayButtonElement::MediaControlPlayButtonElement): Changed to not take PseudoId as
728             constructor argument.
729         (WebCore::MediaControlPlayButtonElement::shadowPseudoId): Added.
730         (WebCore::MediaControlSeekButtonElement::MediaControlSeekButtonElement): Changed to not take PseudoId as
731             constructor argument.
732         (WebCore::MediaControlSeekForwardButtonElement::MediaControlSeekForwardButtonElement): Added.
733         (WebCore::MediaControlSeekForwardButtonElement::create): Added.
734         (WebCore::MediaControlSeekForwardButtonElement::shadowPseudoId): Added.
735         (WebCore::MediaControlSeekBackButtonElement::MediaControlSeekBackButtonElement): Added.
736         (WebCore::MediaControlSeekBackButtonElement::create): Added.
737         (WebCore::MediaControlSeekBackButtonElement::shadowPseudoId): Added.
738         (WebCore::MediaControlRewindButtonElement::MediaControlRewindButtonElement): Added.
739         (WebCore::MediaControlRewindButtonElement::shadowPseudoId): Added.
740         (WebCore::MediaControlReturnToRealtimeButtonElement::MediaControlReturnToRealtimeButtonElement): Changed to not take PseudoId as
741             constructor argument.
742         (WebCore::MediaControlReturnToRealtimeButtonElement::shadowPseudoId): Added.
743         (WebCore::MediaControlToggleClosedCaptionsButtonElement::MediaControlToggleClosedCaptionsButtonElement): Changed to not take PseudoId as
744             constructor argument.
745         (WebCore::MediaControlToggleClosedCaptionsButtonElement::shadowPseudoId): Added.
746         (WebCore::MediaControlTimelineElement::MediaControlTimelineElement): Changed to not take PseudoId as
747             constructor argument.
748         (WebCore::MediaControlTimelineElement::shadowPseudoId): Added.
749         (WebCore::MediaControlVolumeSliderElement::MediaControlVolumeSliderElement): Changed to not take PseudoId as
750             constructor argument.
751         (WebCore::MediaControlVolumeSliderElement::shadowPseudoId): Added.
752         (WebCore::MediaControlFullscreenButtonElement::MediaControlFullscreenButtonElement): Changed to not take PseudoId as
753             constructor argument.
754         (WebCore::MediaControlFullscreenButtonElement::shadowPseudoId): Added.
755         * rendering/MediaControlElements.h:
756         (WebCore::MediaControlSeekForwardButtonElement::isForwardButton): Added.
757         (WebCore::MediaControlSeekBackButtonElement::isForwardButton): Added.
758         * rendering/RenderMedia.cpp:
759         (WebCore::RenderMedia::createMuteButton): Changed to use new constructor.
760         (WebCore::RenderMedia::createSeekBackButton): Ditto.
761         (WebCore::RenderMedia::createSeekForwardButton): Ditto.
762         (WebCore::RenderMedia::createVolumeSliderMuteButton): Ditto.
763         * rendering/style/RenderStyleConstants.h: Removed constants that are no longer used.
764
765 2011-01-27  Dimitri Glazkov  <dglazkov@chromium.org>
766
767         Reviewed by Eric Carlson.
768
769         Split MediaControls out of RenderMedia.
770         https://bugs.webkit.org/show_bug.cgi?id=53252
771
772         Near-mechanical moving of stuff, no change in behavior, thus no new tests.
773
774         * Android.mk: Added MediaControls to build system.
775         * CMakeLists.txt: Ditto.
776         * GNUmakefile.am: Ditto.
777         * WebCore.gypi: Ditto.
778         * WebCore.pro: Ditto.
779         * WebCore.vcproj/WebCore.vcproj: Ditto.
780         * WebCore.xcodeproj/project.pbxproj: Ditto.
781         * html/HTMLMediaElement.cpp:
782         (WebCore::HTMLMediaElement::defaultEventHandler): Changed to forward events to MediaControls.
783         * html/shadow/MediaControls.cpp: Copied all controls-related methods from
784             Source/WebCore/rendering/RenderMedia.cpp, pulled them into their own class called MediaControls. 
785         * html/shadow/MediaControls.h: Ditto from Source/WebCore/rendering/RenderMedia.h.
786         * rendering/MediaControlElements.cpp:
787         (WebCore::MediaControlTimelineElement::defaultEventHandler): Changed to use MediaControls.
788         * rendering/RenderMedia.cpp:
789         (WebCore::RenderMedia::RenderMedia): Moved relevant constructor initializers out to MediaControls.
790         (WebCore::RenderMedia::destroy): Changed to use MediaControls.
791         (WebCore::RenderMedia::styleDidChange): Ditto.
792         (WebCore::RenderMedia::layout): Ditto.
793         (WebCore::RenderMedia::updateFromElement): Ditto.
794         * rendering/RenderMedia.h: Updated defs accordingly and removed player() accessor, which
795             is only used by sub-class RenderVideo.
796         (WebCore::RenderMedia::controls): Added.
797         * rendering/RenderVideo.cpp:
798         (WebCore::RenderVideo::~RenderVideo): Changed to access MediaPlayer* directly from mediaElement().
799         (WebCore::RenderVideo::calculateIntrinsicSize): Ditto.
800         (WebCore::RenderVideo::paintReplaced): Ditto.
801         (WebCore::RenderVideo::updatePlayer): Ditto.
802         (WebCore::RenderVideo::supportsAcceleratedRendering): Ditto.
803         (WebCore::RenderVideo::acceleratedRenderingStateChanged): Ditto.
804
805 2011-01-28  Pavel Feldman  <pfeldman@chromium.org>
806
807         Reviewed by Yury Semikhatsky.
808
809         Web Inspector: allow remote debugging with front-end
810         served from the cloud.
811         https://bugs.webkit.org/show_bug.cgi?id=53303
812
813         * inspector/front-end/inspector.js:
814
815 2011-01-28  Aparna Nandyal  <aparna.nand@wipro.com>
816
817         Reviewed by Andreas Kling.
818
819         Setting value of m_PressedPos to make scrolling smooth
820
821         Page scroll popup menu "Scroll here" option not working when cliking above scroll slider/handler.
822         https://bugs.webkit.org/show_bug.cgi?id=51349
823
824         The value of m_PressedPos was getting set before moveThumb() call
825         in all other scenarios except when "Scroll Here" option is used.
826         Hence scrolling with this option was not as expected even in cases
827         where scrolling was happening. The thumb would move in unexpected
828         direction. m_PressedPos is now set to pressed position so delta is
829         calculated.
830         Unable to write a test case as the test needs to click on "Scroll
831         Here" option of context sensitive menu and QTest is unable to do it.
832         Besides no new functionality introduced.
833
834         * platform/qt/ScrollbarQt.cpp:
835         (WebCore::Scrollbar::contextMenu):
836
837 2011-01-28  Andrey Kosyakov  <caseq@chromium.org>
838
839         Reviewed by Pavel Feldman.
840
841         Web Inspector: [Extensions API] add JSON schema for extensions API
842         https://bugs.webkit.org/show_bug.cgi?id=53236
843
844         * inspector/front-end/ExtensionAPISchema.json: Added.
845
846 2011-01-27  Zhenyao Mo  <zmo@google.com>
847
848         Reviewed by Kenneth Russell.
849
850         Remove _LENGTH enumerants
851         https://bugs.webkit.org/show_bug.cgi?id=53259
852
853         * html/canvas/WebGLRenderingContext.cpp: Remove queries for *LENGTH.
854         (WebCore::WebGLRenderingContext::getProgramParameter):
855         (WebCore::WebGLRenderingContext::getShaderParameter):
856         * html/canvas/WebGLRenderingContext.idl: Remove *LENGTH.
857
858 2011-01-28  Alexander Pavlov  <apavlov@chromium.org>
859
860         Reviewed by Yury Semikhatsky.
861
862         Web Inspector: syntax highlight inline JS and CSS in HTML resources
863         https://bugs.webkit.org/show_bug.cgi?id=30831
864
865         * inspector/front-end/SourceHTMLTokenizer.js:
866         (WebInspector.SourceHTMLTokenizer):
867         (WebInspector.SourceHTMLTokenizer.prototype.set line):
868         (WebInspector.SourceHTMLTokenizer.prototype.nextToken):
869         * inspector/front-end/SourceHTMLTokenizer.re2js:
870
871 2011-01-28  Alexander Pavlov  <apavlov@chromium.org>
872
873         Reviewed by Yury Semikhatsky.
874
875         Web Inspector: [STYLES] Up/Down-suggestion breaks an existing keyword
876         https://bugs.webkit.org/show_bug.cgi?id=53295
877
878         Select the current word suffix before switching to the next suggestion.
879
880         * inspector/front-end/StylesSidebarPane.js:
881         ():
882
883 2011-01-28  Alejandro G. Castro  <alex@igalia.com>
884
885         Reviewed by Xan Lopez.
886
887         [GTK] Fix dist compilation for the release
888         https://bugs.webkit.org/show_bug.cgi?id=53290
889
890         * GNUmakefile.am: Added inspector files to the extra dist.
891
892 2011-01-28  Ilya Sherman  <isherman@chromium.org>
893
894         Reviewed by Andreas Kling.
895
896         Const-correct HTMLSelectElement and WebSelectElement
897         https://bugs.webkit.org/show_bug.cgi?id=53293
898
899         * html/HTMLSelectElement.cpp:
900         (WebCore::HTMLSelectElement::value): const.
901         * html/HTMLSelectElement.h:
902
903 2011-01-28  Sheriff Bot  <webkit.review.bot@gmail.com>
904
905         Unreviewed, rolling out r76893.
906         http://trac.webkit.org/changeset/76893
907         https://bugs.webkit.org/show_bug.cgi?id=53287
908
909         It made some tests crash on GTK and Qt debug bots (Requested
910         by Ossy on #webkit).
911
912         * bridge/runtime_root.cpp:
913         (JSC::Bindings::RootObject::invalidate):
914         (JSC::Bindings::RootObject::addRuntimeObject):
915         (JSC::Bindings::RootObject::removeRuntimeObject):
916         * bridge/runtime_root.h:
917
918 2011-01-27  Greg Coletta  <greg.coletta@nokia.com>
919
920         Reviewed by Laszlo Gombos.
921
922         Get rid of prefix header dependency for WebKit2 build system
923         https://bugs.webkit.org/show_bug.cgi?id=50174
924
925         Guard EmptyProtocalDefinitions.h to make sure it's not included twice.
926
927         * platform/mac/EmptyProtocolDefinitions.h:
928
929 2011-01-27  Abhishek Arya  <inferno@chromium.org>
930
931         Reviewed by Dan Bernstein.
932
933         Recalc table sections if needed before calculating the first line
934         box baseline.
935         https://bugs.webkit.org/show_bug.cgi?id=53265
936
937         When we try to calculate the baseline position of a table cell,
938         we recurse through all the child sibling boxes (when children are
939         non inline) and add their first linebox baseline values. If one of
940         the children is a table with pending section recalc, we will access
941         wrong table section values. We recalc table sections if it is needed.
942
943         Test: fast/table/recalc-section-first-body-crash-main.html
944
945         * rendering/RenderTable.cpp:
946         (WebCore::RenderTable::firstLineBoxBaseline):
947
948 2011-01-27  Adrienne Walker  <enne@google.com>
949
950         Reviewed by Kenneth Russell.
951
952         [chromium] Add CRASH calls to further debug tiled compositor memcpy crash.
953         https://bugs.webkit.org/show_bug.cgi?id=52379
954
955         Test: LayoutTests/compositing (to verify these weren't triggered)
956
957         * platform/graphics/chromium/LayerTilerChromium.cpp:
958         (WebCore::LayerTilerChromium::invalidateRect):
959         (WebCore::LayerTilerChromium::update):
960
961 2011-01-27  Alexander Pavlov  <apavlov@chromium.org>
962
963         Reviewed by Pavel Feldman.
964
965         Web Inspector: [STYLES] Cancelled suggestion of a property name results in a visual artifact
966         https://bugs.webkit.org/show_bug.cgi?id=53242
967
968         * inspector/front-end/StylesSidebarPane.js:
969         (WebInspector.StylePropertyTreeElement.prototype):
970
971 2011-01-27  Sheriff Bot  <webkit.review.bot@gmail.com>
972
973         Unreviewed, rolling out r76891.
974         http://trac.webkit.org/changeset/76891
975         https://bugs.webkit.org/show_bug.cgi?id=53280
976
977         Makes every layout test crash (Requested by othermaciej on
978         #webkit).
979
980         * page/EventHandler.cpp:
981         * page/EventHandler.h:
982         * rendering/RenderObject.cpp:
983         (WebCore::RenderObject::styleDidChange):
984
985 2011-01-27  Ryosuke Niwa  <rniwa@webkit.org>
986
987         Unreviewed, rolling out r76839.
988         http://trac.webkit.org/changeset/76839
989         https://bugs.webkit.org/show_bug.cgi?id=49744
990
991         broke pixel tests
992
993         * rendering/RenderBox.cpp:
994         (WebCore::RenderBox::localCaretRect):
995
996 2011-01-27  Emil A Eklund  <eae@chromium.org>
997
998         Reviewed by Darin Adler.
999
1000         contentEditable formatBlock crashes on divs with contenteditable="false"
1001         https://bugs.webkit.org/show_bug.cgi?id=53263
1002
1003         Check if editableRootForPosition returns null for position.
1004
1005         Test: editing/execCommand/format-block-contenteditable-false.html
1006
1007         * editing/FormatBlockCommand.cpp:
1008         (WebCore::FormatBlockCommand::formatRange):
1009
1010 2011-01-27  Dimitri Glazkov  <dglazkov@chromium.org>
1011
1012         Reviewed by Darin Adler.
1013
1014         Remove RenderMedia members that aren't used.
1015         https://bugs.webkit.org/show_bug.cgi?id=53245
1016
1017         Refactoring, no change in behavior, so no new tests.
1018
1019         * rendering/RenderMedia.h: Removed unused member variables.
1020
1021 2011-01-27  Michael Saboff  <msaboff@apple.com>
1022
1023         Reviewed by Darin Adler.
1024
1025         Potentially Unsafe HashSet of RuntimeObject* in RootObject definition
1026         https://bugs.webkit.org/show_bug.cgi?id=53271
1027
1028         Precautionary change.
1029         Changed RootObject to use WeakGCMap instead of HashSet.
1030         Found will looking for another issue, but can't produce a test case
1031         that is problematic.  THerefore there aren't any new tests.
1032
1033         * bridge/runtime_root.cpp:
1034         (JSC::Bindings::RootObject::invalidate):
1035         (JSC::Bindings::RootObject::addRuntimeObject):
1036         (JSC::Bindings::RootObject::removeRuntimeObject):
1037         * bridge/runtime_root.h:
1038
1039 2011-01-27  Kenneth Russell  <kbr@google.com>
1040
1041         Reviewed by James Robinson.
1042
1043         Rename Typed Array slice() to subset()
1044         https://bugs.webkit.org/show_bug.cgi?id=53273
1045
1046         * bindings/js/JSArrayBufferViewHelper.h:
1047         (WebCore::constructArrayBufferView):
1048         * bindings/v8/custom/V8ArrayBufferViewCustom.h:
1049         (WebCore::constructWebGLArray):
1050         * html/canvas/Float32Array.cpp:
1051         (WebCore::Float32Array::subset):
1052         * html/canvas/Float32Array.h:
1053         * html/canvas/Float32Array.idl:
1054         * html/canvas/Int16Array.cpp:
1055         (WebCore::Int16Array::subset):
1056         * html/canvas/Int16Array.h:
1057         * html/canvas/Int16Array.idl:
1058         * html/canvas/Int32Array.cpp:
1059         (WebCore::Int32Array::subset):
1060         * html/canvas/Int32Array.h:
1061         * html/canvas/Int32Array.idl:
1062         * html/canvas/Int8Array.cpp:
1063         (WebCore::Int8Array::subset):
1064         * html/canvas/Int8Array.h:
1065         * html/canvas/Int8Array.idl:
1066         * html/canvas/TypedArrayBase.h:
1067         (WebCore::TypedArrayBase::subsetImpl):
1068         * html/canvas/Uint16Array.cpp:
1069         (WebCore::Uint16Array::subset):
1070         * html/canvas/Uint16Array.h:
1071         * html/canvas/Uint16Array.idl:
1072         * html/canvas/Uint32Array.cpp:
1073         (WebCore::Uint32Array::subset):
1074         * html/canvas/Uint32Array.h:
1075         * html/canvas/Uint32Array.idl:
1076         * html/canvas/Uint8Array.cpp:
1077         (WebCore::Uint8Array::subset):
1078         * html/canvas/Uint8Array.h:
1079         * html/canvas/Uint8Array.idl:
1080
1081 2011-01-27  Darin Adler  <darin@apple.com>
1082
1083         Reviewed by Dan Bernstein.
1084
1085         Changing cursor style has no effect until the mouse moves
1086         https://bugs.webkit.org/show_bug.cgi?id=14344
1087         rdar://problem/7563712
1088
1089         No tests added because we don't have infrastructure for testing actual cursor
1090         changes (as opposed to cursor style computation) at this time. We might add it later.
1091
1092         * page/EventHandler.cpp:
1093         (WebCore::EventHandler::dispatchFakeMouseMoveEventSoon): Added.
1094         * page/EventHandler.h: Ditto.
1095
1096         * rendering/RenderObject.cpp:
1097         (WebCore::areNonIdenticalCursorListsEqual): Added.
1098         (WebCore::areCursorsEqual): Added.
1099         (WebCore::RenderObject::styleDidChange): Call dispatchFakeMouseMoveEventSoon if
1100         cursor styles changed.
1101
1102 2011-01-27  Leo Yang  <leo.yang@torchmobile.com.cn>
1103
1104         Reviewed by Dirk Schulze.
1105
1106         SVG Use Cycle is not detected
1107         https://bugs.webkit.org/show_bug.cgi?id=52544
1108
1109         We should check if SVGUseElement::buildInstanceTree finds problem
1110         for every child node. If it finds problem for any children we must
1111         return immediately because otherwise the foundProblem variable may
1112         be rewritten to false.
1113
1114         Test: svg/custom/recursive-use2.svg
1115
1116         * svg/SVGUseElement.cpp:
1117         (WebCore::SVGUseElement::buildInstanceTree):
1118
1119 2011-01-27  Zhenyao Mo  <zmo@google.com>
1120
1121         Reviewed by Kenneth Russell.
1122
1123         texSubImage2D's format/type needs to match the internalformat/type from the previous texImage2D call
1124         https://bugs.webkit.org/show_bug.cgi?id=53054
1125
1126         Test: fast/canvas/webgl/tex-sub-image-2d-bad-args.html
1127
1128         * html/canvas/WebGLRenderingContext.cpp:
1129         (WebCore::WebGLRenderingContext::texSubImage2DBase): Check format/type match.
1130
1131 2011-01-27  Yi Shen  <yi.4.shen@nokia.com>, Tor Arne Vestbø <tor.arne.vestbo@nokia.com>
1132
1133         Reviewed by Andreas Kling.
1134
1135         [Qt] Add fullscreen media control button for html video
1136         https://bugs.webkit.org/show_bug.cgi?id=51543
1137
1138         Implement media control fullscreen button for QtWebKit html5 video.
1139
1140         * css/mediaControlsQt.css:
1141         (video::-webkit-media-controls-fullscreen-button):
1142         * platform/qt/RenderThemeQt.cpp:
1143         (WebCore::RenderThemeQt::paintMediaFullscreenButton):
1144
1145 2011-01-27  Nate Chapin  <japhet@chromium.org>
1146
1147         Reviewed by Adam Barth.
1148
1149         Remove FrameLoader::url() and update callers to use
1150         Document::url().
1151         https://bugs.webkit.org/show_bug.cgi?id=41165
1152
1153         Refactor, no new tests.
1154
1155         * WebCore.exp.in:
1156         * dom/Document.cpp:
1157         (WebCore::Document::processHttpEquiv):
1158         (WebCore::Document::removePendingSheet):
1159         * history/CachedFrame.cpp:
1160         (WebCore::CachedFrameBase::CachedFrameBase):
1161         * history/PageCache.cpp:
1162         (WebCore::logCanCacheFrameDecision):
1163         (WebCore::PageCache::canCachePageContainingThisFrame):
1164         * html/HTMLFrameElementBase.cpp:
1165         (WebCore::HTMLFrameElementBase::isURLAllowed):
1166         * html/HTMLPlugInImageElement.cpp:
1167         (WebCore::HTMLPlugInImageElement::allowedToLoadFrameURL):
1168         * inspector/InspectorAgent.cpp:
1169         (WebCore::InspectorAgent::inspectedURL):
1170         * inspector/InspectorResourceAgent.cpp:
1171         (WebCore::buildObjectForFrame):
1172         * loader/DocumentWriter.cpp:
1173         (WebCore::DocumentWriter::replaceDocument):
1174         (WebCore::DocumentWriter::deprecatedFrameEncoding):
1175         * loader/FrameLoader.cpp:
1176         * loader/FrameLoader.h:
1177         * loader/HistoryController.cpp:
1178         (WebCore::HistoryController::updateForStandardLoad):
1179         (WebCore::HistoryController::updateForRedirectWithLockedBackForwardList):
1180         (WebCore::HistoryController::updateForSameDocumentNavigation):
1181         * loader/NavigationScheduler.cpp:
1182         (WebCore::ScheduledHistoryNavigation::fire):
1183         (WebCore::NavigationScheduler::scheduleLocationChange):
1184         (WebCore::NavigationScheduler::scheduleRefresh):
1185         * page/FrameView.cpp:
1186         (WebCore::FrameView::updateControlTints):
1187         * page/Location.cpp:
1188         (WebCore::Location::url):
1189         (WebCore::Location::setProtocol):
1190         (WebCore::Location::setHost):
1191         (WebCore::Location::setHostname):
1192         (WebCore::Location::setPort):
1193         (WebCore::Location::setPathname):
1194         (WebCore::Location::setSearch):
1195         (WebCore::Location::setHash):
1196         (WebCore::Location::reload):
1197         * page/Page.cpp:
1198         (WebCore::Page::goToItem):
1199
1200 2011-01-27  Stephen White  <senorblanco@chromium.org>
1201
1202         Reviewed by Darin Adler.
1203
1204         Fix performance regression in ImageQualityController::objectDestroyed().
1205         https://bugs.webkit.org/show_bug.cgi?id=52645
1206
1207         In r72282, I inadvertently introduced this regression by using a
1208         linear search through the hash map on object destruction.  This was
1209         because the hash key consisted of both object pointer and layer id,
1210         but on object destruction we only know the object pointer, requiring
1211         a search to find all the layers. 
1212         By replacing the hash map with two nested hash maps, where the outer key
1213         is the object and the inner key is the layer, we can find all the
1214         relevant data for an object in one hash lookup.
1215
1216         * rendering/RenderBoxModelObject.cpp:
1217         Replace the (object,layer)->size HashMap with object->layer and
1218         layer->size HashMaps.
1219         (WebCore::ImageQualityController::isEmpty):
1220         Implement isEmpty() for the outer HashMap.
1221         (WebCore::ImageQualityController::removeLayer):
1222         When a layer is removed, remove it from the inner hash map.
1223         (WebCore::ImageQualityController::set):
1224         Implement set():  if the inner map exists, set the layer->size tuple
1225         directly.  If not, create a new inner map, set the tuple, and insert
1226         it in the outer map.
1227         (WebCore::ImageQualityController::objectDestroyed):
1228         Look up the object in the outer map only.
1229         (WebCore::ImageQualityController::highQualityRepaintTimerFired):
1230         Cosmetic changes for the renamed now-outer hash map.
1231         (WebCore::ImageQualityController::shouldPaintAtLowQuality):
1232         Do both outer and inner hash map lookups.  Call set() to add/update
1233         entries to the hash maps.  keyDestroyed() is now removeLayer().
1234         (WebCore::imageQualityController):
1235         Make the ImageQualityController a file-static global, so it can be
1236         created and destroyed on the fly.
1237         (WebCore::RenderBoxModelObject::~RenderBoxModelObject):
1238         If there is no ImageQualityController, don't call objectDestroyed().
1239         If it's empty, delete it.
1240         * rendering/RenderImage.cpp:
1241         (WebCore::RenderImage::paintIntoRect):
1242         Also pass the Image* as the (void*) layer, since 0 is not a valid
1243         HashMap key.
1244
1245 2011-01-27  Adrienne Walker  <enne@google.com>
1246
1247         Reviewed by James Robinson.
1248
1249         [chromium] Tiled compositor crashes if compositing turned off mid-paint
1250         https://bugs.webkit.org/show_bug.cgi?id=53198
1251
1252         * platform/graphics/chromium/LayerRendererChromium.cpp:
1253         (WebCore::LayerRendererChromium::drawLayers):
1254         * platform/graphics/chromium/LayerTilerChromium.cpp:
1255         (WebCore::LayerTilerChromium::update):
1256         (WebCore::LayerTilerChromium::draw):
1257
1258 2011-01-27  Carol Szabo <carol.szabo@nokia.com>
1259
1260         Reviewed by David Hyatt.
1261
1262         A corrupted counter tree is created when renderers are added to the
1263         tree bypassing RenderObject::addChild
1264         https://bugs.webkit.org/show_bug.cgi?id=51270
1265
1266         No new tests. This patch reimplements the fix for bugs 43812 and
1267         51637 and hence all tests are already there as part of the original
1268         fixes for those bugs.
1269
1270         * rendering/RenderCounter.cpp:
1271         (WebCore::findPlaceForCounter):
1272         Removed old workaround as this patch hopefully fixes the real
1273         problem.
1274         * rendering/RenderObject.cpp:
1275         (WebCore::RenderObject::addChild):
1276         Removed call to counter updater as it was moved to a lower level.
1277         (WebCore::RenderObject::destroy):
1278         Moved attached counter nodes destruction to after the node is
1279         removed from the tree.
1280         * rendering/RenderObjectChildList.cpp:
1281         (WebCore::RenderObjectChildList::removeChildNode):
1282         (WebCore::RenderObjectChildList::appendChildNode):
1283         (WebCore::RenderObjectChildList::insertChildNode):
1284         Added notifications to the Counter system such that the
1285         CounterForest reflects the changes to the RendererTree.
1286         * rendering/RenderWidget.cpp:
1287         (WebCore::RenderWidget::destroy):
1288         Applied the same changes as for RenderObject::destroy()
1289         since RenderObject::destroy() is not called from here.
1290
1291 2011-01-27  Adam Roben  <aroben@apple.com>
1292
1293         Add WKCACFViewLayerTreeHost
1294
1295         This is a class that derives from CACFLayerTreeHost and uses a WKCACFView to render.
1296
1297         Fixes <http://webkit.org/b/53251> <rdar://problem/8925496> CACFLayerTreeHost should use
1298         WKCACFView for rendering
1299
1300         * WebCore.vcproj/WebCore.vcproj: Added WKCACFViewLayerTreeHost.{cpp,h}.
1301
1302         * platform/graphics/ca/win/CACFLayerTreeHost.cpp:
1303         (WebCore::CACFLayerTreeHost::acceleratedCompositingAvailable): Make the test window have a
1304         non-zero size. WKCACFView will always say it can't render if you pass it a 0-sized window,
1305         so we need a non-empty window to perform a valid test.
1306         (WebCore::CACFLayerTreeHost::create): First try to create a WKCACFViewLayerTreeHost, then
1307         fall back to a LegacyCACFLayerTreeHost.
1308         (WebCore::CACFLayerTreeHost::flushPendingLayerChangesNow): Moved code to react to the
1309         context flush from here...
1310         (WebCore::CACFLayerTreeHost::contextDidChange): ...to here. Derived classes are required to
1311         call this function whenever changes are flushed to the context.
1312
1313         * platform/graphics/ca/win/CACFLayerTreeHost.h: Added contextDidChange.
1314
1315         * platform/graphics/ca/win/LegacyCACFLayerTreeHost.cpp:
1316         (WebCore::LegacyCACFLayerTreeHost::createRenderer):
1317         (WebCore::LegacyCACFLayerTreeHost::resize):
1318         Changed to use flushContext instead of flushing the context manually so that we will always
1319         notify the base class when the context gets flushed.
1320
1321         (WebCore::LegacyCACFLayerTreeHost::flushContext): Added a call to contextDidChange so the
1322         base class will know what happened. Moved code to schedule a render from here...
1323         (WebCore::LegacyCACFLayerTreeHost::contextDidChange): ...to here.
1324
1325         * platform/graphics/ca/win/LegacyCACFLayerTreeHost.h: Added contextDidChange.
1326
1327         * platform/graphics/ca/win/WKCACFViewLayerTreeHost.cpp: Added.
1328         (WebCore::WKCACFViewLayerTreeHost::create): If WebKitQuartzCoreAdditions, which provides
1329         WKCACFView, isn't present, bail. Otherwise allocate and return a new host.
1330         (WebCore::WKCACFViewLayerTreeHost::WKCACFViewLayerTreeHost): Initialize members.
1331         (WebCore::WKCACFViewLayerTreeHost::updateViewIfNeeded): Update the view if we previously
1332         marked that we needed to do so, and flush the context if our layer's bounds have changed.
1333         (WebCore::WKCACFViewLayerTreeHost::contextDidChangeCallback): Call through to
1334         contextDidChange.
1335         (WebCore::WKCACFViewLayerTreeHost::contextDidChange): Tell the WKCACFView to start rendering
1336         (if we didn't already), then call up to the base class.
1337         (WebCore::WKCACFViewLayerTreeHost::initializeContext): Set the context's user data, the
1338         view's layer, and hook up our "context did change" callback.
1339         (WebCore::WKCACFViewLayerTreeHost::resize): Mark that the view needs to be updated the next
1340         time we paint.
1341         (WebCore::WKCACFViewLayerTreeHost::createRenderer): Update our view and return whether it is
1342         able to render or not.
1343         (WebCore::WKCACFViewLayerTreeHost::destroyRenderer): Clear out all the info we passed down
1344         to the view.
1345         (WebCore::WKCACFViewLayerTreeHost::lastCommitTime): Call through to the view.
1346         (WebCore::WKCACFViewLayerTreeHost::flushContext): Ditto.
1347         (WebCore::WKCACFViewLayerTreeHost::paint): Update the view so it will draw at the right
1348         size, then call up to the base class.
1349         (WebCore::WKCACFViewLayerTreeHost::render): Invalidate the view using the passed-in dirty
1350         rects, then ask it to draw.
1351
1352         * platform/graphics/ca/win/WKCACFViewLayerTreeHost.h: Copied from Source/WebCore/platform/graphics/ca/win/LegacyCACFLayerTreeHost.h.
1353
1354 2011-01-27  Adam Roben  <aroben@apple.com>
1355
1356         Move LegacyCACFLayerTreeHost into its own files
1357
1358         More preparation for <http://webkit.org/b/53251> <rdar://problem/8925496> CACFLayerTreeHost
1359         should use WKCACFView for rendering
1360
1361         Reviewed by Simon Fraser.
1362
1363         * WebCore.vcproj/WebCore.vcproj: Added LegacyCACFLayerTreeHost.{cpp,h}.
1364
1365         * platform/graphics/ca/win/CACFLayerTreeHost.cpp: Moved code from here to new files.
1366
1367         * platform/graphics/ca/win/LegacyCACFLayerTreeHost.cpp: Added.
1368         * platform/graphics/ca/win/LegacyCACFLayerTreeHost.h: Added.
1369
1370 2011-01-27  Patrick Gansterer  <paroga@webkit.org>
1371
1372         Unreviewed WinCE build fix for r76824.
1373
1374         * platform/wince/DragDataWinCE.cpp:
1375         (WebCore::DragData::dragDataMap):
1376
1377 2011-01-27  Adam Roben  <aroben@apple.com>
1378
1379         Split CACFLayerTreeHost into base and derived classes
1380
1381         The derived class, LegacyCACFLayerTreeHost, contains all the D3D-related code. A later patch
1382         will add a new derived class that replaces the D3D code with a different rendering API.
1383
1384         For now, LegacyCACFLayerTreeHost lives in CACFLayerTreeHost.cpp. This keeps the diff a
1385         little smaller. A later patch will move it to its own source files.
1386
1387         Preparation for <http://webkit.org/b/53251> <rdar://problem/8925496> CACFLayerTreeHost
1388         should use WKCACFView for rendering
1389
1390         Reviewed by Simon Fraser.
1391
1392         * platform/graphics/ca/win/CACFLayerTreeHost.cpp:
1393         (WebCore::CACFLayerTreeHost::acceleratedCompositingAvailable): Clear the window before
1394         destroying the host, as that is now the API contract that clients must fulfill.
1395         (WebCore::LegacyCACFLayerTreeHost::create): Added. Simple creator.
1396         (WebCore::CACFLayerTreeHost::create): Now instantiates a LegacyCACFLayerTreeHost. Calls the
1397         new initialize function to perform initialization that has to happen after the vtable has
1398         been set up.
1399
1400         (WebCore::LegacyCACFLayerTreeHost::LegacyCACFLayerTreeHost):
1401         (WebCore::CACFLayerTreeHost::CACFLayerTreeHost):
1402         (WebCore::LegacyCACFLayerTreeHost::initializeContext):
1403         (WebCore::CACFLayerTreeHost::initialize):
1404         Moved some initialization code from the CACFLayerTreeHost constructor into these new
1405         functions.
1406
1407         (WebCore::LegacyCACFLayerTreeHost::~LegacyCACFLayerTreeHost): Added. Moved code here from
1408         ~CACFLayerTreeHost.
1409         (WebCore::CACFLayerTreeHost::~CACFLayerTreeHost): Rather than clearing the window at this
1410         point (which would be too late, since we won't be able to call into the derived class's
1411         virtual functions), just assert that it has already been cleared (or was never set in the
1412         first place).
1413         (WebCore::LegacyCACFLayerTreeHost::createRenderer): Renamed from
1414         CACFLayerTreeHost::createRenderer, and changed to use getters instead of accessing
1415         CACFLayerTreeHost's data members directly.
1416
1417         (WebCore::LegacyCACFLayerTreeHost::destroyRenderer):
1418         (WebCore::CACFLayerTreeHost::destroyRenderer):
1419         Moved some code to the new LegacyCACFLayerTreeHost function.
1420
1421         (WebCore::LegacyCACFLayerTreeHost::resize):
1422         (WebCore::LegacyCACFLayerTreeHost::renderTimerFired):
1423         Moved these functions to LegacyCACFLayerTreeHost.
1424
1425         (WebCore::LegacyCACFLayerTreeHost::paint):
1426         (WebCore::CACFLayerTreeHost::paint):
1427         Moved some code to the new LegacyCACFLayerTreeHost function.
1428
1429         (WebCore::LegacyCACFLayerTreeHost::render):
1430         (WebCore::LegacyCACFLayerTreeHost::renderSoon):
1431         Moved these functions to LegacyCACFLayerTreeHost.
1432
1433         (WebCore::CACFLayerTreeHost::flushPendingLayerChangesNow): Moved code to flush the context
1434         from here...
1435         (WebCore::LegacyCACFLayerTreeHost::flushContext): ...to this new function.
1436
1437         (WebCore::LegacyCACFLayerTreeHost::lastCommitTime): Moved code to get the last commit time
1438         to this new function...
1439         (WebCore::CACFLayerTreeHost::notifyAnimationsStarted): ...from here.
1440
1441         (WebCore::LegacyCACFLayerTreeHost::initD3DGeometry):
1442         (WebCore::LegacyCACFLayerTreeHost::resetDevice):
1443         Moved these functions to LegacyCACFLayerTreeHost.
1444
1445         * platform/graphics/ca/win/CACFLayerTreeHost.h: Made some functions virtual, removed some
1446         members that have moved to LegacyCACFLayerTreeHost, grouped remaining members more
1447         logically, and added some getters used by LegacyCACFLayerTreeHost.
1448
1449 2011-01-27  Adam Roben  <aroben@apple.com>
1450
1451         Move CACFLayerTreeHostClient to its own header file
1452
1453         Rubber-stamped by Steve Falkenburg.
1454
1455         * WebCore.vcproj/WebCore.vcproj: Added CACFLayerTreeHostClient.h. Also let VS have its way
1456         with the file.
1457
1458         * platform/graphics/ca/win/CACFLayerTreeHost.cpp: Added new #include.
1459
1460         * platform/graphics/ca/win/CACFLayerTreeHost.h: Removed CACFLayerTreeHostClient.
1461
1462         * platform/graphics/ca/win/CACFLayerTreeHostClient.h: Added.
1463
1464         * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.cpp: Moved some #includes here
1465         from the header file.
1466
1467         * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.h: Replaced broader #includes
1468         with more specific ones, plus a forward-declaration.
1469
1470 2011-01-27  James Simonsen  <simonjam@chromium.org>
1471
1472         Reviewed by Tony Chang.
1473
1474         [Chromium] Simplify small caps logic in complex text on linux
1475         https://bugs.webkit.org/show_bug.cgi?id=53207
1476
1477         Test: fast/text/atsui-multiple-renderers.html
1478               fast/text/atsui-small-caps-punctuation-size.html
1479
1480         * platform/graphics/chromium/ComplexTextControllerLinux.cpp:
1481         (WebCore::ComplexTextController::nextScriptRun): Remove redundant logic. Case changes in a text run imply FontData changes.
1482         (WebCore::ComplexTextController::setupFontForScriptRun): Update comment to reflect above.
1483
1484 2011-01-27  Adam Barth  <abarth@webkit.org>
1485
1486         In which I attempt to fix the EFL build.
1487
1488         * CMakeLists.txt:
1489
1490 2011-01-25  Levi Weintraub  <leviw@chromium.org>
1491
1492         Reviewed by Darin Adler.
1493
1494         Adding border and padding to the calculation of the local caret rect for RenderBoxes.
1495         Corrected for mistake in r76625
1496
1497         Undo moves caret to invalid position
1498         https://bugs.webkit.org/show_bug.cgi?id=49744
1499
1500         Tests: editing/selection/caret-painting-after-paste-undo-rtl.html
1501                editing/selection/caret-painting-after-paste-undo.html
1502
1503         * rendering/RenderBox.cpp:
1504         (WebCore::RenderBox::localCaretRect):
1505
1506 2011-01-27  Sheriff Bot  <webkit.review.bot@gmail.com>
1507
1508         Unreviewed, rolling out r76825.
1509         http://trac.webkit.org/changeset/76825
1510         https://bugs.webkit.org/show_bug.cgi?id=53256
1511
1512         "caused crashes on GTK and chromium" (Requested by rniwa on
1513         #webkit).
1514
1515         * rendering/RenderBoxModelObject.cpp:
1516         (WebCore::ImageQualityController::keyDestroyed):
1517         (WebCore::ImageQualityController::objectDestroyed):
1518         (WebCore::ImageQualityController::highQualityRepaintTimerFired):
1519         (WebCore::ImageQualityController::shouldPaintAtLowQuality):
1520         (WebCore::imageQualityController):
1521         (WebCore::RenderBoxModelObject::~RenderBoxModelObject):
1522
1523 2011-01-27  Adam Barth  <abarth@webkit.org>
1524
1525         Reviewed by Eric Seidel.
1526
1527         Generalize the mechanism view-source uses to remember the source for an HTMLToken
1528         https://bugs.webkit.org/show_bug.cgi?id=53200
1529
1530         Currently view-source tracks the source associated with each HTMLToken.
1531         We want to re-use this mechanism for the new XSS auditor.  This patch
1532         moves this code into its own class so it can be shared between the
1533         view-source parser and the general HTML parser.  This patch also add
1534         support for tracking the source of tokens that span document.write
1535         boundaries.
1536
1537         No functional change.  This code change is somewhat tested by our
1538         view-source layout tests.
1539
1540         * Android.mk:
1541         * GNUmakefile.am:
1542         * WebCore.gypi:
1543         * WebCore.pro:
1544         * WebCore.vcproj/WebCore.vcproj:
1545         * WebCore.xcodeproj/project.pbxproj:
1546             - Fun with updating build files.
1547         * html/parser/HTMLDocumentParser.cpp:
1548         (WebCore::HTMLDocumentParser::pumpTokenizer):
1549             - Teach HTMLDocumentParser to track the source for HTMLTokens.
1550               Currently, this information isn't used, but it will be shortly.
1551               I ran the HTML parser benchmark and this change didn't have a
1552               measurable effect.
1553         * html/parser/HTMLDocumentParser.h:
1554             - Composite in the HTMLSourceTracker.
1555         * html/parser/HTMLSourceTracker.cpp: Added.
1556         (WebCore::HTMLSourceTracker::HTMLSourceTracker):
1557         (WebCore::HTMLSourceTracker::start):
1558         (WebCore::HTMLSourceTracker::end):
1559             - This function should eventualy be folded into HTMLTokenizer.
1560         (WebCore::HTMLSourceTracker::sourceForToken):
1561         * html/parser/HTMLSourceTracker.h: Added.
1562         * html/parser/HTMLToken.h:
1563             - Now HTMLTokens always have a start index of zero.  To do the job
1564               of the old start index, this patch introduces the notion of a
1565               baseOffset.  Unlike the start index (which was used as the base
1566               offset for all the other indicies), the baseOffset can change
1567               over the lifetime of the token.  We need the flexibility to
1568               change the offset for tokens that span document.write boundaries.
1569               Values are now normalized to zero-offset when stored.
1570         (WebCore::HTMLToken::clear):
1571         (WebCore::HTMLToken::setBaseOffset):
1572         (WebCore::HTMLToken::end):
1573         (WebCore::HTMLToken::beginAttributeName):
1574         (WebCore::HTMLToken::endAttributeName):
1575         (WebCore::HTMLToken::beginAttributeValue):
1576         (WebCore::HTMLToken::endAttributeValue):
1577         * html/parser/HTMLViewSourceParser.cpp:
1578             - Updates the HTMLViewSourceParser to use the new
1579               HTMLSourceTracker.
1580         (WebCore::HTMLViewSourceParser::pumpTokenizer):
1581         (WebCore::HTMLViewSourceParser::append):
1582         (WebCore::HTMLViewSourceParser::sourceForToken):
1583             - This function now just calls through to HTMLSourceTracker.
1584         * html/parser/HTMLViewSourceParser.h:
1585         * platform/text/SegmentedString.cpp:
1586         (WebCore::SegmentedString::currentColumn):
1587         (WebCore::SegmentedString::setCurrentPosition):
1588         * platform/text/SegmentedString.h:
1589         (WebCore::SegmentedString::numberOfCharactersConsumed):
1590             - We need to handle the general case now.  The "slow" version
1591               doesn't turn out to be any slower in practice anyway.
1592
1593 2011-01-27  Sam Weinig  <sam@webkit.org>
1594
1595         Fix all the builds.
1596
1597         * platform/ScrollView.cpp:
1598         (WebCore::ScrollView::paintOverhangAreas): Add parameters.
1599
1600 2011-01-27  Sam Weinig  <sam@webkit.org>
1601
1602         Reviewed by Dave Hyatt.
1603
1604         Add ability to do an unconstrained scroll on a ScrollView
1605         https://bugs.webkit.org/show_bug.cgi?id=53249
1606
1607         * platform/ScrollView.cpp:
1608         (WebCore::ScrollView::ScrollView):
1609         Initialize m_constrainsScrollingToContentEdge to true.
1610
1611         (WebCore::ScrollView::setScrollOffset):
1612         Only constrain the offset if the m_constrainsScrollingToContentEdge is set.
1613
1614         (WebCore::ScrollView::updateScrollbars):
1615         Simplify expression converting an IntSize to an IntPoint.
1616         
1617         (WebCore::ScrollView::paint):
1618         Paint the overhang if there is any.
1619         
1620         (WebCore::ScrollView::calculateOverhangAreasForPainting):
1621         Calculate the overhang in viewport coordinates for painting.
1622
1623         * platform/ScrollView.h:
1624         (WebCore::ScrollView::constrainsScrollingToContentEdge):
1625         (WebCore::ScrollView::setConstrainsScrollingToContentEdge):
1626         Add bit to control whether the scroll position should be constrained
1627         to the content edge when set.
1628
1629         * platform/ScrollbarThemeComposite.cpp:
1630         (WebCore::usedTotalSize):
1631         (WebCore::ScrollbarThemeComposite::thumbPosition):
1632         (WebCore::ScrollbarThemeComposite::thumbLength):
1633         * platform/mac/ScrollbarThemeMac.mm:
1634         (WebCore::ScrollbarThemeMac::paint):
1635         Improve calculations of thumb size and position to take overhang into account.
1636
1637 2011-01-27  Dirk Schulze  <krit@webkit.org>
1638
1639         Reviewed by Nikolas Zimmermann.
1640
1641         SVG animation of Paths with segments of different coordinate modes on begin and end
1642         https://bugs.webkit.org/show_bug.cgi?id=52984
1643
1644         At the moment we just support SVG path animations, if the number of segments on the given start path
1645         is the same as the number of segments on the given end path. But a segment on a given position must be identical
1646         on both paths as well. Not only the segment type, also the coordinate mode of the segments must be identical.
1647         If MoveToRel is on the second position on the start path a MoveToRel must be on the second position
1648         of the end path too. According to the SVG spec, at least the coordinate mode can differ. Means, if we have MoveToRel
1649         in the start path, we can use MoveToAbs on the same position in the end path.
1650
1651         This patch fixes the blending code to follow the spec here. It was necessary to track the current position of
1652         both paths, transform coordinates to the same coordinate mode and transform the resulting animation coordinate back
1653         to the coordinate mode of either the start or the end path. Which mode is taken depends on the progress of the
1654         animation.
1655
1656         Tests: svg/animations/animate-path-animation-Cc-Ss.html
1657                svg/animations/animate-path-animation-Ll-Vv-Hh.html
1658                svg/animations/animate-path-animation-Qq-Tt.html
1659                svg/animations/animate-path-animation-cC-sS-inverse.html
1660                svg/animations/animate-path-animation-lL-vV-hH-inverse.html
1661                svg/animations/animate-path-animation-qQ-tT-inverse.html
1662
1663         * svg/SVGPathBlender.cpp:
1664         (WebCore::blendFloatPoint):
1665         (WebCore::blendAnimatedFloat):
1666         (WebCore::SVGPathBlender::blendAnimatedDimensionalFloat):
1667         (WebCore::SVGPathBlender::blendAnimatedFloatPoint):
1668         (WebCore::SVGPathBlender::blendMoveToSegment):
1669         (WebCore::SVGPathBlender::blendLineToSegment):
1670         (WebCore::SVGPathBlender::blendLineToHorizontalSegment):
1671         (WebCore::SVGPathBlender::blendLineToVerticalSegment):
1672         (WebCore::SVGPathBlender::blendCurveToCubicSegment):
1673         (WebCore::SVGPathBlender::blendCurveToCubicSmoothSegment):
1674         (WebCore::SVGPathBlender::blendCurveToQuadraticSegment):
1675         (WebCore::SVGPathBlender::blendCurveToQuadraticSmoothSegment):
1676         (WebCore::SVGPathBlender::blendArcToSegment):
1677         (WebCore::coordinateModeOfCommand):
1678         (WebCore::isSegmentEqual):
1679         (WebCore::SVGPathBlender::blendAnimatedPath):
1680         (WebCore::SVGPathBlender::cleanup):
1681         * svg/SVGPathBlender.h:
1682
1683 2011-01-27  Cris Neckar  <cdn@chromium.org>
1684
1685         Reviewed by Dimitri Glazkov.
1686
1687         Clear the parent on a css keyframe's m_style when removing it from the stylesheet.
1688         https://bugs.webkit.org/show_bug.cgi?id=52320
1689
1690         Test: fast/css/css-keyframe-style-crash.html
1691
1692         * css/CSSRuleList.cpp:
1693         (WebCore::CSSRuleList::deleteRule):
1694         * css/WebKitCSSKeyframesRule.cpp:
1695         (WebCore::WebKitCSSKeyframesRule::~WebKitCSSKeyframesRule):
1696
1697 2011-01-27  Rob Buis  <rwlbuis@gmail.com>
1698
1699         Reviewed by Kent Tamura.
1700
1701         Color changes to option elements in a select multiple aren't drawn immediately
1702         https://bugs.webkit.org/show_bug.cgi?id=49790
1703
1704         Redirect style changes on <option> element to the owner <select> element.
1705
1706         Test: fast/repaint/select-option-background-color.html
1707
1708         * html/HTMLOptionElement.cpp:
1709         (WebCore::HTMLOptionElement::setRenderStyle):
1710
1711 2011-01-19  Stephen White  <senorblanco@chromium.org>
1712
1713         Reviewed by Darin Adler.
1714
1715         Fix performance regression in ImageQualityController::objectDestroyed().
1716         https://bugs.webkit.org/show_bug.cgi?id=52645
1717
1718         In r72282, I inadvertently introduced this regression by using a
1719         linear search through the hash map on object destruction.  This was
1720         because the hash key consisted of both object pointer and layer id,
1721         but on object destruction we only know the object pointer, requiring
1722         a search to find all the layers. 
1723         By replacing the hash map with two nested hash maps, where the outer key
1724         is the object and the inner key is the layer, we can find all the
1725         relevant data for an object in one hash lookup.
1726
1727         * rendering/RenderBoxModelObject.cpp:
1728         Replace the (object,layer)->size HashMap with object->layer and
1729         layer->size HashMaps.
1730         (WebCore::ImageQualityController::isEmpty):
1731         Implement isEmpty() for the outer HashMap.
1732         (WebCore::ImageQualityController::removeLayer):
1733         When a layer is removed, remove it from the inner hash map.
1734         (WebCore::ImageQualityController::set):
1735         Implement set():  if the inner map exists, set the layer->size tuple
1736         directly.  If not, create a new inner map, set the tuple, and insert
1737         it in the outer map.
1738         (WebCore::ImageQualityController::objectDestroyed):
1739         Look up the object in the outer map only.
1740         (WebCore::ImageQualityController::highQualityRepaintTimerFired):
1741         Cosmetic changes for the renamed now-outer hash map.
1742         (WebCore::ImageQualityController::shouldPaintAtLowQuality):
1743         Do both outer and inner hash map lookups.  Call set() to add/update
1744         entries to the hash maps.  keyDestroyed() is now removeLayer().
1745         (WebCore::imageQualityController):
1746         Make the ImageQualityController a file-static global, so it can be
1747         created and destroyed on the fly.
1748         (WebCore::RenderBoxModelObject::~RenderBoxModelObject):
1749         If there is no ImageQualityController, don't call objectDestroyed().
1750         If it's empty, delete it.
1751
1752
1753 2011-01-26  Enrica Casucci  <enrica@apple.com>
1754
1755         Reviewed by Darin Adler and Adam Roben.
1756
1757         WebKit2: add support for drag and drop on Windows
1758         https://bugs.webkit.org/show_bug.cgi?id=52775
1759         <rdar://problem/8514409>
1760         
1761         On Windows the access to the content being dragged is
1762         provided via the IDataObject interface that is made available
1763         to the window that registers itself as drop target.
1764         Since this interface cannot be accessed from the WebProcess,
1765         in every call to one of the methods of the IDropTarget interface
1766         we serialize the content of the drag clipboard and send it over to
1767         the WebProcess.
1768         The bulk of this patch consists in the refactoring needed in DragData
1769         and ClipboardWin classes to extract the data from the serialized object.
1770         
1771         * platform/DragData.cpp:
1772         * platform/DragData.h:
1773         * platform/win/ClipboardUtilitiesWin.cpp:
1774         (WebCore::getWebLocData):
1775         (WebCore::getURL):
1776         (WebCore::getPlainText):
1777         (WebCore::getTextHTML):
1778         (WebCore::getCFHTML):
1779         (WebCore::fragmentFromFilenames):
1780         (WebCore::containsFilenames):
1781         (WebCore::fragmentFromHTML):
1782         (WebCore::containsHTML):
1783         (WebCore::getClipboardData):
1784         * platform/win/ClipboardUtilitiesWin.h:
1785         * platform/win/ClipboardWin.cpp:
1786         (WebCore::Clipboard::create):
1787         (WebCore::ClipboardWin::ClipboardWin):
1788         (WebCore::ClipboardWin::getData):
1789         (WebCore::ClipboardWin::types):
1790         (WebCore::ClipboardWin::files):
1791         (WebCore::ClipboardWin::hasData):
1792         * platform/win/ClipboardWin.h:
1793         (WebCore::ClipboardWin::create):
1794         * platform/win/DragDataWin.cpp:
1795         (WebCore::DragData::DragData):
1796         (WebCore::DragData::containsURL):
1797         (WebCore::DragData::dragDataMap):
1798         (WebCore::DragData::asURL):
1799         (WebCore::DragData::containsFiles):
1800         (WebCore::DragData::asFilenames):
1801         (WebCore::DragData::containsPlainText):
1802         (WebCore::DragData::asPlainText):
1803         (WebCore::DragData::canSmartReplace):
1804         (WebCore::DragData::containsCompatibleContent):
1805         (WebCore::DragData::asFragment):
1806
1807 2011-01-27  Mario Sanchez Prada  <msanchez@igalia.com>
1808
1809         Reviewed by Martin Robinson.
1810
1811         [GTK] Space characters in source document interfere with reported caret offset
1812         https://bugs.webkit.org/show_bug.cgi?id=53033
1813
1814         Calculate caret offset from rendered text instead of from node contents.
1815
1816         * accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:
1817         (objectAndOffsetUnignored): Calculate the caret offset based only
1818         on positions and ranges, instead of using the computed offset in
1819         the container node.
1820
1821 2011-01-26  Alexey Proskuryakov  <ap@apple.com>
1822
1823         Reviewed by Darin Adler.
1824
1825         https://bugs.webkit.org/show_bug.cgi?id=53197
1826         <rdar://problem/8895682> Make WebKit2 printing asynchronous
1827
1828         * WebCore.exp.in: Export more PrintContext methods that we didn't use on Mac before.
1829
1830         * page/PrintContext.cpp: (WebCore::PrintContext::spoolRect): Changed to make the same
1831         transformation as spoolPages does for consistency.
1832
1833 2011-01-27  David Grogan  <dgrogan@google.com>
1834
1835         Reviewed by Jeremy Orlow.
1836
1837         initial support for close() in indexeddb backend
1838         https://bugs.webkit.org/show_bug.cgi?id=53150
1839
1840         Test: storage/indexeddb/transaction-after-close.html
1841
1842         * storage/IDBDatabase.cpp:
1843         (WebCore::IDBDatabase::IDBDatabase):
1844         (WebCore::IDBDatabase::transaction):
1845         (WebCore::IDBDatabase::close):
1846         * storage/IDBDatabase.h:
1847         * storage/IDBDatabase.idl:
1848         * storage/IDBDatabaseBackendImpl.cpp:
1849         (WebCore::IDBDatabaseBackendImpl::transaction):
1850         (WebCore::IDBDatabaseBackendImpl::close):
1851
1852 2011-01-27  Dirk Schulze  <krit@webkit.org>
1853
1854         Reviewed by Nikolas Zimmermann.
1855
1856         SVG animation doesn't support calcMode discrete for number and color values.
1857         https://bugs.webkit.org/show_bug.cgi?id=53189
1858
1859         Add support for calcMode discrete on number and color animation.
1860
1861         Tests: svg/animations/animate-color-calcMode-discrete.html
1862                svg/animations/animate-number-calcMode-discrete.html
1863
1864         * svg/SVGAnimateElement.cpp:
1865         (WebCore::SVGAnimateElement::calculateAnimatedValue):
1866
1867 2011-01-26  Zhenyao Mo  <zmo@google.com>
1868
1869         Reviewed by Kenneth Russell.
1870
1871         shaderSource needs to preserve original source
1872         https://bugs.webkit.org/show_bug.cgi?id=52833
1873
1874         Test: fast/canvas/webgl/gl-getshadersource.html
1875
1876         * html/canvas/WebGLRenderingContext.cpp:
1877         (WebCore::WebGLRenderingContext::getShaderParameter): Intercept SHADER_SOURCE_LENGTH.
1878         (WebCore::WebGLRenderingContext::getShaderSource): Intercept the call.
1879         (WebCore::WebGLRenderingContext::shaderSource): Cache the source.
1880         * html/canvas/WebGLShader.cpp: Cache shader source.
1881         (WebCore::WebGLShader::WebGLShader):
1882         * html/canvas/WebGLShader.h: Ditto.
1883         (WebCore::WebGLShader::getSource):
1884         (WebCore::WebGLShader::setSource):
1885
1886 2011-01-27  Patrick Gansterer  <paroga@webkit.org>
1887
1888         Unreviewed WinCE build fix for r76743.
1889
1890         * platform/graphics/wince/FontWinCE.cpp:
1891         (WebCore::TextRunComponent::TextRunComponent):
1892
1893 2011-01-27  Pavel Podivilov  <podivilov@chromium.org>
1894
1895         Reviewed by Pavel Feldman.
1896
1897         Web Inspector: Closure and Global variable details automatically collapsing on each step through JavaScript code.
1898         https://bugs.webkit.org/show_bug.cgi?id=53234
1899
1900         * inspector/front-end/ScopeChainSidebarPane.js:
1901         (WebInspector.ScopeChainSidebarPane):
1902         (WebInspector.ScopeChainSidebarPane.prototype.update):
1903
1904 2011-01-27  Sheriff Bot  <webkit.review.bot@gmail.com>
1905
1906         Unreviewed, rolling out r76789.
1907         http://trac.webkit.org/changeset/76789
1908         https://bugs.webkit.org/show_bug.cgi?id=53238
1909
1910         Broke GTK layout tests (Requested by podivilov on #webkit).
1911
1912         * inspector/front-end/ScopeChainSidebarPane.js:
1913         (WebInspector.ScopeChainSidebarPane):
1914         (WebInspector.ScopeChainSidebarPane.prototype.update):
1915
1916 2011-01-27  Yury Semikhatsky  <yurys@chromium.org>
1917
1918         Reviewed by Pavel Feldman.
1919
1920         Web Inspector: store all settings related to the agents on the frontend side
1921         https://bugs.webkit.org/show_bug.cgi?id=53174
1922
1923         * CMakeLists.txt:
1924         * GNUmakefile.am:
1925         * WebCore.exp.in:
1926         * WebCore.gypi:
1927         * WebCore.pro:
1928         * WebCore.vcproj/WebCore.vcproj:
1929         * WebCore.xcodeproj/project.pbxproj:
1930         * bindings/js/ScriptDebugServer.cpp:
1931         * bindings/js/ScriptDebugServer.h:
1932         * bindings/js/ScriptProfiler.cpp:
1933         * bindings/js/ScriptProfiler.h:
1934         * bindings/v8/ScriptDebugServer.cpp:
1935         * bindings/v8/ScriptDebugServer.h:
1936         * bindings/v8/ScriptProfiler.cpp:
1937         * bindings/v8/ScriptProfiler.h:
1938         * inspector/Inspector.idl:
1939         * inspector/InspectorAgent.cpp: profiler and debugger enablement state is now stored
1940         on the front-end side and will be pushed to the backend when the frontend is loaded.
1941         (WebCore::InspectorAgent::InspectorAgent):
1942         (WebCore::InspectorAgent::disconnectFrontend):
1943         (WebCore::InspectorAgent::restoreDebugger):
1944         (WebCore::InspectorAgent::restoreProfiler):
1945         (WebCore::InspectorAgent::enableProfiler):
1946         (WebCore::InspectorAgent::disableProfiler):
1947         (WebCore::InspectorAgent::showAndEnableDebugger):
1948         (WebCore::InspectorAgent::enableDebugger):
1949         (WebCore::InspectorAgent::disableDebugger):
1950         * inspector/InspectorAgent.h:
1951         * inspector/InspectorConsoleAgent.cpp: XHR failures will be logged to the console only
1952         if the front-end was opened during current browser session and XHR logging is turned on
1953         there.
1954         (WebCore::InspectorConsoleAgent::setMonitoringXHREnabled):
1955         (WebCore::InspectorConsoleAgent::setConsoleMessagesEnabled):
1956         * inspector/InspectorDebuggerAgent.cpp:
1957         * inspector/InspectorDebuggerAgent.h:
1958         * inspector/InspectorInstrumentation.cpp:
1959         (WebCore::InspectorInstrumentation::identifierForInitialRequestImpl):
1960         (WebCore::InspectorInstrumentation::didLoadResourceFromMemoryCacheImpl):
1961         * inspector/InspectorProfilerAgent.cpp:
1962         (WebCore::InspectorProfilerAgent::InspectorProfilerAgent):
1963         (WebCore::InspectorProfilerAgent::startUserInitiatedProfiling):
1964         * inspector/InspectorSettings.cpp: Removed.
1965         * inspector/InspectorSettings.h: Removed.
1966         * inspector/InspectorState.cpp:
1967         (WebCore::InspectorState::InspectorState):
1968         * inspector/InspectorState.h:
1969         * inspector/front-end/ConsoleView.js:
1970         (WebInspector.ConsoleView.prototype._registerConsoleDomainDispatcher.dispatcher.consoleMessagesCleared):
1971         (WebInspector.ConsoleView.prototype._registerConsoleDomainDispatcher):
1972         (WebInspector.ConsoleView.prototype._handleContextMenuEvent.itemAction):
1973         (WebInspector.ConsoleView.prototype._handleContextMenuEvent):
1974         * inspector/front-end/ProfilesPanel.js:
1975         (WebInspector.ProfilesPanel.prototype._toggleProfiling):
1976         * inspector/front-end/ScriptsPanel.js:
1977         (WebInspector.ScriptsPanel.prototype._toggleDebugging):
1978         * inspector/front-end/Settings.js:
1979         (WebInspector.Settings):
1980         * inspector/front-end/inspector.js:
1981
1982 2011-01-27  Pavel Podivilov  <podivilov@chromium.org>
1983
1984         Reviewed by Pavel Feldman.
1985
1986         Web Inspector: Closure and Global variable details automatically collapsing on each step through JavaScript code.
1987         https://bugs.webkit.org/show_bug.cgi?id=53234
1988
1989         * inspector/front-end/ScopeChainSidebarPane.js:
1990         (WebInspector.ScopeChainSidebarPane):
1991         (WebInspector.ScopeChainSidebarPane.prototype.update):
1992
1993 2011-01-27  Alexander Pavlov  <apavlov@chromium.org>
1994
1995         Reviewed by Pavel Feldman.
1996
1997         Web Inspector: [Elements panel] Tooltip for relative links incorrectly identifies current URL
1998         https://bugs.webkit.org/show_bug.cgi?id=53171
1999
2000         * inspector/front-end/inspector.js:
2001         (WebInspector.completeURL): Taught to understand partial href's that start with "?" (contain GET parameters only)
2002
2003 2011-01-27  Yury Semikhatsky  <yurys@chromium.org>
2004
2005         Reviewed by Pavel Feldman.
2006
2007         [V8] Crash in WebCore::addMessageToConsole
2008         https://bugs.webkit.org/show_bug.cgi?id=53227
2009
2010         * bindings/v8/V8Proxy.cpp: check that the Frame where the error
2011         occured still has a page before getting a console object from it.
2012         (WebCore::V8Proxy::reportUnsafeAccessTo):
2013
2014 2011-01-27  Hans Wennborg  <hans@chromium.org>
2015
2016         Reviewed by Jeremy Orlow.
2017
2018         IndexedDB: Remove IDBCallbacks::onSuccess() used for null values.
2019         https://bugs.webkit.org/show_bug.cgi?id=53178
2020
2021         Remove the IDBCallbacks::onSuccess() function that was used for
2022         null values, and replace such calls with calls to
2023         IDBCallBacks::onSuccess(SerializedScriptValue::nullValue())
2024         instead.
2025
2026         No new functionality, so no new tests.
2027
2028         * storage/IDBCallbacks.h:
2029         * storage/IDBCursorBackendImpl.cpp:
2030         (WebCore::IDBCursorBackendImpl::updateInternal):
2031         (WebCore::IDBCursorBackendImpl::continueFunctionInternal):
2032         * storage/IDBIndexBackendImpl.cpp:
2033         (WebCore::IDBIndexBackendImpl::openCursorInternal):
2034         * storage/IDBObjectStoreBackendImpl.cpp:
2035         (WebCore::IDBObjectStoreBackendImpl::deleteInternal):
2036         (WebCore::IDBObjectStoreBackendImpl::openCursorInternal):
2037         * storage/IDBRequest.cpp:
2038         * storage/IDBRequest.h:
2039
2040 2011-01-27  Sheriff Bot  <webkit.review.bot@gmail.com>
2041
2042         Unreviewed, rolling out r76773.
2043         http://trac.webkit.org/changeset/76773
2044         https://bugs.webkit.org/show_bug.cgi?id=53230
2045
2046         breaks multiple GTK media tests (Requested by philn-tp on
2047         #webkit).
2048
2049         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2050         (WebCore::mimeTypeCache):
2051
2052 2011-01-27  Sheriff Bot  <webkit.review.bot@gmail.com>
2053
2054         Unreviewed, rolling out r76770.
2055         http://trac.webkit.org/changeset/76770
2056         https://bugs.webkit.org/show_bug.cgi?id=53229
2057
2058         Some inspector tests fail (Requested by yurys on #webkit).
2059
2060         * CMakeLists.txt:
2061         * GNUmakefile.am:
2062         * WebCore.exp.in:
2063         * WebCore.gypi:
2064         * WebCore.pro:
2065         * WebCore.vcproj/WebCore.vcproj:
2066         * WebCore.xcodeproj/project.pbxproj:
2067         * bindings/js/ScriptDebugServer.cpp:
2068         (WebCore::ScriptDebugServer::isDebuggerAlwaysEnabled):
2069         * bindings/js/ScriptDebugServer.h:
2070         * bindings/js/ScriptProfiler.cpp:
2071         (WebCore::ScriptProfiler::isProfilerAlwaysEnabled):
2072         * bindings/js/ScriptProfiler.h:
2073         * bindings/v8/ScriptDebugServer.cpp:
2074         (WebCore::ScriptDebugServer::isDebuggerAlwaysEnabled):
2075         * bindings/v8/ScriptDebugServer.h:
2076         * bindings/v8/ScriptProfiler.cpp:
2077         (WebCore::ScriptProfiler::isProfilerAlwaysEnabled):
2078         * bindings/v8/ScriptProfiler.h:
2079         * inspector/Inspector.idl:
2080         * inspector/InspectorAgent.cpp:
2081         (WebCore::InspectorAgent::InspectorAgent):
2082         (WebCore::InspectorAgent::disconnectFrontend):
2083         (WebCore::InspectorAgent::restoreDebugger):
2084         (WebCore::InspectorAgent::restoreProfiler):
2085         (WebCore::InspectorAgent::ensureSettingsLoaded):
2086         (WebCore::InspectorAgent::enableProfiler):
2087         (WebCore::InspectorAgent::disableProfiler):
2088         (WebCore::InspectorAgent::showAndEnableDebugger):
2089         (WebCore::InspectorAgent::enableDebugger):
2090         (WebCore::InspectorAgent::disableDebugger):
2091         * inspector/InspectorAgent.h:
2092         (WebCore::InspectorAgent::settings):
2093         * inspector/InspectorConsoleAgent.cpp:
2094         (WebCore::InspectorConsoleAgent::setMonitoringXHREnabled):
2095         (WebCore::InspectorConsoleAgent::setConsoleMessagesEnabled):
2096         * inspector/InspectorDebuggerAgent.cpp:
2097         (WebCore::InspectorDebuggerAgent::isDebuggerAlwaysEnabled):
2098         * inspector/InspectorDebuggerAgent.h:
2099         * inspector/InspectorInstrumentation.cpp:
2100         (WebCore::InspectorInstrumentation::identifierForInitialRequestImpl):
2101         (WebCore::InspectorInstrumentation::didLoadResourceFromMemoryCacheImpl):
2102         * inspector/InspectorProfilerAgent.cpp:
2103         (WebCore::InspectorProfilerAgent::InspectorProfilerAgent):
2104         (WebCore::InspectorProfilerAgent::startUserInitiatedProfiling):
2105         * inspector/InspectorSettings.cpp: Added.
2106         (WebCore::InspectorSettings::InspectorSettings):
2107         (WebCore::InspectorSettings::getBoolean):
2108         (WebCore::InspectorSettings::setBoolean):
2109         (WebCore::InspectorSettings::getLong):
2110         (WebCore::InspectorSettings::setLong):
2111         (WebCore::InspectorSettings::registerBoolean):
2112         (WebCore::InspectorSettings::registerLong):
2113         * inspector/InspectorSettings.h: Copied from Source/WebCore/bindings/v8/ScriptProfiler.h.
2114         * inspector/InspectorState.cpp:
2115         (WebCore::InspectorState::InspectorState):
2116         * inspector/InspectorState.h:
2117         * inspector/front-end/ConsoleView.js:
2118         (WebInspector.ConsoleView.prototype._registerConsoleDomainDispatcher.dispatcher.monitoringXHRStateChanged):
2119         (WebInspector.ConsoleView.prototype._registerConsoleDomainDispatcher):
2120         (WebInspector.ConsoleView.prototype._handleContextMenuEvent):
2121         * inspector/front-end/ProfilesPanel.js:
2122         (WebInspector.ProfilesPanel.prototype._toggleProfiling):
2123         * inspector/front-end/ScriptsPanel.js:
2124         (WebInspector.ScriptsPanel.prototype._toggleDebugging):
2125         * inspector/front-end/Settings.js:
2126         (WebInspector.Settings):
2127         * inspector/front-end/inspector.js:
2128
2129 2011-01-26  Philippe Normand  <pnormand@igalia.com>
2130
2131         Reviewed by Martin Robinson.
2132
2133         [GTK] LayoutTests/media/audio-mpeg4-supported.html fails
2134         https://bugs.webkit.org/show_bug.cgi?id=53125
2135
2136         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2137         (WebCore::mimeTypeCache): Add audio/x-m4a mimetype in the cache.
2138
2139 2011-01-26  Yury Semikhatsky  <yurys@chromium.org>
2140
2141         Reviewed by Pavel Feldman.
2142
2143         Web Inspector: store all settings related to the agents on the frontend side
2144         https://bugs.webkit.org/show_bug.cgi?id=53174
2145
2146         * CMakeLists.txt:
2147         * GNUmakefile.am:
2148         * WebCore.exp.in:
2149         * WebCore.gypi:
2150         * WebCore.pro:
2151         * WebCore.vcproj/WebCore.vcproj:
2152         * WebCore.xcodeproj/project.pbxproj:
2153         * inspector/Inspector.idl:
2154         * inspector/InspectorAgent.cpp: profiler and debugger enablement state is now stored
2155         on the front-end side and will be pushed to the backend when the frontend is loaded.
2156         (WebCore::InspectorAgent::InspectorAgent):
2157         (WebCore::InspectorAgent::disconnectFrontend):
2158         (WebCore::InspectorAgent::restoreDebugger):
2159         (WebCore::InspectorAgent::restoreProfiler):
2160         (WebCore::InspectorAgent::enableProfiler):
2161         (WebCore::InspectorAgent::disableProfiler):
2162         (WebCore::InspectorAgent::showAndEnableDebugger):
2163         (WebCore::InspectorAgent::enableDebugger):
2164         (WebCore::InspectorAgent::disableDebugger):
2165         * inspector/InspectorAgent.h:
2166         * inspector/InspectorConsoleAgent.cpp: XHR failures will be logged to the console only
2167         if the front-end was opened during current browser session and XHR logging is turned on
2168         there.
2169         (WebCore::InspectorConsoleAgent::setMonitoringXHREnabled):
2170         (WebCore::InspectorConsoleAgent::setConsoleMessagesEnabled):
2171         * inspector/InspectorInstrumentation.cpp:
2172         (WebCore::InspectorInstrumentation::identifierForInitialRequestImpl):
2173         (WebCore::InspectorInstrumentation::didLoadResourceFromMemoryCacheImpl):
2174         * inspector/InspectorProfilerAgent.cpp:
2175         (WebCore::InspectorProfilerAgent::enable):
2176         (WebCore::InspectorProfilerAgent::startUserInitiatedProfiling):
2177         * inspector/InspectorProfilerAgent.h:
2178         * inspector/InspectorSettings.cpp: Removed.
2179         * inspector/InspectorSettings.h: Removed.
2180         * inspector/InspectorState.cpp:
2181         (WebCore::InspectorState::InspectorState):
2182         * inspector/InspectorState.h:
2183         * inspector/front-end/ConsoleView.js:
2184         (WebInspector.ConsoleView.prototype._registerConsoleDomainDispatcher.dispatcher.consoleMessagesCleared):
2185         (WebInspector.ConsoleView.prototype._registerConsoleDomainDispatcher):
2186         (WebInspector.ConsoleView.prototype._handleContextMenuEvent.itemAction):
2187         (WebInspector.ConsoleView.prototype._handleContextMenuEvent):
2188         * inspector/front-end/ProfilesPanel.js:
2189         (WebInspector.ProfilesPanel.prototype._toggleProfiling):
2190         * inspector/front-end/ScriptsPanel.js:
2191         (WebInspector.ScriptsPanel.prototype._toggleDebugging):
2192         * inspector/front-end/Settings.js:
2193         (WebInspector.Settings):
2194         * inspector/front-end/inspector.js:
2195
2196 2011-01-27  Dan Bernstein  <mitz@apple.com>
2197
2198         Reviewed by Sam Weinig.
2199
2200         REGRESSION (r76743): Uneven spacing in right-to-left justified text
2201         https://bugs.webkit.org/show_bug.cgi?id=53225
2202
2203         Fixes failure in fast/text/atsui-spacing-features.html
2204
2205         There was an inconsistency between rendering code and font code in the interpretation of
2206         'after expansion' and 'trailing expansion'. Changed all code to interpret these in terms of
2207         visual order rather than logical.
2208
2209         * platform/graphics/Font.cpp:
2210         (WebCore::Font::expansionOpportunityCount): Added a text direction parameter and changed to
2211         iterate in visual order accordingly.
2212         * platform/graphics/Font.h:
2213         * platform/graphics/WidthIterator.cpp:
2214         (WebCore::WidthIterator::WidthIterator): Pass the run direction to expansionOpportunityCount().
2215         (WebCore::WidthIterator::advance): For right-to-left runs, evaluate the trailing expansion
2216         condition with respect to the first character, which is the trailing character in visual order.
2217         * platform/graphics/mac/ComplexTextController.cpp:
2218         (WebCore::ComplexTextController::ComplexTextController): Pass the run direction to
2219         expansionOpportunityCount().
2220         * rendering/RenderBlockLineLayout.cpp:
2221         (WebCore::RenderBlock::computeInlineDirectionPositionsForLine): Ditto.
2222
2223 2011-01-26  Adam Roben  <aroben@apple.com>
2224
2225         Don't create the Direct3D device before it's first needed
2226
2227         We only need the device once we decide to render. There's no point in creating it before
2228         then.
2229
2230         Reviewed by Sam Weinig.
2231
2232         * platform/graphics/ca/win/CACFLayerTreeHost.cpp:
2233         (WebCore::CACFLayerTreeHost::setWindow): Removed the call to createRenderer() from here.
2234         We already have code to create it when we first try to draw.
2235         (WebCore::CACFLayerTreeHost::createRenderer): Flush the context after we set our layer's
2236         bounds so that the bounds will take effect the next time we render (which could be just
2237         after this function returns).
2238
2239 2011-01-26  Adam Roben  <aroben@apple.com>
2240
2241         Add assertions that CACFLayerTreeHost gains and loses an HWND only once
2242
2243         CACFLayerTreeHost doesn't support any other use pattern.
2244
2245         Reviewed by Sam Weinig.
2246
2247         * platform/graphics/ca/win/CACFLayerTreeHost.cpp:
2248         (WebCore::CACFLayerTreeHost::CACFLayerTreeHost): Initialize new member.
2249         (WebCore::CACFLayerTreeHost::setWindow): Assert that we transition from not having a window,
2250         to having a window, to not having a window just once over the lifetime of this object.
2251
2252         * platform/graphics/ca/win/CACFLayerTreeHost.h: Added m_state.
2253
2254 2011-01-26  Adam Roben  <aroben@apple.com>
2255
2256         Notify layers that their animations have started when we flush the context, not when we
2257         render
2258
2259         r76372 separated context flushing from rendering, but this bit of code got left behind.
2260
2261         Reviewed by Sam Weinig.
2262
2263         * platform/graphics/ca/win/CACFLayerTreeHost.cpp:
2264         (WebCore::CACFLayerTreeHost::render): Moved code to notify the layers from here to
2265         notifyAnimationsStarted.
2266         (WebCore::CACFLayerTreeHost::flushPendingLayerChangesNow): Added a call to
2267         notifyAnimationsStarted after we flush the context.
2268         (WebCore::CACFLayerTreeHost::notifyAnimationsStarted): Added. Code came from render. Changed
2269         to call PlatformCALayer::animationStarted rather than calling through to the client
2270         directly.
2271
2272         * platform/graphics/ca/win/CACFLayerTreeHost.h: Added notifyAniamtionsStarted.
2273
2274 2011-01-26  Adam Roben  <aroben@apple.com>
2275
2276         Small cleanup in MediaPlayerPrivateFullscreenWindow
2277
2278         Reviewed by Sam Weinig.
2279
2280         * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.cpp:
2281         (WebCore::MediaPlayerPrivateFullscreenWindow::~MediaPlayerPrivateFullscreenWindow): Moved
2282         code here from close(), since this was the only place that called it after the following
2283         change to createWindow.
2284         (WebCore::MediaPlayerPrivateFullscreenWindow::createWindow): Replaced code that handled the
2285         case where we had already created the window with an assertion that we have not already done
2286         so. Our single caller (FullscreenVideoController) did not require this behavior.
2287
2288         * platform/graphics/win/MediaPlayerPrivateFullscreenWindow.h: Removed layerView.
2289
2290 2011-01-26  Sam Weinig  <sam@webkit.org>
2291
2292         Reviewed by Adam Roben.
2293
2294         Move ScrollView scroll wheel code to ScrollAnimator.
2295
2296         * platform/ScrollAnimator.cpp:
2297         (WebCore::ScrollAnimator::handleWheelEvent):
2298         * platform/ScrollAnimator.h:
2299         Moved implementation of handleWheelEvent from ScrollView::wheelEvent.
2300
2301         * platform/ScrollView.cpp:
2302         (WebCore::ScrollView::wheelEvent):
2303         Call down to the ScrollableArea.
2304
2305         * platform/ScrollableArea.cpp:
2306         (WebCore::ScrollableArea::handleWheelEvent):
2307         Call down to the ScrollAnimator.
2308
2309         * platform/ScrollableArea.h:
2310         (WebCore::ScrollableArea::scrollPosition):
2311         (WebCore::ScrollableArea::minimumScrollPosition):
2312         (WebCore::ScrollableArea::maximumScrollPosition):
2313         (WebCore::ScrollableArea::visibleContentRect):
2314         (WebCore::ScrollableArea::visibleHeight):
2315         (WebCore::ScrollableArea::visibleWidth):
2316         Add functions needed to implement wheel event in the animator.
2317
2318 2011-01-26  David Kilzer  <ddkilzer@apple.com>
2319
2320         <http://webkit.org/b/53192> Add experimental support for HTTP pipelining in CFNetwork
2321         <rdar://problem/8821760>
2322
2323         Reviewed by Antti Koivisto.
2324
2325         This adds support for HTTP pipelining in CFNetwork, but does not
2326         enable it.  To enable it post-SnowLeopard, use this command:
2327
2328             defaults write BUNDLE.ID WebKitEnableHTTPPipelining -bool YES
2329
2330         Once enabled, it is possible to force the same load priority
2331         (high) to be sent to CFNetwork to allow WebCore to handle the
2332         scheduling:
2333
2334             defaults write BUNDLE.ID WebKitForceHTTPPipeliningPriorityHigh -bool YES
2335
2336         * WebCore.exp.in: Export _wkGetHTTPPipeliningPriority and
2337         _wkSetHTTPPipeliningPriority.
2338
2339         * loader/DocumentThreadableLoader.cpp:
2340         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequestWithPreflight):
2341         Copy the priority to preflightRequest.
2342
2343         * loader/ResourceLoadScheduler.cpp:
2344         (WebCore::ResourceLoadScheduler::scheduleLoad): Refactored code
2345         at the end of the method to use an early return.
2346
2347         * loader/cache/CachedResourceRequest.cpp:
2348         (WebCore::CachedResourceRequest::load): Set the priority on the
2349         ResourceRequest object based on the priority of the
2350         CachedResourceRequest before calling
2351         ResourceLoadScheduler::scheduleSubresourceLoad().
2352
2353         * loader/icon/IconLoader.cpp:
2354         (WebCore::IconLoader::startLoading): Create a ResourceRequest
2355         object and set its priority to ResourceLoadPriorityLow before
2356         passing it to ResourceLoadScheduler::scheduleSubresourceLoad().
2357
2358         * platform/mac/WebCoreSystemInterface.h:
2359         (wkGetHTTPPipeliningPriority): Added.
2360         (wkSetHTTPPipeliningPriority): Added.
2361         * platform/mac/WebCoreSystemInterface.mm:
2362         (wkGetHTTPPipeliningPriority): Added.
2363         (wkSetHTTPPipeliningPriority): Added.
2364
2365         * platform/network/ResourceRequestBase.cpp:
2366         (WebCore::ResourceRequestBase::adopt): Set m_priority when
2367         adopting a CrossThreadResourceRequestData.
2368         (WebCore::ResourceRequestBase::copyData): Set m_priority when
2369         creating a CrossThreadResourceRequestData.
2370         (WebCore::ResourceRequestBase::priority): Added.
2371         (WebCore::ResourceRequestBase::setPriority): Added.
2372         (WebCore::equalIgnoringHeaderFields): Priorities must match when
2373         comparing two ResourceRequest objects.
2374
2375         * platform/network/ResourceRequestBase.h:
2376         (WebCore::ResourceRequestBase::ResourceRequestBase): Set default
2377         priority of new objects to ResourceLoadPriorityLow.
2378         (WebCore::ResourceRequestBase::priority): Added declaration.
2379         (WebCore::ResourceRequestBase::setPriority): Added declaration.
2380         (WebCore::isHTTPPipeliningEnabled): Added.
2381         (WebCore::shouldUseHTTPPipeliningPriority): Added.
2382
2383         * platform/network/cf/ResourceRequestCFNet.cpp: Updated so that
2384         Mac OS X and Windows share code.
2385         (WebCore::initializeMaximumHTTPConnectionCountPerHost): Always
2386         set the HTTP connection count per host, but return an
2387         'unlimited' value when using HTTP pipelining.  This method used
2388         to be defined in ResourceRequestMac.mm for Mac OS X.
2389         (WebCore::readBooleanPreference): Added.  Helper method for
2390         reading boolean user defaults.
2391         (WebCore::isHTTPPipeliningEnabled): Returns value of user
2392         default key WebKitEnableHTTPPipelining, or false if not set.
2393         (WebCore::shouldUseHTTPPipeliningPriority): Returns value of
2394         user default key WebKitForceHTTPPipeliningPriorityHigh, or false
2395         if not set.
2396         * platform/network/cf/ResourceRequestCFNet.h: Updated so that
2397         Mac OS X and Windows share code.  Fixed indentation.
2398         (WebCore::mapHTTPPipeliningPriorityToResourceLoadPriority): Added.
2399         (WebCore::mapResourceLoadPriorityToHTTPPipeliningPriority): Added.
2400
2401         * platform/network/mac/ResourceRequestMac.mm:
2402         (WebCore::ResourceRequest::doUpdatePlatformRequest): Update
2403         HTTP pipelining priority on NSMutableFURLRequest object.
2404         (WebCore::ResourceRequest::doUpdateResourceRequest): Update
2405         m_priority from the NSURLRequest object.
2406         (WebCore::initializeMaximumHTTPConnectionCountPerHost): Removed.
2407         Code is now shared with Windows in ResourceRequestCFNet.cpp.
2408
2409 2011-01-26  Beth Dakin  <bdakin@apple.com>
2410
2411         Reviewed by Darin Adler.
2412
2413         Fix for <rdar://problem/8895140> Adopt WKScrollbar metrics 
2414         when using WKScrollbars.
2415
2416         New WebKitSystemInterface Functionality.
2417         * WebCore.exp.in:
2418         * platform/mac/WebCoreSystemInterface.h:
2419         * platform/mac/WebCoreSystemInterface.mm:
2420
2421         Some of the terrible static arrays are now only needed in the 
2422         old non-WK code, so they are if-def'd now.
2423         * platform/mac/ScrollbarThemeMac.mm:
2424         
2425         Just patching this function in a better way than I did
2426         before.
2427         (WebCore::updateArrowPlacement):
2428         
2429         Call into WK for the right values.
2430         (WebCore::ScrollbarThemeMac::scrollbarThickness):
2431         (WebCore::ScrollbarThemeMac::hasThumb):
2432         (WebCore::ScrollbarThemeMac::minimumThumbLength):
2433         
2434         Return false if there are no buttons.
2435         (WebCore::ScrollbarThemeMac::hasButtons):
2436
2437         Return an empty IntRect if there are not buttons.
2438         (WebCore::buttonRepaintRect):
2439
2440 2011-01-26  Sam Weinig  <sam@webkit.org>
2441
2442         Reviewed by Maciej Stachowiak.
2443
2444         Add events to represent the start/end of a gesture scroll
2445         https://bugs.webkit.org/show_bug.cgi?id=53215
2446
2447         * WebCore.exp.in: 
2448         Add new file.
2449
2450         * WebCore.xcodeproj/project.pbxproj:
2451         Add new file.
2452
2453         * page/EventHandler.cpp:
2454         (WebCore::EventHandler::handleGestureEvent):
2455         * page/EventHandler.h:
2456         Add entry point for handling gesture events.
2457
2458         * platform/PlatformGestureEvent.h: Added.
2459         (WebCore::PlatformGestureEvent::PlatformGestureEvent):
2460         (WebCore::PlatformGestureEvent::type):
2461         (WebCore::PlatformGestureEvent::position):
2462         (WebCore::PlatformGestureEvent::globalPosition):
2463         (WebCore::PlatformGestureEvent::timestamp):
2464         Add platform agnostic representation of a gesture event.
2465
2466 2011-01-26  Dan Bernstein  <mitz@apple.com>
2467
2468         Reviewed by Dave Hyatt.
2469
2470         <rdar://problem/8446709> Allow inter-ideograph justification for CJK
2471         https://bugs.webkit.org/show_bug.cgi?id=53184
2472
2473         Tests: fast/text/justify-ideograph-complex.html
2474                fast/text/justify-ideograph-simple.html
2475                fast/text/justify-ideograph-vertical.html
2476
2477         * html/canvas/CanvasRenderingContext2D.cpp:
2478         (WebCore::CanvasRenderingContext2D::drawTextInternal): Corrected the type of the third parameter
2479         passed to the TextRun constructor and added the trailingExpansionBehavior parameter.
2480         * platform/graphics/Font.cpp:
2481         (WebCore::Font::expansionOpportunityCount): Added. Returns the number of expansion opportunities
2482         for text justification. On entry, isAfterExpansion says whether an expansion opportunity exists
2483         before the first character. On return, isAfterExpansion says whether an expansion opportunity
2484         exists after the last character.
2485         * platform/graphics/Font.h: 
2486         * platform/graphics/GlyphBuffer.h:
2487         (WebCore::GlyphBuffer::expandLastAdvance): Added.
2488         * platform/graphics/TextRun.h:
2489         (WebCore::TextRun::TextRun): Added a TrailingExpansionBehavior parameter to the constructors.
2490         Renamed padding to expansion.
2491         (WebCore::TextRun::expansion): Renamed padding() to this.
2492         (WebCore::TextRun::allowsTrailingExpansion): Added this accessor.
2493         * platform/graphics/WidthIterator.cpp:
2494         (WebCore::WidthIterator::WidthIterator): Initialize m_isAfterExpansion. Use Font::expansionOpportunityCount()
2495         and adjust the count if it includes a trailing expansion opportunity but the run disallows trailing
2496         expansion.
2497         (WebCore::WidthIterator::advance): Apply expansion before and after CJK ideographs.
2498         (WebCore::WidthIterator::advanceOneCharacter): Changed to not clear the GlyphBuffer so that advance()
2499         can expand the last advance if it is followed by a CJK ideograph.
2500         * platform/graphics/WidthIterator.h: Renamed m_padding to m_expansion and m_padPerSpace
2501         to m_expansionPerOpportunity.
2502         * platform/graphics/chromium/FontChromiumWin.cpp:
2503         (WebCore::Font::canExpandAroundIdeographsInComplexText): Added.
2504         * platform/graphics/chromium/FontLinux.cpp:
2505         (WebCore::Font::canExpandAroundIdeographsInComplexText): Added.
2506         * platform/graphics/efl/FontEfl.cpp:
2507         (WebCore::Font::canExpandAroundIdeographsInComplexText): Added.
2508         * platform/graphics/gtk/FontGtk.cpp:
2509         (WebCore::Font::canExpandAroundIdeographsInComplexText): Added.
2510         * platform/graphics/haiku/FontHaiku.cpp:
2511         (WebCore::Font::canExpandAroundIdeographsInComplexText): Added.
2512         * platform/graphics/mac/ComplexTextController.cpp:
2513         (WebCore::ComplexTextController::ComplexTextController): Initialize m_isAfterExpansion. Use
2514         Font::expansionOpportunityCount() and adjust the count if it includes a trailing expansion
2515         opportunity but the run disallows trailing expansion.
2516         (WebCore::ComplexTextController::adjustGlyphsAndAdvances): Moved the definition and initialization
2517         of hasExtraSpacing outside the loop. Apply expansion before and after CJK ideographs.
2518         * platform/graphics/mac/ComplexTextController.h: Renamed m_padding to m_expansion and m_padPerSpace
2519         to m_expansionPerOpportunity.
2520         * platform/graphics/mac/FontMac.mm:
2521         (WebCore::Font::canExpandAroundIdeographsInComplexText): Added.
2522         * platform/graphics/qt/FontQt.cpp:
2523         (WebCore::Font::canExpandAroundIdeographsInComplexText): Added.
2524         * platform/graphics/win/FontWin.cpp:
2525         (WebCore::Font::canExpandAroundIdeographsInComplexText): Added.
2526         * platform/graphics/win/UniscribeController.cpp:
2527         (WebCore::UniscribeController::UniscribeController): Updated for rename.
2528         * platform/graphics/wince/FontWinCE.cpp:
2529         (WebCore::Font::canExpandAroundIdeographsInComplexText): Added.
2530         * platform/graphics/wx/FontWx.cpp:
2531         (WebCore::Font::canExpandAroundIdeographsInComplexText): Added.
2532         * rendering/EllipsisBox.cpp:
2533         (WebCore::EllipsisBox::paint): Pass a TrailingExpansionBehavior to the TextRun constructor.
2534         (WebCore::EllipsisBox::selectionRect): Ditto.
2535         (WebCore::EllipsisBox::paintSelection): Ditto.
2536         * rendering/InlineBox.h:
2537         (WebCore::InlineBox::InlineBox): Renamed m_toAdd to m_expansion.
2538         (WebCore::InlineBox::expansion): Renamed toAdd() to this.
2539         * rendering/InlineTextBox.cpp:
2540         (WebCore::InlineTextBox::selectionRect): Pass a TrailingExpansionBehavior to the TextRun constructor.
2541         (WebCore::InlineTextBox::paint): Ditto.
2542         (WebCore::InlineTextBox::paintSelection): Ditto.
2543         (WebCore::InlineTextBox::paintCompositionBackground): Ditto.
2544         (WebCore::InlineTextBox::paintSpellingOrGrammarMarker): Ditto.
2545         (WebCore::InlineTextBox::paintTextMatchMarker): Ditto.
2546         (WebCore::InlineTextBox::computeRectForReplacementMarker): Ditto.
2547         (WebCore::InlineTextBox::offsetForPosition): Ditto.
2548         (WebCore::InlineTextBox::positionForOffset): Ditto.
2549         * rendering/InlineTextBox.h:
2550         (WebCore::InlineTextBox::setExpansion): Renamed setSpaceAdd() to this.
2551         (WebCore::InlineTextBox::trailingExpansionBehavior): Added. Trailing expansion is allowed if this
2552         is not the last leaf box on the line.
2553         * rendering/RenderBlockLineLayout.cpp:
2554         (WebCore::RenderBlock::computeInlineDirectionPositionsForLine): Keep expansion opportunity counts
2555         in a vector instead of computing them twice. Discard the trailing expansion opportunity in the
2556         last text box.
2557         * rendering/RenderFileUploadControl.cpp:
2558         (WebCore::RenderFileUploadControl::paintObject): Pass a TrailingExpansionBehavior to the TextRun constructor.
2559         (WebCore::RenderFileUploadControl::computePreferredLogicalWidths): Ditto.
2560         * rendering/RenderListBox.cpp:
2561         (WebCore::RenderListBox::updateFromElement): Ditto.
2562         (WebCore::RenderListBox::paintItemForeground): Ditto. Also corrected the type of the second parameter.
2563         * rendering/RenderTextControl.cpp:
2564         (WebCore::RenderTextControl::getAvgCharWidth): Ditto.
2565         (WebCore::RenderTextControl::paintPlaceholder): Ditto.
2566         * rendering/svg/SVGInlineTextBox.cpp:
2567         (WebCore::SVGInlineTextBox::constructTextRun): Ditto.
2568
2569 2011-01-26  Andy Estes  <aestes@apple.com>
2570
2571         Rubber-stamped by Darin Adler.
2572
2573         Inline HTMLObjectElement::hasValidClassId().
2574
2575         * html/HTMLObjectElement.cpp:
2576         (WebCore::HTMLObjectElement::hasValidClassId):
2577
2578 2011-01-26  Evan Martin  <evan@chromium.org>
2579
2580         Reviewed by Tony Chang.
2581
2582         [chromium] crash on getBoundingClientRect in complex text
2583         https://bugs.webkit.org/show_bug.cgi?id=53199
2584
2585         Use the correct array bound; we want the number of characters processed by
2586         the shaper, not the longest continuous script run length.
2587
2588         Test: platform/chromium-linux/fast/text/international/complex-text-rectangle.html
2589
2590         * platform/graphics/chromium/ComplexTextControllerLinux.cpp:
2591         (WebCore::ComplexTextController::nextScriptRun):
2592         * platform/graphics/chromium/ComplexTextControllerLinux.h:
2593         (WebCore::ComplexTextController::numCodePoints):
2594
2595 2011-01-26  Emil A Eklund  <eae@chromium.org>
2596
2597         Reviewed by Alexey Proskuryakov.
2598
2599         Remove cached document reference from CSSStyleSheet and XSLStyleSheet.
2600         https://bugs.webkit.org/show_bug.cgi?id=52084
2601
2602         Test: fast/dom/css-delete-doc.html
2603
2604         * css/CSSMediaRule.cpp:
2605         (WebCore::CSSMediaRule::insertRule):
2606         (WebCore::CSSMediaRule::deleteRule):
2607         * css/CSSStyleSheet.cpp:
2608         (WebCore::CSSStyleSheet::CSSStyleSheet):
2609         (WebCore::CSSStyleSheet::document):
2610         * css/CSSStyleSheet.h:
2611         * xml/XSLStyleSheet.h:
2612         (WebCore::XSLStyleSheet::parentStyleSheet):
2613         * xml/XSLStyleSheetLibxslt.cpp:
2614         (WebCore::XSLStyleSheet::XSLStyleSheet):
2615         (WebCore::XSLStyleSheet::cachedResourceLoader):
2616         (WebCore::XSLStyleSheet::setParentStyleSheet):
2617         (WebCore::XSLStyleSheet::ownerDocument):
2618         * xml/XSLStyleSheetQt.cpp:
2619         (WebCore::XSLStyleSheet::XSLStyleSheet):
2620         (WebCore::XSLStyleSheet::cachedResourceLoader):
2621         (WebCore::XSLStyleSheet::ownerDocument):
2622
2623 2011-01-25  Dimitri Glazkov  <dglazkov@chromium.org>
2624
2625         Reviewed by Kent Tamura.
2626
2627         Reduce ref-count churn in shadowPseudoId.
2628         https://bugs.webkit.org/show_bug.cgi?id=53136
2629
2630         Refactoring, so no new tests.
2631
2632         * dom/Element.h:
2633         (WebCore::Element::shadowPseudoId): Changed signature to use const AtomicString&
2634         * html/ValidationMessage.cpp:
2635         (WebCore::ElementWithPseudoId::shadowPseudoId): Ditto.
2636         * html/shadow/SliderThumbElement.cpp:
2637         (WebCore::SliderThumbElement::shadowPseudoId): Ditto, plus moved from the header file.
2638         * html/shadow/SliderThumbElement.h: Ditto.
2639         * rendering/MediaControlElements.cpp:
2640         (WebCore::MediaControlMuteButtonElement::shadowPseudoId): Ditto.
2641         (WebCore::MediaControlVolumeSliderMuteButtonElement::shadowPseudoId): Ditto.
2642         (WebCore::MediaControlPlayButtonElement::shadowPseudoId): Ditto.
2643         (WebCore::MediaControlSeekForwardButtonElement::shadowPseudoId): Ditto.
2644         (WebCore::MediaControlSeekBackButtonElement::shadowPseudoId): Ditto.
2645         (WebCore::MediaControlRewindButtonElement::shadowPseudoId): Ditto.
2646         (WebCore::MediaControlReturnToRealtimeButtonElement::shadowPseudoId): Ditto.
2647         (WebCore::MediaControlToggleClosedCaptionsButtonElement::shadowPseudoId): Ditto.
2648         (WebCore::MediaControlTimelineElement::shadowPseudoId): Ditto.
2649         (WebCore::MediaControlVolumeSliderElement::shadowPseudoId): Ditto.
2650         (WebCore::MediaControlFullscreenButtonElement::shadowPseudoId): Ditto.
2651         * rendering/MediaControlElements.h: Ditto.
2652
2653 2011-01-26  Dave Hyatt  <hyatt@apple.com>
2654
2655         Reviewed by Dan Bernstein.
2656
2657         https://bugs.webkit.org/show_bug.cgi?id=46421, make multi-column layout work with vertical text.
2658
2659         Added new tests in fast/multicol/vertical-lr and fast/multicol/vertical-rl.
2660
2661         * css/html.css:
2662         Update p, blockquote and h1-h6 to respect directionality so that column layout tests that use those
2663         elements work properly.
2664
2665         * rendering/InlineFlowBox.cpp:
2666         (WebCore::InlineFlowBox::placeBoxesInBlockDirection):
2667         Fix a flipping bug with the computation of lineTopIncludingMargins where it could be incorrectly shrunk
2668         in some cases (causing lines to all stack on top of one another).
2669
2670         * rendering/InlineTextBox.h:
2671         (WebCore::InlineTextBox::calculateBoundaries):
2672         Fix calculateBoundaries to be physical rather than logical.
2673
2674         * rendering/LayoutState.cpp:
2675         (WebCore::LayoutState::addForcedColumnBreak):
2676         * rendering/LayoutState.h:
2677         Rename childY to childLogicalOffset.
2678
2679         * rendering/RenderBlock.cpp:
2680         (WebCore::RenderBlock::layoutBlock):
2681         (WebCore::RenderBlock::addOverflowFromChildren):
2682         (WebCore::RenderBlock::addOverflowFromFloats):
2683         (WebCore::RenderBlock::collapseMargins):
2684         (WebCore::RenderBlock::estimateLogicalTopPosition):
2685         (WebCore::RenderBlock::layoutBlockChild):
2686         (WebCore::RenderBlock::markForPaginationRelayoutIfNeeded):
2687         (WebCore::RenderBlock::paintColumnRules):
2688         (WebCore::RenderBlock::paintColumnContents):
2689         (WebCore::RenderBlock::paintFloats):
2690         (WebCore::RenderBlock::selectionGaps):
2691         (WebCore::RenderBlock::removeFloatingObjectsBelow):
2692         (WebCore::RenderBlock::addOverhangingFloats):
2693         (WebCore::RenderBlock::hitTestFloats):
2694         (WebCore::RenderBlock::hitTestColumns):
2695         (WebCore::RenderBlock::calcColumnWidth):
2696         (WebCore::RenderBlock::desiredColumnWidth):
2697         (WebCore::RenderBlock::columnRectAt):
2698         (WebCore::RenderBlock::layoutColumns):
2699         (WebCore::RenderBlock::adjustPointToColumnContents):
2700         (WebCore::RenderBlock::adjustRectForColumns):
2701         (WebCore::RenderBlock::flipForWritingModeIncludingColumns):
2702         (WebCore::RenderBlock::adjustForColumns):
2703         (WebCore::RenderBlock::adjustForBorderFit):
2704         (WebCore::RenderBlock::nextPageLogicalTop):
2705         (WebCore::RenderBlock::applyBeforeBreak):
2706         (WebCore::RenderBlock::applyAfterBreak):
2707         (WebCore::RenderBlock::adjustForUnsplittableChild):
2708         (WebCore::RenderBlock::adjustLinePositionForPagination):
2709         * rendering/RenderBlock.h:
2710         (WebCore::RenderBlock::logicalRightOffsetForContent):
2711         (WebCore::RenderBlock::logicalLeftOffsetForContent):
2712         (WebCore::RenderBlock::leftForFloatIncludingMargin):
2713         (WebCore::RenderBlock::topForFloatIncludingMargin):
2714         * rendering/RenderBlockLineLayout.cpp:
2715         (WebCore::RenderBlock::layoutInlineChildren):
2716         (WebCore::RenderBlock::determineStartPosition):
2717         Reworking of all the RenderBlock column functions to support flipping and vertical modes.
2718
2719         * rendering/RenderBox.cpp:
2720         (WebCore::RenderBox::offsetFromContainer):
2721         (WebCore::RenderBox::flipForWritingModeIncludingColumns):
2722         Patch offsetFromContainer to be aware of flipped block writing modes when dealing with column layouts.
2723
2724         * rendering/RenderBox.h:
2725         (WebCore::RenderBox::clientLogicalBottom):
2726         Fix a bug in clientLogicalBottom where it didn't add in the right border/padding.
2727         
2728         * rendering/RenderFlexibleBox.cpp:
2729         (WebCore::RenderFlexibleBox::layoutBlock):
2730         Better terminology for pagination.
2731
2732         * rendering/RenderInline.cpp:
2733         (WebCore::RenderInline::offsetFromContainer):
2734         (WebCore::RenderInline::mapLocalToContainer):
2735         * rendering/RenderLayer.cpp:
2736         (WebCore::RenderLayer::paintChildLayerIntoColumns):
2737         (WebCore::RenderLayer::hitTestChildLayerColumns):
2738         (WebCore::RenderLayer::localBoundingBox):
2739         (WebCore::RenderLayer::boundingBox):
2740         Patch painting in RenderLayers to be vertical-text-aware.
2741     
2742         * rendering/RenderObject.cpp:
2743         (WebCore::RenderObject::mapLocalToContainer):
2744         Add code to be flipped block-aware with columns.
2745
2746         * rendering/RenderTable.cpp:
2747         (WebCore::RenderTable::layout):
2748         * rendering/RenderTableRow.cpp:
2749         (WebCore::RenderTableRow::layout):
2750         * rendering/RenderTableSection.cpp:
2751         (WebCore::RenderTableSection::layoutRows):
2752         Fix pagination to use better terminology.
2753         
2754         * rendering/RenderText.cpp:
2755         (WebCore::RenderText::absoluteQuads):
2756         (WebCore::RenderText::absoluteQuadsForRange):
2757         Fix a bug where vertical text wasn't taken into account.
2758
2759 2011-01-26  Dimitri Glazkov  <dglazkov@chromium.org>
2760
2761         Unreviewed, rolling out r76719.
2762         http://trac.webkit.org/changeset/76719
2763         https://bugs.webkit.org/show_bug.cgi?id=53122
2764
2765         Broke a bunch of media tests in Chromium/Qt/GTK.
2766
2767 2011-01-26  Tony Chang  <tony@chromium.org>
2768
2769         Reviewed by Ryosuke Niwa.
2770
2771         [gtk] strip NUL characters when copying text/html on GTK+
2772         https://bugs.webkit.org/show_bug.cgi?id=52508
2773
2774         Putting NUL characters in the text/html clipboard doesn't work in
2775         WebKit GTK+ (the pasted value is truncated at the NUL).  Since we're
2776         already stripping this character for plain text (for Windows), strip
2777         it in text/html too.
2778
2779         * editing/MarkupAccumulator.h: mark function as virtual
2780         * editing/markup.cpp:
2781         (WebCore::StyledMarkupAccumulator::appendString):
2782         (WebCore::StyledMarkupAccumulator::takeResults): strip nulls
2783
2784 2011-01-26  Mario Sanchez Prada  <msanchez@igalia.com>
2785
2786         Reviewed by Martin Robinson.
2787
2788         [GTK] Reliable crash with getTextAtOffset()
2789         https://bugs.webkit.org/show_bug.cgi?id=53131
2790
2791         Properly calculate length in bytes for a UTF8 substring.
2792
2793         * accessibility/gtk/AccessibilityObjectWrapperAtk.cpp:
2794         (utf8Substr): Use character instead of bytes as units to
2795         calculate the length in bytes for the UTF8 string.
2796
2797 2011-01-25  Dimitri Glazkov  <dglazkov@chromium.org>
2798
2799         Reviewed by Kent Tamura.
2800
2801         Change HTMLInputElement-derived parts of media element shadow DOM to use shadowPseudoId.
2802         https://bugs.webkit.org/show_bug.cgi?id=53122
2803
2804         This is the first step in converting HTMLMediaElement to the new shadow DOM.
2805
2806         Should not regress any existing tests. No observable change in behavior.
2807
2808         * css/CSSSelector.cpp:
2809         (WebCore::CSSSelector::pseudoId): Removed now-unnecessary hard-coded pseudo-element selectors.
2810         (WebCore::nameToPseudoTypeMap): Ditto.
2811         (WebCore::CSSSelector::extractPseudoType): Ditto.
2812         * css/CSSSelector.h: Ditto.
2813         * css/mediaControls.css: Added proper initial values, now that elements use the proper selector pipeline.
2814         * rendering/MediaControlElements.cpp:
2815         (WebCore::MediaControlInputElement::MediaControlInputElement): Removed the switch statement,
2816             which is now replaced with virtual shadowPseudoId on each corresponding class.
2817         (WebCore::MediaControlInputElement::styleForElement): Changed to use element pipeline.
2818         (WebCore::MediaControlMuteButtonElement::MediaControlMuteButtonElement): Changed to set
2819             display type in constructor.
2820         (WebCore::MediaControlMuteButtonElement::create): Changed to not take PseudoId as
2821             constructor argument.
2822         (WebCore::MediaControlMuteButtonElement::shadowPseudoId): Added.
2823         (WebCore::MediaControlVolumeSliderMuteButtonElement::MediaControlVolumeSliderMuteButtonElement): Added
2824             to disambiguate from the MediaControlMuteButtonElement.
2825         (WebCore::MediaControlVolumeSliderMuteButtonElement::create): Added.
2826         (WebCore::MediaControlVolumeSliderMuteButtonElement::shadowPseudoId): Added.
2827         (WebCore::MediaControlPlayButtonElement::MediaControlPlayButtonElement): Changed to not take PseudoId as
2828             constructor argument.
2829         (WebCore::MediaControlPlayButtonElement::shadowPseudoId): Added.
2830         (WebCore::MediaControlSeekButtonElement::MediaControlSeekButtonElement): Changed to not take PseudoId as
2831             constructor argument.
2832         (WebCore::MediaControlSeekForwardButtonElement::MediaControlSeekForwardButtonElement): Added.
2833         (WebCore::MediaControlSeekForwardButtonElement::create): Added.
2834         (WebCore::MediaControlSeekForwardButtonElement::shadowPseudoId): Added.
2835         (WebCore::MediaControlSeekBackButtonElement::MediaControlSeekBackButtonElement): Added.
2836         (WebCore::MediaControlSeekBackButtonElement::create): Added.
2837         (WebCore::MediaControlSeekBackButtonElement::shadowPseudoId): Added.
2838         (WebCore::MediaControlRewindButtonElement::MediaControlRewindButtonElement): Added.
2839         (WebCore::MediaControlRewindButtonElement::shadowPseudoId): Added.
2840         (WebCore::MediaControlReturnToRealtimeButtonElement::MediaControlReturnToRealtimeButtonElement): Changed to not take PseudoId as
2841             constructor argument.
2842         (WebCore::MediaControlReturnToRealtimeButtonElement::shadowPseudoId): Added.
2843         (WebCore::MediaControlToggleClosedCaptionsButtonElement::MediaControlToggleClosedCaptionsButtonElement): Changed to not take PseudoId as
2844             constructor argument.
2845         (WebCore::MediaControlToggleClosedCaptionsButtonElement::shadowPseudoId): Added.
2846         (WebCore::MediaControlTimelineElement::MediaControlTimelineElement): Changed to not take PseudoId as
2847             constructor argument.
2848         (WebCore::MediaControlTimelineElement::shadowPseudoId): Added.
2849         (WebCore::MediaControlVolumeSliderElement::MediaControlVolumeSliderElement): Changed to not take PseudoId as
2850             constructor argument.
2851         (WebCore::MediaControlVolumeSliderElement::shadowPseudoId): Added.
2852         (WebCore::MediaControlFullscreenButtonElement::MediaControlFullscreenButtonElement): Changed to not take PseudoId as
2853             constructor argument.
2854         (WebCore::MediaControlFullscreenButtonElement::shadowPseudoId): Added.
2855         * rendering/MediaControlElements.h:
2856         (WebCore::MediaControlSeekForwardButtonElement::isForwardButton): Added.
2857         (WebCore::MediaControlSeekBackButtonElement::isForwardButton): Added.
2858         * rendering/RenderMedia.cpp:
2859         (WebCore::RenderMedia::createMuteButton): Changed to use new constructor.
2860         (WebCore::RenderMedia::createSeekBackButton): Ditto.
2861         (WebCore::RenderMedia::createSeekForwardButton): Ditto.
2862         (WebCore::RenderMedia::createVolumeSliderMuteButton): Ditto.
2863         * rendering/style/RenderStyleConstants.h: Removed constants that are no longer used.
2864
2865 2011-01-26  Kenneth Russell  <kbr@google.com>
2866
2867         Reviewed by James Robinson.
2868
2869         Fix multisampling support in DrawingBuffer
2870         https://bugs.webkit.org/show_bug.cgi?id=53154
2871
2872         In DrawingBuffer's multisampling code path, fixed enum usage and a
2873         bug where it would incorrectly redefine the depth and stencil
2874         buffers. Hooked up multisampling code path in Chromium port.
2875
2876         Tested manually with some accelerated 2D canvas content.
2877         Multisampling isn't being switched on for the accelerated 2D
2878         canvas at the current time because it will increase fill rate
2879         requirements and cause a large number of rebaselines.
2880
2881         * platform/graphics/Extensions3D.h:
2882         * platform/graphics/chromium/DrawingBufferChromium.cpp:
2883         (WebCore::DrawingBuffer::publishToPlatformLayer):
2884         * platform/graphics/chromium/Extensions3DChromium.h:
2885         * platform/graphics/gpu/DrawingBuffer.cpp:
2886         (WebCore::DrawingBuffer::create):
2887         (WebCore::DrawingBuffer::reset):
2888         * platform/graphics/opengl/Extensions3DOpenGL.cpp:
2889         (WebCore::Extensions3DOpenGL::supports):
2890
2891 2011-01-26  Tony Chang  <tony@chromium.org>
2892
2893         Unreviewed.
2894
2895         [chromium] revert r68310 because of race conditions detected by tsans
2896         https://bugs.webkit.org/show_bug.cgi?id=53185
2897
2898         Causes stability problems for Chromium, http://crbug.com/70589
2899
2900         * platform/sql/chromium/SQLiteFileSystemChromiumPosix.cpp:
2901         (WebCore::SQLiteFileSystem::registerSQLiteVFS):
2902
2903 2011-01-26  Justin Schuh  <jschuh@chromium.org>
2904
2905         Reviewed by Adam Barth.
2906
2907         Make fireEventsAndUpdateStyle use stack local vectors. 
2908         https://bugs.webkit.org/show_bug.cgi?id=46760
2909
2910         Test: animations/animation-add-events-in-handler.html
2911
2912         * page/animation/AnimationController.cpp:
2913         (WebCore::AnimationControllerPrivate::fireEventsAndUpdateStyle):
2914
2915 2011-01-26  Nate Chapin  <japhet@chromium.org>
2916
2917         Reviewed by Adam Barth.
2918
2919         Remove m_URL from FrameLoader and depend on Document::url()
2920         instead. FrameLoader::url() will be removed in a followup patch.
2921         https://bugs.webkit.org/show_bug.cgi?id=41165
2922
2923         Refactor only, no new tests.
2924
2925         * WebCore.exp.in:
2926         * dom/Document.cpp:
2927         (WebCore::Document::Document):
2928         (WebCore::Document::updateURLForPushOrReplaceState):
2929         * loader/DocumentWriter.cpp:
2930         (WebCore::DocumentWriter::begin):
2931         * loader/FrameLoader.cpp:
2932         (WebCore::FrameLoader::iconURL):
2933         (WebCore::FrameLoader::didOpenURL):
2934         (WebCore::FrameLoader::didExplicitOpen):
2935         (WebCore::FrameLoader::receivedFirstData):
2936         (WebCore::FrameLoader::url):
2937         (WebCore::FrameLoader::setOutgoingReferrer):
2938         (WebCore::FrameLoader::startIconLoader):
2939         (WebCore::FrameLoader::commitIconURLToIconDatabase):
2940         (WebCore::FrameLoader::finishedParsing):
2941         (WebCore::FrameLoader::checkIfDisplayInsecureContent):
2942         (WebCore::FrameLoader::checkIfRunInsecureContent):
2943         (WebCore::FrameLoader::updateFirstPartyForCookies):
2944         (WebCore::FrameLoader::loadInSameDocument):
2945         (WebCore::FrameLoader::commitProvisionalLoad):
2946         (WebCore::FrameLoader::open):
2947         (WebCore::FrameLoader::shouldScrollToAnchor):
2948         * loader/FrameLoader.h: Rename setURL() to setOutgoingReferrer().
2949
2950 2011-01-25  Brian Weinstein  <bweinstein@apple.com>
2951
2952         Reviewed by Antti Koivisto.
2953
2954         Crashes loading pages when cancelling subresource loads through WebKit
2955         https://bugs.webkit.org/show_bug.cgi?id=53123
2956         <rdar://problem/8914361>
2957         
2958         Fix a crash that happened when cancelling subresource loads through WebKit.
2959         
2960         When a load is cancelled synchronously (via the WebKit client), CachedResourceLoader::requestResource 
2961         can be called recursively on the same function, either leading to infinite recursion, or deleting 
2962         an object when it is not done being used.
2963         
2964         The fix for this was to call checkForPendingPreloads and servePendingRequests asynchronously when 
2965         CachedResourceLoader::loadDone was called synchronously (due to the load being cancelled synchronously).
2966
2967         Test: fast/loader/willSendRequest-null-for-preload.html
2968
2969         * loader/DocumentLoader.cpp:
2970         (WebCore::DocumentLoader::setRequest): Only dispatch didReceiveServerRedirectForProvisionalLoadForFrame 
2971             if our new URL is non-null.
2972         * loader/cache/CachedResourceLoader.cpp:
2973         (WebCore::CachedResourceLoader::CachedResourceLoader): Initialize our timer.
2974         (WebCore::CachedResourceLoader::loadDone): If the CachedResource we were passed in was 0, that means this 
2975             function was called synchronously
2976             from CachedResourceRequest::load, and we don't want to call into checkForPendingPreloads synchronously, 
2977             so put it on a 0-delay timer to make the calls to checkForPendingPreloads and servePendingRequests asynchronous.
2978         (WebCore::CachedResourceLoader::loadDonePendingActionTimerFired): Call checkForPendingPreloads and servePendingRequests.
2979         (WebCore::CachedResourceLoader::checkForPendingPreloads): m_pendingPreloads is now a Deque instead of a Vector, 
2980             so use Deque methods.
2981         * loader/cache/CachedResourceLoader.h: Add the timer, the timer callback function, and make m_pendingPreloads a Deque.
2982
2983 2011-01-25  Pavel Podivilov  <podivilov@chromium.org>
2984
2985         Reviewed by Pavel Feldman.
2986
2987         Web Inspector: evaluate in console may not work when window.console is substituted or deleted.
2988         https://bugs.webkit.org/show_bug.cgi?id=53072
2989
2990         Test: inspector/console-substituted.html
2991
2992         * inspector/InjectedScriptSource.js:
2993         (.):
2994
2995 2011-01-26  Carlos Garcia Campos  <cgarcia@igalia.com>
2996
2997         Reviewed by Martin Robinson.
2998
2999         [cairo] Use CAIRO_OPERATOR_DARKEN when available
3000         https://bugs.webkit.org/show_bug.cgi?id=53084
3001
3002         Use CAIRO_OPERATOR_DARKEN for CompositePlusDarker instead of
3003         CAIRO_OPERATOR_SATURATE when building with cairo version >= 1.10.
3004
3005         * platform/graphics/cairo/CairoUtilities.cpp:
3006         (WebCore::toCairoOperator):
3007
3008 2011-01-26  Pavel Feldman  <pfeldman@chromium.org>
3009
3010         Reviewed by Yury Semikhatsky.
3011
3012         Web Inspector: visualize \n in strings as unicode cr
3013         symbol in stack variables sidebar.
3014         https://bugs.webkit.org/show_bug.cgi?id=53162
3015
3016         * inspector/front-end/ObjectPropertiesSection.js:
3017         (WebInspector.ObjectPropertyTreeElement.prototype.update):
3018
3019 2011-01-26  Andrey Kosyakov  <caseq@chromium.org>
3020
3021         Reviewed by Pavel Feldman.
3022
3023         Web Inspector: size is wrong for cached resources in Network panel
3024         - Set the size for 304/not modified resources from cached resource.
3025         - Add response headers size to resource transfer size.
3026         https://bugs.webkit.org/show_bug.cgi?id=52886
3027
3028         * inspector/InspectorResourceAgent.cpp:
3029         (WebCore::InspectorResourceAgent::didReceiveResponse):
3030         * inspector/front-end/Resource.js:
3031         (WebInspector.Resource):
3032         (WebInspector.Resource.prototype.get transferSize):
3033         (WebInspector.Resource.prototype.set responseHeaders):
3034         (WebInspector.Resource.prototype._headersSize):
3035         (WebInspector.Resource.prototype._mimeTypeIsConsistentWithType):
3036
3037 2011-01-26  Carol Szabo  <carol.szabo@nokia.com>
3038
3039         Reviewed by Simon Hausmann.
3040
3041         Fixed TiledBacking store to take into account new dirty regions caused by
3042         paint time layouts.
3043
3044         Flawed rendering design for QtWebKit resulting in artifacts being displayed
3045         https://bugs.webkit.org/show_bug.cgi?id=49184
3046
3047         There are no new tests as this patch aims at fixing flicker that
3048         happen randomly, mostly on slow hardware, thus are hard to reproduce
3049         consistently in an automated test.
3050
3051         This patch does not fully address the said bug but it is a step in the
3052         right direction. A full solution to the bug, as currently perceived,
3053         requires either a Qt GUI API change, a performance hit for QtWebKit,
3054         or a hack, until a full solution is provided this patch is progress.
3055
3056         * platform/graphics/TiledBackingStore.cpp:
3057         (WebCore::TiledBackingStore::updateTileBuffers):
3058         Changed to take into account newly dirtied areas created during
3059         tile update initiated layouts during the same update.
3060
3061 2011-01-26  Patrick Gansterer  <paroga@webkit.org>
3062
3063         Reviewed by Andreas Kling.
3064
3065         [SKIA] Remove "current path" of GraphicsContext
3066         https://bugs.webkit.org/show_bug.cgi?id=53124
3067
3068         * platform/graphics/GraphicsContext.h:
3069         * platform/graphics/skia/GraphicsContextSkia.cpp:
3070         (WebCore::GraphicsContext::clipPath):
3071         (WebCore::GraphicsContext::fillPath):
3072         (WebCore::GraphicsContext::strokePath):
3073         * platform/graphics/skia/PathSkia.cpp:
3074         (WebCore::Path::strokeBoundingRect):
3075         * platform/graphics/skia/PlatformContextSkia.cpp:
3076         * platform/graphics/skia/PlatformContextSkia.h:
3077
3078 2011-01-26  Zalan Bujtas <zbujtas@gmail.com>
3079
3080         Reviewed by Andreas Kling.
3081
3082         [Qt] Path::normalAngleAtLength() returns incorrect value on ACID3.
3083
3084         QPainterPath returns angle values with the origo being at the top left corner,
3085         we need to account for this in normalAngleAtLength().
3086         This Regressed with r66979.
3087
3088         No new tests as this is already covered by ACID3.
3089
3090         * platform/graphics/qt/PathQt.cpp:
3091         (WebCore::Path::normalAngleAtLength):
3092
3093 2011-01-26  Pavel Feldman  <pfeldman@chromium.org>
3094
3095         Reviewed by Yury Semikhatsky.
3096
3097         Web Inspector: live edit does not update source snippet.
3098         https://bugs.webkit.org/show_bug.cgi?id=53097
3099
3100         * inspector/front-end/ScriptsPanel.js:
3101         (WebInspector.ScriptsPanel.prototype._scriptSourceChanged):
3102
3103 2011-01-26  Pavel Feldman  <pfeldman@chromium.org>
3104
3105         Reviewed by Yury Semikhatsky.
3106
3107         Web Inspector: Incorrect on-hover evaluation of a variable named 'profile'.
3108         https://bugs.webkit.org/show_bug.cgi?id=53018
3109
3110         * inspector/InjectedScript.cpp:
3111         (WebCore::InjectedScript::evaluate):
3112         (WebCore::InjectedScript::evaluateOnCallFrame):
3113         (WebCore::InjectedScript::getCompletions):
3114         (WebCore::InjectedScript::getCompletionsOnCallFrame):
3115         * inspector/InjectedScript.h:
3116         * inspector/InjectedScriptSource.js:
3117         (.):
3118         * inspector/Inspector.idl:
3119         * inspector/InspectorDebuggerAgent.cpp:
3120         (WebCore::InspectorDebuggerAgent::evaluateOnCallFrame):
3121         (WebCore::InspectorDebuggerAgent::getCompletionsOnCallFrame):
3122         * inspector/InspectorDebuggerAgent.h:
3123         * inspector/InspectorRuntimeAgent.cpp:
3124         (WebCore::InspectorRuntimeAgent::evaluate):
3125         (WebCore::InspectorRuntimeAgent::getCompletions):
3126         * inspector/InspectorRuntimeAgent.h:
3127         * inspector/front-end/ConsoleView.js:
3128         (WebInspector.ConsoleView.prototype.completions):
3129         (WebInspector.ConsoleView.prototype.evalInInspectedWindow):
3130         (WebInspector.ConsoleView.prototype._enterKeyPressed):
3131         * inspector/front-end/ScriptsPanel.js:
3132         (WebInspector.ScriptsPanel.prototype.evaluateInSelectedCallFrame.updatingCallbackWrapper):
3133         (WebInspector.ScriptsPanel.prototype.evaluateInSelectedCallFrame):
3134         * inspector/front-end/SourceFrame.js:
3135         (WebInspector.SourceFrame.prototype._showPopup):
3136         * inspector/front-end/WatchExpressionsSidebarPane.js:
3137         (WebInspector.WatchExpressionsSection.prototype.update):
3138
3139 2011-01-26  Hironori Bono  <hbono@chromium.org>
3140
3141         Reviewed by Kent Tamura.
3142
3143         A speculative fix for Bug 52422 - [chromium] More crash in
3144         FontFallbackList::determinePitch(const Font* font)
3145         https://bugs.webkit.org/show_bug.cgi?id=52422
3146
3147         My previous change may not work on non-US Windows whose system fonts
3148         have localized aliases matching to the system locale because of a
3149         font-name mismatch in createFontIndirectAndGetWinName(). This change
3150         tries all the fonts installed in a PC and returns the first font that we
3151         can create without errors.
3152
3153         * platform/graphics/chromium/FontCacheChromiumWin.cpp:
3154         (WebCore::GetLastResortFallbackFontProcData::GetLastResortFallbackFontProcData):
3155         Added a struct used for getLastResortFallbackFontProc().
3156         (WebCore::getLastResortFallbackFontProc): Added a callback for EnumFontFamilies().
3157         (WebCore::FontCache::getLastResortFallbackFont): Use EnumFontFamilies() to find a last-resort font.
3158
3159 2011-01-26  James Robinson  <jamesr@chromium.org>
3160
3161         Reviewed by Nate Chapin.
3162
3163         Add a DOMTimeStamp parameter to the requestAnimationFrame callback
3164         https://bugs.webkit.org/show_bug.cgi?id=53142
3165
3166         This adds a DOMTimeStamp parameter to the requestAnimationFrame callback to more
3167         closely match mozilla's proposal.  This is useful if the page has multiple imperative animations
3168         and wants to ensure that they all remain synchronized.  If each callback used Date.now() to
3169         update its animation state, they would potentially be out of sync with each other.  If they use
3170         the timestamp then all callbacks for the same "frame" will update to the same state.
3171
3172         Test: fast/animation/request-animation-frame-timestamps.html
3173
3174         * bindings/scripts/CodeGeneratorV8.pm:
3175         * bindings/scripts/test/V8/V8TestCallback.cpp:
3176         (WebCore::V8TestCallback::callbackWithClass2Param):
3177         * dom/Document.cpp:
3178         (WebCore::Document::serviceScriptedAnimations):
3179         * dom/Document.h:
3180         * dom/RequestAnimationFrameCallback.h:
3181         * dom/RequestAnimationFrameCallback.idl:
3182         * page/FrameView.cpp:
3183         (WebCore::FrameView::serviceScriptedAnimations):
3184         * page/FrameView.h:
3185
3186 2011-01-25  Yuzo Fujishima  <yuzo@google.com>
3187
3188         Unreviewed attempt to fix compilation error for Chromium Clang.
3189
3190         * platform/graphics/mac/ComplexTextController.cpp:
3191         (WebCore::ComplexTextController::advance):
3192
3193 2011-01-25  Ned Holbrook  <nholbrook@apple.com>
3194
3195         Reviewed by Dan Bernstein.
3196
3197         ComplexTextController incorrectly conflates string length and range of indexes
3198         https://bugs.webkit.org/show_bug.cgi?id=52760
3199
3200         Test: fast/text/offsetForPosition-complex-fallback.html
3201
3202         * platform/graphics/mac/ComplexTextController.cpp:
3203         (WebCore::ComplexTextController::offsetForPosition):
3204         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun):
3205         (WebCore::ComplexTextController::ComplexTextRun::setIsNonMonotonic):
3206         (WebCore::ComplexTextController::advance):
3207         * platform/graphics/mac/ComplexTextController.h:
3208         (WebCore::ComplexTextController::ComplexTextRun::create):
3209         (WebCore::ComplexTextController::ComplexTextRun::indexEnd):
3210         * platform/graphics/mac/ComplexTextControllerATSUI.cpp:
3211         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun):
3212         * platform/graphics/mac/ComplexTextControllerCoreText.cpp:
3213         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun):
3214         (WebCore::ComplexTextController::collectComplexTextRunsForCharactersCoreText):
3215
3216 2011-01-25  Sam Weinig  <sam@webkit.org>
3217
3218         Reviewed by David Hyatt.
3219
3220         Scrollbars don't work correctly for top-to-bottom text in an overflow: scroll area
3221         https://bugs.webkit.org/show_bug.cgi?id=53048
3222
3223         Test: fast/overflow/overflow-rtl-vertical-origin.html
3224
3225         * rendering/RenderLayer.cpp:
3226         (WebCore::RenderLayer::scrollPosition):
3227         (WebCore::RenderLayer::updateScrollInfoAfterLayout):
3228         Take the scroll origin into account when calculating scrollbars in more places.
3229
3230 2011-01-25  Steve Falkenburg  <sfalken@apple.com>
3231
3232         Windows production build fix.
3233         Use correct configuration-specific path in makefile.
3234
3235         * WebCore.vcproj/WebCore.make:
3236
3237 2011-01-25  Kent Tamura  <tkent@chromium.org>
3238
3239         Reviewed by Dimitri Glazkov.
3240
3241         Radio button group state is not restored correctly
3242         https://bugs.webkit.org/show_bug.cgi?id=50442
3243
3244         Fixes a bug that radio button states are not restored correctly in
3245         a case that non-first radio button in a group is checked.
3246
3247         If "checked" attribute is present, the radio button is checked and
3248         other radio buttons in the group are unchecked. This behavior
3249         disturbs form state restoring. This patch changes this behavior so
3250         that the "checked" attribute handling is delayed after form state
3251         restoring.
3252
3253         Test: fast/forms/state-restore-radio-group.html
3254
3255         * html/HTMLFormControlElement.h:
3256          Make finishParsingChildren() protected so that HTMLInpuElement can call it.
3257         * html/HTMLInputElement.cpp:
3258         (WebCore::HTMLInputElement::HTMLInputElement):
3259          - Add createdByParser parameter.
3260          - Initialize m_stateRestored and m_parsingInProgress.
3261         (WebCore::HTMLInputElement::create): Sync with the constructor.
3262         (WebCore::HTMLInputElement::restoreFormControlState):
3263          Set m_stateRestored in order to refer it in finishParsingChildren().
3264         (WebCore::HTMLInputElement::parseMappedAttribute):
3265          Don't call setChecked() during parsing. Move setNeedsValidityCheck()
3266          to setChecked().
3267         (WebCore::HTMLInputElement::finishParsingChildren):
3268          Call setChecked() if form state is not restored.
3269         (WebCore::HTMLInputElement::setChecked):
3270          Move setNeedsValidityCheck() from parseMappedAttribute() because
3271          finishParsingChildren() also needs to call setNeedsValidityCheck().
3272         * html/HTMLInputElement.h:
3273          - Remove the default value of HTMLFormElement* of the HTMLInputElement
3274            constructor, and add createdByParser parameter.
3275          - Introduce m_parsingInProgress and m_stateRestored.
3276         * html/HTMLIsIndexElement.cpp:
3277         (WebCore::HTMLIsIndexElement::HTMLIsIndexElement):
3278          Sync with the HTMLInputElement constructor change.
3279         * html/HTMLTagNames.in: Add constructorNeedsCreatedByParser flag.
3280         * rendering/MediaControlElements.cpp:
3281         (WebCore::MediaControlInputElement::MediaControlInputElement):
3282          Sync with the HTMLInputElement constructor change.
3283         * rendering/ShadowElement.cpp:
3284         (WebCore::ShadowInputElement::ShadowInputElement): ditto.
3285         * rendering/ShadowElement.h:
3286         (WebCore::ShadowElement::ShadowElement): ditto.
3287
3288 2011-01-25  Kent Tamura  <tkent@chromium.org>
3289
3290         Reviewed by Dimitri Glazkov.
3291
3292         HTMLFormElement::checkValidity() returns incorrect result if 'invalid' events are canceled.
3293         https://bugs.webkit.org/show_bug.cgi?id=52565
3294
3295         * html/HTMLFormElement.cpp:
3296         (WebCore::HTMLFormElement::validateInteractively):
3297           Check checkInvalidControlsAndCollectUnhandled() result instead of
3298           checking emptiness of unhandled invalid controls list.
3299         (WebCore::HTMLFormElement::checkValidity): ditto.
3300         (WebCore::HTMLFormElement::checkInvalidControlsAndCollectUnhandled):
3301           Renamed from collectUnhandledInvalidControls().
3302           Returns true if there is any invalid control regardless of event canceling.
3303         * html/HTMLFormElement.h: Rename collectUnhandledInvalidControls() to
3304           checkInvalidControlsAndCollectUnhandled().
3305
3306 2011-01-25  Kent Tamura  <tkent@chromium.org>
3307
3308         Reviewed by Dimitri Glazkov.
3309
3310         Range and number inputs should reject increment and decrement by
3311         keyboard or mouse wheel if they are disabled or read-only
3312         https://bugs.webkit.org/show_bug.cgi?id=53151
3313
3314         * html/RangeInputType.cpp:
3315         (WebCore::RangeInputType::handleKeydownEvent): Check disabled() and readOnly().
3316         * html/TextFieldInputType.cpp:
3317         (WebCore::TextFieldInputType::handleKeydownEventForSpinButton): ditto.
3318         (WebCore::TextFieldInputType::handleWheelEventForSpinButton): ditto.
3319
3320 2011-01-25  Kent Tamura  <tkent@chromium.org>
3321
3322         Reviewed by Dimitri Glazkov.
3323
3324         API to support localized numbers for <input type=number>
3325         https://bugs.webkit.org/show_bug.cgi?id=45730
3326
3327         Introduce platform/text/LocalizedNumber.h, and
3328         LocalizedNumberNone.cpp, which is an empty implementation of the
3329         functions in LocalizedNumber.h.  We use LocalizedNumberNone.cpp in
3330         all platforms for now.
3331
3332         A string in a type=number field is parsed as a localized number
3333         first. If the parsing fails, it is parsed as the HTML5 number.
3334
3335         We introduce HTMLInputElement::visibleValue(). It represents a value
3336         which should be drawn by a renderer. HTMLInputElement::value() always
3337         returns a number formatted for HTML5, and visibleValue() may return a
3338         localized number.
3339
3340         No new tests because this doesn't change any behavior.
3341
3342         * Android.mk: Add LocalizedNumber.h and/or LocalizedNumberNone.cpp.
3343         * CMakeLists.txt: ditto.
3344         * GNUmakefile.am: ditto.
3345         * WebCore.gypi: ditto.
3346         * WebCore.pro: ditto.
3347         * WebCore.vcproj/WebCore.vcproj: ditto.
3348         * WebCore.xcodeproj/project.pbxproj: ditto.
3349         * dom/InputElement.h: Add visibleValue().
3350         * html/HTMLInputElement.cpp:
3351         (WebCore::HTMLInputElement::visibleValue): Added.  Just call InputType::visibleValue().
3352         * html/HTMLInputElement.h: Declare visibleValue().
3353         * html/InputType.cpp:
3354         (WebCore::InputType::visibleValue): Add the default implementation of
3355           visibleValue(), which returns HTMLInputElement::value().
3356         * html/InputType.h: Add declarations.
3357         * html/NumberInputType.cpp:
3358         (WebCore::isHTMLNumberCharacter): Renamed from isNumberCharacter().
3359         (WebCore::isNumberCharacter): Calls isLocalizedNumberCharacter() and isHTMLNumberCharacter().
3360         (WebCore::NumberInputType::visibleValue):
3361           Returns a localized number string produced by formatLocalizedNumber().
3362         (WebCore::NumberInputType::isAcceptableValue): Calls parseLocalizedNumber().
3363         (WebCore::NumberInputType::sanitizeValue): Calls parseLocalizedNumber().
3364         * html/NumberInputType.h: Add declarations.
3365         * platform/text/LocalizedNumber.h: Added.
3366         * platform/text/LocalizedNumberNone.cpp: Added.
3367         (WebCore::parseLocalizedNumber):
3368         (WebCore::formatLocalizedNumber):
3369         (WebCore::isLocalizedNumberCharacter):
3370         * rendering/RenderTextControlSingleLine.cpp:
3371         (WebCore::RenderTextControlSingleLine::updateFromElement):
3372           Calls InputElement::visibleValue() instead of value().
3373         * wml/WMLInputElement.h:
3374         (WebCore::WMLInputElement::visibleValue): Added. It just calls value().
3375
3376 2011-01-25  Alexey Proskuryakov  <ap@apple.com>
3377
3378         Reviewed by Darin Adler.
3379
3380         https://bugs.webkit.org/show_bug.cgi?id=53143
3381         Add IntRectHash
3382
3383         * WebCore.xcodeproj/project.pbxproj:
3384         * platform/graphics/IntRectHash.h: Added.
3385
3386         * platform/graphics/IntSizeHash.h: Don't do "using WebCore::IntSize"!
3387
3388 2011-01-25  Ilya Sherman  <isherman@chromium.org>
3389
3390         Reviewed by Ryosuke Niwa.
3391
3392         Remove trailing whitespace in HTMLInputElement.cpp
3393         https://bugs.webkit.org/show_bug.cgi?id=53152
3394
3395         * html/HTMLInputElement.cpp:
3396         (WebCore::HTMLInputElement::updateCheckedRadioButtons):
3397         (WebCore::HTMLInputElement::applyStep):
3398         (WebCore::HTMLInputElement::updateFocusAppearance):
3399         (WebCore::HTMLInputElement::mapToEntry):
3400         (WebCore::HTMLInputElement::setAutofilled):
3401         (WebCore::HTMLInputElement::willMoveToNewOwnerDocument):
3402         (WebCore::HTMLInputElement::didMoveToNewOwnerDocument):
3403
3404 2011-01-25  Mike Reed  <reed@google.com>
3405
3406         Reviewed by James Robinson.
3407
3408         DrawingBufer::reset() today checks if the new size is the same as its
3409         m_size, and if so, returns immediately. This does not match the
3410         semantics of <canvas>, which wants to clear its contents anytime the
3411         size is specified.
3412         https://bugs.webkit.org/show_bug.cgi?id=53149
3413
3414         Test: Covered by existing <canvas> tests using gpu.
3415
3416         * platform/graphics/chromium/DrawingBufferChromium.cpp:
3417         (WebCore::DrawingBuffer::DrawingBuffer):
3418         * platform/graphics/gpu/DrawingBuffer.cpp:
3419         (WebCore::DrawingBuffer::reset):
3420
3421 2011-01-25  Cris Neckar  <cdn@chromium.org>
3422
3423         Reviewed by Adam Barth.
3424
3425         Add a hashset of DOMURLs to ScriptExecutionContext to track back references.
3426         https://bugs.webkit.org/show_bug.cgi?id=53038
3427
3428         Test: fast/dom/window-domurl-crash.html
3429
3430         * dom/ScriptExecutionContext.cpp:
3431         (WebCore::ScriptExecutionContext::~ScriptExecutionContext):
3432         (WebCore::ScriptExecutionContext::createdDomUrl):
3433         (WebCore::ScriptExecutionContext::destroyedDomUrl):
3434         * dom/ScriptExecutionContext.h:
3435         (WebCore::ScriptExecutionContext::domUrls):
3436         * html/DOMURL.cpp:
3437         (WebCore::DOMURL::DOMURL):
3438         (WebCore::DOMURL::~DOMURL):
3439         (WebCore::DOMURL::contextDestroyed):
3440         * html/DOMURL.h:
3441         (WebCore::DOMURL::scriptExecutionContext):
3442
3443 2011-01-23  Antti Koivisto  <antti@apple.com>
3444
3445         Reviewed by Darin Adler.
3446