Add final keyword to WebCore/svg classes
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-07-15  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
2
3         Add final keyword to WebCore/svg classes
4         https://bugs.webkit.org/show_bug.cgi?id=159802
5
6         Reviewed by Youenn Fablet.
7
8         Updated classes in the WebCore/svg directory to be marked as final where appropriate.
9
10         * svg/SVGException.h:
11         * svg/SVGLengthList.h:
12         * svg/SVGMatrix.h:
13         * svg/SVGNumberList.h:
14         * svg/SVGPaint.h:
15         * svg/SVGPathBuilder.h:
16         * svg/SVGPathByteStreamBuilder.h:
17         * svg/SVGPathByteStreamSource.h:
18         * svg/SVGPathSegArcAbs.h:
19         * svg/SVGPathSegArcRel.h:
20         * svg/SVGPathSegClosePath.h:
21         * svg/SVGPathSegCurvetoCubicAbs.h:
22         * svg/SVGPathSegCurvetoCubicRel.h:
23         * svg/SVGPathSegCurvetoCubicSmoothAbs.h:
24         * svg/SVGPathSegCurvetoCubicSmoothRel.h:
25         * svg/SVGPathSegCurvetoQuadraticAbs.h:
26         * svg/SVGPathSegCurvetoQuadraticRel.h:
27         * svg/SVGPathSegCurvetoQuadraticSmoothAbs.h:
28         * svg/SVGPathSegCurvetoQuadraticSmoothRel.h:
29         * svg/SVGPathSegLinetoAbs.h:
30         * svg/SVGPathSegLinetoHorizontalAbs.h:
31         * svg/SVGPathSegLinetoHorizontalRel.h:
32         * svg/SVGPathSegLinetoRel.h:
33         * svg/SVGPathSegLinetoVerticalAbs.h:
34         * svg/SVGPathSegLinetoVerticalRel.h:
35         * svg/SVGPathSegListBuilder.h:
36         * svg/SVGPathSegListSource.h:
37         * svg/SVGPathSegMovetoAbs.h:
38         * svg/SVGPathSegMovetoRel.h:
39         * svg/SVGPathStringSource.h:
40         * svg/SVGPathTraversalStateBuilder.h:
41         * svg/SVGPointList.h:
42         * svg/SVGRenderingIntent.h:
43         * svg/SVGStringList.h:
44         * svg/SVGTRefElement.cpp:
45         * svg/SVGToOTFFontConversion.cpp:
46         * svg/SVGTransformList.h:
47         * svg/SVGUnitTypes.h:
48         * svg/SVGViewSpec.h:
49         * svg/SVGZoomEvent.h:
50         * svg/animation/SMILTimeContainer.h:
51         * svg/animation/SVGSMILElement.cpp:
52         * svg/graphics/filters/SVGFEImage.h:
53         * svg/graphics/filters/SVGFilter.h:
54         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
55         * svg/properties/SVGAnimatedPropertyTearOff.h:
56         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
57         * svg/properties/SVGMatrixTearOff.h:
58         * svg/properties/SVGPathSegListPropertyTearOff.h:
59         * svg/properties/SVGStaticListPropertyTearOff.h:
60         * svg/properties/SVGStaticPropertyTearOff.h:
61         * svg/properties/SVGTransformListPropertyTearOff.h:
62
63 2016-07-15  Per Arne Vollan  <pvollan@apple.com>
64
65         Uninitialized variable in DIBPixelData can cause a dangerous memory write
66         https://bugs.webkit.org/show_bug.cgi?id=159414
67
68         Reviewed by Brent Fulgham.
69
70         Initialize local BITMAP variable, in case the ::GetObject function that should initialize it
71         fails to do so, because the bitmap handle is invalid.
72
73         Tests: Tools/TestWebKitAPI/Tests/WebCore/win/DIBPixelData.cpp
74
75         * platform/graphics/win/DIBPixelData.cpp:
76         (WebCore::DIBPixelData::initialize): Initialize local variable.
77         (WebCore::DIBPixelData::setRGBABitmapAlpha): Return early if we have no bitmap.
78         * platform/graphics/win/DIBPixelData.h: Link fix.
79
80 2016-07-14  Yoav Weiss  <yoav@yoav.ws>
81
82         Change CSSParser::sourceSize returning Optional<CSSParser::SourceSize>
83         https://bugs.webkit.org/show_bug.cgi?id=159666
84
85         Reviewed by Michael Catanzaro.
86
87         Tests:
88             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
89
90         * css/CSSGrammar.y.in: Avoid adding SourceSize to source_size_list when the value is a Nullopt.
91         * css/CSSParser.cpp:
92         (WebCore::CSSParser::sourceSize): Return a Nullopt when an invalid value is encountered.
93         * css/CSSParser.h:
94
95 2016-07-14  Antonio Gomes  <tonikitoo@igalia.com>
96
97         [RTL Scrollbars] Frame scrollbars don't move to the right when text direction changes to RTL
98         https://bugs.webkit.org/show_bug.cgi?id=158252
99
100         Reviewed by Myles C. Maxfield.
101
102         When the 'dir' attribute changes either on body or on the document
103         element level, the associated FrameView does not trigger an update on
104         the frame level vertical scrollbar.
105
106         Patch adds a 'hook' so that RenderBox::styleDidChange can call in
107         order to get the document level scrollbar placed properly in the next
108         layout.
109
110         Test: fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement.html
111               fast/scrolling/rtl-scrollbars-alternate-body-dir-attr-does-not-update-scrollbar-placement-2.html
112               fast/scrolling/rtl-scrollbars-alternate-iframe-body-dir-attr-does-not-update-scrollbar-placement.html
113
114         * page/FrameView.cpp:
115         (WebCore::FrameView::topContentDirectionDidChange):
116         * page/FrameView.h:
117         * rendering/RenderBox.cpp:
118         (WebCore::RenderBox::styleDidChange):
119
120 2016-07-14  Myles C. Maxfield  <mmaxfield@apple.com>
121
122         Support new emoji group candidates
123         https://bugs.webkit.org/show_bug.cgi?id=159755
124         <rdar://problem/27325521>
125
126         Reviewed by Dean Jackson.
127
128         There are a few code points which should be able to be joined (with ZWJ) to
129         either U+2640 or U+2642 to change the gender of the emoji. These patterns
130         should also work with an additional 0xFE0F variation selector. This patch
131         adds these new patterns to our existing emoji group candidate infrastructure.
132
133         Tests: fast/text/emoji-gender-2-3.html
134                fast/text/emoji-gender-2-4.html
135                fast/text/emoji-gender-2-5.html
136                fast/text/emoji-gender-2-6.html
137                fast/text/emoji-gender-2-7.html
138                fast/text/emoji-gender-2-8.html
139                fast/text/emoji-gender-2-9.html
140                fast/text/emoji-gender-2.html
141                fast/text/emoji-gender-3.html
142                fast/text/emoji-gender-4.html
143                fast/text/emoji-gender-5.html
144                fast/text/emoji-gender-6.html
145                fast/text/emoji-gender-7.html
146                fast/text/emoji-gender-8.html
147                fast/text/emoji-gender-9.html
148                fast/text/emoji-gender-fe0f-3.html
149                fast/text/emoji-gender-fe0f-4.html
150                fast/text/emoji-gender-fe0f-5.html
151                fast/text/emoji-gender-fe0f-6.html
152                fast/text/emoji-gender-fe0f-7.html
153                fast/text/emoji-gender-fe0f-8.html
154                fast/text/emoji-gender-fe0f-9.html
155                fast/text/emoji-gender.html
156                fast/text/emoji-num-glyphs.html
157                fast/text/emoji-single-parent-family-2.html
158                fast/text/emoji-single-parent-family.html
159
160         * platform/graphics/mac/ComplexTextControllerCoreText.mm:
161         (WebCore::ComplexTextController::ComplexTextRun::ComplexTextRun): Removed incorrect ASSERT()s.
162         * platform/graphics/FontCascade.cpp:
163         (WebCore::FontCascade::characterRangeCodePath):
164         * platform/text/CharacterProperties.h:
165         (WebCore::isEmojiGroupCandidate):
166
167 2016-07-14  Dean Jackson  <dino@apple.com>
168
169         CrashTracer: com.apple.WebKit.WebContent at WebCore: WebCore::MediaQueryEvaluator::evaluate const
170         https://bugs.webkit.org/show_bug.cgi?id=159799
171         <rdar://problem/27346959>
172
173         Reviewed by Myles Maxfield.
174
175         Speculative fix for this crash, which seems to happen when asking for the Node's
176         renderer(). From the incoming crash logs, it is triggered by mutations on
177         a <picture> or <img> element, which would require choosing a new source,
178         and causing some media queries to evaluate.
179
180         The only place in MediaQueryEvaluator that has anything to do with
181         renderers is when gathering up some style information to pass to the
182         actual evaluation function. I put a guard against a missing documentElement
183         in there.
184
185         * css/MediaQueryEvaluator.cpp:
186         (WebCore::MediaQueryEvaluator::evaluate): Make sure documentElement is not
187         null.
188
189 2016-07-14  Rawinder Singh  <rawinder.singh-webkit@cisra.canon.com.au>
190
191         Update HTML*Element class override methods in final classes
192         https://bugs.webkit.org/show_bug.cgi?id=159456
193
194         Reviewed by Youenn Fablet.
195
196         Update HTML*Element classes so that overriden methods in final classes are marked final.
197         Also marked HTMLDivElement overriden methods as final since they are not overridden by derived classes.
198
199         * html/HTMLAppletElement.h:
200         * html/HTMLAreaElement.h:
201         * html/HTMLAttachmentElement.h:
202         * html/HTMLAudioElement.h:
203         * html/HTMLBRElement.h:
204         * html/HTMLBaseElement.h:
205         * html/HTMLBodyElement.h:
206         * html/HTMLButtonElement.h:
207         * html/HTMLCanvasElement.h:
208         * html/HTMLDataElement.h:
209         * html/HTMLDetailsElement.h:
210         * html/HTMLDivElement.h:
211         * html/HTMLEmbedElement.h:
212         * html/HTMLFieldSetElement.h:
213         * html/HTMLFontElement.h:
214         * html/HTMLFormElement.h:
215         * html/HTMLFrameSetElement.h:
216         * html/HTMLHRElement.h:
217         * html/HTMLHtmlElement.h:
218         * html/HTMLKeygenElement.h:
219         * html/HTMLLIElement.h:
220         * html/HTMLLabelElement.h:
221         * html/HTMLLegendElement.h:
222         * html/HTMLLinkElement.h:
223         * html/HTMLMapElement.h:
224         * html/HTMLMarqueeElement.h:
225         * html/HTMLMetaElement.h:
226         * html/HTMLMeterElement.h:
227         * html/HTMLModElement.h:
228         * html/HTMLOListElement.h:
229         * html/HTMLObjectElement.h:
230         * html/HTMLOptGroupElement.h:
231         * html/HTMLOptionElement.h:
232         * html/HTMLOutputElement.h:
233         * html/HTMLParagraphElement.h:
234         * html/HTMLParamElement.h:
235         * html/HTMLPreElement.h:
236         * html/HTMLProgressElement.h:
237         * html/HTMLQuoteElement.h:
238         * html/HTMLScriptElement.h:
239         * html/HTMLSourceElement.h:
240         * html/HTMLStyleElement.h:
241         * html/HTMLSummaryElement.h:
242         * html/HTMLTableCaptionElement.h:
243         * html/HTMLTableColElement.h:
244         * html/HTMLTableElement.h:
245         * html/HTMLTableSectionElement.h:
246         * html/HTMLTemplateElement.h:
247         * html/HTMLTextAreaElement.h:
248         * html/HTMLTitleElement.h:
249         * html/HTMLUListElement.h:
250         * html/HTMLUnknownElement.h:
251         * html/HTMLVideoElement.h:
252         * html/HTMLWBRElement.h:
253
254 2016-07-14  Chris Dumez  <cdumez@apple.com>
255
256         Modernize GlyphMetricsMap
257         https://bugs.webkit.org/show_bug.cgi?id=159788
258
259         Reviewed by Darin Adler.
260
261         Modernize GlyphMetricsMap a bit.
262
263         * platform/graphics/GlyphMetricsMap.h:
264         - Drop WTF_MAKE_NONCOPYABLE as the class is already non-copyable due to having
265           to having a std::unique_ptr data member.
266         - Drop GlyphMetricsMap default constructor and let the compiler generate it
267           instead. This required using inline initialization for m_filledPrimaryPage.
268
269         (WebCore::GlyphMetricsMap::GlyphMetricsPage::GlyphMetricsPage):
270         - Make m_metrics data member private as it does not need to be public.
271         - Make setMetricsForIndex(unsigned index, const T& metrics) setter private
272           as it does not need to be public.
273         - Make GlyphMetricsPage(const T& initialValue) constructor explicit as it
274           takes only 1 parameter.
275
276         (WebCore::GlyphMetricsMap<T>::locatePageSlowCase):
277         - Use HashMap::ensure() to make the code a bit nicer.
278
279 2016-07-14  Simon Fraser  <simon.fraser@apple.com>
280
281         [iOS WK2] When scrolling apple.com/music on iPad Pro in landscape, left-hand tiles appear first
282         https://bugs.webkit.org/show_bug.cgi?id=159798
283         rdar://problem/27362717
284
285         Reviewed by Tim Horton.
286
287         In out-of-visible tiled layers, we always allocated the top-left tile, wasting
288         memory and causing ugliness when scrolling that layer into view. This happened
289         because getTileIndexRangeForRect() had no way to express the fact that no tiles
290         should be created.
291
292         Fix getTileIndexRangeForRect() to return a bool, and fix callers to respect the
293         return value.
294
295         Test: compositing/tiling/offscreen-tiled-layer.html
296
297         * platform/graphics/ca/GraphicsLayerCA.cpp:
298         (WebCore::GraphicsLayerCA::dumpAdditionalProperties):
299         * platform/graphics/ca/TileGrid.cpp:
300         (WebCore::TileGrid::setNeedsDisplayInRect):
301         (WebCore::TileGrid::tilesWouldChangeForCoverageRect):
302         (WebCore::TileGrid::getTileIndexRangeForRect):
303         (WebCore::TileGrid::revalidateTiles):
304         (WebCore::TileGrid::ensureTilesForRect):
305         (WebCore::TileGrid::extent):
306         * platform/graphics/ca/TileGrid.h:
307
308 2016-07-14  John Wilander  <wilander@apple.com>
309
310         Remove credentials in URL when accessed through location.href
311         https://bugs.webkit.org/show_bug.cgi?id=139562
312         <rdar://problem/27331164>
313
314         Reviewed by Brent Fulgham.
315
316         Test: http/tests/security/location-href-clears-username-password.html
317
318         The reason for this change is to not allow scripts on the page to
319         exfiltrate username and password from the URL.
320
321         * page/Location.cpp:
322         (WebCore::Location::href):
323             Now checks if there is a username or password in the URL. If so,
324             it copies the URL and removes the username and password.
325
326 2016-07-14  Javier Fernandez  <jfernandez@igalia.com>
327
328         [css-grid] Handle min-content/max-content with orthogonal flows
329         https://bugs.webkit.org/show_bug.cgi?id=159294
330
331         Reviewed by Darin Adler.
332
333         Currently there is no support for orthogonal flows in many aspects of the
334         Grid Layout logic.
335
336         The Grid sizing algorithm should be adapted to this scenario, hence this
337         patch focus on the min-content and max-content functions, used to resolve
338         content based track sizes.
339
340         There are still issues related to alignment and sizes using percentages,
341         but they will be addressed in different patches.
342
343         Tests: fast/css-grid-layout/grid-item-positioning-with-orthogonal-flows.html
344                fast/css-grid-layout/grid-item-sizing-with-orthogonal-flows.html
345                fast/css-grid-layout/grid-item-spanning-and-orthogonal-flows.html
346                fast/css-grid-layout/grid-track-sizing-with-orthogonal-flows.html
347                fast/css-grid-layout/grid-track-sizing-with-percentages-and-orthogonal-flows.html
348
349         * rendering/RenderBox.cpp:
350         (WebCore::RenderBox::computeLogicalWidthInRegion):
351         * rendering/RenderGrid.cpp:
352         (WebCore::RenderGrid::GridSizingData::advanceNextState):
353         (WebCore::RenderGrid::GridSizingData::isValidTransitionForDirection):
354         (WebCore::RenderGrid::computeTrackSizesForDirection):
355         (WebCore::RenderGrid::repeatTracksSizingIfNeeded): Added.
356         (WebCore::RenderGrid::layoutBlock):
357         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
358         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
359         (WebCore::hasOverrideContainingBlockContentSizeForChild):
360         (WebCore::overrideContainingBlockContentSizeForChild):
361         (WebCore::setOverrideContainingBlockContentSizeForChild):
362         (WebCore::shouldClearOverrideContainingBlockContentSizeForChild):
363         (WebCore::RenderGrid::gridTrackSize):
364         (WebCore::RenderGrid::isOrthogonalChild): Added.
365         (WebCore::RenderGrid::logicalHeightForChild):
366         (WebCore::RenderGrid::flowAwareDirectionForChild): Added.
367         (WebCore::RenderGrid::minSizeForChild):
368         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
369         (WebCore::RenderGrid::minContentForChild):
370         (WebCore::RenderGrid::maxContentForChild):
371         (WebCore::RenderGrid::placeItemsOnGrid):
372         (WebCore::RenderGrid::layoutPositionedObject):
373         (WebCore::RenderGrid::offsetAndBreadthForPositionedChild):
374         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild): Added.
375         (WebCore::RenderGrid::gridAreaBreadthForChild):
376         (WebCore::RenderGrid::columnAxisPositionForChild):
377         (WebCore::RenderGrid::rowAxisPositionForChild):
378         (WebCore::RenderGrid::findChildLogicalPosition):
379         * rendering/RenderGrid.h:
380         (WebCore::RenderGrid::SizingOperation): This enum has been moved to the header file.
381         (WebCore::RenderGrid::m_hasAnyOrthogonalChild): New class attribute to know if there are any orthogonal grid items.
382         (WebCore::RenderGrid::updateOverrideContainingBlockContentSizeForChild):
383         (WebCore::RenderGrid::logicalHeightForChild):
384         (WebCore::RenderGrid::gridAreaBreadthForChild):
385         (WebCore::RenderGrid::assumedRowsSizeForOrthogonalChild):
386
387
388
389 2016-07-14  Chris Dumez  <cdumez@apple.com>
390
391         Use emptyString() instead of "" when possible
392         https://bugs.webkit.org/show_bug.cgi?id=159789
393
394         Reviewed by Alex Christensen.
395
396         Use emptyString() instead of "" when possible to reduce String allocations.
397
398         * Modules/webdatabase/Database.cpp:
399         (WebCore::Database::performOpenAndVerify):
400         * css/CSSSelector.h:
401         * css/StyleProperties.cpp:
402         (WebCore::MutableStyleProperties::removeProperty):
403         (WebCore::MutableStyleProperties::removeCustomProperty):
404         * editing/TextCheckingHelper.cpp:
405         (WebCore::TextCheckingHelper::findFirstMisspellingOrBadGrammar):
406         (WebCore::TextCheckingHelper::findFirstBadGrammar):
407         * editing/TypingCommand.h:
408         (WebCore::TypingCommand::create):
409         * fileapi/FileReaderLoader.cpp:
410         (WebCore::FileReaderLoader::cleanup):
411         * inspector/InspectorStyleSheet.cpp:
412         (WebCore::fillMediaListChain):
413         * page/UserContentURLPattern.cpp:
414         (WebCore::UserContentURLPattern::parse):
415         * platform/graphics/MediaPlayer.cpp:
416         (WebCore::MediaPlayer::load):
417         * platform/gtk/DataObjectGtk.h:
418         (WebCore::DataObjectGtk::clearURIList):
419         * platform/network/curl/ResourceHandleCurl.cpp:
420         (WebCore::ResourceHandle::receivedRequestToContinueWithoutCredential):
421         * platform/network/curl/ResourceHandleManager.h:
422         * rendering/RenderLayerCompositor.cpp:
423         (WebCore::RenderLayerCompositor::layerTreeAsText):
424         * rendering/RenderListMarker.cpp:
425         (WebCore::RenderListMarker::updateContent):
426         * rendering/style/RenderStyle.cpp:
427         (WebCore::RenderStyle::noneDashboardRegions):
428         * rendering/svg/SVGTextMetrics.cpp:
429         (WebCore::SVGTextMetrics::SVGTextMetrics):
430         * xml/XPathParser.cpp:
431         (WebCore::XPath::Parser::lexString):
432
433 2016-07-14  Brent Fulgham  <bfulgham@apple.com>
434
435         editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc 
436         https://bugs.webkit.org/show_bug.cgi?id=142969
437         <rdar://problem/27331095>
438
439         Reviewed by Alex Christensen.
440
441         Fix based on a Blink change (patch by <rouslan@chromium.org>):
442         <https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>
443
444         Test: editing/spelling/copy-paste-crash.html
445               editing/spelling/spellcheck-async.html
446
447         * editing/SpellChecker.cpp:
448         (WebCore::SpellCheckRequest::didSucceed):
449         (WebCore::SpellCheckRequest::didCancel):
450
451 2016-07-14  Zalan Bujtas  <zalan@apple.com>
452
453         ImageBuffer's succes flag should be set to false at the very beginning of the c'tor.
454         https://bugs.webkit.org/show_bug.cgi?id=159784
455
456         Reviewed by Simon Fraser.
457
458         No change in functionality.
459
460         * platform/graphics/cg/ImageBufferCG.cpp:
461         (WebCore::ImageBuffer::ImageBuffer):
462
463 2016-07-14  Alex Christensen  <achristensen@webkit.org>
464
465         Use SocketProvider to create SocketStreamHandles
466         https://bugs.webkit.org/show_bug.cgi?id=159774
467
468         Reviewed by Brady Eidson.
469
470         No new tests.  No change in behaviour.
471         
472         In r202930 I introduced the SocketProvider, but I used it to make a WebSocketChannel
473         instead of a SocketStreamHandle, which is the class I want to make into an interface
474         and proxy the web traffic over to the NetworkProcess.
475
476         * CMakeLists.txt:
477         * Modules/websockets/ThreadableWebSocketChannel.cpp: Added.
478         (WebCore::ThreadableWebSocketChannel::create):
479         I removed this in 202930, so this is restoring it from that patch, hence the old copyright.
480         * Modules/websockets/ThreadableWebSocketChannel.h:
481         (WebCore::ThreadableWebSocketChannel::ThreadableWebSocketChannel):
482         * Modules/websockets/WebSocket.cpp:
483         (WebCore::WebSocket::connect):
484         * Modules/websockets/WebSocketChannel.cpp:
485         (WebCore::WebSocketChannel::WebSocketChannel):
486         (WebCore::WebSocketChannel::connect):
487         * Modules/websockets/WebSocketChannel.h:
488         (WebCore::WebSocketChannel::create):
489         * Modules/websockets/WorkerThreadableWebSocketChannel.cpp:
490         (WebCore::WorkerThreadableWebSocketChannel::WorkerThreadableWebSocketChannel):
491         (WebCore::WorkerThreadableWebSocketChannel::resume):
492         (WebCore::WorkerThreadableWebSocketChannel::Peer::Peer):
493         (WebCore::WorkerThreadableWebSocketChannel::Peer::didReceiveMessageError):
494         (WebCore::WorkerThreadableWebSocketChannel::Bridge::Bridge):
495         (WebCore::WorkerThreadableWebSocketChannel::Bridge::~Bridge):
496         (WebCore::WorkerThreadableWebSocketChannel::Bridge::mainThreadInitialize):
497         (WebCore::WorkerThreadableWebSocketChannel::Bridge::initialize):
498         * Modules/websockets/WorkerThreadableWebSocketChannel.h:
499         (WebCore::WorkerThreadableWebSocketChannel::create):
500         (WebCore::WorkerThreadableWebSocketChannel::Bridge::create):
501         * WebCore.xcodeproj/project.pbxproj:
502         * inspector/InspectorOverlay.cpp:
503         (WebCore::InspectorOverlay::overlayPage):
504         * loader/EmptyClients.cpp:
505         (WebCore::EmptyEditorClient::registerRedoStep):
506         (WebCore::EmptySocketProvider::createWebSocketChannel): Deleted.
507         * loader/EmptyClients.h:
508         * page/SocketProvider.cpp: Added.
509         (WebCore::SocketProvider::createSocketStreamHandle):
510         * page/SocketProvider.h:
511         (WebCore::SocketProvider::~SocketProvider): Deleted.
512         * platform/network/cf/SocketStreamHandle.h:
513         * svg/graphics/SVGImage.cpp:
514         (WebCore::SVGImage::dataChanged):
515
516 2016-07-14  Brady Eidson  <beidson@apple.com>
517
518         "User delete" tests are flakey timeouts (and/or DatabaseProcess crashes).
519         https://bugs.webkit.org/show_bug.cgi?id=158741
520
521         Reviewed by Alex Christensen.
522
523         No new tests (Covered by existing tests in some configurations)
524
525         - Check if a database hard delete is complete in more places.
526         - Asynchronously clear out the hard close protector instead of synchronously.
527         
528         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
529         (WebCore::IDBServer::UniqueIDBDatabase::~UniqueIDBDatabase):
530         (WebCore::IDBServer::UniqueIDBDatabase::didPerformUnconditionalDeleteBackingStore):
531         (WebCore::IDBServer::UniqueIDBDatabase::didFinishHandlingVersionChange):
532         (WebCore::IDBServer::UniqueIDBDatabase::connectionClosedFromClient):
533         (WebCore::IDBServer::UniqueIDBDatabase::transactionCompleted):
534         (WebCore::IDBServer::UniqueIDBDatabase::executeNextDatabaseTaskReply):
535         (WebCore::IDBServer::UniqueIDBDatabase::maybeFinishHardClose):
536         (WebCore::IDBServer::UniqueIDBDatabase::isDoneWithHardClose):
537         (WebCore::IDBServer::UniqueIDBDatabase::doneWithHardClose): Deleted.
538
539         * Modules/indexeddb/server/UniqueIDBDatabase.h:
540         (WebCore::IDBServer::UniqueIDBDatabase::hardClosedForUserDelete):
541
542         * Modules/indexeddb/server/UniqueIDBDatabaseConnection.cpp:
543         (WebCore::IDBServer::UniqueIDBDatabaseConnection::didAbortTransaction):
544
545 2016-07-13  Brent Fulgham  <bfulgham@apple.com>
546
547         CSSStyleSheet members should clear their owner node when destroyed
548         https://bugs.webkit.org/show_bug.cgi?id=117470
549
550         Reviewed by Chris Dumez.
551
552         Make sure that CSSStyleSheet members are detached from their owner node when
553         the owning object is destroyed.
554
555         I audited other CSSStyleSheet uses, and found one other place where the owner node was not
556         being cleared during destruction. The Inspector also uses CSSStyleSheet, but seems to
557         handle the node ownership properly.
558
559         Fix based on a Blink change (patch by <haraken@chromium.org>):
560         <https://chromium.googlesource.com/chromium/blink/+/c4949bfdeb2a613701afa1410bdae70531b8f6bf>
561
562         Also includes a follow-up fix (patch by <haraken@chromium.org>):
563         <https://chromium.googlesource.com/chromium/blink/+/9c3932dc80b33429db3a5873cb266b726c8a19bf>
564
565         No test case. Was found by the Chromium team through review of their crash traces under minor DOM GC.
566
567         * contentextensions/ContentExtensionStyleSheet.cpp:
568         (WebCore::ContentExtensions::ContentExtensionStyleSheet::~ContentExtensionStyleSheet):
569         * contentextensions/ContentExtensionStyleSheet.h:
570         * dom/InlineStyleSheetOwner.cpp:
571         (WebCore::InlineStyleSheetOwner::~InlineStyleSheetOwner):
572         (WebCore::authorStyleSheetsForElement):
573
574 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
575
576         Fix the !ENABLE(WEB_SOCKETS) build after r202930
577         https://bugs.webkit.org/show_bug.cgi?id=159768
578
579         Reviewed by Alex Christensen.
580
581         * loader/EmptyClients.cpp:
582         * loader/EmptyClients.h:
583         * page/SocketProvider.h:
584         * workers/WorkerGlobalScope.cpp:
585         (WebCore::WorkerGlobalScope::WorkerGlobalScope):
586         * workers/WorkerThread.cpp:
587         (WebCore::WorkerThread::WorkerThread):
588
589 2016-07-14  Youenn Fablet  <youenn@apple.com>
590
591         DOMIterators should be assigned a correct prototype
592         https://bugs.webkit.org/show_bug.cgi?id=159115
593
594         Reviewed by Chris Dumez.
595
596         Default iterator object internal prototype property is the Iterator prototype as defined in
597         http://heycam.github.io/webidl/#dfn-iterator-prototype-object.
598         Linking DOMIterator prototype to IteratorPrototype.
599         This allows adding @@iterator property to the result of entries, keys and values methods.
600         This in turns allow doing for-of loops on them.
601
602         Covered by updated test.
603
604         * ForwardingHeaders/runtime/IteratorPrototype.h: Added.
605         * bindings/js/JSDOMIterator.h: Setting correct prototype and marking next prototype property as enumerable.
606
607 2016-07-14  Youenn Fablet  <youenn@apple.com>
608
609         Remove support for value iterators from JSDOMIterator
610         https://bugs.webkit.org/show_bug.cgi?id=159293
611
612         Reviewed by Chris Dumez.
613
614         Value iterators are now handled without using DOMIterator.
615         Since FontFaceSet is using DOMIterator as an intermediate step towards supporting set-like,
616         entries and forEach implementation should be made compliant with set-like.
617         This means that item value should be passed instead of an index in entries iterator and forEach callback.
618
619         Covered by updated test.
620
621         * bindings/js/JSDOMIterator.h:
622         (WebCore::JSDOMIterator<JSWrapper>::asJS): Pass set item as entries value field.
623         (WebCore::appendForEachArguments): Pass set item as second parameter.
624         (WebCore::iteratorForEach): Remove index handling.
625
626 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
627
628         Fix the !ENABLE(MATHML) build after r201739
629         https://bugs.webkit.org/show_bug.cgi?id=159767
630
631         Reviewed by Alex Christensen.
632
633         * dom/Document.cpp:
634         (WebCore::Document::validateCustomElementName):
635
636 2016-07-14  Csaba Osztrogonác  <ossy@webkit.org>
637
638         Fix the !ENABLE(CSS_IMAGE_SET) build
639         https://bugs.webkit.org/show_bug.cgi?id=159766
640
641         Reviewed by Alex Christensen.
642
643         * css/CSSParser.cpp:
644
645 2016-07-14  Frederic Wang  <fred.wang@free.fr>
646
647         Cleanup of MathML headers
648         https://bugs.webkit.org/show_bug.cgi?id=159336
649
650         Reviewed by Alex Christensen.
651
652         We do some cleanup in MathML headers:
653         - Use #pragma once
654         - Use final for class that are not extended.
655         - Use final instead of override for virtual members that are not overridden by derived classes.
656         - Try and reduce the visibility of function members to private or protected as appropriate.
657         - Remove useless #include
658         - Remove useless class or friendship declaration
659         - Remove unused functions
660
661         No new tests, behavior is unchanged.
662
663         * mathml/MathMLElement.h:
664         * mathml/MathMLInlineContainerElement.h:
665         * mathml/MathMLMathElement.h:
666         * mathml/MathMLMencloseElement.h:
667         * mathml/MathMLOperatorDictionary.h:
668         * mathml/MathMLPaddedElement.h:
669         * mathml/MathMLSelectElement.h:
670         * mathml/MathMLSpaceElement.h:
671         * mathml/MathMLTextElement.h:
672         * rendering/mathml/MathOperator.h:
673         * rendering/mathml/RenderMathMLBlock.h:
674         * rendering/mathml/RenderMathMLFenced.h:
675         * rendering/mathml/RenderMathMLFraction.h:
676         * rendering/mathml/RenderMathMLMath.h:
677         * rendering/mathml/RenderMathMLMenclose.h:
678         * rendering/mathml/RenderMathMLOperator.h:
679         * rendering/mathml/RenderMathMLRoot.h:
680         * rendering/mathml/RenderMathMLRow.cpp:
681         (WebCore::RenderMathMLRow::RenderMathMLRow): Deleted. We no longer create anonymous row.
682         * rendering/mathml/RenderMathMLRow.h:
683         * rendering/mathml/RenderMathMLScripts.h:
684         * rendering/mathml/RenderMathMLSpace.h:
685         * rendering/mathml/RenderMathMLToken.h:
686         * rendering/mathml/RenderMathMLUnderOver.h:
687
688 2016-07-14  Alex Christensen  <achristensen@webkit.org>
689
690         Pass SessionID to WebSocketHandle constructor
691         https://bugs.webkit.org/show_bug.cgi?id=159772
692
693         Reviewed by Brady Eidson.
694
695         No new tests.  No change in behavior.
696
697         * Modules/websockets/WebSocketChannel.cpp:
698         (WebCore::WebSocketChannel::connect):
699         * platform/network/cf/SocketStreamHandle.h:
700         (WebCore::SocketStreamHandle::create):
701         * platform/network/cf/SocketStreamHandleCFNet.cpp:
702         (WebCore::SocketStreamHandle::SocketStreamHandle):
703         * platform/network/curl/SocketStreamHandle.h:
704         (WebCore::SocketStreamHandle::create):
705         * platform/network/soup/SocketStreamHandle.h:
706
707 2016-07-14  Carlos Garcia Campos  <cgarcia@igalia.com>
708
709         [GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
710         https://bugs.webkit.org/show_bug.cgi?id=159346
711
712         Reviewed by Antonio Gomes.
713
714         This is a follow up of r203216 to fix wrong use of Optional values.
715
716         * platform/linux/MemoryPressureHandlerLinux.cpp:
717
718 2016-07-14  Youenn Fablet  <youenn@apple.com>
719
720         DOM value iterable interfaces should use Array prototype methods
721         https://bugs.webkit.org/show_bug.cgi?id=159296
722
723         Reviewed by Chris Dumez and Mark Lam.
724
725         Test: fast/dom/NodeList/nodelist-iterable.html
726         Also covered by updated layout test and binding tests.
727
728         For value iterators, copy the iterator methods from Array prototype: as per https://heycam.github.io/webidl/#es-iterable,
729         [re: entries] If the interface has a value iterator, then the Function object is the initial value of the "entries" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
730         [re: keys] If the interface has a value iterator, then the Function object is the initial value of the "keys" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
731         [re: forEach] If the interface defines an indexed property getter, then the Function object is the initial value of the "forEach" data property of %ArrayPrototype% ([ECMA-262], section 6.1.7.4).
732         [re: Symbol.iterator] If the interface defines an indexed property getter, then the Function object is %ArrayProto_values% ([ECMA-262], section 6.1.7.4).
733         [re: values] If the interface has a value iterator, then the Function object is the value of the @@iterator property.
734
735         This change applies only to NodeList at the moment.
736         Copy of Array prototype iterator methods is disabled if the interface has no indexed getter.
737
738         * CMakeLists.txt:
739         * ForwardingHeaders/builtins/BuiltinNames.h: Added.
740         * ForwardingHeaders/builtins/JSCBuiltins.h: Added.
741         * ForwardingHeaders/runtime/CommonIdentifiers.h: Added.
742         * WebCore.xcodeproj/project.pbxproj:
743         * bindings/js/JSDOMIterator.cpp: Added.
744         (WebCore::addValueIterableMethods): Copy iterator methods from array prototype.
745         * bindings/js/JSDOMIterator.h:
746         * bindings/scripts/CodeGeneratorJS.pm:
747         (GeneratePropertiesHashTable):
748         (GenerateImplementation):
749         (IsValueIterableInterface): Introduced to only copy iterator methods if the interface has an indexed getter.
750         (IsKeyValueIterableInterface): Introduced to detect whether generating iterator methods.
751         (GenerateImplementationIterableFunctions):
752         * bindings/scripts/test/GObject/WebKitDOMTestIterable.cpp: Added.
753         * bindings/scripts/test/GObject/WebKitDOMTestIterable.h: Added.
754         * bindings/scripts/test/GObject/WebKitDOMTestIterablePrivate.h: Added.
755         * bindings/scripts/test/JS/JSTestIterable.cpp: Added.
756         * bindings/scripts/test/JS/JSTestIterable.h: Added.
757         * bindings/scripts/test/JS/JSTestObj.cpp: Updated as TestObj defines both iterable<> and indexed getter.
758         * bindings/scripts/test/ObjC/DOMTestIterable.h: Added.
759         * bindings/scripts/test/ObjC/DOMTestIterable.mm: Added.
760         * bindings/scripts/test/ObjC/DOMTestIterableInternal.h: Added.
761         * bindings/scripts/test/TestIterable.idl: Added to handle the case of value iterator without indexed getter defined.
762         Array prototype methods should not be copied.
763         * bindings/scripts/test/TestObj.idl: Changing to be a value iterator (with indexed getter already defined).
764         Array prototype methods should be copied.
765
766 2016-07-14  Youenn Fablet  <youenn@apple.com>
767
768         [Fetch API] Request and Response url getter should use URL serialization
769         https://bugs.webkit.org/show_bug.cgi?id=159705
770
771         Reviewed by Alex Christensen.
772
773         Tests: fetch/fetch-url-serialization.html
774                imported/w3c/web-platform-tests/fetch/api/basic/response-url-worker.html
775                imported/w3c/web-platform-tests/fetch/api/basic/response-url.html
776
777         Implementing https://url.spec.whatwg.org/#concept-url-serializer and applying it to Request and Response getter.
778         Adding a temporary routine to compute url cannot-be-a-base-url flag. The parsing routine should store that
779         information in the URL itself.
780
781         Added tests to cover serialization routine. Failing tests are mostly due to limitations of the URL parser.
782         Tests do not check for URLs with username and password as Request constructor throws with such URLs.
783
784         * Modules/fetch/FetchRequest.cpp:
785         (WebCore::FetchRequest::url): Adding request url serialization, fragment included.
786         * Modules/fetch/FetchRequest.h:
787         * Modules/fetch/FetchResponse.cpp:
788         (WebCore::FetchResponse::url): Adding response url serialization, fragment excluded.
789         * Modules/fetch/FetchResponse.h:
790         * platform/URL.cpp:
791         (WebCore::cannotBeABaseURL): Temporary helper function to have a coarse evaluation of url cannot-be-a-base-url flag.
792         (WebCore::URL::serialize): Implementation of https://url.spec.whatwg.org/#concept-url-serializer.
793         * platform/URL.h:
794         (WebCore::URL::hasUser): Helper getter.
795         (WebCore::URL::hasPassword): Ditto.
796         (WebCore::URL::hasQuery): Ditto.
797         (WebCore::URL::hasFragment): Ditto.
798
799 2016-07-14  Sergio Villar Senin  <svillar@igalia.com>
800
801         [css-grid] Const-ify track sizing algorithm
802         https://bugs.webkit.org/show_bug.cgi?id=159716
803
804         Reviewed by Carlos Garcia Campos.
805
806         All the methods used to run the track sizing algorithm should not
807         modify the state of LayoutGrid. We can safely const-ify all of them
808         and remove the ugly const_cast in computeIntrinsicLogicalWidths().
809
810         No new tests needed as there is no change in behavior.
811
812         * rendering/RenderGrid.cpp:
813         (WebCore::RenderGrid::logicalHeightForChild):
814         (WebCore::RenderGrid::minSizeForChild):
815         (WebCore::RenderGrid::updateOverrideContainingBlockContentLogicalWidthForChild):
816         (WebCore::RenderGrid::minContentForChild):
817         (WebCore::RenderGrid::maxContentForChild):
818         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
819         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
820         (WebCore::RenderGrid::currentItemSizeForTrackSizeComputationPhase):
821         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForItems):
822         (WebCore::RenderGrid::distributeSpaceToTracks):
823         * rendering/RenderGrid.h:
824
825 2016-07-14  Jer Noble  <jer.noble@apple.com>
826
827         REGRESSION (r202918): LayoutTest media/video-main-content-allow-then-deny.html is flaky, failing almost every time on El Capitan
828         https://bugs.webkit.org/show_bug.cgi?id=159533
829
830         Reviewed by Eric Carlson.
831
832         Move the contents of mainContentCheckTimerFired() into updateIsMainContent() so that the
833         results of changing the m_isMainContent ivar are acted upon no matter why m_isMainContent
834         changes.
835
836         * html/MediaElementSession.cpp:
837         (WebCore::MediaElementSession::mainContentCheckTimerFired):
838         (WebCore::MediaElementSession::updateIsMainContent):
839
840 2016-07-13  Alex Christensen  <achristensen@webkit.org>
841
842         Modernize WebSocket handle
843         https://bugs.webkit.org/show_bug.cgi?id=159750
844
845         Reviewed by Brady Eidson.
846
847         No new tests.  No change in behavior.
848         This patch just removes ThreadableWebSocketChannel::InvalidMessage which is never used
849         and makes our use of SocketStreamHandleClient a reference instead of a pointer.
850
851         * Modules/websockets/ThreadableWebSocketChannel.h:
852         * Modules/websockets/WebSocket.cpp:
853         (WebCore::WebSocket::send):
854         * Modules/websockets/WebSocketChannel.cpp:
855         (WebCore::WebSocketChannel::connect):
856         * platform/network/SocketStreamHandleBase.cpp:
857         (WebCore::SocketStreamHandleBase::SocketStreamHandleBase):
858         (WebCore::SocketStreamHandleBase::send):
859         (WebCore::SocketStreamHandleBase::disconnect):
860         (WebCore::SocketStreamHandleBase::sendPendingData):
861         (WebCore::SocketStreamHandleBase::setClient): Deleted.
862         * platform/network/SocketStreamHandleBase.h:
863         (WebCore::SocketStreamHandleBase::~SocketStreamHandleBase):
864         (WebCore::SocketStreamHandleBase::bufferedAmount):
865         (WebCore::SocketStreamHandleBase::client):
866         * platform/network/cf/SocketStreamHandle.h:
867         (WebCore::SocketStreamHandle::create):
868         * platform/network/cf/SocketStreamHandleCFNet.cpp:
869         (WebCore::SocketStreamHandle::SocketStreamHandle):
870         (WebCore::SocketStreamHandle::addCONNECTCredentials):
871         (WebCore::SocketStreamHandle::copyCFStreamDescription):
872         (WebCore::SocketStreamHandle::readStreamCallback):
873         (WebCore::SocketStreamHandle::writeStreamCallback):
874         (WebCore::SocketStreamHandle::reportErrorToClient):
875         (WebCore::SocketStreamHandle::~SocketStreamHandle):
876         (WebCore::SocketStreamHandle::platformClose):
877         (WebCore::SocketStreamHandle::port):
878         * platform/network/curl/SocketStreamHandle.h:
879         (WebCore::SocketStreamHandle::create):
880         * platform/network/curl/SocketStreamHandleCurl.cpp:
881         (WebCore::SocketStreamHandle::SocketStreamHandle):
882         (WebCore::SocketStreamHandle::platformClose):
883         (WebCore::SocketStreamHandle::readData):
884         (WebCore::SocketStreamHandle::didReceiveData):
885         (WebCore::SocketStreamHandle::didOpenSocket):
886         (WebCore::SocketStreamHandle::createCopy):
887         * platform/network/soup/SocketStreamHandle.h:
888         * platform/network/soup/SocketStreamHandleSoup.cpp:
889         (WebCore::SocketStreamHandle::SocketStreamHandle):
890         (WebCore::SocketStreamHandle::~SocketStreamHandle):
891         (WebCore::SocketStreamHandle::connected):
892         (WebCore::SocketStreamHandle::connectedCallback):
893         (WebCore::SocketStreamHandle::readBytes):
894         (WebCore::SocketStreamHandle::didFail):
895         (WebCore::SocketStreamHandle::writeReady):
896         (WebCore::SocketStreamHandle::platformClose):
897         (WebCore::SocketStreamHandle::beginWaitingForSocketWritability):
898
899 2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>
900
901         [GLib] Use a GSource instead of a thread to poll memory pressure eventFD in linux implementation
902         https://bugs.webkit.org/show_bug.cgi?id=159346
903
904         Reviewed by Antonio Gomes.
905
906         The eventFD file descriptor is pollable, so it would be much better to use a poll instead of a blocking read in
907         a secondary thread and then communicate back to the main thread. This is very easy to do with GSource in GLib,
908         so we could use that when GLib is available and keep the current implementation as a fallback.
909
910         * platform/MemoryPressureHandler.cpp:
911         (WebCore::m_holdOffTimer): Use a RunLoop timer.
912         * platform/MemoryPressureHandler.h:
913         * platform/linux/MemoryPressureHandlerLinux.cpp:
914         (WebCore::MemoryPressureHandler::EventFDPoller::EventFDPoller): Helper class do the eventFD polling.
915         (WebCore::MemoryPressureHandler::logErrorAndCloseFDs): Check if file descriptors are -1 not 0.
916         (WebCore::MemoryPressureHandler::install): Return early also if the hold off timer is active. Use EventFDPoller
917         to do the polling.
918         (WebCore::MemoryPressureHandler::uninstall): Stop the hold off timer and clear the EventFDPoller.
919
920 2016-07-13  Benjamin Poulain  <benjamin@webkit.org>
921
922         [CSS][ARMv7] :nth-child() do not reserve enough registers if it is in backtracking chain
923         https://bugs.webkit.org/show_bug.cgi?id=159746
924         rdar://problem/26156169
925
926         Reviewed by Andreas Kling.
927
928         The generator generateElementIsNthChild() requires 6 registers in style resolution
929         to mark previous siblings with generateAddStyleRelationIfResolvingStyle() in the loop.
930
931         We were only reserving 5, which is a problem is the sixth is taken by the backtracking
932         register. x86_64 was already requiring 6 for unrelated reasons and ARM64 has so many registers
933         that you cannot possibly run out of them in CSS JIT.
934
935         I generalized the x86_64 path to all architectures.
936         I did not limit this case to style resolution because the extra register is irrelevant
937         in most cases. The only difference is one extra push/pop on ARMv7 if you use querySelector
938         with :nth-child in a backtracking chain.
939
940         This problem is covered by the existing test fast/selectors/nth-child-with-backtracking.html
941
942         * cssjit/SelectorCompiler.cpp:
943         (WebCore::SelectorCompiler::minimumRegisterRequirements): Deleted.
944
945 2016-07-13  Chris Dumez  <cdumez@apple.com>
946
947         Drop unnecessary check from ContainerNode::removeChild()
948         https://bugs.webkit.org/show_bug.cgi?id=159747
949
950         Reviewed by Andreas Kling.
951
952         Drop unnecessary check from ContainerNode::removeChild() to make sure that
953         the parent of the node being removed is |this|. We already do this check
954         a few lines above. The only thing that happens in between is the ref'ing
955         of the node, which does not cause any JS execution.
956
957         This check was introduced in r55783 because there used to be a call to
958         document()->removeFocusedNodeOfSubtree(child.get());
959         between the two checks. However, this call has been removed since then
960         and the extra parentNode() check was left in.
961
962         * dom/ContainerNode.cpp:
963         (WebCore::ContainerNode::removeChild): Deleted.
964
965 2016-07-12  Ryosuke Niwa  <rniwa@webkit.org>
966
967         REGRESSION(r202953): Clicking on input[type=file] doesn't open a file picker
968         https://bugs.webkit.org/show_bug.cgi?id=159686
969
970         Reviewed by Chris Dumez.
971
972         The bug was caused by DOMActivate event not propagating out of the user-agent shadow tree
973         of a file input, and FileInputType not receiving the event to open the file picker.
974
975         Made DOMActivate "composed" event which cross shadow boundaries to fix the bug. The feedback
976         was given back to W3C on https://github.com/w3c/webcomponents/issues/513#issuecomment-231851617
977
978         Test: fast/forms/file/open-file-panel.html
979
980         * dom/Event.cpp:
981         (WebCore::Event::composed):
982
983 2016-07-13  Antti Koivisto  <antti@apple.com>
984
985         v2: WebContent crash due to RELEASE_ASSERT(!m_inLoadPendingImages) in StyleResolver::~StyleResolver()
986         https://bugs.webkit.org/show_bug.cgi?id=159722
987
988         Reviewed by Andreas Kling.
989
990         We have crashes where a StyleResolver is deleted underneath pseudoStyleForElement (key parts of the stack):
991
992         0   WebCore::StyleResolver::~StyleResolver
993         3   WebCore::AuthorStyleSheets::updateActiveStyleSheets
994         4   WebCore::Document::styleResolverChanged
995         5   WebKit::WebPage::viewportConfigurationChanged()
996         6   WebKit::WebPage::mainFrameDidLayout()
997         9   WebCore::FrameLoader::checkCompleted
998         13  WebCore::ResourceLoader::cancel
999         19  WebKit::WebLoaderStrategy::loadResource
1000         24  WebCore::Style::loadPendingImage
1001         27  WebCore::StyleResolver::pseudoStyleForElement
1002         29  WebCore::RenderTreeUpdater::updateBeforeOrAfterPseudoElement
1003         33  WebCore::Document::recalcStyle
1004
1005         This appears to be happening when a content blocker blocks a resource load for an image referenced from a stylesheet
1006         and triggers synchronous cancellation of the load. With engine in suitable state this can clear style resolver.
1007
1008         No test, don't know how to make one. This is very timing and engine state dependent.
1009
1010         * dom/AuthorStyleSheets.cpp:
1011         (WebCore::AuthorStyleSheets::updateActiveStyleSheets):
1012
1013         We have an existing check here that prevents destruction of the style resolver when we are in the middle of
1014         a style resolution. However the old inStyleRecalc() bit no longer covers the render tree update phase. Pseudo
1015         elements are resolved during render tree update.
1016
1017         Fix by adding a check for inRenderTreeUpdate() bit too.
1018
1019         This just fixes a regression. A proper fix would be to gather all resources during style resolution
1020         and trigger the loads afterwards.
1021
1022 2016-07-13  Frederic Wang  <fred.wang@free.fr>
1023
1024         Remove padding and margin around the <math> element
1025         https://bugs.webkit.org/show_bug.cgi?id=157989
1026
1027         Reviewed by Brent Fulgham.
1028
1029         No new tests, already covered by existing tests.
1030
1031         * css/mathml.css:
1032         (math): Remove padding.
1033         (math[display="block"]): Remove margin.
1034
1035 2016-07-13  Enrica Casucci  <enrica@apple.com>
1036
1037         Update supported platforms in xcconfig files to match the sdk names.
1038         https://bugs.webkit.org/show_bug.cgi?id=159728
1039
1040         Reviewed by Tim Horton.
1041
1042         * Configurations/Base.xcconfig:
1043
1044 2016-07-13  Anders Carlsson  <andersca@apple.com>
1045
1046         "requiredShippingAddressFields" has been deprecated error thrown when using "requiredBillingAddressFields"
1047         https://bugs.webkit.org/show_bug.cgi?id=159729
1048         rdar://problem/27314974
1049
1050         Reviewed by Tim Horton.
1051
1052         Fix a paste-o.
1053
1054         * Modules/applepay/ApplePaySession.cpp:
1055         (WebCore::createPaymentRequest):
1056
1057 2016-07-13  Brent Fulgham  <bfulgham@apple.com>
1058
1059         [WK1][iOS] Crash when WebSocket attempts to dispatch a mixed content blocker event
1060         https://bugs.webkit.org/show_bug.cgi?id=159680
1061         <rdar://problem/22102028>
1062
1063         Reviewed by Zalan Bujtas.
1064
1065         WK1 on iOS should not use RunLoop::main(). Instead, it should be dispatching events
1066         on the WebThread.
1067
1068         Test: http/tests/ssl/mixedContent/insecure-websocket.html
1069
1070         * Modules/websockets/WebSocket.cpp:
1071         (WebCore::WebSocket::connect): Do not use RunLoop::main() when we should be using
1072         the WebThread.
1073
1074 2016-07-13  Frederic Wang  <fwang@igalia.com>
1075
1076         The display property of many MathML elements can not be overriden by page authors
1077         https://bugs.webkit.org/show_bug.cgi?id=139403
1078
1079         The mathml.css user agent stylesheet currently forces most MathML elements to render with
1080         'display: block'. We remove the !important keyword so that users can override the display
1081         property, for example to hide elements with 'display: none'. This is consistent with the
1082         behavior for SVG or HTML elements.
1083
1084         Reviewed by Brent Fulgham.
1085
1086         Test: imported/mathml-in-html5/mathml/relations/css-styling/display-1.html
1087
1088         * css/mathml.css:
1089         (math):
1090         (math[display="block"]):
1091         (ms, mspace, mtext, mi, mn, mo, mrow, mfenced, mfrac, msub, msup, msubsup, mmultiscripts, mprescripts, none, munder, mover, munderover, msqrt, mroot, merror, mphantom, mstyle, menclose, semantics, mpadded, maction):
1092         (mtd > *):
1093
1094 2016-07-13  Youenn Fablet  <youenn@apple.com>
1095
1096         [Fetch API] Response should not become disturbed on the ReadableStream creation
1097         https://bugs.webkit.org/show_bug.cgi?id=159714
1098
1099         Reviewed by Alex Christensen.
1100
1101         Covered by rebased test and existing tests.
1102
1103         * Modules/fetch/FetchResponse.cpp:
1104         (WebCore::FetchResponse::stop): Making the response disturbed if cancelled.
1105         * Modules/fetch/FetchResponseSource.cpp:
1106         (WebCore::FetchResponseSource::firstReadCallback): Start enqueueing as soon as first read is made.
1107         (WebCore::FetchResponseSource::doStart): Keep the start promise unresolved so that pull is not called.
1108         FetchResponse is a push source.
1109         * Modules/fetch/FetchResponseSource.h:
1110         * Modules/streams/ReadableStreamInternals.js:
1111         (readFromReadableStreamReader): Calling @firstReadCallback.
1112         * Modules/streams/ReadableStreamSource.h:
1113         (WebCore::ReadableStreamSource::firstReadCallback): Default implementation (does nothing).
1114         * Modules/streams/ReadableStreamSource.idl: Adding firstReadCallback private method.
1115         * bindings/js/WebCoreBuiltinNames.h: Adding @firstReadCallback.
1116
1117 2016-07-13  Philippe Normand  <pnormand@igalia.com>
1118
1119         [GStreamer][GL] crash within triggerRepaint
1120         https://bugs.webkit.org/show_bug.cgi?id=159552
1121
1122         Reviewed by Xabier Rodriguez-Calvar.
1123
1124         Revert the un-needed changes introduced in r203056 and use the
1125         MainThreadNotifier without redundant checks.
1126
1127         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
1128         (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer):
1129         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
1130         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
1131         (WebCore::MediaPlayerPrivateGStreamer::createWeakPtr):
1132         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1133         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
1134         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
1135         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
1136         (WebCore::MediaPlayerPrivateGStreamerBase::createWeakPtr): Deleted.
1137
1138 2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>
1139
1140         Unreviewed. Fix GObject DOM bindings API breaks after r203047-
1141
1142         webkit_dom_document_set_title() and webkit_dom_html_title_element_set_text() now can raise exceptions. 
1143
1144         * bindings/gobject/WebKitDOMDeprecated.cpp:
1145         (webkit_dom_document_set_title):
1146         (webkit_dom_html_title_element_set_text):
1147         * bindings/gobject/WebKitDOMDeprecated.h:
1148         * bindings/gobject/WebKitDOMDeprecated.symbols:
1149         * bindings/gobject/webkitdom.symbols:
1150         * bindings/scripts/CodeGeneratorGObject.pm:
1151         (GenerateProperty):
1152         (FunctionUsedToNotRaiseException):
1153
1154 2016-07-13  Carlos Garcia Campos  <cgarcia@igalia.com>
1155
1156         [Coordinated Graphics] Remove toCoordinatedGraphicsLayer and use downcast instead
1157         https://bugs.webkit.org/show_bug.cgi?id=159469
1158
1159         Reviewed by Michael Catanzaro.
1160
1161         * page/scrolling/coordinatedgraphics/ScrollingCoordinatorCoordinatedGraphics.cpp:
1162         (WebCore::ScrollingCoordinatorCoordinatedGraphics::detachFromStateTree):
1163         (WebCore::ScrollingCoordinatorCoordinatedGraphics::updateViewportConstrainedNode):
1164         (WebCore::ScrollingCoordinatorCoordinatedGraphics::scrollableAreaScrollLayerDidChange):
1165         (WebCore::ScrollingCoordinatorCoordinatedGraphics::willDestroyScrollableArea):
1166         * platform/graphics/GraphicsLayer.h:
1167         (WebCore::GraphicsLayer::isCoordinatedGraphicsLayer):
1168         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.cpp:
1169         (WebCore::toCoordinatedLayerID):
1170         (WebCore::CoordinatedGraphicsLayer::setShouldUpdateVisibleRect):
1171         (WebCore::CoordinatedGraphicsLayer::removeFromParent):
1172         (WebCore::CoordinatedGraphicsLayer::setMaskLayer):
1173         (WebCore::CoordinatedGraphicsLayer::flushCompositingState):
1174         (WebCore::CoordinatedGraphicsLayer::syncPendingStateChangesIncludingSubLayers):
1175         (WebCore::CoordinatedGraphicsLayer::findFirstDescendantWithContentsRecursively):
1176         (WebCore::CoordinatedGraphicsLayer::updateContentBuffersIncludingSubLayers):
1177         (WebCore::CoordinatedGraphicsLayer::computeTransformedVisibleRect):
1178         (WebCore::CoordinatedGraphicsLayer::selfOrAncestorHasActiveTransformAnimation):
1179         (WebCore::CoordinatedGraphicsLayer::selfOrAncestorHaveNonAffineTransforms):
1180         (WebCore::toCoordinatedGraphicsLayer): Deleted.
1181         * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
1182
1183 2016-07-12  Youenn Fablet  <youenn@apple.com>
1184
1185         [Fetch API] isRedirected should be conveyed in workers
1186         https://bugs.webkit.org/show_bug.cgi?id=159676
1187
1188         Reviewed by Alex Christensen.
1189
1190         Passing isRedirected value between threads.
1191         Rebasing corresponding worker test, even though it is currently skipped (due to crashing flakiness).
1192
1193         * platform/network/ResourceResponseBase.cpp:
1194         (WebCore::ResourceResponseBase::crossThreadData):
1195         (WebCore::ResourceResponseBase::fromCrossThreadData):
1196         * platform/network/ResourceResponseBase.h:
1197
1198 2016-07-12  Eric Carlson  <eric.carlson@apple.com>
1199
1200         REGRESSION (r202509): media controls controls enabled AirPlay placeholder is shown
1201         https://bugs.webkit.org/show_bug.cgi?id=159685
1202         <rdar://problem/27198899>
1203
1204         Reviewed by Dean Jackson.
1205
1206         Test: media/controls/airplay-controls.html
1207
1208         * Modules/mediacontrols/mediaControlsApple.js:
1209         (Controller.prototype.shouldShowControls): Split some of the logic out of shouldHaveControls.
1210         (Controller.prototype.shouldHaveControls): Having controls != showing controls.
1211         (Controller.prototype.updateControls): Call shouldShowControls, not shouldHaveControls.
1212         (Controller.prototype.updateWirelessPlaybackStatus): Add 'appletv' to the class when active.
1213
1214         * html/HTMLMediaElement.cpp:
1215         (WebCore::HTMLMediaElement::getCurrentMediaControlsStatus): Call ensureMediaControlsShadowRoot
1216         in case the controls haven't been created yet.
1217
1218 2016-07-12  Frederic Wang  <fwang@igalia.com>
1219
1220         Move parsing of mpadded attributes to a MathMLPaddedElement class
1221         https://bugs.webkit.org/show_bug.cgi?id=159620
1222
1223         Reviewed by Brent Fulgham.
1224
1225         No new tests, behavior is unchanged.
1226
1227         * CMakeLists.txt: Add MathMLPaddedElement files.
1228         * WebCore.xcodeproj/project.pbxproj: Ditto.
1229         * mathml/MathMLAllInOne.cpp: Ditto.
1230         * mathml/MathMLInlineContainerElement.cpp: Remove handling of mpadded.
1231         * mathml/MathMLPaddedElement.cpp: Added.
1232         (WebCore::MathMLPaddedElement::MathMLPaddedElement):
1233         (WebCore::MathMLPaddedElement::create):
1234         (WebCore::MathMLPaddedElement::width): Expose width attribute as a MathMLLength until mpadded
1235         pseudo-units are supported.
1236         (WebCore::MathMLPaddedElement::height): Ditto.
1237         (WebCore::MathMLPaddedElement::depth): Ditto
1238         (WebCore::MathMLPaddedElement::lspace): Ditto.
1239         (WebCore::MathMLPaddedElement::voffset): Ditto.
1240         (WebCore::MathMLPaddedElement::parseAttribute): Make length attribute dirty.
1241         (WebCore::MathMLPaddedElement::createElementRenderer): Moved code from MathMLInlineContainerElement.
1242         * mathml/MathMLPaddedElement.h: Added.
1243         * mathml/mathtags.in: Map mapdded to MathMLPaddedElement.
1244         * rendering/mathml/RenderMathMLPadded.cpp:
1245         (WebCore::RenderMathMLPadded::resolveWidth): Helper function to resolve width.
1246         (WebCore::RenderMathMLPadded::resolveAttributes): Helper function to resolve all attributes.
1247         (WebCore::RenderMathMLPadded::computePreferredLogicalWidths): Use resolveWidth.
1248         (WebCore::RenderMathMLPadded::layoutBlock): Use resolveAttributes.
1249         * rendering/mathml/RenderMathMLPadded.h: Add new helper functions to access attributes from
1250         the MathMLPaddedElement class.
1251
1252 2016-07-12  Andreas Kling  <akling@apple.com>
1253
1254         [Cocoa] Simulated memory warning doesn't trigger libcache purge.
1255         <https://webkit.org/b/159688>
1256
1257         Reviewed by Chris Dumez.
1258
1259         Since simulated memory warnings will have the "is under memory pressure" flag set,
1260         we were skipping the libcache purge call.
1261
1262         Add a separate flag that tracks whether we're under simulated pressure, and always
1263         prod libcache in that case.
1264
1265         * platform/MemoryPressureHandler.h:
1266         * platform/cocoa/MemoryPressureHandlerCocoa.mm:
1267         (WebCore::MemoryPressureHandler::platformReleaseMemory):
1268         (WebCore::MemoryPressureHandler::install):
1269
1270 2016-07-12  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1271
1272         Purge PassRefPtr in Modules/webdatabase
1273         https://bugs.webkit.org/show_bug.cgi?id=159255
1274
1275         Reviewed by Benjamin Poulain.
1276
1277         As a step to remove PassRefPtr use, this patch cleans it up in Modules/webdatabase.
1278
1279         Additionally unnecessary spaces and tabs are removed too.
1280
1281         * Modules/webdatabase/ChangeVersionWrapper.cpp:
1282         * Modules/webdatabase/DOMWindowWebDatabase.h:
1283         * Modules/webdatabase/Database.cpp:
1284         (WebCore::Database::Database):
1285         (WebCore::Database::~Database):
1286         (WebCore::Database::scheduleTransaction):
1287         (WebCore::Database::runTransaction):
1288         * Modules/webdatabase/Database.h:
1289         * Modules/webdatabase/DatabaseAuthorizer.cpp:
1290         (WebCore::DatabaseAuthorizer::allowRead):
1291         * Modules/webdatabase/DatabaseManager.cpp:
1292         (WebCore::DatabaseManager::openDatabase):
1293         (WebCore::DatabaseManager::fullPathForDatabase):
1294         (WebCore::DatabaseManager::detailsForNameAndOrigin):
1295         * Modules/webdatabase/DatabaseManager.h:
1296         * Modules/webdatabase/DatabaseTask.cpp:
1297         (WebCore::DatabaseTransactionTask::DatabaseTransactionTask):
1298         * Modules/webdatabase/DatabaseTask.h:
1299         * Modules/webdatabase/SQLCallbackWrapper.h:
1300         (WebCore::SQLCallbackWrapper::SQLCallbackWrapper):
1301         * Modules/webdatabase/SQLResultSetRowList.h:
1302         * Modules/webdatabase/SQLStatement.cpp:
1303         (WebCore::SQLStatement::SQLStatement):
1304         (WebCore::SQLStatement::sqlError):
1305         (WebCore::SQLStatement::sqlResultSet):
1306         * Modules/webdatabase/SQLStatement.h:
1307         * Modules/webdatabase/SQLTransaction.h:
1308         * Modules/webdatabase/SQLTransactionBackend.cpp:
1309         (WebCore::SQLTransactionBackend::create):
1310         (WebCore::SQLTransactionBackend::SQLTransactionBackend):
1311         (WebCore::SQLTransactionBackend::transactionError):
1312         * Modules/webdatabase/SQLTransactionBackend.h:
1313
1314 2016-07-11  Dean Jackson  <dino@apple.com>
1315
1316         REGRESSION (202694): Audio and Video playback controls: Cannot find a position slider to adjust playback position using VO.
1317         https://bugs.webkit.org/show_bug.cgi?id=159661
1318         <rdar://problem/27285135>
1319
1320         Reviewed by Eric Carlson.
1321
1322         The change in r202694 caused MediaDocuments to not always
1323         show their scrubber. The fix is to reduce the minimum amount
1324         of size needed to show the scrubber.
1325
1326         Test: media/controls/default-size-should-show-scrubber.html
1327
1328         * Modules/mediacontrols/mediaControlsApple.js: 80 pixels is enough
1329         to show the scrubber.
1330
1331 2016-07-12  Frederic Wang  <fwang@igalia.com>
1332
1333         Move MathMLOperatorDictionary from rendering to DOM
1334         https://bugs.webkit.org/show_bug.cgi?id=159619
1335
1336         Reviewed by Brent Fulgham.
1337
1338         No new tests, behavior is unchanged.
1339
1340         * CMakeLists.txt: Use the new location of MathMLOperatorDictionary files.
1341         * WebCore.xcodeproj/project.pbxproj: Ditto.
1342         * mathml/MathMLAllInOne.cpp: Add MathMLOperatorDictionary.cpp
1343         * mathml/MathMLOperatorDictionary.cpp: Renamed from Source/WebCore/rendering/mathml/MathMLOperatorDictionary.cpp.
1344         * mathml/MathMLOperatorDictionary.h: Renamed from Source/WebCore/rendering/mathml/MathMLOperatorDictionary.h.
1345
1346 2016-07-12  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1347
1348         Remove ENABLE_CSS3_TEXT_LINE_BREAK flag
1349         https://bugs.webkit.org/show_bug.cgi?id=159671
1350
1351         Reviewed by Csaba Osztrogonác.
1352
1353         ENABLE_CSS3_TEXT_LINE_BREAK feature was implemented without guards.
1354         https://bugs.webkit.org/show_bug.cgi?id=89235
1355
1356         So this guard can be removed in build scripts.
1357
1358         * Configurations/FeatureDefines.xcconfig:
1359
1360 2016-07-12  Commit Queue  <commit-queue@webkit.org>
1361
1362         Unreviewed, rolling out r203059.
1363         https://bugs.webkit.org/show_bug.cgi?id=159673
1364
1365         B and R channels now swapped on desktop GL builds (Requested
1366         by philn on #webkit).
1367
1368         Reverted changeset:
1369
1370         "Red and blue colors are swapped in video rendered through
1371         WebGL when GSTREAMER_GL is enabled"
1372         https://bugs.webkit.org/show_bug.cgi?id=159621
1373         http://trac.webkit.org/changeset/203059
1374
1375 2016-07-12  Yoav Weiss  <yoav@yoav.ws>
1376
1377         js/dom/global-constructors-attributes.html is flaky: ResourceTiming runtime feature leaks between tests
1378         https://bugs.webkit.org/show_bug.cgi?id=158902
1379
1380         Reviewed by Benjamin Poulain.
1381
1382         Adds a new reset() mechanism to RuntimeEnabledFeatures so that they could be brought back to the initial state.
1383         This reset() is then called from DumpRenderTree and WebKitTestRunner.
1384
1385         No new tests but hopefully current tests will be less flaky.
1386
1387         * bindings/generic/RuntimeEnabledFeatures.cpp:
1388         (WebCore::RuntimeEnabledFeatures::RuntimeEnabledFeatures):
1389         (WebCore::RuntimeEnabledFeatures::reset):
1390         * bindings/generic/RuntimeEnabledFeatures.h:
1391         * testing/Internals.cpp:
1392         (WebCore::Internals::resetToConsistentState): reset RuntimeEnabledFeatures.
1393
1394 2016-07-11  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
1395
1396         Purge PassRefPtr in platform/efl and platform/mac 
1397         https://bugs.webkit.org/show_bug.cgi?id=159548
1398
1399         Reviewed by Alex Christensen.
1400
1401         Remove all use of PassRefPtr and clean up unnecessary tabs and spaces.
1402         WebKit2 codes are also changed because of setBufferForType()'s modification.
1403
1404         No new tests, no behavior changes.
1405
1406         * platform/PasteboardStrategy.h:
1407         * platform/PlatformPasteboard.h:
1408         * platform/PlatformSpeechSynthesizer.h:
1409         * platform/SerializedPlatformRepresentation.h:
1410         * platform/efl/PlatformSpeechSynthesisProviderEfl.cpp:
1411         (WebCore::PlatformSpeechSynthesisProviderEfl::speak):
1412         * platform/efl/PlatformSpeechSynthesisProviderEfl.h:
1413         * platform/efl/PlatformSpeechSynthesizerEfl.cpp:
1414         (WebCore::PlatformSpeechSynthesizer::speak):
1415         * platform/ios/PlatformPasteboardIOS.mm:
1416         (WebCore::PlatformPasteboard::setBufferForType):
1417         * platform/ios/PlatformSpeechSynthesizerIOS.mm:
1418         (SOFT_LINK_CONSTANT):
1419         (-[WebSpeechSynthesisWrapper initWithSpeechSynthesizer:]):
1420         (-[WebSpeechSynthesisWrapper mapSpeechRateToPlatformRate:]):
1421         (-[WebSpeechSynthesisWrapper speakUtterance:]):
1422         (-[WebSpeechSynthesisWrapper pause]):
1423         (-[WebSpeechSynthesisWrapper resume]):
1424         (-[WebSpeechSynthesisWrapper cancel]):
1425         (-[WebSpeechSynthesisWrapper speechSynthesizer:didStartSpeechUtterance:]):
1426         (-[WebSpeechSynthesisWrapper speechSynthesizer:didFinishSpeechUtterance:]):
1427         (-[WebSpeechSynthesisWrapper speechSynthesizer:didPauseSpeechUtterance:]):
1428         (-[WebSpeechSynthesisWrapper speechSynthesizer:didContinueSpeechUtterance:]):
1429         (-[WebSpeechSynthesisWrapper speechSynthesizer:didCancelSpeechUtterance:]):
1430         (-[WebSpeechSynthesisWrapper speechSynthesizer:willSpeakRangeOfSpeechString:utterance:]):
1431         (WebCore::PlatformSpeechSynthesizer::speak):
1432         * platform/mac/PasteboardMac.mm:
1433         (WebCore::Pasteboard::write):
1434         * platform/mac/PlatformPasteboardMac.mm:
1435         (WebCore::PlatformPasteboard::getTypes):
1436         (WebCore::PlatformPasteboard::getPathnamesForType):
1437         (WebCore::PlatformPasteboard::color):
1438         (WebCore::PlatformPasteboard::copy):
1439         (WebCore::PlatformPasteboard::setBufferForType):
1440         (WebCore::PlatformPasteboard::setPathnamesForType):
1441         * platform/mac/PlatformSpeechSynthesizerMac.mm:
1442         (-[WebSpeechSynthesisWrapper initWithSpeechSynthesizer:]):
1443         (-[WebSpeechSynthesisWrapper speakUtterance:]):
1444         (-[WebSpeechSynthesisWrapper pause]):
1445         (-[WebSpeechSynthesisWrapper resume]):
1446         (-[WebSpeechSynthesisWrapper cancel]):
1447         (-[WebSpeechSynthesisWrapper speechSynthesizer:didFinishSpeaking:]):
1448         (WebCore::PlatformSpeechSynthesizer::initializeVoiceList):
1449         (WebCore::PlatformSpeechSynthesizer::speak):
1450         * platform/mac/SerializedPlatformRepresentationMac.h:
1451         * platform/mac/SerializedPlatformRepresentationMac.mm:
1452         (WebCore::SerializedPlatformRepresentationMac::data):
1453         (WebCore::jsValueWithValueInContext):
1454         * platform/mock/PlatformSpeechSynthesizerMock.cpp:
1455         (WebCore::PlatformSpeechSynthesizerMock::speakingFinished):
1456         (WebCore::PlatformSpeechSynthesizerMock::speak):
1457         (WebCore::PlatformSpeechSynthesizerMock::cancel):
1458         * platform/mock/PlatformSpeechSynthesizerMock.h:
1459
1460 2016-07-11  Frederic Wang  <fwang@igalia.org>
1461
1462         Move parsing of mspace attributes to a MathMLSpaceElement class
1463         https://bugs.webkit.org/show_bug.cgi?id=156795
1464
1465         Reviewed by Brent Fulgham.
1466
1467         No new tests, already covered by existing tests.
1468
1469         * CMakeLists.txt: Add MathMLSpaceElement to the build system.
1470         * WebCore.xcodeproj/project.pbxproj: Ditto.
1471         * mathml/MathMLElement.cpp:
1472         (WebCore::MathMLElement::cachedMathMLLength): Helper function to returned the cached parsed
1473         value of a MathML length and parsing the corresponding attribute value if the cache is dirty.
1474         * mathml/MathMLElement.h: Add a dirty boolean to MathML Length structure. Declare cachedMathMLLength.
1475         * mathml/MathMLSpaceElement.cpp: New class for the <mspace> element.
1476         (WebCore::MathMLSpaceElement::MathMLSpaceElement):
1477         (WebCore::MathMLSpaceElement::create):
1478         (WebCore::MathMLSpaceElement::parseAttribute): Make width, height, depth attributes dirty.
1479         (WebCore::MathMLSpaceElement::createElementRenderer):
1480         * mathml/MathMLSpaceElement.h: New class for the <mspace> element.
1481         We define MathML lengths for width, height and depth attributes are on the class and expose
1482         with the corresponding helper functions via memoization.
1483         * mathml/MathMLTextElement.cpp: Remove handling of mspace from this class.
1484         (WebCore::MathMLTextElement::createElementRenderer):
1485         * mathml/mathtags.in: Change the interface for mspace to use the new class.
1486         * rendering/mathml/RenderMathMLSpace.cpp: Do not store width/height/depth values on the
1487         renderer and instead just use the corresponding MathML lengths on the element class.
1488         (WebCore::RenderMathMLSpace::RenderMathMLSpace): Use MathMLSpaceElement and remove member
1489         initialization.
1490         (WebCore::RenderMathMLSpace::computePreferredLogicalWidths): Use spaceWidth().
1491         (WebCore::RenderMathMLSpace::spaceWidth): Helper function to resolve the width attribute value.
1492         (WebCore::RenderMathMLSpace::getSpaceHeightAndDepth): Ditto for height and depth.
1493         (WebCore::RenderMathMLSpace::layoutBlock): Use the helper functions to get the mspace metrics.
1494         (WebCore::RenderMathMLSpace::firstLineBaseline): Ditto.
1495         (WebCore::RenderMathMLSpace::updateFromElement): Deleted.
1496         (WebCore::RenderMathMLSpace::styleDidChange): Deleted.
1497         * rendering/mathml/RenderMathMLSpace.h: Use MathMLSpaceElement, replace members with helper
1498         functions and and make element() usable from a const instance.
1499
1500 2016-07-11  Frederic Wang  <fwang@igalia.org>
1501
1502         Create a MathMLLength struct to handle the parsing of MathML length.
1503         https://bugs.webkit.org/show_bug.cgi?id=156792
1504
1505         Reviewed by Brent Fulgham.
1506
1507         We introduce a structure for MathML lengths that will be used in the future to store the
1508         parsed values in the MathElement class. We also rewrite the parsing function for MathML
1509         lengths in order to improve efficiency and code reuse. This function is moved into the
1510         MathElement class and only the conversion to LayoutUnit remains in the renderer classes.
1511
1512         No new tests, already covered by existing tests.
1513
1514         * mathml/MathMLElement.cpp:
1515         (WebCore::parseNamedSpace): Helper function to parse a named space.
1516         (WebCore::MathMLElement::parseMathMLLength): Parsing function for MathML lengths.
1517         * mathml/MathMLElement.h: Declare new function and structure to handle MathML lengths.
1518         * rendering/mathml/RenderMathMLBlock.cpp:
1519         (WebCore::toUserUnits): Helper function to resolve a MathML length.
1520         (WebCore::parseMathMLLength): Remove the old parsing code and just use MathMLElement::parseMathMLLength and toUserUnits instead.
1521         (WebCore::parseMathMLNamedSpace): Deleted.
1522         * rendering/mathml/RenderMathMLBlock.h: Remove unused function.
1523
1524 2016-07-11  Frederic Wang  <fwang@igalia.com>
1525
1526         Add support for @href attribute in MathML
1527         https://bugs.webkit.org/show_bug.cgi?id=85733
1528
1529         Reviewed by Brent Fulgham.
1530
1531         We add support for the href attribute from MathML 3 but ignore the deprecated XLink version.
1532         We also use the code from HTMLAnchorElement SVGAElement to make MathMLElement with a href
1533         attribute behave as a link.
1534         Finally, we adjust mathml.css based on rules from the html and svg user agent stylesheets.
1535
1536         Tests: mathml/mathml-in-html5/href-click-1.html
1537                mathml/mathml-in-html5/href-click-2.html
1538                mathml/presentation/href-enter.html
1539                mathml/presentation/href-style.html
1540                mathml/presentation/maction-toggle-href.html
1541                mathml/presentation/semantics-href.html
1542
1543         * css/mathml.css:
1544         (:any-link): Set color and mouse cursor of links.
1545         (:any-link:active): Set color of active links.
1546         (:focus): Set outline of focused links.
1547         * mathml/MathMLElement.cpp:
1548         (WebCore::MathMLElement::parseAttribute): Parse the href attribute.
1549         (WebCore::MathMLElement::willRespondToMouseClickEvents): Based on HTMLAnchorElement/SVGAElement.
1550         (WebCore::MathMLElement::defaultEventHandler): Based on HTMLAnchorElement/SVGAElement.
1551         (WebCore::MathMLElement::canStartSelection): Based on HTMLAnchorElement/SVGAElement.
1552         (WebCore::MathMLElement::isFocusable): Based on HTMLAnchorElement/SVGAElement.
1553         (WebCore::MathMLElement::isKeyboardFocusable): Based on HTMLAnchorElement/SVGAElement.
1554         (WebCore::MathMLElement::isMouseFocusable): Based on HTMLAnchorElement/SVGAElement.
1555         (WebCore::MathMLElement::isURLAttribute): Based on HTMLAnchorElement/SVGAElement.
1556         (WebCore::MathMLElement::supportsFocus): Based on HTMLAnchorElement/SVGAElement.
1557         (WebCore::MathMLElement::tabIndex): Based on HTMLAnchorElement/SVGAElement.
1558         * mathml/MathMLElement.h: Define new members.
1559         * mathml/MathMLSelectElement.cpp:
1560         (WebCore::MathMLSelectElement::willRespondToMouseClickEvents): We also verify whether
1561         the parent class will respond.
1562         * mathml/mathattrs.in: Add href attribute.
1563
1564 2016-07-11  Sam Weinig  <sam@webkit.org>
1565
1566         Speech Synthesis: getting list of voices no longer works
1567         <rdar://problem/22954120>
1568         https://bugs.webkit.org/show_bug.cgi?id=159656
1569
1570         Reviewed by Tim Horton.
1571
1572         * platform/PlatformSpeechSynthesizer.h:
1573         * platform/mac/PlatformSpeechSynthesizerMac.mm:
1574         Default initialize m_voiceListIsInitialized to false so it is
1575         initialized on both Mac and iOS. Remove the explicit initialization
1576         from the Mac.
1577
1578 2016-07-11  Simon Fraser  <simon.fraser@apple.com>
1579
1580         <rdar://problem/27285599> REGRESSION: Assertion under CertificateInfo::trust() every time I focus a text field
1581
1582         Reviewed by Sam Weinig.
1583
1584         The assertion added to CertificateInfo::trust() in r203040 is wrong, and is triggered when
1585         focusing a form field via calls to -[WKWebProcessPlugInFrame _serverTrust], so remove it.
1586
1587         * platform/network/cf/CertificateInfo.h:
1588         (WebCore::CertificateInfo::trust):
1589
1590 2016-07-11  Simon Fraser  <simon.fraser@apple.com>
1591
1592         Deleting in a text input inside an iframe causes the page to scroll incorrectly
1593         https://bugs.webkit.org/show_bug.cgi?id=159654
1594         rdar://problem/26805722
1595
1596         Reviewed by Zalan Bujtas.
1597
1598         Editor::revealSelectionAfterEditingOperation() needs the same iOS-specific reveal
1599         behavior as was added for typing in r202295.
1600
1601         Test: fast/forms/ios/delete-in-input-in-iframe.html
1602
1603         * editing/Editor.cpp:
1604         (WebCore::Editor::revealSelectionAfterEditingOperation):
1605
1606 2016-07-11  Andy Estes  <aestes@apple.com>
1607
1608         Fix indentation in FrameLoaderTypes.h
1609         https://bugs.webkit.org/show_bug.cgi?id=159650
1610
1611         Reviewed by Brady Eidson.
1612
1613         * loader/FrameLoaderTypes.h:
1614
1615 2016-07-11  Myles C. Maxfield  <mmaxfield@apple.com>
1616
1617         Honor the second argument to FontFaceSet.load and FontFaceSet.check
1618         https://bugs.webkit.org/show_bug.cgi?id=159607
1619         <rdar://problem/27284902>
1620
1621         Reviewed by Zalan Bujtas.
1622
1623         This second argument is used in conjunction with the unicode-range CSS property, so that
1624         loading from a FontFaceSet only loads the fonts which actually match the characters given.
1625         Previously, we hadn't implemented proper support for this unicode-range property, but now
1626         that we have implemented it, we should honor this second argument.
1627
1628         Test: fast/text/unicode-range-javascript.html
1629
1630         * css/CSSFontFace.cpp:
1631         (WebCore::CSSFontFace::rangesMatchCodePoint):
1632         * css/CSSFontFace.h:
1633         * css/CSSFontFaceSet.cpp:
1634         (WebCore::codePointsFromString):
1635         (WebCore::CSSFontFaceSet::matchingFaces):
1636
1637 2016-07-11  Zalan Bujtas  <zalan@apple.com>
1638
1639         Unable to edit fields or drag to select text in Dashboard widgets.
1640         https://bugs.webkit.org/show_bug.cgi?id=159647
1641         <rdar://problem/26941698>
1642
1643         Reviewed by Brent Fulgham.
1644
1645         RenderObject::computeAbsoluteRepaintRect's first paramenter is no longer in/out. Use the return
1646         value to set the clip on the dashboard region.
1647
1648         Not testable.
1649
1650         * rendering/RenderInline.cpp:
1651         (WebCore::RenderInline::addAnnotatedRegions):
1652         * rendering/RenderObject.cpp:
1653         (WebCore::RenderObject::addAnnotatedRegions):
1654
1655 2016-07-11  Chris Dumez  <cdumez@apple.com>
1656
1657         Potential null dereference under DocumentLoader::mainReceivedError()
1658         https://bugs.webkit.org/show_bug.cgi?id=159640
1659         <rdar://problem/27283372>
1660
1661         Reviewed by Brady Eidson.
1662
1663         Move frameLoader() null check a bit earlier in DocumentLoader::mainReceivedError()
1664         as it was dereferenced before the check.
1665
1666         * loader/DocumentLoader.cpp:
1667         (WebCore::DocumentLoader::mainReceivedError):
1668
1669 2016-07-11  Enrica Casucci  <enrica@apple.com>
1670
1671         Add synthetic click origin to WKNavigationAction.
1672         https://bugs.webkit.org/show_bug.cgi?id=159584
1673         rdar://problem/25610422
1674
1675         Reviewed by Tim Horton.
1676
1677         Adding plumbing code to pass synthetic click type
1678         through WebCore.
1679
1680         * dom/Element.cpp:
1681         (WebCore::Element::dispatchMouseEvent):
1682         (WebCore::Element::dispatchMouseForceWillBegin):
1683         * dom/MouseEvent.cpp:
1684         (WebCore::MouseEvent::create):
1685         (WebCore::MouseEvent::MouseEvent):
1686         (WebCore::MouseEvent::initMouseEvent):
1687         (WebCore::MouseEvent::cloneFor):
1688         * dom/MouseEvent.h:
1689         (WebCore::MouseEvent::createForBindings):
1690         (WebCore::MouseEvent::button):
1691         (WebCore::MouseEvent::syntheticClickType):
1692         (WebCore::MouseEvent::buttonDown):
1693         (WebCore::MouseEvent::setRelatedTarget):
1694         * dom/SimulatedClick.cpp:
1695         * dom/WheelEvent.cpp:
1696         (WebCore::WheelEvent::WheelEvent):
1697         * page/ContextMenuController.cpp:
1698         (WebCore::ContextMenuController::showContextMenuAt):
1699         * page/DragController.cpp:
1700         (WebCore::createMouseEvent):
1701         (WebCore::DragController::DragController):
1702         * page/EventHandler.cpp:
1703         (WebCore::EventHandler::dispatchDragEvent):
1704         (WebCore::EventHandler::sendContextMenuEventForKey):
1705         (WebCore::EventHandler::fakeMouseMoveEventTimerFired):
1706         * platform/PlatformMouseEvent.h:
1707         (WebCore::PlatformMouseEvent::PlatformMouseEvent):
1708         (WebCore::PlatformMouseEvent::clickCount):
1709         (WebCore::PlatformMouseEvent::modifierFlags):
1710         (WebCore::PlatformMouseEvent::force):
1711         (WebCore::PlatformMouseEvent::syntheticClickType):
1712         * replay/SerializationMethods.cpp:
1713         (JSC::EncodingTraits<PlatformMouseEvent>::decodeValue):
1714
1715 2016-07-11  Anders Carlsson  <andersca@apple.com>
1716
1717         Able to open multiple payment sheets in Safari at the same time
1718         https://bugs.webkit.org/show_bug.cgi?id=159637
1719         rdar://problem/26411339
1720
1721         Reviewed by Beth Dakin.
1722
1723         Fold PaymentCoordinator::showPaymentUI into PaymentCoordinator::beginPaymentSession and
1724         change the return value of the latter member function to a bool to indicate whether the
1725         payment UI could be shown (or whether it's already showing).
1726
1727         * Modules/applepay/ApplePaySession.cpp:
1728         (WebCore::ApplePaySession::begin):
1729         Check the return value of beginPaymentSession.
1730
1731         * Modules/applepay/PaymentCoordinator.cpp:
1732         (WebCore::PaymentCoordinator::beginPaymentSession):
1733         This now takes a payment session and returns a boolean.
1734         (WebCore::PaymentCoordinator::showPaymentUI): Deleted.
1735
1736         * Modules/applepay/PaymentCoordinator.h:
1737         * Modules/applepay/PaymentCoordinatorClient.h:
1738         * loader/EmptyClients.cpp:
1739         The showPaymentUI client function now returns a bool.
1740
1741 2016-07-11  Nan Wang  <n_wang@apple.com>
1742
1743         AX: Crash when backspacing in number field with spin button
1744         https://bugs.webkit.org/show_bug.cgi?id=157830
1745
1746         Reviewed by Chris Fleizach.
1747
1748         It's possible to access spin button parts after they've been detached from their parent, which can lead to crashes.
1749         This adds in a number of redundant safeguards to prevent this and other cases in the future.
1750
1751         Test: accessibility/spinbutton-crash.html
1752
1753         * accessibility/AccessibilitySpinButton.cpp:
1754         (WebCore::AccessibilitySpinButton::incrementButton):
1755         (WebCore::AccessibilitySpinButton::decrementButton):
1756         (WebCore::AccessibilitySpinButton::addChildren):
1757
1758 2016-07-11  Chris Dumez  <cdumez@apple.com>
1759
1760         Possible null dereference under EventHandler::dispatchMouseEvent()
1761         https://bugs.webkit.org/show_bug.cgi?id=159632
1762         <rdar://problem/27247619>
1763
1764         Reviewed by Andreas Kling.
1765
1766         FrameSelection::toNormalizedRange() can return null even when FrameSelection::isRange()
1767         returns true so add a null check.
1768
1769         * page/EventHandler.cpp:
1770         (WebCore::EventHandler::dispatchMouseEvent):
1771
1772 2016-07-11  Commit Queue  <commit-queue@webkit.org>
1773
1774         Unreviewed, rolling out r203064.
1775         https://bugs.webkit.org/show_bug.cgi?id=159642
1776
1777         This change causes LayoutTest crashes on WK1 ASan (Requested
1778         by ryanhaddad on #webkit).
1779
1780         Reverted changeset:
1781
1782         "Use refs for ResourceLoaders"
1783         https://bugs.webkit.org/show_bug.cgi?id=159592
1784         http://trac.webkit.org/changeset/203064
1785
1786 2016-07-11  Brent Fulgham  <bfulgham@apple.com>
1787
1788         [WebGL] Check for existing buffer exists for enabled vertex array attributes before permitting glDrawArrays to execute
1789         https://bugs.webkit.org/show_bug.cgi?id=159590
1790         <rdar://problem/26865535>
1791
1792         Reviewed by Dean Jackson.
1793
1794         Test: fast/canvas/webgl/webgl-drawarrays-crash-2.html
1795
1796         * html/canvas/WebGLRenderingContextBase.cpp:
1797         (WebCore::WebGLRenderingContextBase::validateVertexAttributes): If enabled array buffer attributes exist,
1798         ensure that an array buffer has been bound.
1799
1800 2016-07-11  Nan Wang  <n_wang@apple.com>
1801
1802         AX: WKWebView should have API to prevent pinch-to-zoom always being allowed
1803         https://bugs.webkit.org/show_bug.cgi?id=158364
1804
1805         Reviewed by Anders Carlsson.
1806
1807         Removed the internals settings for viewport force always user scalable.
1808
1809         Changes are covered in modified tests.
1810
1811         * testing/Internals.cpp:
1812         (WebCore::Internals::resetToConsistentState):
1813         (WebCore::Internals::Internals):
1814         (WebCore::Internals::composedTreeAsText):
1815         (WebCore::Internals::setLinkPreloadSupport):
1816         (WebCore::Internals::setViewportForceAlwaysUserScalable): Deleted.
1817         * testing/Internals.h:
1818         * testing/Internals.idl:
1819
1820 2016-07-11  Frederic Wang  <fwang@igalia.com>
1821
1822         Use parameters from the OpenType MATH table for <munderover>
1823         https://bugs.webkit.org/show_bug.cgi?id=155756
1824
1825         Reviewed by Brent Fulgham.
1826
1827         We follow the description from the MathML in HTML5 implementation
1828         to improve the layout of <munderover> using some constants from the MATH table.
1829
1830         Tests: imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-1.html
1831                imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-2.html
1832                imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-3.html
1833                imported/mathml-in-html5/mathml/presentation-markup/scripts/underover-parameters-4.html
1834                mathml/presentation/attributes-accent-accentunder-dynamic.html
1835
1836         * mathml/mathattrs.in: Add accentunder attribute.
1837         * rendering/mathml/MathMLOperatorDictionary.h: Remove FIXME comment.
1838         * rendering/mathml/RenderMathMLUnderOver.cpp:
1839         (WebCore::RenderMathMLUnderOver::hasAccent): Helper function to determine whether
1840         the over/under script should be treated as an accent.
1841         (WebCore::RenderMathMLUnderOver::getVerticalParameters): Helper function to read
1842         some vertical parameters from the MATH table.
1843         (WebCore::RenderMathMLUnderOver::layoutBlock): Take into account the new vertical
1844         parameters for the layout of <munderover>.
1845         * rendering/mathml/RenderMathMLUnderOver.h: Define new helper functions.
1846
1847 2016-07-11  Frederic Wang  <fwang@igalia.com>
1848
1849         Use Stack* parameters from the OpenType MATH table
1850         https://bugs.webkit.org/show_bug.cgi?id=155714
1851
1852         Reviewed by Brent Fulgham.
1853
1854         Test: mathml/mathml-in-html5/frac-parameters-2.html
1855
1856         * rendering/mathml/RenderMathMLFraction.cpp:
1857         (WebCore::RenderMathMLFraction::updateFromElement): Set the stack parameters when
1858         the line thickness is zero.
1859         (WebCore::RenderMathMLFraction::layoutBlock): Correctly set the <mfrac> ascent and
1860         the denominator vertical offset when the line thickness is zero.
1861         (WebCore::RenderMathMLFraction::paint): Early return when we actually do not need to
1862         paint any fraction bar.
1863         * rendering/mathml/RenderMathMLFraction.h: Define an isStack helper function and define
1864         members corresponding to stack parameters.
1865
1866 2016-07-11  Frederic Wang  <fwang@igalia.com>
1867
1868         Add support for mathvariants that cannot be emulated via CSS.
1869         https://bugs.webkit.org/show_bug.cgi?id=108778
1870
1871         Reviewed by Brent Fulgham.
1872
1873         Tests: mathml/mathml-in-html5/mathvariant-transforms-1.html
1874                mathml/mathml-in-html5/mathvariant-transforms-2.html
1875                mathml/presentation/mathvariant-inheritance.html
1876                mathml/presentation/mathvariant-tokens.html
1877
1878         We remove the old code to emulate partial mathvariant support via CSS and add support
1879         for all mathvariant values using the technique used for implicit italic on <mi> element.
1880         We also rely on the MathMLStyle class introduced earlier to support custome MathML style
1881         and manage inheritance of mathvariant values.
1882         The function that tries and converts one base character into a transformed mathvariant
1883         character is based on similar code from Gecko:
1884         http://hg.mozilla.org/mozilla-central/file/tip/layout/generic/MathMLTextRunFactory.cpp
1885         Note that we only support transform on token elements with a single character, which
1886         should cover the most important use cases.
1887
1888         * css/mathml.css: Remove the CSS rules to emulate some mathvariant values.
1889         (math[mathvariant="normal"], mstyle[mathvariant="normal"], mo[mathvariant="normal"], mn[mathvariant="normal"], mi[mathvariant="normal"], mtext[mathvariant="normal"], mspace[mathvariant="normal"], ms[mathvariant="normal"]): Deleted.
1890         (math[mathvariant="bold"], mstyle[mathvariant="bold"], mo[mathvariant="bold"], mn[mathvariant="bold"], mi[mathvariant="bold"], mtext[mathvariant="bold"], mspace[mathvariant="bold"], ms[mathvariant="bold"]): Deleted.
1891         (math[mathvariant="italic"], mstyle[mathvariant="italic"], mo[mathvariant="italic"], mn[mathvariant="italic"], mi[mathvariant="italic"], mtext[mathvariant="italic"], mspace[mathvariant="italic"], ms[mathvariant="italic"]): Deleted.
1892         (math[mathvariant="bold-italic"], mstyle[mathvariant="bold-italic"], mo[mathvariant="bold-italic"], mn[mathvariant="bold-italic"], mi[mathvariant="bold-italic"], mtext[mathvariant="bold-italic"], mspace[mathvariant="bold-italic"], ms[mathvariant="bold-italic"]): Deleted.
1893         * mathml/MathMLInlineContainerElement.cpp: We resolve mathml style when mathvariant changes.
1894         (WebCore::MathMLInlineContainerElement::parseAttribute):
1895         * mathml/MathMLMathElement.cpp: ditto.
1896         (WebCore::MathMLMathElement::parseAttribute):
1897         * mathml/MathMLTextElement.cpp: ditto.
1898         (WebCore::MathMLTextElement::parseAttribute):
1899         * rendering/mathml/MathMLStyle.cpp: Add mathvariant property to the MathML style.
1900         (WebCore::MathMLStyle::MathMLStyle): Init mathvariant to none.
1901         (WebCore::MathMLStyle::getMathMLStyle): Helper function to retrieve the MathML style on a renderer.
1902         (WebCore::MathMLStyle::updateStyleIfNeeded): Take into account change of mathvariant.
1903         (WebCore::MathMLStyle::parseMathVariant): Helper function to parse a mathvariant attribute.
1904         (WebCore::MathMLStyle::resolveMathMLStyle): Take into account mathvariant value: it is None
1905         by default, inherited and can be modified via an attribute on <math>, <mstyle> or token
1906         elements. We also refactor a bit to share logic between displaystyle and mathvariant.
1907         (WebCore::MathMLStyle::setDisplayStyle): Deleted.
1908         * rendering/mathml/MathMLStyle.h: Add mathvariant members and update declarations.
1909         * rendering/mathml/RenderMathMLOperator.cpp:
1910         (WebCore::RenderMathMLOperator::updateTokenContent): Call the function from the parent class
1911         to consider mathvariant on <mo>.
1912         * rendering/mathml/RenderMathMLToken.cpp:
1913         We implement a mathVariant function to transform a base character into its transformed mathvariant:
1914         - There are some regularity that allows to perform this via simple linear transforms.
1915         - However, there are also many exceptions and we rely on some sorted MathVariantMapping
1916         tables to handle these cases.
1917         (WebCore::ExtractKey): Helper function to perform binary searches on MathVariant tables.
1918         (WebCore::MathVariantMappingSearch): ditto.
1919         (WebCore::mathVariant): New function to perform mathvariant transforms.
1920         (WebCore::RenderMathMLToken::updateMathVariantGlyph): Use the mathVariant function to
1921         perform all transformations, not just the italic one.
1922         (WebCore::transformToItalic): Deleted. Replaced with the more general mathVariant function.
1923
1924 2016-07-11  Jeremy Jones  <jeremyj@apple.com>
1925
1926         Pause small video elements when returning to inline.
1927         https://bugs.webkit.org/show_bug.cgi?id=159535
1928
1929         Reviewed by Jer Noble.
1930
1931         Will add a test in a later commit.
1932
1933         When exiting fullscreen, don't allow playback to continue inline if video is too small.
1934
1935         * html/HTMLMediaElement.cpp:
1936         (WebCore::HTMLMediaElement::isVideoTooSmallForInlinePlayback): Added.
1937         (WebCore::HTMLMediaElement::exitFullscreen): Pause if video is too small.
1938         * html/HTMLMediaElement.h:
1939
1940 2016-07-11  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
1941
1942         toNative functions in JSDOMBinding.h should take an ExecState reference instead of pointer
1943         https://bugs.webkit.org/show_bug.cgi?id=159298
1944
1945         Reviewed by Youenn Fablet.
1946
1947         Pass ExecState by reference instead of pointer.
1948
1949         * bindings/js/IDBBindingUtilities.cpp:
1950         (WebCore::idbKeyPathFromValue):
1951         * bindings/js/JSBlobCustom.cpp:
1952         (WebCore::constructJSBlob):
1953         * bindings/js/JSDOMBinding.h: Pass ExecState by reference instead of pointer.
1954         (WebCore::toJSSequence):
1955         (WebCore::NativeValueTraits<String>::nativeValue):
1956         (WebCore::NativeValueTraits<unsigned>::nativeValue):
1957         (WebCore::NativeValueTraits<float>::nativeValue):
1958         (WebCore::NativeValueTraits<double>::nativeValue):
1959         (WebCore::toNativeArray):
1960         (WebCore::toNativeArguments):
1961         * bindings/js/JSDOMConvert.h:
1962         (WebCore::Converter<Vector<T>>::convert):
1963         * bindings/js/JSDictionary.cpp:
1964         (WebCore::JSDictionary::convertValue):
1965         * bindings/js/JSFileCustom.cpp:
1966         (WebCore::constructJSFile):
1967         * bindings/js/JSMessagePortCustom.cpp:
1968         (WebCore::fillMessagePortArray):
1969         * bindings/scripts/CodeGeneratorJS.pm:
1970         (GenerateParametersCheck):
1971         (JSValueToNative):
1972         * bindings/scripts/test/JS/JSTestObj.cpp:
1973         (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalSequence):
1974         (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArray):
1975         (WebCore::jsTestObjPrototypeFunctionMethodWithOptionalArrayIsEmpty):
1976         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod7):
1977         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9):
1978         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod10):
1979         (WebCore::jsTestObjPrototypeFunctionMethodWithUnsignedLongSequence):
1980         (WebCore::jsTestObjPrototypeFunctionStringArrayFunction):
1981         (WebCore::jsTestObjPrototypeFunctionMethodWithAndWithoutNullableSequence):
1982         (WebCore::jsTestObjPrototypeFunctionMethodWithAndWithoutNullableSequence2):
1983         (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithSequence):
1984         (WebCore::jsTestObjPrototypeFunctionStrictFunctionWithArray):
1985         (WebCore::jsTestObjPrototypeFunctionVariadicStringMethod):
1986         (WebCore::jsTestObjPrototypeFunctionVariadicDoubleMethod):
1987         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
1988         (WebCore::constructJSTestOverloadedConstructors5):
1989         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
1990         (WebCore::jsTestTypedefsPrototypeFunctionFunc):
1991         (WebCore::jsTestTypedefsPrototypeFunctionNullableArrayArg):
1992         (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction):
1993         (WebCore::jsTestTypedefsPrototypeFunctionStringArrayFunction2):
1994
1995 2016-07-08  Alex Christensen  <achristensen@webkit.org>
1996
1997         Use refs for ResourceLoaders
1998         https://bugs.webkit.org/show_bug.cgi?id=159592
1999
2000         Reviewed by Chris Dumez.
2001
2002         No new tests.  No change in behavior except a fixed memory leak in WebKit1.
2003
2004         * loader/LoaderStrategy.h:
2005         * loader/ResourceLoader.cpp:
2006         (WebCore::ResourceLoader::finishNetworkLoad):
2007         (WebCore::ResourceLoader::setDefersLoading):
2008         (WebCore::ResourceLoader::frameLoader):
2009         (WebCore::ResourceLoader::willSwitchToSubstituteResource):
2010         (WebCore::ResourceLoader::willSendRequestInternal):
2011
2012 2016-07-11  Fujii Hironori  <Hironori.Fujii@sony.com>
2013
2014         Using dpi unit in sizes attribute raises SIGSEGV
2015         https://bugs.webkit.org/show_bug.cgi?id=159412
2016
2017         Reviewed by Darin Adler.
2018
2019         CSSParser::sourceSize returns a invalid CSSParser::SourceSize
2020         whose length is a null value for a dpi unit value.  Because
2021         CSSParserValue::createCSSValue returns null for a dpi value.
2022
2023         Tests:
2024             fast/dom/HTMLImageElement/sizes/image-sizes-invalids.html
2025             imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html
2026
2027         * css/CSSParser.cpp:
2028         (WebCore::CSSParser::sourceSize): Create a CSSPrimitiveValue of
2029         CSS_UNKNOWN if CSSParserValue::createCSSValue returns null.
2030
2031 2016-07-11  Olivier Blin  <olivier.blin@softathome.com>
2032
2033         Red and blue colors are swapped in video rendered through WebGL when GSTREAMER_GL is enabled
2034         https://bugs.webkit.org/show_bug.cgi?id=159621
2035
2036         Reviewed by Philippe Normand.
2037
2038         When a video is rendered through WebGL, and GSTREAMER_GL is enabled, red and blue colors are swapped.
2039         This occurs for example with the following videos:
2040         http://www.scirra.com/labs/bugs/webglvideo/
2041         http://www.dailymotion.com/embed/video/x4jiicp?autoplay=1
2042
2043         This is because ImageGStreamerCairo expects video frames in either
2044         BGRA or ARGB, while when GSTREAMER_GL is enabled,
2045         createVideoSinkGL() forces a RGBA format.
2046
2047         Without GSTREAMER_GL, the rendering is fine since
2048         VideoSinkGStreamer uses either BGRA or ARGB.
2049
2050         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2051         (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):
2052
2053 2016-07-11  Philippe Normand  <pnormand@igalia.com>
2054
2055         [GStreamer] remove WEBKIT_DEBUG support
2056         https://bugs.webkit.org/show_bug.cgi?id=159553
2057
2058         Reviewed by Xabier Rodriguez-Calvar.
2059
2060         Remove the *_MEDIA_MESSAGE macros specific to the GStreamer
2061         platform code and replace them with standard GST_DEBUG macros. In
2062         Debug builds the WEBKIT_DEBUG=Media logs now only contain logs
2063         related with the cross-platform Media element code. If GStreamer
2064         logs are needed, the GST_DEBUG=webkit*:5 environment variable can
2065         be used.
2066
2067         * platform/graphics/gstreamer/GStreamerUtilities.h:
2068         * platform/graphics/gstreamer/InbandTextTrackPrivateGStreamer.cpp:
2069         (WebCore::InbandTextTrackPrivateGStreamer::notifyTrackOfSample):
2070         (WebCore::InbandTextTrackPrivateGStreamer::notifyTrackOfStreamChanged):
2071         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2072         (WebCore::MediaPlayerPrivateGStreamer::setAudioStreamProperties):
2073         (WebCore::MediaPlayerPrivateGStreamer::load):
2074         (WebCore::MediaPlayerPrivateGStreamer::commitLoad):
2075         (WebCore::MediaPlayerPrivateGStreamer::playbackPosition):
2076         (WebCore::MediaPlayerPrivateGStreamer::changePipelineState):
2077         (WebCore::MediaPlayerPrivateGStreamer::play):
2078         (WebCore::MediaPlayerPrivateGStreamer::pause):
2079         (WebCore::MediaPlayerPrivateGStreamer::duration):
2080         (WebCore::MediaPlayerPrivateGStreamer::seek):
2081         (WebCore::MediaPlayerPrivateGStreamer::updatePlaybackRate):
2082         (WebCore::MediaPlayerPrivateGStreamer::paused):
2083         (WebCore::MediaPlayerPrivateGStreamer::newTextSample):
2084         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
2085         (WebCore::MediaPlayerPrivateGStreamer::processBufferingStats):
2086         (WebCore::MediaPlayerPrivateGStreamer::fillTimerFired):
2087         (WebCore::MediaPlayerPrivateGStreamer::maxTimeSeekable):
2088         (WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded):
2089         (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress):
2090         (WebCore::MediaPlayerPrivateGStreamer::totalBytes):
2091         (WebCore::MediaPlayerPrivateGStreamer::asyncStateChangeDone):
2092         (WebCore::MediaPlayerPrivateGStreamer::updateStates):
2093         (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation):
2094         (WebCore::MediaPlayerPrivateGStreamer::setDownloadBuffering):
2095         (WebCore::MediaPlayerPrivateGStreamer::createAudioSink):
2096         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
2097         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2098         (WebCore::MediaPlayerPrivateGStreamerBase::naturalSize):
2099         (WebCore::MediaPlayerPrivateGStreamerBase::setVolume):
2100         (WebCore::MediaPlayerPrivateGStreamerBase::volumeChangedCallback):
2101         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
2102         (WebCore::MediaPlayerPrivateGStreamerBase::createVideoSinkGL):
2103         (WebCore::MediaPlayerPrivateGStreamerBase::setStreamVolumeElement):
2104         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp:
2105         (WebCore::MediaPlayerPrivateGStreamerOwr::~MediaPlayerPrivateGStreamerOwr):
2106         (WebCore::MediaPlayerPrivateGStreamerOwr::play):
2107         (WebCore::MediaPlayerPrivateGStreamerOwr::pause):
2108         (WebCore::MediaPlayerPrivateGStreamerOwr::currentTime):
2109         (WebCore::MediaPlayerPrivateGStreamerOwr::load):
2110         (WebCore::MediaPlayerPrivateGStreamerOwr::internalLoad):
2111         (WebCore::MediaPlayerPrivateGStreamerOwr::stop):
2112         (WebCore::MediaPlayerPrivateGStreamerOwr::createGSTAudioSinkBin):
2113         (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnded):
2114         (WebCore::MediaPlayerPrivateGStreamerOwr::trackMutedChanged):
2115         (WebCore::MediaPlayerPrivateGStreamerOwr::trackSettingsChanged):
2116         (WebCore::MediaPlayerPrivateGStreamerOwr::trackEnabledChanged):
2117         * platform/graphics/gstreamer/TrackPrivateBaseGStreamer.cpp:
2118         (WebCore::TrackPrivateBaseGStreamer::getLanguageCode):
2119         (WebCore::TrackPrivateBaseGStreamer::getTag):
2120
2121 2016-07-11  Eric Carlson  <eric.carlson@apple.com>
2122
2123         Add a test for media control dropoff
2124         https://bugs.webkit.org/show_bug.cgi?id=151287
2125         <rdar://problem/23544666>
2126
2127         Reviewed by Antoine Quint.
2128
2129         Test: media/controls/inline-elements-dropoff-order.html
2130
2131         * Modules/mediacontrols/mediaControlsApple.js: Expose more state to testing.
2132         * testing/InternalSettings.cpp:
2133         (WebCore::InternalSettings::setAllowsAirPlayForMediaPlayback): Renamed from setWirelessPlaybackDisabled.
2134         (WebCore::InternalSettings::setWirelessPlaybackDisabled): Deleted.
2135         * testing/InternalSettings.h:
2136         * testing/InternalSettings.idl:
2137
2138
2139 2016-07-11  Philippe Normand  <pnormand@igalia.com>
2140
2141         [GStreamer][GL] crash within triggerRepaint
2142         https://bugs.webkit.org/show_bug.cgi?id=159552
2143
2144         Reviewed by Xabier Rodriguez-Calvar.
2145
2146         Ensure the sizeChanged notification is emitted from the main
2147         thread. When GStreamer-GL rendering is enabled the appsink draw
2148         callbacks are fired in a non-main thread.
2149
2150         The WeakPtr support was moved to the player base class so that it
2151         can be used there as well as in the MediaPlayerPrivateGStreamer
2152         sub-class.
2153
2154         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
2155         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
2156         (WebCore::MediaPlayerPrivateGStreamer::MediaPlayerPrivateGStreamer): Deleted.
2157         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:
2158         (WebCore::MediaPlayerPrivateGStreamer::createWeakPtr): Deleted.
2159         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2160         (WebCore::MediaPlayerPrivateGStreamerBase::MediaPlayerPrivateGStreamerBase):
2161         (WebCore::MediaPlayerPrivateGStreamerBase::triggerRepaint):
2162         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
2163         (WebCore::MediaPlayerPrivateGStreamerBase::createWeakPtr):
2164
2165 2016-07-10  Chris Dumez  <cdumez@apple.com>
2166
2167         Setting document.title reuses <title>'s textnode child
2168         https://bugs.webkit.org/show_bug.cgi?id=28864
2169         <rdar://problem/7186473>
2170
2171         Reviewed by Benjamin Poulain.
2172
2173         Setting document.title should be equivalent to setting the 'textContent'
2174         IDL attribute of the <title> element:
2175         - https://html.spec.whatwg.org/multipage/dom.html#document.title
2176
2177         In particular, this means we should always create a new Text node and
2178         replace all the <title>'s children with this new Node, as per:
2179         - https://dom.spec.whatwg.org/#dom-node-textcontent
2180
2181         Previously, WebKit would in some cases reuse the existing <title>'s
2182         Text node and merely update its data.
2183
2184         Firefox and Chrome behave as per the specification so this aligns our
2185         behavior with other major browsers as well.
2186
2187         Test: fast/dom/title-setter-new-text-node.html
2188
2189         * dom/Document.cpp:
2190         (WebCore::Document::setTitle):
2191         - Call Node::setTextContent() instead of HTMLTitleElement::setText(),
2192           as per the specification.
2193         - Take an ExceptionCode parameter and pass it to Node::setTextContent()
2194           as it may throw.
2195
2196         * dom/Document.h:
2197         * dom/Document.idl:
2198
2199         * html/HTMLTitleElement.cpp:
2200         (WebCore::HTMLTitleElement::setText):
2201         Update implementation of HTMLTitleElement::setText() to call
2202         setTextContent() as per the specification:
2203         - https://html.spec.whatwg.org/multipage/semantics.html#dom-title-text
2204
2205         * html/HTMLTitleElement.h:
2206         * html/HTMLTitleElement.idl:
2207
2208         * html/ImageDocument.cpp:
2209         (WebCore::ImageDocument::finishedParsing):
2210
2211         * svg/SVGTitleElement.cpp:
2212         * svg/SVGTitleElement.h:
2213         Drop setText() setter which was duplicated from HTMLTitleElement::setText()
2214         now that Document::setTitle() calls SVGTitleElement::setTextContent()
2215         instead.
2216
2217 2016-07-10  Zalan Bujtas  <zalan@apple.com>
2218
2219         Fix LogicalSelectionOffsetCaches to work with detached render tree.
2220         https://bugs.webkit.org/show_bug.cgi?id=159605
2221         <rdar://problem/27248845>
2222
2223         Reviewed by Brent Fulgham.
2224
2225         When the renderer that is being destroyed is on a selection boundary,
2226         we need to ensure that all its cached pointers across the selection code (e.g. SelectionSubtreeData)
2227         are getting reset. In order to do that, we call clearSelection() on the RenderView.
2228         One of the last steps of clearing selection is to collect the selection gaps. Selection gaps uses this
2229         LogicalSelectionOffsetCaches helper class to collect selection information across blocks.
2230         LogicalSelectionOffsetCaches normally operates on rooted renderers. However we need to ensure sure that
2231         it can also handle renderers that are no longer part of the render tree.
2232
2233         Test: fast/text/selection-on-a-detached-tree.html
2234
2235         * rendering/LogicalSelectionOffsetCaches.h:
2236         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::setBlock):
2237         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalLeftSelectionOffset):
2238         (WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalRightSelectionOffset):
2239         * rendering/RenderBlock.cpp:
2240         (WebCore::RenderBlock::logicalLeftSelectionOffset):
2241         (WebCore::RenderBlock::logicalRightSelectionOffset):
2242
2243 2016-07-10  Chris Dumez  <cdumez@apple.com>
2244
2245         adoptNode() changes css class to lowercase for document loaded with XHR responseType = "document"
2246         https://bugs.webkit.org/show_bug.cgi?id=159555
2247         <rdar://problem/27252541>
2248
2249         Reviewed by Benjamin Poulain.
2250
2251         Follow-up on r203018 which was incomplete. We need to update ElementData's
2252         m_classNames / m_idForStyleResolution when the source document is in strict
2253         mode and the destination document is in quirks mode as well.
2254
2255         Test: fast/dom/Document/adoptNode-quirks-mismatch2.html
2256
2257         * dom/Element.cpp:
2258         (WebCore::Element::didMoveToNewDocument):
2259
2260 2016-07-10  Sam Weinig  <sam@webkit.org>
2261
2262         Rename isEmojiModifier to isEmojiFitzpatrickModifier to better capture its function
2263         https://bugs.webkit.org/show_bug.cgi?id=159610
2264
2265         Reviewed by Dan Bernstein.
2266
2267         * platform/graphics/FontCascade.cpp:
2268         (WebCore::FontCascade::characterRangeCodePath):
2269         * platform/graphics/mac/ComplexTextController.cpp:
2270         (WebCore::advanceByCombiningCharacterSequence):
2271         Update for rename.
2272
2273         * platform/text/CharacterProperties.h:
2274         (WebCore::isEmojiGroupCandidate):
2275         (WebCore::isEmojiFitzpatrickModifier):
2276         (WebCore::isVariationSelector):
2277         Rename isEmojiModifier -> isEmojiFitzpatrickModifier. Also add some comments
2278         explaining what the characters these predicate act on to demystify them a bit.
2279
2280         * rendering/RenderText.cpp:
2281         (WebCore::RenderText::previousOffsetForBackwardDeletion):
2282         Update for rename and rename a related variable.
2283
2284 2016-07-10  Alex Christensen  <achristensen@webkit.org>
2285
2286         Fix client certificate authentication after r200463
2287         https://bugs.webkit.org/show_bug.cgi?id=159574
2288         <rdar://problem/26931006>
2289
2290         Reviewed by Sam Weinig.
2291
2292         No new tests.  We really need a test for this
2293
2294         * platform/network/cf/CertificateInfo.h:
2295         (WebCore::CertificateInfo::CertificateInfo):
2296         (WebCore::CertificateInfo::trust):
2297         Make sure we only get the trust for Trust type CertificateInfos.  
2298         If we mix up our types, we get unexpected nullptrs, which will cause authentication to fail.
2299
2300 2016-07-10  Myles C. Maxfield  <mmaxfield@apple.com>
2301
2302         Fix Windows build after r203038
2303
2304         Unreviewed.
2305
2306         * platform/text/TextAllInOne.cpp:
2307
2308 2016-07-10  Myles C. Maxfield  <mmaxfield@apple.com>
2309
2310         Move breaking iterator code to WTF
2311         https://bugs.webkit.org/show_bug.cgi?id=159594
2312
2313         Reviewed by Alex Christensen.
2314
2315         This is in preparation for giving StringView a GraphemeClusters iterator.
2316         Such an interator needs to be implemented on top of our breaking iterator
2317         code.
2318
2319         No new tests because there is no behavior change.
2320
2321         * CMakeLists.txt:
2322         * PlatformEfl.cmake:
2323         * PlatformGTK.cmake:
2324         * PlatformMac.cmake:
2325         * PlatformWin.cmake:
2326         * WebCore.xcodeproj/project.pbxproj:
2327         * dom/CharacterData.cpp:
2328         * editing/TextCheckingHelper.cpp:
2329         * editing/TextIterator.cpp:
2330         * editing/VisibleUnits.cpp:
2331         * html/HTMLInputElement.cpp:
2332         * html/HTMLTextAreaElement.cpp:
2333         * html/InputType.cpp:
2334         * html/TextFieldInputType.cpp:
2335         * html/TextInputType.cpp:
2336         * platform/LocalizedStrings.cpp:
2337         * platform/graphics/StringTruncator.cpp:
2338         * platform/graphics/cg/ColorCG.cpp:
2339         (WTF::RetainPtr<CGColorRef>>::createValueForKey):
2340         (WebCore::RetainPtr<CGColorRef>>::createValueForKey): Deleted.
2341         * platform/graphics/mac/ComplexTextController.cpp:
2342         * platform/text/LineBreakIteratorPoolICU.h:
2343         (WebCore::LineBreakIteratorPool::LineBreakIteratorPool): Deleted.
2344         (WebCore::LineBreakIteratorPool::sharedPool): Deleted.
2345         (WebCore::LineBreakIteratorPool::makeLocaleWithBreakKeyword): Deleted.
2346         (WebCore::LineBreakIteratorPool::take): Deleted.
2347         (WebCore::LineBreakIteratorPool::put): Deleted.
2348         * platform/text/TextBoundaries.cpp:
2349         * platform/text/TextBreakIterator.cpp:
2350         (WebCore::initializeIterator): Deleted.
2351         (WebCore::initializeIteratorWithRules): Deleted.
2352         (WebCore::setTextForIterator): Deleted.
2353         (WebCore::setContextAwareTextForIterator): Deleted.
2354         (WebCore::wordBreakIterator): Deleted.
2355         (WebCore::sentenceBreakIterator): Deleted.
2356         (WebCore::cursorMovementIterator): Deleted.
2357         (WebCore::acquireLineBreakIterator): Deleted.
2358         (WebCore::releaseLineBreakIterator): Deleted.
2359         (WebCore::mapLineIteratorModeToRules): Deleted.
2360         (WebCore::isCJKLocale): Deleted.
2361         (WebCore::openLineBreakIterator): Deleted.
2362         (WebCore::closeLineBreakIterator): Deleted.
2363         (WebCore::compareAndSwapNonSharedCharacterBreakIterator): Deleted.
2364         (WebCore::NonSharedCharacterBreakIterator::NonSharedCharacterBreakIterator): Deleted.
2365         (WebCore::NonSharedCharacterBreakIterator::~NonSharedCharacterBreakIterator): Deleted.
2366         (WebCore::textBreakFirst): Deleted.
2367         (WebCore::textBreakLast): Deleted.
2368         (WebCore::textBreakNext): Deleted.
2369         (WebCore::textBreakPrevious): Deleted.
2370         (WebCore::textBreakPreceding): Deleted.
2371         (WebCore::textBreakFollowing): Deleted.
2372         (WebCore::textBreakCurrent): Deleted.
2373         (WebCore::isTextBreak): Deleted.
2374         (WebCore::isWordTextBreak): Deleted.
2375         (WebCore::numGraphemeClusters): Deleted.
2376         (WebCore::numCharactersInGraphemeClusters): Deleted.
2377         * platform/text/TextBreakIterator.h:
2378         (WebCore::LazyLineBreakIterator::LazyLineBreakIterator): Deleted.
2379         (WebCore::LazyLineBreakIterator::~LazyLineBreakIterator): Deleted.
2380         (WebCore::LazyLineBreakIterator::string): Deleted.
2381         (WebCore::LazyLineBreakIterator::isLooseCJKMode): Deleted.
2382         (WebCore::LazyLineBreakIterator::lastCharacter): Deleted.
2383         (WebCore::LazyLineBreakIterator::secondToLastCharacter): Deleted.
2384         (WebCore::LazyLineBreakIterator::setPriorContext): Deleted.
2385         (WebCore::LazyLineBreakIterator::updatePriorContext): Deleted.
2386         (WebCore::LazyLineBreakIterator::resetPriorContext): Deleted.
2387         (WebCore::LazyLineBreakIterator::priorContextLength): Deleted.
2388         (WebCore::LazyLineBreakIterator::get): Deleted.
2389         (WebCore::LazyLineBreakIterator::resetStringAndReleaseIterator): Deleted.
2390         (WebCore::NonSharedCharacterBreakIterator::operator TextBreakIterator*): Deleted.
2391         * platform/text/cf/HyphenationCF.cpp:
2392         * platform/text/efl/TextBreakIteratorInternalICUEfl.cpp:
2393         (WebCore::currentSearchLocaleID): Deleted.
2394         (WebCore::currentTextBreakLocaleID): Deleted.
2395         * platform/text/enchant/TextCheckerEnchant.cpp:
2396         * platform/text/gtk/TextBreakIteratorInternalICUGtk.cpp:
2397         (WebCore::currentSearchLocaleID): Deleted.
2398         (WebCore::currentTextBreakLocaleID): Deleted.
2399         * platform/text/icu/UTextProvider.cpp:
2400         (WebCore::fixPointer): Deleted.
2401         (WebCore::uTextCloneImpl): Deleted.
2402         * platform/text/icu/UTextProvider.h:
2403         (WebCore::uTextProviderContext): Deleted.
2404         (WebCore::initializeContextAwareUTextProvider): Deleted.
2405         (WebCore::uTextAccessPinIndex): Deleted.
2406         (WebCore::uTextAccessInChunkOrOutOfRange): Deleted.
2407         * platform/text/icu/UTextProviderLatin1.cpp:
2408         (WebCore::uTextLatin1Clone): Deleted.
2409         (WebCore::uTextLatin1NativeLength): Deleted.
2410         (WebCore::uTextLatin1Access): Deleted.
2411         (WebCore::uTextLatin1Extract): Deleted.
2412         (WebCore::uTextLatin1MapOffsetToNative): Deleted.
2413         (WebCore::uTextLatin1MapNativeIndexToUTF16): Deleted.
2414         (WebCore::uTextLatin1Close): Deleted.
2415         (WebCore::openLatin1UTextProvider): Deleted.
2416         (WebCore::textLatin1ContextAwareGetCurrentContext): Deleted.
2417         (WebCore::textLatin1ContextAwareMoveInPrimaryContext): Deleted.
2418         (WebCore::textLatin1ContextAwareSwitchToPrimaryContext): Deleted.
2419         (WebCore::textLatin1ContextAwareMoveInPriorContext): Deleted.
2420         (WebCore::textLatin1ContextAwareSwitchToPriorContext): Deleted.
2421         (WebCore::uTextLatin1ContextAwareClone): Deleted.
2422         (WebCore::uTextLatin1ContextAwareNativeLength): Deleted.
2423         (WebCore::uTextLatin1ContextAwareAccess): Deleted.
2424         (WebCore::uTextLatin1ContextAwareExtract): Deleted.
2425         (WebCore::uTextLatin1ContextAwareClose): Deleted.
2426         (WebCore::openLatin1ContextAwareUTextProvider): Deleted.
2427         * platform/text/icu/UTextProviderUTF16.cpp:
2428         (WebCore::textUTF16ContextAwareGetCurrentContext): Deleted.
2429         (WebCore::textUTF16ContextAwareMoveInPrimaryContext): Deleted.
2430         (WebCore::textUTF16ContextAwareSwitchToPrimaryContext): Deleted.
2431         (WebCore::textUTF16ContextAwareMoveInPriorContext): Deleted.
2432         (WebCore::textUTF16ContextAwareSwitchToPriorContext): Deleted.
2433         (WebCore::uTextUTF16ContextAwareClone): Deleted.
2434         (WebCore::uTextUTF16ContextAwareNativeLength): Deleted.
2435         (WebCore::uTextUTF16ContextAwareAccess): Deleted.
2436         (WebCore::uTextUTF16ContextAwareExtract): Deleted.
2437         (WebCore::uTextUTF16ContextAwareClose): Deleted.
2438         (WebCore::openUTF16ContextAwareUTextProvider): Deleted.
2439         * platform/text/mac/TextBoundaries.mm:
2440         * platform/text/mac/TextBreakIteratorInternalICUMac.mm:
2441         (WebCore::textBreakLocalePreference): Deleted.
2442         (WebCore::topLanguagePreference): Deleted.
2443         (WebCore::getLocale): Deleted.
2444         (WebCore::getSearchLocale): Deleted.
2445         (WebCore::currentSearchLocaleID): Deleted.
2446         (WebCore::getTextBreakLocale): Deleted.
2447         (WebCore::currentTextBreakLocaleID): Deleted.
2448         * platform/text/win/TextBreakIteratorInternalICUWin.cpp:
2449         (WebCore::currentSearchLocaleID): Deleted.
2450         (WebCore::currentTextBreakLocaleID): Deleted.
2451         * rendering/RenderBlock.cpp:
2452         * rendering/RenderText.cpp:
2453         * rendering/RenderText.h:
2454         * rendering/SimpleLineLayoutTextFragmentIterator.h:
2455         * rendering/break_lines.cpp:
2456         * rendering/break_lines.h:
2457         * rendering/line/LineBreaker.h:
2458
2459 2016-07-10  Yusuke Suzuki  <utatane.tea@gmail.com>
2460
2461         [GTK] Crash on https://diafygi.github.io/webcrypto-examples with ENABLE_SUBTLE_CRYPTO
2462         https://bugs.webkit.org/show_bug.cgi?id=159189
2463
2464         Reviewed by Michael Catanzaro.
2465
2466         Currently, we explicitly release the pointers of std::unique_ptr<CryptoAlgorithm> and std::unique_ptr<CryptoAlgorithmParameters>,
2467         and delete them in the asynchronously called lambdas. In GnuTLS version, callback function is accidentally called twice,
2468         and it incurs the double free problem.
2469         In SubtleCrypto code, we have the rule that we must not call failureCallback when the error code is filled in synchronous execution.
2470         So we drop the failureCallback calling code in GnuTLS subtle crypto code.
2471
2472         But, rather than carefully handling un-smart-pointer-managed raw pointer's life time, we should use ref counted pointer for that.
2473         Using the raw delete is error-prone.
2474
2475         This patch also changes CryptoAlgorithm and CryptoAlgorithmParameters to RefCounted. And use Ref and RefPtr instead.
2476         The change eliminates the ad-hoc delete code. And now, the lambdas can be called multiple times since once the result of the promise
2477         is resolved or rejected, subsequent resolve / reject calls are ignored.
2478
2479         And this patch also fixes the incorrect call to the lambda that is already WTFMoved.
2480
2481         While we can see several `return WTFMove(...)`, they are necessary since it uses implicit type conversions, like,
2482         `Ref<A>` => `RefPtr<A>`, and `Ref<Derived>` => `Ref<Base>`.
2483
2484         * bindings/js/JSCryptoAlgorithmDictionary.cpp:
2485         (WebCore::createAesCbcParams):
2486         (WebCore::createAesKeyGenParams):
2487         (WebCore::createHmacParams):
2488         (WebCore::createHmacKeyParams):
2489         (WebCore::createRsaKeyGenParams):
2490         (WebCore::createRsaKeyParamsWithHash):
2491         (WebCore::createRsaOaepParams):
2492         (WebCore::createRsaSsaParams):
2493         (WebCore::JSCryptoAlgorithmDictionary::createParametersForEncrypt):
2494         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDecrypt):
2495         (WebCore::JSCryptoAlgorithmDictionary::createParametersForSign):
2496         (WebCore::JSCryptoAlgorithmDictionary::createParametersForVerify):
2497         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDigest):
2498         (WebCore::JSCryptoAlgorithmDictionary::createParametersForGenerateKey):
2499         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveKey):
2500         (WebCore::JSCryptoAlgorithmDictionary::createParametersForDeriveBits):
2501         (WebCore::JSCryptoAlgorithmDictionary::createParametersForImportKey):
2502         (WebCore::JSCryptoAlgorithmDictionary::createParametersForExportKey):
2503         * bindings/js/JSCryptoAlgorithmDictionary.h:
2504         * bindings/js/JSCryptoKeySerializationJWK.cpp:
2505         (WebCore::createHMACParameters):
2506         (WebCore::createRSAKeyParametersWithHash):
2507         (WebCore::JSCryptoKeySerializationJWK::reconcileAlgorithm):
2508         * bindings/js/JSCryptoKeySerializationJWK.h:
2509         * bindings/js/JSSubtleCryptoCustom.cpp:
2510         (WebCore::createAlgorithmFromJSValue):
2511         (WebCore::importKey):
2512         (WebCore::JSSubtleCrypto::importKey):
2513         (WebCore::JSSubtleCrypto::wrapKey):
2514         (WebCore::JSSubtleCrypto::unwrapKey):
2515         * crypto/CryptoAlgorithm.h:
2516         * crypto/CryptoAlgorithmParameters.h:
2517         * crypto/CryptoAlgorithmRegistry.cpp:
2518         (WebCore::CryptoAlgorithmRegistry::create):
2519         * crypto/CryptoAlgorithmRegistry.h:
2520         * crypto/CryptoKeySerialization.h:
2521         * crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:
2522         (WebCore::CryptoAlgorithmAES_CBC::create):
2523         * crypto/algorithms/CryptoAlgorithmAES_CBC.h:
2524         * crypto/algorithms/CryptoAlgorithmAES_KW.cpp:
2525         (WebCore::CryptoAlgorithmAES_KW::create):
2526         * crypto/algorithms/CryptoAlgorithmAES_KW.h:
2527         * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
2528         (WebCore::CryptoAlgorithmHMAC::create):
2529         * crypto/algorithms/CryptoAlgorithmHMAC.h:
2530         * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.cpp:
2531         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::create):
2532         * crypto/algorithms/CryptoAlgorithmRSAES_PKCS1_v1_5.h:
2533         * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
2534         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::create):
2535         * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
2536         * crypto/algorithms/CryptoAlgorithmRSA_OAEP.cpp:
2537         (WebCore::CryptoAlgorithmRSA_OAEP::create):
2538         * crypto/algorithms/CryptoAlgorithmRSA_OAEP.h:
2539         * crypto/algorithms/CryptoAlgorithmSHA1.cpp:
2540         (WebCore::CryptoAlgorithmSHA1::create):
2541         * crypto/algorithms/CryptoAlgorithmSHA1.h:
2542         * crypto/algorithms/CryptoAlgorithmSHA224.cpp:
2543         (WebCore::CryptoAlgorithmSHA224::create):
2544         * crypto/algorithms/CryptoAlgorithmSHA224.h:
2545         * crypto/algorithms/CryptoAlgorithmSHA256.cpp:
2546         (WebCore::CryptoAlgorithmSHA256::create):
2547         * crypto/algorithms/CryptoAlgorithmSHA256.h:
2548         * crypto/algorithms/CryptoAlgorithmSHA384.cpp:
2549         (WebCore::CryptoAlgorithmSHA384::create):
2550         * crypto/algorithms/CryptoAlgorithmSHA384.h:
2551         * crypto/algorithms/CryptoAlgorithmSHA512.cpp:
2552         (WebCore::CryptoAlgorithmSHA512::create):
2553         * crypto/algorithms/CryptoAlgorithmSHA512.h:
2554         * crypto/gnutls/CryptoAlgorithmAES_CBCGnuTLS.cpp:
2555         (WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
2556         (WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):
2557         * crypto/gnutls/CryptoAlgorithmAES_KWGnuTLS.cpp:
2558         (WebCore::CryptoAlgorithmAES_KW::platformEncrypt):
2559         (WebCore::CryptoAlgorithmAES_KW::platformDecrypt):
2560         * crypto/gnutls/CryptoAlgorithmHMACGnuTLS.cpp:
2561         (WebCore::CryptoAlgorithmHMAC::platformSign):
2562         (WebCore::CryptoAlgorithmHMAC::platformVerify):
2563         * crypto/gnutls/CryptoAlgorithmRSAES_PKCS1_v1_5GnuTLS.cpp:
2564         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformEncrypt):
2565         (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformDecrypt):
2566         * crypto/gnutls/CryptoAlgorithmRSASSA_PKCS1_v1_5GnuTLS.cpp:
2567         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign):
2568         (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify):
2569         * crypto/gnutls/CryptoAlgorithmRSA_OAEPGnuTLS.cpp:
2570         (WebCore::CryptoAlgorithmRSA_OAEP::platformEncrypt):
2571         (WebCore::CryptoAlgorithmRSA_OAEP::platformDecrypt):
2572         * crypto/keys/CryptoKeySerializationRaw.cpp:
2573         (WebCore::CryptoKeySerializationRaw::reconcileAlgorithm):
2574         * crypto/keys/CryptoKeySerializationRaw.h:
2575
2576 2016-07-09  Antti Koivisto  <antti@apple.com>
2577
2578         REGRESSION (r202931): breaks release builds with ASSERT_WITH_SECURITY_IMPLICATION for fuzzing
2579         https://bugs.webkit.org/show_bug.cgi?id=159599
2580         rdar://problem/27248835
2581
2582         Reviewed by Chris Dumez.
2583
2584         Make RenderStyle::deletionHasBegun() available with ENABLE(SECURITY_ASSERTIONS)
2585
2586         * rendering/style/RenderStyle.cpp:
2587         (WebCore::RenderStyle::~RenderStyle):
2588         * rendering/style/RenderStyle.h:
2589         (WebCore::RenderStyle::deletionHasBegun):
2590
2591 2016-07-09  Youenn Fablet  <youenn@apple.com>
2592
2593         Make use of PrivateIdentifier to simplify Fetch Headers built-in checks
2594         https://bugs.webkit.org/show_bug.cgi?id=159554
2595
2596         Reviewed by Alex Christensen.
2597
2598         Test: fetch/header-constructor-overriden.html
2599         Patch does not change visible behavior.
2600
2601         * Modules/fetch/FetchHeaders.idl: Adding PrivateIdentifier to the Headers constructor.
2602         * Modules/fetch/FetchHeaders.js:
2603         (initializeFetchHeaders): Checking directly with @Headers for improved clarity.
2604         * Modules/fetch/FetchResponse.js: Using @Headers to check whether creating a Headers object or not before
2605         passsing it to C++ FetchResponse initialize method.
2606         (initializeFetchResponse):
2607         * bindings/js/WebCoreBuiltinNames.h: Adding Headers private name.
2608
2609 2016-07-08  Chris Dumez  <cdumez@apple.com>
2610
2611         adoptNode() changes css class to lowercase for document loaded with XHR responseType = "document"
2612         https://bugs.webkit.org/show_bug.cgi?id=159555
2613         <rdar://problem/27252541>
2614
2615         Reviewed by Ryosuke Niwa.
2616
2617         When adopting an Element from another document which has a different quirks mode,
2618         case-sensitivity for id and class attributes differs and we need to correctly
2619         update members such as ElementData::m_classNames or ElementData::m_idForStyleResolution.
2620
2621         To address the issue, have Element override didMoveToNewDocument() and call
2622         attributeChanged() for id and class attributes.
2623
2624         Test: fast/dom/Document/adoptNode-quirks-mismatch.html
2625
2626         * dom/Element.cpp:
2627         (WebCore::Element::didMoveToNewDocument):
2628         * dom/Element.h:
2629
2630 2016-07-08  Daniel Bates  <dabates@apple.com>
2631
2632         Cleanup: Remove use of PassRefPtr from class HTMLTableElement
2633         https://bugs.webkit.org/show_bug.cgi?id=159587
2634
2635         Reviewed by Chris Dumez.
2636
2637         * html/HTMLTableElement.cpp:
2638         (WebCore::HTMLTableElement::setCaption): Take a rvalue reference to a RefPtr instead of a PassRefPtr.
2639         (WebCore::HTMLTableElement::setTHead): Take a rvalue reference to a RefPtr instead of a PassRefPtr. Also
2640         fix a style nit; add curly braces around the for-loop body since its body is more than a single line.
2641         (WebCore::HTMLTableElement::createTHead): Use Ref::copyRef() instead of Ref::ptr() to pass the instantiated
2642         table section to better convey that we are passing a copy of the table section.
2643         (WebCore::HTMLTableElement::createCaption): Ditto.
2644         * html/HTMLTableElement.h:
2645
2646 2016-07-08  Daniel Bates  <dabates@apple.com>
2647
2648         Move shouldInheritSecurityOriginFromOwner() from URL to Document
2649         https://bugs.webkit.org/show_bug.cgi?id=158987
2650
2651         Reviewed by Alex Christensen.
2652
2653         The URL class should not have knowledge of the concept of an origin or the semantics of origin
2654         inheritance as these are higher level concepts. We should make URL::shouldInheritSecurityOriginFromOwner()
2655         a static non-member, non-friend function of Document because its implements the origin semantics
2656         for a Document object as described in section Origin of the HTML5 spec., <https://html.spec.whatwg.org/multipage/browsers.html#origin> (8 July 2016).
2657         These semantics only apply to Documents.
2658
2659         No functionality changed. So, no new tests.
2660
2661         * dom/Document.cpp:
2662         (WebCore::shouldInheritSecurityOriginFromOwner): Added.
2663         (WebCore::Document::initSecurityContext): Modified to call WebCore::shouldInheritSecurityOriginFromOwner().
2664         (WebCore::Document::initContentSecurityPolicy): Ditto.
2665         * platform/URL.cpp:
2666         (WebCore::URL::shouldInheritSecurityOriginFromOwner): Deleted.
2667         * platform/URL.h:
2668
2669 2016-07-08  Daniel Bates  <dabates@apple.com>
2670
2671         Setting table.tFoot or calling table.createTFoot() should append HTML tfont element to the end of the table
2672         https://bugs.webkit.org/show_bug.cgi?id=159583
2673         <rdar://problem/27255292>
2674
2675         In HTMLTableElement::createTFoot() I inadvertently made use of WTFMove() to move the instantiated
2676         HTMLTableSectionElement into the argument passed to setTFoot(). We should use Ref::copyRef() instead
2677         because we want this function to return the instantiated table section.
2678
2679         * html/HTMLTableElement.cpp:
2680         (WebCore::HTMLTableElement::createTFoot):
2681
2682 2016-07-08  Daniel Bates  <dabates@apple.com>
2683
2684         Setting table.tFoot or calling table.createTFoot() should append HTML tfont element to the end of the table
2685         https://bugs.webkit.org/show_bug.cgi?id=159583
2686         <rdar://problem/27255292>
2687
2688         Reviewed by Chris Dumez.
2689
2690         he HTML standard has long since been revised to describe that assignment to property table.tFoot
2691         or invoking table.createTFoot() will append the HTML tfoot element to the end of the table. This
2692         behavior is defined in <https://html.spec.whatwg.org/multipage/tables.html#dom-table-tfoot> (8 July 2016)
2693         and <https://html.spec.whatwg.org/multipage/tables.html#dom-table-createtfoot> for the property
2694         table.tFoot and table.createTFoot(), respectively. This change makes our behavior match the
2695         behavior in Mozilla Firefox, Microsoft Edge, Microsoft Internet Explorer 8 and later.
2696
2697         * html/HTMLTableElement.cpp:
2698         (WebCore::HTMLTableElement::setTFoot): Append <tfoot> to the end of the table. Use RefPtr<>&& instead of PassRefPtr.
2699         (WebCore::HTMLTableElement::createTFoot): Use RefPtr<>&& instead of PassRefPtr.
2700         * html/HTMLTableElement.h:
2701
2702 2016-07-08  Jer Noble  <jer.noble@apple.com>
2703
2704         Crash in layout test /media/video-buffered-range-contains-currentTime.html
2705         https://bugs.webkit.org/show_bug.cgi?id=159109
2706         <rdar://problem/26535750>
2707
2708         Reviewed by Alex Christensen.
2709
2710         Protect against _dataTasks being mutated and accessed on multiple simultaneous threads with a Lock.
2711
2712         * platform/network/cocoa/WebCoreNSURLSession.h:
2713         * platform/network/cocoa/WebCoreNSURLSession.mm:
2714         (-[WebCoreNSURLSession dealloc]):
2715         (-[WebCoreNSURLSession taskCompleted:]):
2716         (-[WebCoreNSURLSession finishTasksAndInvalidate]):
2717         (-[WebCoreNSURLSession invalidateAndCancel]):
2718         (-[WebCoreNSURLSession getTasksWithCompletionHandler:]):
2719         (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]):
2720         (-[WebCoreNSURLSession dataTaskWithRequest:]):
2721         (-[WebCoreNSURLSession dataTaskWithURL:]):
2722
2723 2016-07-08  Jeremy Jones  <jeremyj@apple.com>
2724
2725         Prevent fullscreen video dimension state from being reset after configuring.
2726         https://bugs.webkit.org/show_bug.cgi?id=159578
2727
2728         Reviewed by Jer Noble.
2729
2730         This change moves setVideoElement() to after setMediaElement(), since setMediaElement() resets the
2731         mediaState, undoing the configuration done by setVideoElement().
2732
2733         This change is fragile, but minimal. The proper, more comprehinsive fix will come later from
2734         https://bugs.webkit.org/show_bug.cgi?id=159580.
2735
2736         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
2737         (WebVideoFullscreenControllerContext::setUpFullscreen):
2738
2739 2016-07-08  Andy Estes  <aestes@apple.com>
2740
2741         [Content Filtering] Load blocked pages more like other error pages are loaded
2742         https://bugs.webkit.org/show_bug.cgi?id=159485
2743         <rdar://problem/26014076>
2744
2745         Reviewed by Brady Eidson.
2746
2747         Content filter blocked pages were being loaded by cancelling the provisional load of the
2748         page that was blocked and then scheduling a navigation to the content filter error page.
2749         Some clients would not expect a new, Web process-initiated provisional navigation to start
2750         after a cancellation, though, and this would put them in a bad state.
2751         
2752         This patch changes blocked page loading to behave more like loading other error pages.
2753         Specifically:
2754         1. didFailProvisionalLoad is dispatched with a new, non-cancellation error code.
2755         2. The blocked page is loaded immediately after dispatching didFailProvisionalLoad, which
2756            prevents FrameLoader from creating a new back-forward list item for the substitute data load.
2757         3. A substitute data load initiated by the client for the blocked URL is ignored if
2758            ContentFilter will display its own error page.
2759         4. A file: URL is used instead of a custom scheme for the base URL of the blocked page,
2760            since some clients expect this.
2761
2762         Updated existing tests to capture frame load delegate callbacks and the back forward list.
2763         Added new API tests: ContentFiltering.LoadAlternate*.
2764
2765         * English.lproj/Localizable.strings: Added a WebKitErrorFrameLoadBlockedByContentFilter description.
2766         * Resources/ContentFilterBlockedPage.html: Added.
2767         * WebCore.xcodeproj/project.pbxproj: Added ContentFilterBlockedPage.html as a frameowrk resource.
2768         * loader/ContentFilter.cpp:
2769         (WebCore::ContentFilter::continueAfterWillSendRequest): Protected m_documentLoader,
2770         since it might otherwise be deallocated inside ContentFilter::didDecide() if the load is blocked.
2771         (WebCore::ContentFilter::stopFilteringMainResource): Only set m_state to Stopped if not
2772         already Blocked, so that we don't forget this ContentFilter was blocked when calling
2773         cancelMailResourceLoad() in didDecide().
2774         (WebCore::ContentFilter::continueAfterResponseReceived): Protected m_documentLoader,
2775         since it might otherwise be deallocated inside ContentFilter::didDecide() if the load is blocked.
2776         (WebCore::ContentFilter::continueAfterDataReceived): Ditto.
2777         (WebCore::ContentFilter::continueAfterNotifyFinished): Ditto.
2778         (WebCore::ContentFilter::didDecide): Moved code from DocumentLoader::contentFilterDidBlock() to here.
2779         Created a blockedByContentFilterError() and called cancelMainResourceLoad().
2780         (WebCore::blockedPageURL): Returned a file: URL to ContentFilterBlockedPage.html in WebCore.framework.
2781         (WebCore::ContentFilter::continueAfterSubstituteDataRequest): If the substitute data load
2782         is for the same failingURL as the currently-displayed blocked page, ignore it.
2783         (WebCore::ContentFilter::handleProvisionalLoadFailure): Load the blocked page if m_state is Blocked
2784         and the ResourceError matches the error we used when previously calling cancelMainResourceLoad().
2785         (WebCore::ContentFilter::unblockHandler): Deleted.
2786         (WebCore::ContentFilter::replacementData): Deleted.
2787         (WebCore::ContentFilter::unblockRequestDeniedScript): Deleted.
2788         * loader/ContentFilter.h:
2789         * loader/DocumentLoader.cpp:
2790         (WebCore::DocumentLoader::contentFilter): Returned m_contentFilter.
2791         (WebCore::DocumentLoader::installContentFilterUnblockHandler): Deleted.
2792         (WebCore::DocumentLoader::contentFilterDidBlock): Deleted.
2793         * loader/DocumentLoader.h:
2794         * loader/EmptyClients.h: Added a default implementation of blockedByContentFilterError().
2795         * loader/FrameLoader.cpp:
2796         (WebCore::FrameLoader::load): If m_loadType was already RedirectWithLockedBackForwardList
2797         and we are loading subsitute data for a failing URL, continue to use RedirectWithLockedBackForwardList.
2798         This prevents a new back-forward list item from being created when loading a blocked page in a subframe.
2799         (WebCore::FrameLoader::checkLoadCompleteForThisFrame):
2800         Called ContentFilter::handleProvisionalLoadFailure() after dispatchDidFailProvisionalLoad().
2801         (WebCore::FrameLoader::blockedByContentFilterError): Called FrameLoaderClient::blockedByContentFilterError().
2802         * loader/FrameLoader.h:
2803         * loader/FrameLoaderClient.h:
2804         * loader/NavigationScheduler.cpp:
2805         (WebCore::ScheduledSubstituteDataLoad::ScheduledSubstituteDataLoad): Deleted.
2806         (WebCore::NavigationScheduler::scheduleSubstituteDataLoad): Deleted.
2807         * loader/NavigationScheduler.h:
2808         * loader/PolicyChecker.cpp:
2809         (WebCore::PolicyChecker::checkNavigationPolicy): Ignored a substitute data load for a
2810         failing URL if ContentFilter::continueAfterSubstituteDataRequest() returns false.
2811
2812 2016-07-08  Myles C. Maxfield  <mmaxfield@apple.com>
2813
2814         [Font Loading] The callback passed to document.fonts.ready should always be called
2815         https://bugs.webkit.org/show_bug.cgi?id=158884
2816
2817         Reviewed by Dean Jackson.
2818
2819         The boolean was simply not being reset when loads start.
2820
2821         Test: fast/text/font-face-set-ready-fire.html
2822
2823         * css/FontFaceSet.cpp:
2824         (WebCore::FontFaceSet::startedLoading):
2825         * css/FontFaceSet.h:
2826
2827 2016-07-08  Commit Queue  <commit-queue@webkit.org>
2828
2829         Unreviewed, rolling out r202944.
2830         https://bugs.webkit.org/show_bug.cgi?id=159570
2831
2832         caused some tests to crash under GuardMalloc (Requested by
2833         estes on #webkit).
2834
2835         Reverted changeset:
2836
2837         "[Content Filtering] Load blocked pages more like other error
2838         pages are loaded"
2839         https://bugs.webkit.org/show_bug.cgi?id=159485
2840         http://trac.webkit.org/changeset/202944
2841
2842 2016-07-08  Antti Koivisto  <antti@apple.com>
2843
2844         Regression(r201805): Crash with <use> resource that has Vary header
2845         https://bugs.webkit.org/show_bug.cgi?id=159560
2846         <rdar://problem/27034208>
2847
2848         Reviewed by Chris Dumez.
2849
2850         In some situations (SVG <use> element for example) we may try to load resources from frameless documents.
2851         Such loads always fail. The new vary header verification code path tried to access the frame earlier without
2852         null check.
2853
2854         Test: http/tests/cache/vary-frameless-document.html
2855
2856         * loader/cache/CachedResource.cpp:
2857         (WebCore::CachedResource::failBeforeStarting):
2858         (WebCore::addAdditionalRequestHeadersToRequest):
2859
2860             Null check frame.
2861             Also move the resource type check here so all callers get the same behavior.
2862
2863         (WebCore::CachedResource::addAdditionalRequestHeaders):
2864         (WebCore::CachedResource::load):
2865         (WebCore::CachedResource::varyHeaderValuesMatch):
2866
2867 2016-07-08  Brady Eidson  <beidson@apple.com>
2868
2869         Clearing LocalStorage doesn't also delete -wal and -shm files.
2870         <rdar://problem/27206772> and https://bugs.webkit.org/show_bug.cgi?id=159566
2871
2872         Reviewed by Brent Fulgham.
2873         Also helpfully picked over by Andy "Never Forgets" Estes.
2874
2875         Covered by new API test.
2876
2877         * WebCore.xcodeproj/project.pbxproj:
2878
2879         * platform/sql/SQLiteFileSystem.h:
2880
2881 2016-07-08  Commit Queue  <commit-queue@webkit.org>
2882
2883         Unreviewed, rolling out r202945.
2884         https://bugs.webkit.org/show_bug.cgi?id=159565
2885
2886         The test for this change is failing on all platforms.
2887         (Requested by ryanhaddad on #webkit).
2888
2889         Reverted changeset:
2890
2891         "[Font Loading] The callback passed to document.fonts.ready
2892         should always be called"
2893         https://bugs.webkit.org/show_bug.cgi?id=158884
2894         http://trac.webkit.org/changeset/202945
2895
2896 2016-07-08  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2897
2898         ExecState should be passed by reference in JS bindings generator for custom constructors
2899         https://bugs.webkit.org/show_bug.cgi?id=159357
2900
2901         Reviewed by Youenn Fablet.
2902
2903         Pass ExecState as a reference instead of pointer in JS bindings
2904         code for custom constructors.
2905
2906         * bindings/js/JSAudioContextCustom.cpp:
2907         (WebCore::constructJSAudioContext):
2908         * bindings/js/JSBlobCustom.cpp:
2909         (WebCore::constructJSBlob):
2910         * bindings/js/JSDOMFormDataCustom.cpp:
2911         (WebCore::constructJSDOMFormData):
2912         (WebCore::JSDOMFormData::append):
2913         * bindings/js/JSDataCueCustom.cpp:
2914         (WebCore::constructJSDataCue):
2915         * bindings/js/JSFileCustom.cpp:
2916         (WebCore::constructJSFile):
2917         * bindings/js/JSHTMLElementCustom.cpp:
2918         (WebCore::constructJSHTMLElement):
2919         * bindings/js/JSMediaSessionCustom.cpp:
2920         (WebCore::constructJSMediaSession):
2921         * bindings/js/JSMutationObserverCustom.cpp:
2922         (WebCore::constructJSMutationObserver):
2923         * bindings/js/JSReadableStreamPrivateConstructors.cpp:
2924         (WebCore::constructJSReadableStreamController):
2925         (WebCore::constructJSReadableStreamReader):
2926         * bindings/js/JSWebKitPointCustom.cpp:
2927         (WebCore::constructJSWebKitPoint):
2928         * bindings/js/JSWorkerCustom.cpp:
2929         (WebCore::constructJSWorker):
2930         * bindings/scripts/CodeGeneratorJS.pm:
2931         (GenerateHeader):
2932         (GenerateConstructorDefinition):
2933         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
2934         (WebCore::JSTestCustomConstructorWithNoInterfaceObjectConstructor::construct):
2935         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.h:
2936
2937 2016-07-08  Olivier Blin  <olivier.blin@softathome.com>
2938
2939         Expose crossOrigin attribute as a static property in HTMLMediaElement
2940         https://bugs.webkit.org/show_bug.cgi?id=159459
2941
2942         Reviewed by Chris Dumez.
2943
2944         The crossOrigin attribute is already used for MediaResourceLoader
2945         (r119742 and r175050), but it was not exposed as a static property.
2946
2947         This fixes VR360 support in Dailymotion, since it uses the "in"
2948         operator to detect if crossOrigin is supported by the
2949         HTMLVideoElement, in order to enable VR360.
2950
2951         No new tests, rebaselined existing tests, 150 WPT tests are fixed.
2952
2953         * html/HTMLMediaElement.cpp:
2954         (WebCore::HTMLMediaElement::setCrossOrigin):
2955         (WebCore::HTMLMediaElement::crossOrigin):
2956         * html/HTMLMediaElement.h:
2957         * html/HTMLMediaElement.idl:
2958
2959 2016-03-20  Frederic Wang  <fwang@igalia.com>
2960
2961         Use Fraction* parameters from the OpenType MATH table
2962         https://bugs.webkit.org/show_bug.cgi?id=155639
2963
2964         Reviewed by Brent Fulgham.
2965
2966         We improve the RenderMathMLFraction so minimal vertical shifts and gaps
2967         from the MATH table (or arbitrary fallback) are used for fractions.
2968         We also change the interpretation of "thick" and "thin" linethickness values
2969         to match Gecko's behavior and the one suggested in the MathML in HTML5 implementation note.
2970
2971         Test: imported/mathml-in-html5/mathml/presentation-markup/fractions/frac-parameters-1.html
2972
2973         * rendering/mathml/MathMLStyle.cpp:
2974         (WebCore::MathMLStyle::updateStyleIfNeeded): set NeedsLayout after displaystyle change
2975         so that dynamic MathML tests still work.
2976         * rendering/mathml/RenderMathMLFraction.cpp:
2977         (WebCore::RenderMathMLFraction::RenderMathMLFraction): Init LayoutUnit members to zero.
2978         (WebCore::RenderMathMLFraction::updateFromElement):
2979         Set new members for fraction gaps and shifts using Fraction* constants or some fallback
2980         values. Change the interpretation of "thick" and "thin".
2981         (WebCore::RenderMathMLFraction::layoutBlock): Use new constants affecting vertical
2982         positions of numerator and denominator.
2983         (WebCore::RenderMathMLFraction::paint): Use m_ascent to set the vertical position
2984         of the fraction bar.
2985         (WebCore::RenderMathMLFraction::firstLineBaseline): We just return m_ascent.
2986         * rendering/mathml/RenderMathMLFraction.h: Make updateFromElement public so that
2987         it can be used in MathMLStyle. Add LayoutUnit members for the ascent of the fraction
2988         and for minimal shifts/gaps values.
2989
2990 2016-07-08  Frederic Wang  <fwang@igalia.com>
2991
2992         Use Radical* constants from the OpenType MATH table.
2993         https://bugs.webkit.org/show_bug.cgi?id=155638
2994
2995         Reviewed by Brent Fulgham.
2996
2997         Test: mathml/mathml-in-html5/root-parameters-1.html
2998
2999         We make the radical vertical gap depends on displaystyle.
3000         This is the only remaining step to use all the Radical* constants from the MATH table.
3001         We also introduce a ruleThicknessFallback function for future use.
3002
3003         * rendering/mathml/RenderMathMLBlock.h:
3004         (WebCore::RenderMathMLBlock::ruleThicknessFallback): Add this helper function since that
3005         calculation is used in several places.
3006         * rendering/mathml/RenderMathMLRoot.cpp:
3007         (WebCore::RenderMathMLRoot::updateStyle): Reorganize the way we set constant parameters,
3008         add more comments and take into account the displaystyle for the vertical gap.
3009
3010 2016-07-08  Commit Queue  <commit-queue@webkit.org>
3011
3012         Unreviewed, rolling out r202967.
3013         https://bugs.webkit.org/show_bug.cgi?id=159556
3014
3015         This patch caused crashes in https tests on Windows (Requested
3016         by perarne on #webkit).
3017
3018         Reverted changeset:
3019
3020         "[Win] The test http/tests/security/contentSecurityPolicy
3021         /upgrade-insecure-requests/basic-upgrade.https.html is
3022         failing."
3023         https://bugs.webkit.org/show_bug.cgi?id=159510
3024         http://trac.webkit.org/changeset/202967
3025
3026 2016-07-08  Youenn Fablet  <youenn@apple.com>
3027
3028         Generate WebCore builtin wrapper files
3029         https://bugs.webkit.org/show_bug.cgi?id=159461
3030
3031         Reviewed by Brian Burg.
3032
3033         No change of behavior.
3034
3035         Updating build system to handle new built-in generators without modifying WebCoreJSBuiltins* files.
3036         The generator is now passed all built-ins at once so that wrapper files can be generated.
3037         Removing WebCoreJSBuiltins* checked-in wrapper files.
3038
3039         * CMakeLists.txt:
3040         * DerivedSources.make:
3041         * WebCore.xcodeproj/project.pbxproj:
3042         * bindings/js/JSDOMGlobalObject.cpp:
3043         (WebCore::JSDOMGlobalObject::addBuiltinGlobals):
3044         * bindings/js/JSDOMGlobalObject.h:
3045         * bindings/js/WebCoreJSBuiltinInternals.cpp: Removed.
3046         * bindings/js/WebCoreJSBuiltinInternals.h: Removed.
3047         * bindings/js/WebCoreJSBuiltins.cpp: Removed.
3048         * bindings/js/WebCoreJSBuiltins.h: Removed.
3049
3050 2016-07-08  Manuel Rego Casasnovas  <rego@igalia.com>
3051
3052         [css-grid] Inline size is never indefinite during layout
3053         https://bugs.webkit.org/show_bug.cgi?id=159253
3054
3055         Reviewed by Sergio Villar Senin.
3056
3057         The issue is that the inline size of the grid container
3058         is only indefinite while we're computing the intrinsic sizes.
3059         During layout we should be able to resolve the percentage tracks
3060         against that size. This makes Grid Layout compatible with regular blocks
3061         regarding how inline percentages are resolved.
3062
3063         The patch passes the SizingOperation enum to RenderGrid::gridTrackSize().
3064         That way we can know if we're computing the intrinsic sizes or not.
3065
3066         Test: fast/css-grid-layout/grid-container-percentage-columns.html
3067
3068         * rendering/RenderGrid.cpp:
3069         (WebCore::RenderGrid::computeTrackSizesForDirection):
3070         (WebCore::RenderGrid::computeIntrinsicLogicalWidths):
3071         (WebCore::RenderGrid::computeIntrinsicLogicalHeight):
3072         (WebCore::RenderGrid::computeUsedBreadthOfGridTracks):
3073         (WebCore::RenderGrid::gridTrackSize):
3074         (WebCore::RenderGrid::minSizeForChild):
3075         (WebCore::RenderGrid::spanningItemCrossesFlexibleSizedTracks):
3076         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctions):
3077         (WebCore::RenderGrid::resolveContentBasedTrackSizingFunctionsForNonSpanningItems):
3078         (WebCore::RenderGrid::tracksAreWiderThanMinTrackBreadth):
3079         (WebCore::RenderGrid::rawGridTrackSize): Deleted.
3080         * rendering/RenderGrid.h:
3081
3082 2016-07-08  Frederic Wang  <fwang@igalia.com>
3083
3084         Use OpenType MATH constant AxisHeight.
3085         https://bugs.webkit.org/show_bug.cgi?id=133567
3086
3087         Reviewed by Brent Fulgham.
3088
3089         We make RenderMathMLOperator and RenderMathMLTable use the OpenType MATH constant AxisHeight.
3090         These are the only remaining cases to handle since RenderMathMLFraction already uses that constant.
3091
3092         Tests: imported/mathml-in-html5/mathml/presentation-markup/operators/mo-axis-height-1.html
3093               imported/mathml-in-html5/mathml/presentation-markup/tables/table-axis-height.html
3094
3095         * rendering/mathml/RenderMathMLBlock.cpp: Make RenderMathMLTable use the math axis
3096         for its vertical alignment and update a bit the comments.
3097         (WebCore::axisHeight): Move the code in a static function that can be called by
3098         RenderMathMLBlock and RenderMathMLTable.
3099         (WebCore::RenderMathMLBlock::mathAxisHeight): Use axisHeight.
3100         (WebCore::RenderMathMLTable::firstLineBaseline): Ditto.
3101         * rendering/mathml/RenderMathMLOperator.cpp:
3102         (WebCore::RenderMathMLOperator::stretchTo):
3103
3104 2016-07-08  Manuel Rego Casasnovas  <rego@igalia.com>
3105
3106         [css-grid] Disallow repeat() in grid-template shorthand
3107         https://bugs.webkit.org/show_bug.cgi?id=159200
3108
3109         Reviewed by Sergio Villar Senin.
3110
3111         As discussed on www-style, "repeat()" notation shouldn't be allowed
3112         in the ASCII branch of the grid-template shorthand.
3113         https://lists.w3.org/Archives/Public/www-style/2016May/0193.html
3114
3115         The patch uses an enum to invalidate "repeat()" when parsing
3116         the grid-template shorthand.
3117
3118         Test: fast/css-grid-layout/grid-template-shorthand-get-set.html
3119
3120         * css/CSSParser.cpp:
3121         (WebCore::CSSParser::parseGridTemplateColumns): Add enum.
3122         (WebCore::CSSParser::parseGridTemplateRowsAndAreasAndColumns): Pass "DisallowRepeat"
3123         when calling parseGridTemplateColumns().
3124         (WebCore::CSSParser::parseGridTrackList): Use enum to allow/disallow repeat.
3125         * css/CSSParser.h: Define the new enum and modify method signatures to use it,
3126         setting it to "AllowRepeat" by default.
3127
3128 2016-07-08  Frederic Wang  <fwang@igalia.com>
3129
3130         Add support for movablelimits.
3131         https://bugs.webkit.org/show_bug.cgi?id=155542
3132
3133         Reviewed by Brent Fulgham.
3134
3135         Tests: mathml/presentation/displaystyle-1.html
3136                mathml/presentation/displaystyle-2.html
3137                mathml/presentation/displaystyle-3.html
3138                mathml/presentation/mo-movablelimits-default.html
3139                mathml/presentation/mo-movablelimits-dynamic.html
3140                mathml/presentation/mo-movablelimits.html
3141
3142         * mathml/MathMLTextElement.cpp:
3143         (WebCore::MathMLTextElement::parseAttribute): Take into account change of movablelimits.
3144         * rendering/mathml/MathMLOperatorDictionary.h: Remove FIXME comment.
3145         * rendering/mathml/MathMLStyle.cpp:
3146         (WebCore::MathMLStyle::updateStyleIfNeeded): Force relayout and width computation when a
3147         displaystyle value change.
3148         * rendering/mathml/RenderMathMLOperator.h:
3149         (WebCore::RenderMathMLOperator::shouldMoveLimits): Helper function to test if the operator
3150         should have his limits moved when used as a base of munder/mover/munderover.
3151         * rendering/mathml/RenderMathMLScripts.cpp: Allow munderover/munder/mover elements to use
3152         this class and take the same behavior as the corresponding msubsup/msub/sup except for
3153         the *scriptshift attributes.
3154         (WebCore::RenderMathMLScripts::RenderMathMLScripts):
3155         (WebCore::RenderMathMLScripts::getBaseAndScripts):
3156         (WebCore::RenderMathMLScripts::computePreferredLogicalWidths):
3157         (WebCore::RenderMathMLScripts::getScriptMetricsAndLayoutIfNeeded):
3158         (WebCore::RenderMathMLScripts::layoutBlock):
3159         * rendering/mathml/RenderMathMLScripts.h: Allow some members to be accessible/overridden
3160         by RenderMathMLUnderOver and add munderover/munder/mover in the kind.
3161         * rendering/mathml/RenderMathMLUnderOver.cpp:
3162         (WebCore::RenderMathMLUnderOver::RenderMathMLUnderOver): We use the code from
3163         RenderMathMLScripts to initialize m_kind.
3164         (WebCore::RenderMathMLUnderOver::shouldMoveLimits): New function to determine if the base
3165         should move its limits.
3166         (WebCore::RenderMathMLUnderOver::computePreferredLogicalWidths): We use the code from
3167         RenderMathMLScripts when the base should move its limits.
3168         (WebCore::RenderMathMLUnderOver::layoutBlock): We use the code from RenderMathMLScripts when
3169         the base should move its limits. Also improve the early return for invalid markup.
3170         (WebCore::RenderMathMLUnderOver::unembellishedOperator): Deleted. We use the code from RenderMathMLScripts.
3171         (WebCore::RenderMathMLUnderOver::firstLineBaseline): Deleted. We use the code from RenderMathMLScripts.
3172         * rendering/mathml/RenderMathMLUnderOver.h: We now inherit from RenderMathMLScripts and can
3173         just remove members that exist in the parent. We define shouldMoveLimits() to determine
3174         when the layout should be done the same as RenderMathMLScripts. For now, we try and be
3175         safe with the rest of the code by continuing to claim that we are not a RenderMathMLScripts.
3176
3177 2016-07-07  Gyuyoung Kim  <gyuyoung.kim@webkit.org>
3178
3179         Clean up PassRefPtr in Modules/webaudio
3180         https://bugs.webkit.org/show_bug.cgi?id=159540
3181
3182         Reviewed by Alex Christensen.
3183
3184         Purge PassRefPtr in webaudio directory.
3185
3186         No new tests, no behavior changes.
3187
3188         * Modules/webaudio/AsyncAudioDecoder.h:
3189         * Modules/webaudio/AudioBasicProcessorNode.h:
3190         * Modules/webaudio/AudioBuffer.h:
3191         * Modules/webaudio/AudioBufferSourceNode.h:
3192         * Modules/webaudio/AudioListener.h:
3193         * Modules/webaudio/AudioParam.h:
3194         * Modules/webaudio/AudioParamTimeline.h:
3195         (WebCore::AudioParamTimeline::ParamEvent::ParamEvent):
3196         * Modules/webaudio/AudioProcessingEvent.cpp:
3197         (WebCore::AudioProcessingEvent::AudioProcessingEvent):
3198         * Modules/webaudio/AudioProcessingEvent.h:
3199         (WebCore::AudioProcessingEvent::create):
3200         * Modules/webaudio/ChannelMergerNode.h:
3201         * Modules/webaudio/ChannelSplitterNode.h:
3202         * Modules/webaudio/GainNode.h:
3203         * Modules/webaudio/MediaElementAudioSourceNode.h:
3204         * Modules/webaudio/MediaStreamAudioDestinationNode.h:
3205         * Modules/webaudio/MediaStreamAudioSource.cpp:
3206         (WebCore::MediaStreamAudioSource::addAudioConsumer):
3207         * Modules/webaudio/MediaStreamAudioSource.h:
3208         * Modules/webaudio/OfflineAudioCompletionEvent.cpp:
3209         (WebCore::OfflineAudioCompletionEvent::create):
3210         (WebCore::OfflineAudioCompletionEvent::OfflineAudioCompletionEvent):
3211         * Modules/webaudio/OfflineAudioCompletionEvent.h:
3212         * Modules/webaudio/OfflineAudioDestinationNode.h:
3213         * Modules/webaudio/OscillatorNode.h:
3214         * Modules/webaudio/PeriodicWave.h:
3215         * Modules/webaudio/ScriptProcessorNode.h:
3216
3217 2016-07-07  Per Arne Vollan  <pvollan@apple.com>
3218
3219         [Win] The test http/tests/security/contentSecurityPolicy/upgrade-insecure-requests/basic-upgrade.https.html is failing.
3220         https://bugs.webkit.org/show_bug.cgi?id=159510
3221
3222         Reviewed by Brent Fulgham.
3223
3224         On Windows, validate certificate chain even when any https certificate is allowed.
3225
3226         * platform/network/cf/ResourceHandleCFNet.cpp:
3227         (WebCore::ResourceHandle::createCFURLConnection):
3228
3229 2016-07-07  Frederic Wang  <fwang@igalia.com>
3230
3231         Bug 155792 - Basic implementation of mpadded
3232         https://bugs.webkit.org/show_bug.cgi?id=155792
3233
3234         Reviewed by Brent Fulgham.
3235
3236         We implement a basic support for the mpadded element.
3237         We support most of the attribute values except pseudo-units or negative values.
3238
3239         Tests: mathml/presentation/mpadded-1-2.html
3240                mathml/presentation/mpadded-1.html
3241                mathml/presentation/mpadded-2.html
3242                mathml/presentation/mpadded-3.html
3243                mathml/presentation/mpadded-unsupported-values.html
3244                mathml/presentation/mpadded-dynamic.html
3245
3246         * CMakeLists.txt: Add RenderMathMLPadded to the build system.
3247         * WebCore.xcodeproj/project.pbxproj: Ditto.
3248         * mathml/MathMLInlineContainerElement.cpp:
3249         (WebCore::MathMLInlineContainerElement::createElementRenderer): Create the renderer
3250         for mpadded.
3251         * mathml/mathattrs.in: Add voffset attribute.
3252         * mathml/mathtags.in: Make mpadded use MathMLInlineContainerElement.
3253         * rendering/RenderObject.h:
3254         (WebCore::RenderObject::isRenderMathMLPadded): Define isRenderMathMLPadded.
3255         * rendering/mathml/RenderMathMLPadded.cpp: Added.
3256         We do a simple implementation by overriding the behavior of RenderMathMLRow and forcing
3257         relayout after attribute or style change.
3258         (WebCore::RenderMathMLPadded::RenderMathMLPadded):
3259         (WebCore::RenderMathMLPadded::computePreferredLogicalWidths):
3260         (WebCore::RenderMathMLPadded::layoutBlock):
3261         (WebCore::RenderMathMLPadded::updateFromElement):
3262         (WebCore::RenderMathMLPadded::styleDidChange):
3263         (WebCore::RenderMathMLPadded::firstLineBaseline):
3264         * rendering/mathml/RenderMathMLPadded.h: Added.
3265
3266 2016-07-07  Frederic Wang  <fwang@igalia.com>
3267
3268         Move MathML-specific code into a separate accessibility class
3269         https://bugs.webkit.org/show_bug.cgi?id=159213
3270
3271         Reviewed by Chris Fleizach.
3272
3273         Currently, MathML accessibility is completely handled in the generic AccessibilityRenderObject
3274         and it's sometimes messy and unconvenient. Hence we move most of the MathML-specific code
3275         into a separate AccessibilityMathMLElement class to facilitate future work and maintenance.
3276
3277         No new tests, already covered by existing tests.
3278
3279         * CMakeLists.txt: Add new AccessibilityMathMLElement module.
3280         * WebCore.xcodeproj/project.pbxproj: Ditto.
3281         * accessibility/AccessibilityAllInOne.cpp: Ditto.
3282         * accessibility/AXObjectCache.cpp: Add MathML headers and create AccessibilityMathMLElement.
3283         (WebCore::createFromRenderer): Create AccessibilityMathMLElement for MathML elements and
3284         anonymous operators created by the mfenced element.
3285         * accessibility/AccessibilityMathMLElement.cpp: Added. This class handles all the MathML
3286         elements as well as the anonymous operators created by the mfenced element. A boolean is
3287         passed to the constructor to indicate whether we are in the latter case.
3288         (WebCore::AccessibilityMathMLElement::AccessibilityMathMLElement):
3289         (WebCore::AccessibilityMathMLElement::~AccessibilityMathMLElement):
3290         (WebCore::AccessibilityMathMLElement::create):
3291         (WebCore::AccessibilityMathMLElement::determineAccessibilityRole): Move handling of specific
3292         MathElementRole and DocumentMathRole here.
3293         (WebCore::AccessibilityMathMLElement::textUnderElement): Move retrieval of text from the
3294         anonymous operators here.
3295         (WebCore::AccessibilityMathMLElement::stringValue): Ditto.
3296         (WebCore::AccessibilityMathMLElement::isIgnoredElementWithinMathTree): Move the determination
3297         of ignored math elements here.
3298         (WebCore::AccessibilityMathMLElement::isMathFraction): Moved from AccessibilityRenderObject.
3299         (WebCore::AccessibilityMathMLElement::isMathFenced): Ditto.
3300         (WebCore::AccessibilityMathMLElement::isMathSubscriptSuperscript): Ditto.
3301         (WebCore::AccessibilityMathMLElement::isMathRow): Ditto.
3302         (WebCore::AccessibilityMathMLElement::isMathUnderOver): Ditto.
3303         (WebCore::AccessibilityMathMLElement::isMathSquareRoot): Ditto.
3304         (WebCore::AccessibilityMathMLElement::isMathToken): Ditto.
3305         (WebCore::AccessibilityMathMLElement::isMathRoot): Ditto.
3306         (WebCore::AccessibilityMathMLElement::isMathOperator): Ditto.
3307         (WebCore::AccessibilityMathMLElement::isAnonymousMathOperator): Move the determination of
3308         anonymous operators here. We now just return the boolean passed at creation time.
3309         (WebCore::AccessibilityMathMLElement::isMathFenceOperator): Moved from
3310         AccessibilityRenderObject.
3311         (WebCore::AccessibilityMathMLElement::isMathSeparatorOperator): Ditto.
3312         (WebCore::AccessibilityMathMLElement::isMathText): Ditto.
3313         (WebCore::AccessibilityMathMLElement::isMathNumber): Ditto.
3314         (WebCore::AccessibilityMathMLElement::isMathIdentifier): Ditto.
3315         (WebCore::AccessibilityMathMLElement::isMathMultiscript): Ditto.
3316         (WebCore::AccessibilityMathMLElement::isMathTable): Ditto.
3317         (WebCore::AccessibilityMathMLElement::isMathTableRow): Ditto.
3318         (WebCore::AccessibilityMathMLElement::isMathTableCell): Ditto.
3319         (WebCore::AccessibilityMathMLElement::isMathScriptObject): Ditto.
3320         (WebCore::AccessibilityMathMLElement::isMathMultiscriptObject): Ditto.
3321         (WebCore::AccessibilityMathMLElement::mathRadicandObject): Ditto.
3322         (WebCore::AccessibilityMathMLElement::mathRootIndexObject): Ditto.
3323         (WebCore::AccessibilityMathMLElement::mathNumeratorObject): Ditto.
3324         (WebCore::AccessibilityMathMLElement::mathDenominatorObject): Ditto.
3325         (WebCore::AccessibilityMathMLElement::mathUnderObject): Ditto.
3326         (WebCore::AccessibilityMathMLElement::mathOverObject): Ditto.
3327         (WebCore::AccessibilityMathMLElement::mathBaseObject): Ditto.
3328         (WebCore::AccessibilityMathMLElement::mathSubscriptObject): Ditto.
3329         (WebCore::AccessibilityMathMLElement::mathSuperscriptObject): Ditto.
3330         (WebCore::AccessibilityMathMLElement::mathFencedOpenString): Ditto.
3331         (WebCore::AccessibilityMathMLElement::mathFencedCloseString): Ditto.
3332         (WebCore::AccessibilityMathMLElement::mathPrescripts): Ditto.
3333         (WebCore::AccessibilityMathMLElement::mathPostscripts): Ditto.
3334         (WebCore::AccessibilityMathMLElement::mathLineThickness): Ditto.
3335         * accessibility/AccessibilityMathMLElement.h: Added.
3336         * accessibility/AccessibilityRenderObject.cpp:
3337         (WebCore::AccessibilityRenderObject::isIgnoredElementWithinMathTree): The cases of
3338         AccessibilityMathMLElement objects are now handled in the derived class. We remove the case
3339         of text node since the MathML code no longer creates anonymous text nodes after r202420.
3340         Anonymous block inserted into RenderMathMLBlocks to honor CSS rules are not AccessibilityMathMLElements
3341         and it does not seem safe to modify AXObjectCache::createFromRenderer to force that. Hence
3342         we still need to be handle them here.
3343         (WebCore::AccessibilityRenderObject::textUnderElement): This code is moved into AccessibilityMathMLElement.
3344         (WebCore::AccessibilityRenderObject::stringValue): Ditto.
3345         (WebCore::AccessibilityRenderObject::determineAccessibilityRole): Ditto.
3346         (WebCore::AccessibilityRenderObject::isMathElement): Deleted.
3347         (WebCore::AccessibilityRenderObject::isMathFraction): Deleted.
3348         (WebCore::AccessibilityRenderObject::isMathFenced): Deleted.
3349         (WebCore::AccessibilityRenderObject::isMathSubscriptSuperscript): Deleted.
3350         (WebCore::AccessibilityRenderObject::isMathRow): Deleted.
3351         (WebCore::AccessibilityRenderObject::isMathUnderOver): Deleted.
3352         (WebCore::AccessibilityRenderObject::isMathSquareRoot): Deleted.
3353         (WebCore::AccessibilityRenderObject::isMathToken): Deleted.
3354         (WebCore::AccessibilityRenderObject::isMathRoot): Deleted.
3355         (WebCore::AccessibilityRenderObject::isMathOperator): Deleted.
3356         (WebCore::AccessibilityRenderObject::isAnonymousMathOperator): Deleted.
3357         (WebCore::AccessibilityRenderObject::isMathFenceOperator): Deleted.
3358         (WebCore::AccessibilityRenderObject::isMathSeparatorOperator): Deleted.
3359         (WebCore::AccessibilityRenderObject::isMathText): Deleted.
3360         (WebCore::AccessibilityRenderObject::isMathNumber): Deleted.
3361         (WebCore::AccessibilityRenderObject::isMathIdentifier): Deleted.
3362         (WebCore::AccessibilityRenderObject::isMathMultiscript): Deleted.
3363         (WebCore::AccessibilityRenderObject::isMathTable): Deleted.
3364         (WebCore::AccessibilityRenderObject::isMathTableRow): Deleted.
3365         (WebCore::AccessibilityRenderObject::isMathTableCell): Deleted.
3366         (WebCore::AccessibilityRenderObject::isMathScriptObject): Deleted.
3367         (WebCore::AccessibilityRenderObject::isMathMultiscriptObject): Deleted.
3368         (WebCore::AccessibilityRenderObject::mathRadicandObject): Deleted.
3369         (WebCore::AccessibilityRenderObject::mathRootIndexObject): Deleted.
3370         (WebCore::AccessibilityRenderObject::mathNumeratorObject): Deleted.
3371         (WebCore::AccessibilityRenderObject::mathDenominatorObject): Deleted.
3372         (WebCore::AccessibilityRenderObject::mathUnderObject): Deleted.
3373         (WebCore::AccessibilityRenderObject::mathOverObject): Deleted.
3374         (WebCore::AccessibilityRenderObject::mathBaseObject): Deleted.
3375         (WebCore::AccessibilityRenderObject::mathSubscriptObject): Deleted.
3376         (WebCore::AccessibilityRenderObject::mathSuperscriptObject): Deleted.
3377         (WebCore::AccessibilityRenderObject::mathFencedOpenString): Deleted.
3378         (WebCore::AccessibilityRenderObject::mathFencedCloseString): Deleted.
3379         (WebCore::AccessibilityRenderObject::mathPrescripts): Deleted.
3380         (WebCore::AccessibilityRenderObject::mathPostscripts): Deleted.
3381         (WebCore::AccessibilityRenderObject::mathLineThickness): Deleted.
3382         * accessibility/AccessibilityRenderObject.h: Remove declarations of functions that are now
3383         overridden in AccessibilityMathMLElement. Make isIgnoredElementWithinMathTree virtual so that
3384         it can be reimplemented in AccessibilityMathMLElement.
3385
3386 2016-07-07  Frederic Wang  <fwang@igalia.com>
3387
3388         Implement an internal style property for displaystyle.
3389   &