7405188d997dcbb780f70c95bca808bb419a4ccf
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2016-02-10  Konstantin Tokarev  <annulen@yandex.ru>
2
3         [cmake] Consolidate CMake code related to image decoders.
4         https://bugs.webkit.org/show_bug.cgi?id=154074
5
6         Reviewed by Alex Christensen.
7
8         Common image decoder sources, includes and libs are moved to
9         platform/ImageDecoders.cmake.
10
11         Also, added include directories of libjpeg and libpng to
12         WebCore_SYSTEM_INCLUDE_DIRECTORIES.
13
14         No new tests needed.
15
16         * CMakeLists.txt: Moved common include paths to ImageDecoders.cmake.
17         * PlatformEfl.cmake: Moved common sources and libs to ImageDecoders.cmake.
18         * PlatformGTK.cmake: Ditto.
19         * PlatformWinCairo.cmake: Moved common sources to ImageDecoders.cmake.
20         * platform/ImageDecoders.cmake: Added.
21
22 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
23
24         CSSSegmentedFontFace does not need to be reference counted
25         https://bugs.webkit.org/show_bug.cgi?id=154083
26
27         Reviewed by Antti Koivisto.
28
29         ...There is only ever a single reference to one.
30
31         No new tests because there is no behavior change.
32
33         * css/CSSFontSelector.cpp:
34         (WebCore::CSSFontSelector::getFontFace):
35         * css/CSSFontSelector.h:
36         * css/CSSSegmentedFontFace.h:
37         (WebCore::CSSSegmentedFontFace::create): Deleted.
38
39 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
40
41         FontCache's clients should use references instead of pointers
42         https://bugs.webkit.org/show_bug.cgi?id=154085
43
44         Reviewed by Antti Koivisto.
45
46         They are never null.
47
48         No new tests because there is no behavior change.
49
50         * css/CSSFontSelector.cpp:
51         (WebCore::CSSFontSelector::CSSFontSelector):
52         (WebCore::CSSFontSelector::~CSSFontSelector):
53         * platform/graphics/FontCache.cpp:
54         (WebCore::FontCache::addClient):
55         (WebCore::FontCache::removeClient):
56         * platform/graphics/FontCache.h:
57
58 2016-02-10  Chris Dumez  <cdumez@apple.com>
59
60         [Web IDL] interface objects should be Function objects
61         https://bugs.webkit.org/show_bug.cgi?id=154038
62         <rdar://problem/24569358>
63
64         Reviewed by Geoffrey Garen.
65
66         interface objects should be Function objects as per Web IDL:
67         - http://heycam.github.io/webidl/#interface-object
68         - http://heycam.github.io/webidl/#es-interfaces
69
70         So window.Event should be a Function object for e.g. but in WebKit it
71         is a regular EventConstructor JSObject.
72         Firefox and Chrome match the specification.
73
74         Test: js/interface-objects.html
75
76         * bindings/js/JSDOMBinding.cpp:
77         (WebCore::callThrowTypeError):
78         (WebCore::DOMConstructorObject::getCallData):
79         When calling the interface object as a function, we throw a TypeError
80         with a message asking to use the 'new' operator to match the behavior
81         of Firefox and Chrome.
82
83         * bindings/js/JSDOMBinding.h:
84         Add JSC::TypeOfShouldCallGetCallData structure flag and implement
85         getCallData() so that typeof returns "function", as per the
86         specification and the behavior of other browsers.
87
88         (WebCore::DOMConstructorObject::className):
89         Implement className() and return "Function" to match the specification and
90         other browsers. Otherwise, it would fall back to using ClassInfo::className
91         which os the function name and interface name (e.g. "Event").
92
93         * bindings/js/JSDOMConstructor.h:
94         (WebCore::JSDOMConstructorNotConstructable::callThrowTypeError):
95         (WebCore::JSDOMConstructorNotConstructable::getCallData):
96         As per the specification, interfaces that do not have a [Constructor]
97         should throw a TypeError when called as a function. Use the "Illegal
98         constructor" error message to match Firefox and Chrome.
99
100         * bindings/js/JSDOMGlobalObject.h:
101         (WebCore::getDOMConstructor):
102         Instead of using objectPrototype as prototype for all DOM constructors,
103         we now call the prototypeForStructure() static function that is
104         generated for each bindings class. As per the Web IDL specification,
105         The [[Prototype]] internal property of an interface object for a
106         non-callback interface is determined as follows:
107         1. If the interface inherits from some other interface, the value of
108            [[Prototype]] is the interface object for that other interface.
109         2. If the interface doesn't inherit from any other interface, the value
110            of [[Prototype]] is %FunctionPrototype% ([ECMA-262], section 6.1.7.4).
111
112         * bindings/js/JSImageConstructor.cpp:
113         (WebCore::JSImageConstructor::prototypeForStructure):
114         Have the Image's interface object use HTMLElement's interface object
115         as prototype as HTMLImageElement inherits HTMLElement.
116
117         * bindings/scripts/CodeGenerator.pm:
118         (getInterfaceExtendedAttributesFromName):
119         Add a utility function to cheaply retrieve an interface's IDL extended
120         attributes without actually parsing the IDL. This is used to check if
121         an interface's parent is marked as [NoInterfaceObject] currently.
122
123         * bindings/scripts/CodeGeneratorJS.pm:
124         (GenerateHeader):
125         (GenerateImplementation):
126         (GenerateCallbackHeader):
127         (GenerateCallbackImplementation):
128         Mark JSGlobalObject* parameter as const as the implementation does not
129         alter the globalObject.
130
131         (GenerateConstructorHelperMethods):
132         - Generate prototypeForStructure() function for each bindings class that
133           is not marked as [NoInterfaceObject] so getDOMConstructor() knows which
134           prototype to use for the interface object / constructor when constructing
135           it.
136         - Use the interface name for the interface object, without the "Constructor"
137           suffix, to match the behavior of Firefox and Chrome.
138
139         * bindings/scripts/test/*:
140         Rebaseline bindings tests.
141
142 2016-02-10  Jer Noble  <jer.noble@apple.com>
143
144         [Mac] Graphical corruption in videos when enabling custom loading path
145         https://bugs.webkit.org/show_bug.cgi?id=154044
146
147         Reviewed by Alex Christensen.
148
149         Revert the "Drive-by fix" in r196345 as it breaks the WebCoreNSURLSessionTests.BasicOperation API test.
150
151         * platform/network/cocoa/WebCoreNSURLSession.mm:
152         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
153
154 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
155
156         CSSSegmentedFontFace does not need to be reference counted
157         https://bugs.webkit.org/show_bug.cgi?id=154083
158
159         Reviewed by Antti Koivisto.
160
161         ...There is only ever a single reference to one.
162
163         No new tests because there is no behavior change.
164
165         * css/CSSFontSelector.cpp:
166         (WebCore::CSSFontSelector::getFontFace):
167         * css/CSSFontSelector.h:
168         * css/CSSSegmentedFontFace.h:
169         (WebCore::CSSSegmentedFontFace::create): Deleted.
170
171 2016-02-10  Antti Koivisto  <antti@apple.com>
172
173         Optimize style invalidation after class attribute change
174         https://bugs.webkit.org/show_bug.cgi?id=154075
175         rdar://problem/12526450
176
177         Reviewed by Andreas Kling.
178
179         Currently a class attribute change invalidates style for the entire element subtree for any class found in the
180         active stylesheet set.
181
182         This patch optimizes class changes by building a new optimization structure called ancestorClassRules. It contains
183         rules that have class selectors in the portion of the complex selector that matches ancestor elements. The sets
184         of rules are hashes by the class name.
185
186         On class attribute change the existing StyleInvalidationAnalysis mechanism is used with ancestorClassRules to invalidate
187         exactly those descendants that are affected by the addition or removal of the class name. This is fast because the CSS JIT
188         makes selector matching cheap and the number of relevant rules is typically small.
189
190         This optimization is very effective on many dynamic pages. For example when focusing and unfocusing the web inspector it
191         cuts down the number of resolved elements from ~1000 to ~50. Even in PLT it reduces the number of resolved elements by ~11%.
192
193         * css/DocumentRuleSets.cpp:
194         (WebCore::DocumentRuleSets::collectFeatures):
195         (WebCore::DocumentRuleSets::ancestorClassRules):
196
197             Create optimization RuleSets on-demand when there is an actual dynamic class change.
198
199         * css/DocumentRuleSets.h:
200         (WebCore::DocumentRuleSets::features):
201         (WebCore::DocumentRuleSets::sibling):
202         (WebCore::DocumentRuleSets::uncommonAttribute):
203         * css/ElementRuleCollector.cpp:
204         (WebCore::ElementRuleCollector::ElementRuleCollector):
205
206             Add a new constructor that doesn't requires DocumentRuleSets. Only the user and author style is required.
207
208         (WebCore::ElementRuleCollector::matchAuthorRules):
209         (WebCore::ElementRuleCollector::matchUserRules):
210         * css/ElementRuleCollector.h:
211         * css/RuleFeature.cpp:
212         (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):
213
214             Collect class names that show up in the ancestor portion of the selector.
215             Make this a member.
216
217         (WebCore::RuleFeatureSet::collectFeatures):
218
219             Move this code from RuleData.
220             Add the rule to ancestorClassRules if needed.
221
222         (WebCore::RuleFeatureSet::add):
223         (WebCore::RuleFeatureSet::clear):
224         (WebCore::RuleFeatureSet::shrinkToFit):
225         (WebCore::recursivelyCollectFeaturesFromSelector): Deleted.
226         (WebCore::RuleFeatureSet::collectFeaturesFromSelector): Deleted.
227         * css/RuleFeature.h:
228         (WebCore::RuleFeature::RuleFeature):
229         (WebCore::RuleFeatureSet::RuleFeatureSet): Deleted.
230         * css/RuleSet.cpp:
231         (WebCore::RuleData::RuleData):
232         (WebCore::RuleSet::RuleSet):
233         (WebCore::RuleSet::~RuleSet):
234         (WebCore::RuleSet::addToRuleSet):
235         (WebCore::RuleSet::addRule):
236         (WebCore::RuleSet::addRulesFromSheet):
237         (WebCore::collectFeaturesFromRuleData): Deleted.
238         * css/RuleSet.h:
239         (WebCore::RuleSet::tagRules):
240         (WebCore::RuleSet::RuleSet): Deleted.
241         * css/StyleInvalidationAnalysis.cpp:
242         (WebCore::shouldDirtyAllStyle):
243         (WebCore::StyleInvalidationAnalysis::StyleInvalidationAnalysis):
244
245             Add a new constructor that takes a ready made RuleSet instead of a stylesheet.
246
247         (WebCore::StyleInvalidationAnalysis::invalidateIfNeeded):
248         (WebCore::StyleInvalidationAnalysis::invalidateStyleForTree):
249         (WebCore::StyleInvalidationAnalysis::invalidateStyle):
250         (WebCore::StyleInvalidationAnalysis::invalidateStyle):
251
252             New function for invalidating a subtree instead of the whole document.
253
254         * css/StyleInvalidationAnalysis.h:
255         (WebCore::StyleInvalidationAnalysis::dirtiesAllStyle):
256         (WebCore::StyleInvalidationAnalysis::hasShadowPseudoElementRulesInAuthorSheet):
257         * dom/Element.cpp:
258         (WebCore::classStringHasClassName):
259         (WebCore::collectClasses):
260         (WebCore::computeClassChange):
261
262             Factor to return the changed classes.
263
264         (WebCore::invalidateStyleForClassChange):
265
266             First filter out classes that don't show up in stylesheets. If something remains invalidate the current
267             element for inline style change (that is a style change that doesn't affect descendants).
268
269             Next check if there are any ancestorClassRules for the changed class. If so use the StyleInvalidationAnalysis
270             to find any affected descendants and invalidate them with inline style change as well.
271
272         (WebCore::Element::classAttributeChanged):
273
274             Invalidate for removed classes before setting new attribute value, invalidate for added classes afterwards.
275
276         (WebCore::Element::absoluteLinkURL):
277         (WebCore::checkSelectorForClassChange): Deleted.
278         * dom/ElementData.h:
279         (WebCore::ElementData::setClassNames):
280         (WebCore::ElementData::classNames):
281         (WebCore::ElementData::classNamesMemoryOffset):
282         (WebCore::ElementData::clearClass): Deleted.
283         (WebCore::ElementData::setClass): Deleted.
284
285 2016-02-10  Myles C. Maxfield  <mmaxfield@apple.com>
286
287         Addressing post-review comments after r196322
288
289         Unreviwed.
290
291         * css/CSSFontFaceSource.cpp:
292         (WebCore::CSSFontFaceSource::font):
293         * css/CSSFontFaceSource.h:
294
295 2016-02-10  Chris Dumez  <cdumez@apple.com>
296
297         Attributes on the Window instance should be configurable unless [Unforgeable]
298         https://bugs.webkit.org/show_bug.cgi?id=153920
299         <rdar://problem/24563211>
300
301         Reviewed by Darin Adler.
302
303         Attributes on the Window instance should be configurable unless [Unforgeable]:
304         1. 'constructor' property:
305            - http://www.w3.org/TR/WebIDL/#interface-prototype-object
306         2. Constructor properties (e.g. window.Node):
307            - http://www.w3.org/TR/WebIDL/#es-interfaces
308         3. IDL attributes:
309            - http://heycam.github.io/webidl/#es-attributes (configurable unless
310              [Unforgeable], e.g. window.location)
311
312         Firefox complies with the WebIDL specification but WebKit does not for 1. and 3.
313
314         Test: fast/dom/Window/window-properties-configurable.html
315
316         * bindings/js/JSDOMWindowCustom.cpp:
317         (WebCore::JSDOMWindow::getOwnPropertySlot):
318         For known Window properties (i.e. properties in the static property table),
319         if we have reified and this is same-origin access, then call
320         Base::getOwnPropertySlot() to get the property from the local property
321         storage. If we have not reified yet, or this is cross-origin access, query
322         the static property table. This is to match the behavior of Firefox and
323         Chrome which seem to keep returning the original properties upon cross
324         origin access, even if those were deleted or redefined.
325
326         (WebCore::JSDOMWindow::put):
327         The previous code used to call the static property setter for properties in
328         the static table. However, this does not do the right thing if properties
329         were reified. For example, deleting window.name and then trying to set it
330         again would not work. Therefore, update this code to only do this if the
331         properties have not been reified, similarly to what is done in
332         JSObject::putInlineSlow().
333
334         * bindings/scripts/CodeGeneratorJS.pm:
335         (ConstructorShouldBeOnInstance):
336         Add a FIXME comment indicating that window.constructor should be on
337         the prototype as per the Web IDL specification.
338
339         (GenerateAttributesHashTable):
340         - Mark 'constructor' property as configurable for Window, as per the
341           specification and consistently with other 'constructor' properties:
342           http://www.w3.org/TR/WebIDL/#interface-prototype-object
343         - Mark properties as configurable even though they are on the instance.
344           Window has its properties on the instance as per the specification:
345           1. http://heycam.github.io/webidl/#es-attributes
346           2. http://heycam.github.io/webidl/#PrimaryGlobal (window is [PrimaryGlobal]
347           However, these properties should be configurable as long as they are
348           not marked as [Unforgeable], as per 1.
349
350         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
351         * bindings/scripts/test/JS/JSTestException.cpp:
352         * bindings/scripts/test/JS/JSTestObj.cpp:
353         Rebaseline bindings tests.
354
355 2016-02-10  Brady Eidson  <beidson@apple.com>
356
357         Modern IDB: Ref cycle between IDBObjectStore and IDBTransaction.
358         https://bugs.webkit.org/show_bug.cgi?id=154061
359
360         Reviewed by Alex Christensen.
361
362         No new tests (Currently untestable).
363
364         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
365         (WebCore::IDBClient::IDBTransaction::transitionedToFinishing): Make sure the new state makes sense,
366           set the new state, and then clear the set of referenced object stores which is no longer needed.
367         (WebCore::IDBClient::IDBTransaction::abort):
368         (WebCore::IDBClient::IDBTransaction::commit):
369         * Modules/indexeddb/client/IDBTransactionImpl.h:
370
371 2016-02-10  Jer Noble  <jer.noble@apple.com>
372
373         REGRESSION(r195770): Use-after-free in ResourceLoaderOptions::cachingPolicy
374         https://bugs.webkit.org/show_bug.cgi?id=153727
375         <rdar://problem/24429886>
376
377         Reviewed by Darin Adler.
378
379         Follow-up after r195965. Only protect those parts of CachedResource::removeClient() which
380         affect the MemoryCache when allowsCaching() is false.
381
382         * loader/cache/CachedResource.cpp:
383         (WebCore::CachedResource::removeClient):
384
385 2016-02-10  Csaba Osztrogonác  <ossy@webkit.org>
386
387         Fix the !(ENABLE(SHADOW_DOM) || ENABLE(DETAILS_ELEMENT)) after r196281
388         https://bugs.webkit.org/show_bug.cgi?id=154035
389
390         Reviewed by Antti Koivisto.
391
392         * dom/ComposedTreeIterator.h:
393         (WebCore::ComposedTreeIterator::Context::Context):
394
395 2016-02-09  Carlos Garcia Campos  <cgarcia@igalia.com>
396
397         [GTK] Toggle buttons are blurry with GTK+ 3.19
398         https://bugs.webkit.org/show_bug.cgi?id=154007
399
400         Reviewed by Michael Catanzaro.
401
402         Use min-width/min-height style properties when GTK+ >= 3.19.7 to
403         get the size of toggle buttons.
404
405         * rendering/RenderThemeGtk.cpp:
406         (WebCore::setToggleSize):
407         (WebCore::paintToggle):
408
409 2016-02-09  Aakash Jain  <aakash_jain@apple.com>
410
411         Headers that use WEBCORE_EXPORT should include PlatformExportMacros.h
412         https://bugs.webkit.org/show_bug.cgi?id=146984
413
414         Reviewed by Alexey Proskuryakov.
415
416         * Modules/speech/SpeechSynthesis.h:
417         * contentextensions/ContentExtensionError.h:
418         * dom/DeviceOrientationClient.h:
419         * platform/graphics/Color.h:
420         * platform/ios/wak/WebCoreThread.h:
421         * platform/network/CacheValidation.h:
422         * platform/network/cf/CertificateInfo.h:
423
424 2016-02-09  Nan Wang  <n_wang@apple.com>
425
426         AX: Implement word related text marker functions using TextIterator
427         https://bugs.webkit.org/show_bug.cgi?id=153939
428         <rdar://problem/24269605>
429
430         Reviewed by Chris Fleizach.
431
432         Using CharacterOffset to implement word related text marker calls. Reused
433         logic from previousBoundary and nextBoundary in VisibleUnits class.
434
435         Test: accessibility/mac/text-marker-word-nav.html
436
437         * accessibility/AXObjectCache.cpp:
438         (WebCore::AXObjectCache::traverseToOffsetInRange):
439         (WebCore::AXObjectCache::rangeForNodeContents):
440         (WebCore::isReplacedNodeOrBR):
441         (WebCore::characterOffsetsInOrder):
442         (WebCore::resetNodeAndOffsetForReplacedNode):
443         (WebCore::setRangeStartOrEndWithCharacterOffset):
444         (WebCore::AXObjectCache::rangeForUnorderedCharacterOffsets):
445         (WebCore::AXObjectCache::setTextMarkerDataWithCharacterOffset):
446         (WebCore::AXObjectCache::startOrEndCharacterOffsetForRange):
447         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
448         (WebCore::AXObjectCache::characterOffsetForNodeAndOffset):
449         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
450         (WebCore::AXObjectCache::previousNode):
451         (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
452         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
453         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
454         (WebCore::AXObjectCache::nextCharacterOffset):
455         (WebCore::AXObjectCache::previousCharacterOffset):
456         (WebCore::startWordBoundary):
457         (WebCore::endWordBoundary):
458         (WebCore::AXObjectCache::startCharacterOffsetOfWord):
459         (WebCore::AXObjectCache::endCharacterOffsetOfWord):
460         (WebCore::AXObjectCache::previousWordStartCharacterOffset):
461         (WebCore::AXObjectCache::nextWordEndCharacterOffset):
462         (WebCore::AXObjectCache::leftWordRange):
463         (WebCore::AXObjectCache::rightWordRange):
464         (WebCore::characterForCharacterOffset):
465         (WebCore::AXObjectCache::characterAfter):
466         (WebCore::AXObjectCache::characterBefore):
467         (WebCore::parentEditingBoundary):
468         (WebCore::AXObjectCache::nextWordBoundary):
469         (WebCore::AXObjectCache::previousWordBoundary):
470         (WebCore::AXObjectCache::rootAXEditableElement):
471         * accessibility/AXObjectCache.h:
472         (WebCore::AXObjectCache::removeNodeForUse):
473         (WebCore::AXObjectCache::isNodeInUse):
474         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
475         (-[WebAccessibilityObjectWrapper previousTextMarkerForNode:offset:]):
476         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:ignoreStart:]):
477         (-[WebAccessibilityObjectWrapper textMarkerForNode:offset:]):
478         (textMarkerForCharacterOffset):
479         (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:forParameter:]):
480         * editing/VisibleUnits.cpp:
481         (WebCore::rightWordPosition):
482         (WebCore::prepend):
483         (WebCore::appendRepeatedCharacter):
484         (WebCore::suffixLengthForRange):
485         (WebCore::prefixLengthForRange):
486         (WebCore::backwardSearchForBoundaryWithTextIterator):
487         (WebCore::forwardSearchForBoundaryWithTextIterator):
488         (WebCore::previousBoundary):
489         (WebCore::nextBoundary):
490         * editing/VisibleUnits.h:
491
492 2016-02-09  Daniel Bates  <dabates@apple.com>
493
494         CSP: Extract helper classes into their own files
495         https://bugs.webkit.org/show_bug.cgi?id=154040
496         <rdar://problem/24571189>
497
498         Reviewed by Brent Fulgham.
499
500         No functionality was changed. So, no new tests.
501
502         * CMakeLists.txt: Add files ContentSecurityPolicy{DirectiveList, MediaListDirective, Source, SourceList, SourceListDirective}.cpp.
503         * WebCore.xcodeproj/project.pbxproj: Ditto.
504         * page/csp/ContentSecurityPolicy.cpp: Clean up #includes. Include header ParsingUtilities.h so that we can remove our own
505         variants of skip{Exactly, Until, While}(). Update code as necessary for class renames.
506         (WebCore::skipExactly): Deleted; instead use the analogous function in ParsingUtilities.h.
507         (WebCore::skipUntil): Deleted; instead use the analogous function in ParsingUtilities.h.
508         (WebCore::skipWhile): Deleted; instead use the analogous function in ParsingUtilities.h.
509         (WebCore::isSourceListNone): Moved to file ContentSecurityPolicySourceList.cpp.
510         (WebCore::CSPSource): Deleted; moved implementation to files ContentSecurityPolicySource.{cpp, h}.
511         (WebCore::CSPSourceList): Deleted; moved implementation to files ContentSecurityPolicySourceList.{cpp, h}.
512         (WebCore::CSPDirective): Deleted; moved implementation to file ContentSecurityPolicyDirective.h.
513         (WebCore::MediaListDirective): Deleted; moved implementation to files ContentSecurityPolicyMediaListDirective.{cpp, h}.
514         (WebCore::SourceListDirective): Deleted; moved implementation to files ContentSecurityPolicySourceListDirective.{cpp, h}.
515         (WebCore::CSPDirectiveList): Deleted; moved implementation to files ContentSecurityPolicyDirectiveList.{cpp, h}.
516         * page/csp/ContentSecurityPolicy.h:
517         * page/csp/ContentSecurityPolicyDirective.h: Added.
518         * page/csp/ContentSecurityPolicyDirectiveList.cpp: Added; removed use of ternary operator where it made the code less readable.
519         Updated code to make use of the functions defined in ParsingUtilities.h.
520         (WebCore::isExperimentalDirectiveName): Moved from file ContentSecurityPolicy.cpp.
521         (WebCore::isCSPDirectiveName): Ditto.
522         (WebCore::isDirectiveNameCharacter): Ditto.
523         (WebCore::isDirectiveValueCharacter): Ditto.
524         (WebCore::isNotASCIISpace): Ditto.
525         * page/csp/ContentSecurityPolicyDirectiveList.h: Added.
526         * page/csp/ContentSecurityPolicyMediaListDirective.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
527         (WebCore::isMediaTypeCharacter): Moved from file ContentSecurityPolicy.cpp.
528         (WebCore::isNotASCIISpace): Ditto.
529         * page/csp/ContentSecurityPolicyMediaListDirective.h: Added.
530         * page/csp/ContentSecurityPolicySource.cpp: Added.
531         * page/csp/ContentSecurityPolicySource.h: Added.
532         * page/csp/ContentSecurityPolicySourceList.cpp: Added. Updated code to make use of the functions defined in ParsingUtilities.h.
533         (WebCore::isSourceCharacter): Moved from file ContentSecurityPolicy.cpp.
534         (WebCore::isHostCharacter): Ditto.
535         (WebCore::isPathComponentCharacter): Ditto.
536         (WebCore::isSchemeContinuationCharacter): Ditto.
537         (WebCore::isNotColonOrSlash): Ditto.
538         (WebCore::isSourceListNone): Ditto.
539         * page/csp/ContentSecurityPolicySourceList.h: Added.
540         * page/csp/ContentSecurityPolicySourceListDirective.cpp: Added.
541         * page/csp/ContentSecurityPolicySourceListDirective.h: Added.
542
543 2016-02-09  Brady Eidson  <beidson@apple.com>
544
545         Modern IDB: TransactionOperation objects leak.
546         https://bugs.webkit.org/show_bug.cgi?id=154054
547
548         Reviewed by Alex Christensen.
549
550         No new tests (Currently untestable).
551
552         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
553         (WebCore::IDBClient::IDBTransaction::abortOnServerAndCancelRequests): Remove the TransactionOperation from
554           the map, as this operation doesn't complete "normally" like most others.
555         (WebCore::IDBClient::IDBTransaction::commitOnServer): Ditto.
556         
557         * Modules/indexeddb/client/TransactionOperation.h:
558         (WebCore::IDBClient::TransactionOperation::perform): Clear the m_performFunction after use,
559           as it holds a lambda that holds a RefPtr to the IDBTransaction, as well as a self-ref.
560         (WebCore::IDBClient::TransactionOperation::completed): Clear m_completeFunction for the same reasons.
561
562 2016-02-09  Jer Noble  <jer.noble@apple.com>
563
564         [Mac] Graphical corruption in videos when enabling custom loading path
565         https://bugs.webkit.org/show_bug.cgi?id=154044
566
567         Reviewed by Alex Christensen.
568
569         The NSOperationQueue provided by AVFoundation from the AVAssetResourceLoader queue is not
570         set to be a serial queue. So when adding dataReceived operations to that queue, there exists
571         the possibility that some operations are handled before others, and the client will receieve
572         data out of order.
573
574         A real NSURLSession object will only issue another operation when the first operation
575         completes, so emulate this behavior in WebCoreNSURLSession by using a serial dispatch queue.
576         The internal queue will enqueue an operation to the resource loader's queue, and block until
577         that operation completes, thus ensuring ordering of the data (and other) operations.
578
579         * platform/network/cocoa/WebCoreNSURLSession.h:
580         * platform/network/cocoa/WebCoreNSURLSession.mm:
581         (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]): Initialize _internalQueue
582         (-[WebCoreNSURLSession addDelegateOperation:]): Added utility method.
583         (-[WebCoreNSURLSession taskCompleted:]): Call -addDelegateOperation:
584         (-[WebCoreNSURLSession finishTasksAndInvalidate]): Ditto.
585         (-[WebCoreNSURLSession resetWithCompletionHandler:]): Ditto.
586         (-[WebCoreNSURLSession flushWithCompletionHandler:]): Ditto.
587         (-[WebCoreNSURLSession getTasksWithCompletionHandler:]): Ditto.
588         (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]): Ditto.
589         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]): Ditto.
590         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Ditto.
591         (-[WebCoreNSURLSessionDataTask resourceFinished:]): Ditto.
592
593         Drive-by fix:
594         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]): Set countOfBytesReceived outside the operation,
595             queue, matching NSURLSessionDataTask's behavior.
596
597 2016-02-09  Nan Wang  <n_wang@apple.com>
598
599         [iOS Simulator] accessibility/text-marker/text-marker-range-stale-node-crash.html crashing
600         https://bugs.webkit.org/show_bug.cgi?id=154039
601
602         Reviewed by Chris Fleizach.
603
604         We are accessing the derefed node in the CharacterOffset object, we should create an empty
605         CharacterOffset object if the node is not in use.
606
607         It's covered by the test accessibility/text-marker/text-marker-range-stale-node-crash.html.
608
609         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
610         (-[WebAccessibilityTextMarker characterOffset]):
611         (-[WebAccessibilityTextMarker isIgnored]):
612
613 2016-02-09  Myles C. Maxfield  <mmaxfield@apple.com>
614
615         Unreviewed build fix after r196322
616
617         Unreviewed.
618
619         * css/CSSFontFace.cpp:
620         (WebCore::CSSFontFace::font):
621
622 2016-02-09  Zalan Bujtas  <zalan@apple.com>
623
624         Outline corners do not align properly for multiline inlines.
625         https://bugs.webkit.org/show_bug.cgi?id=154025
626
627         Reviewed by David Hyatt.
628
629         Adjust border position when outline-offset > 0. This patch also
630         removes integral pixelsnapping (drawLineForBoxSide takes care of
631         device pixelsnapping). 
632
633         Test: fast/inline/outline-corners-with-offset.html
634
635         * rendering/RenderInline.cpp:
636         (WebCore::RenderInline::paintOutlineForLine):
637
638 2016-02-09  Jer Noble  <jer.noble@apple.com>
639
640         [Mac] Adopt NSURLSession properties in AVAssetResourceLoader
641
642         Rubber-stamped by Eric Carlson;
643
644         Set the correct global variable from setAVFoundationNSURLSessionEnabled().
645
646         * page/Settings.cpp:
647         (WebCore::Settings::setAVFoundationNSURLSessionEnabled):
648
649 2016-02-07  Gavin Barraclough  <barraclough@apple.com>
650
651         GetValueFunc/PutValueFunc should not take both slotBase and thisValue
652         https://bugs.webkit.org/show_bug.cgi?id=154009
653
654         Reviewed by Geoff Garen.
655
656         In JavaScript there are two types of properties - regular value properties, and accessor properties.
657         One difference between these is how they are reflected by getOwnPropertyDescriptor, and another is
658         what object they operate on in the case of a prototype access. If you access a value property of a
659         prototype object it return a value pertinent to the prototype, but in the case of a prototype object
660         returning an accessor, then the accessor function is applied to the base object of the access.
661
662         JSC supports special 'custom' properties implemented as a c++ callback, and these custom properties
663         can be used to implement either value- or accessor-like behavior. getOwnPropertyDescriptor behavior
664         is selected via the CustomAccessor attribute. Value- or accessor-like object selection is current
665         supported by passing both the slotBase and the thisValue to the callback,and hoping it uses the
666         right one. This is probably inefficient, bug-prone, and leads to crazy like JSBoundSlotBaseFunction.
667
668         Instead, just pass one thisValue to the callback functions, consistent with CustomAccessor.
669
670         * bindings/js/JSDOMBinding.cpp:
671         (WebCore::printErrorMessageForFrame):
672         (WebCore::objectToStringFunctionGetter):
673         * bindings/js/JSDOMBinding.h:
674         (WebCore::propertyNameToString):
675         (WebCore::getStaticValueSlotEntryWithoutCaching<JSDOMObject>):
676         (WebCore::nonCachingStaticFunctionGetter):
677         * bindings/js/JSDOMWindowCustom.cpp:
678         (WebCore::JSDOMWindow::visitAdditionalChildren):
679         (WebCore::childFrameGetter):
680         (WebCore::namedItemGetter):
681         (WebCore::jsDOMWindowWebKit):
682         (WebCore::jsDOMWindowIndexedDB):
683             - add missing null check, in case indexDB acessor is applied to non-window object.
684         * bindings/js/JSPluginElementFunctions.cpp:
685         (WebCore::pluginScriptObject):
686         (WebCore::pluginElementPropertyGetter):
687         * bindings/js/JSPluginElementFunctions.h:
688         * bindings/scripts/CodeGeneratorJS.pm:
689         (GenerateHeader):
690         (GenerateImplementation):
691         * bridge/runtime_array.cpp:
692         (JSC::RuntimeArray::destroy):
693         (JSC::RuntimeArray::lengthGetter):
694         * bridge/runtime_array.h:
695         * bridge/runtime_method.cpp:
696         (JSC::RuntimeMethod::finishCreation):
697         (JSC::RuntimeMethod::lengthGetter):
698         * bridge/runtime_method.h:
699         * bridge/runtime_object.cpp:
700         (JSC::Bindings::RuntimeObject::invalidate):
701         (JSC::Bindings::RuntimeObject::fallbackObjectGetter):
702         (JSC::Bindings::RuntimeObject::fieldGetter):
703         (JSC::Bindings::RuntimeObject::methodGetter):
704         * bridge/runtime_object.h:
705             - Merged slotBase & thisValue to custom property callbacks.
706
707 2016-02-09  Jer Noble  <jer.noble@apple.com>
708
709         Build-fix; add Nullibility macros around previously un-macro'd class definitions.
710
711         * platform/spi/mac/AVFoundationSPI.h:
712
713 2016-02-04  Jer Noble  <jer.noble@apple.com>
714
715         [Mac] Adopt NSURLSession properties in AVAssetResourceLoader
716         https://bugs.webkit.org/show_bug.cgi?id=153873
717
718         Reviewed by Eric Carlson.
719
720         Adopt a new AVAssetResourceLoader API allowing clients to specify a NSURLSession object to
721         use for media loading, and control the use of this property with a new Setting.
722
723         * page/Settings.cpp:
724         (WebCore::Settings::setAVFoundationNSURLSessionEnabled):
725         * page/Settings.h:
726         (WebCore::Settings::isAVFoundationNSURLSessionEnabled):
727         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
728         (WebCore::MediaPlayerPrivateAVFoundationObjC::createAVAssetForURL):
729         * platform/spi/mac/AVFoundationSPI.h:
730
731 2016-02-09  Myles C. Maxfield  <mmaxfield@apple.com>
732
733         Decouple font creation from font loading
734         https://bugs.webkit.org/show_bug.cgi?id=153414
735
736         Reviewed by Darin Adler.
737
738         Previously, CSSFontFaceSource never triggered a font download until that font was actually used. This means
739         that the function which triggers the download also has the goal of returning a font to use. However,
740         the CSS Font Loading JavaScript API requires being able to trigger a font download without this extra font
741         creation overhead.
742
743         In addition, this patch adds an explicit (and enforced) state transition diagram. The diagram looks like
744         this:
745                             => Success
746                           //
747         Pending => Loading
748                           \\
749                             => Failure
750
751         Therefore, the API for CSSFontFaceSource has changed to expose the concept of these new states. This means
752         that its user (CSSSegmentedFontFaceSource) has been updated to handle each possible state that its constituent
753         CSSFontFaceSources may be in.
754
755         No new tests because there is no behavior change.
756
757         * css/CSSFontFace.cpp:
758         (WebCore::CSSFontFace::allSourcesFailed): Renamed to make the name clearer.
759         (WebCore::CSSFontFace::addedToSegmentedFontFace): Use references instead of pointers.
760         (WebCore::CSSFontFace::removedFromSegmentedFontFace): Ditto.
761         (WebCore::CSSFontFace::adoptSource): Renamed to make the name clearer.
762         (WebCore::CSSFontFace::fontLoaded): Use references instead of pointers. Also, remove old dead code.
763         (WebCore::CSSFontFace::font): Adapt to the new API of CSSFontFaceSource.
764         (WebCore::CSSFontFace::isValid): Deleted.
765         (WebCore::CSSFontFace::addSource): Deleted.
766         (WebCore::CSSFontFace::notifyFontLoader): Deleted. Old dead code.
767         (WebCore::CSSFontFace::notifyLoadingDone): Deleted. Old dead code.
768         * css/CSSFontFace.h:
769         (WebCore::CSSFontFace::create): Remove old dead code.
770         (WebCore::CSSFontFace::CSSFontFace): Use references instead of pointers.
771         (WebCore::CSSFontFace::loadState): Deleted. Remove old dead code.
772         * css/CSSFontFaceSource.cpp:
773         (WebCore::CSSFontFaceSource::setStatus): Enforce state transitions.
774         (WebCore::CSSFontFaceSource::CSSFontFaceSource): Explicitly handle new state transitions.
775         (WebCore::CSSFontFaceSource::fontLoaded): Update for new states.
776         (WebCore::CSSFontFaceSource::load): Pulled out code from font().
777         (WebCore::CSSFontFaceSource::font): Moved code into load().
778         (WebCore::CSSFontFaceSource::isValid): Deleted.
779         (WebCore::CSSFontFaceSource::isDecodeError): Deleted.
780         (WebCore::CSSFontFaceSource::ensureFontData): Deleted.
781         * css/CSSFontFaceSource.h: Much cleaner API.
782         * css/CSSFontSelector.cpp:
783         (WebCore::createFontFace): Migrate to references instead of pointers. This requires a little
784         reorganization.
785         (WebCore::registerLocalFontFacesForFamily): Update to new CSSFontFaceSource API.
786         (WebCore::CSSFontSelector::addFontFaceRule): Ditto.
787         (WebCore::CSSFontSelector::getFontFace): Ditto.
788         * css/CSSSegmentedFontFace.cpp:
789         (WebCore::CSSSegmentedFontFace::CSSSegmentedFontFace): Migrate to references instead of pointers.
790         (WebCore::CSSSegmentedFontFace::~CSSSegmentedFontFace): Ditto.
791         (WebCore::CSSSegmentedFontFace::fontLoaded): Remove old dead code.
792         (WebCore::CSSSegmentedFontFace::appendFontFace): Cleanup.
793         (WebCore::CSSSegmentedFontFace::fontRanges): Adopt to new API.
794         (WebCore::CSSSegmentedFontFace::pruneTable): Deleted.
795         (WebCore::CSSSegmentedFontFace::isLoading): Deleted. Old dead code.
796         (WebCore::CSSSegmentedFontFace::checkFont): Deleted. Ditto.
797         (WebCore::CSSSegmentedFontFace::loadFont): Deleted. Ditto.
798         * css/CSSSegmentedFontFace.h:
799         (WebCore::CSSSegmentedFontFace::create): Migrate to references instead of pointers.
800         (WebCore::CSSSegmentedFontFace::fontSelector): Ditto.
801         (WebCore::CSSSegmentedFontFace::LoadFontCallback::~LoadFontCallback): Deleted.
802         * loader/cache/CachedFont.cpp:
803         (WebCore::CachedFont::didAddClient): Migrate to references instead of pointers.
804         (WebCore::CachedFont::checkNotify): Ditto.
805         * loader/cache/CachedFontClient.h:
806         (WebCore::CachedFontClient::fontLoaded): Ditto.
807
808 2016-02-09  Brady Eidson  <beidson@apple.com>
809
810         Modern IDB: IDBOpenDBRequests leak.
811         https://bugs.webkit.org/show_bug.cgi?id=154032
812
813         Reviewed by Alex Christensen.
814
815         No new tests (Currently untestable).
816
817         * CMakeLists.txt:
818         * WebCore.xcodeproj/project.pbxproj:
819
820         Add a simple Event subclass that holds a ref to an IDBRequest, to make sure that we
821         drop the last ref to the request after its last event fires or is otherwise destroyed:
822         * Modules/indexeddb/IDBRequestCompletionEvent.cpp: Added.
823         (WebCore::IDBRequestCompletionEvent::IDBRequestCompletionEvent):
824         * Modules/indexeddb/IDBRequestCompletionEvent.h: Added.
825         (WebCore::IDBRequestCompletionEvent::create):
826
827         * Modules/indexeddb/client/IDBOpenDBRequestImpl.cpp:
828         (WebCore::IDBClient::IDBOpenDBRequest::onError): IDBRequestCompletionEvent instead of Event.
829         (WebCore::IDBClient::IDBOpenDBRequest::fireSuccessAfterVersionChangeCommit): Ditto.
830         (WebCore::IDBClient::IDBOpenDBRequest::fireErrorAfterVersionChangeCompletion): Ditto.
831         (WebCore::IDBClient::IDBOpenDBRequest::onSuccess): Ditto.
832
833         * Modules/indexeddb/client/IDBTransactionImpl.cpp:
834         (WebCore::IDBClient::IDBTransaction::dispatchEvent): After setting up the request's 
835           completion event to fire, clear the back-ref to the request.
836
837 2016-02-09  Commit Queue  <commit-queue@webkit.org>
838
839         Unreviewed, rolling out r196286.
840         https://bugs.webkit.org/show_bug.cgi?id=154026
841
842         Looks like 5% iOS PLT regression (Requested by kling on
843         #webkit).
844
845         Reverted changeset:
846
847         "[iOS] Throw away some unlinked code when navigating to a new
848         page."
849         https://bugs.webkit.org/show_bug.cgi?id=154014
850         http://trac.webkit.org/changeset/196286
851
852 2016-02-08  Chris Dumez  <cdumez@apple.com>
853
854         Attribute getters should not require an explicit 'this' value for Window properties
855         https://bugs.webkit.org/show_bug.cgi?id=153968
856
857         Reviewed by Darin Adler.
858
859         Attribute getters should not require an explicit 'this' value for
860         Window properties. This is because the Window interface is marked
861         as [ImplicitThis]:
862         - http://heycam.github.io/webidl/#ImplicitThis
863         - https://www.w3.org/Bugs/Public/show_bug.cgi?id=29421
864
865         This matches the behavior of Firefox and the expectations of the W3C
866         web-platform-tests.
867
868         No new tests, already covered by existing tests.
869
870         * bindings/scripts/CodeGeneratorJS.pm:
871         In attribute getters of an interface marked as [ImplicitThis],
872         if 'thisValue' is undefined or null, fall back to using the
873         global object as 'thisValue'.
874
875         * bindings/scripts/IDLAttributes.txt:
876         Add support for [ImplicitThis]:
877         http://heycam.github.io/webidl/#ImplicitThis
878
879         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
880         * bindings/scripts/test/JS/JSTestException.cpp:
881         * bindings/scripts/test/JS/JSTestInterface.cpp:
882         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
883         * bindings/scripts/test/JS/JSTestNode.cpp:
884         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
885         * bindings/scripts/test/JS/JSTestObj.cpp:
886         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
887         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
888         * bindings/scripts/test/JS/JSattribute.cpp:
889         Rebaseline bindings tests.
890
891         * page/DOMWindow.idl:
892         Mark Window as [ImplicitThis]:
893         http://heycam.github.io/webidl/#ImplicitThis
894
895 2016-02-08  Nan Wang  <n_wang@apple.com>
896
897         AX: crash at WebCore::Range::selectNodeContents(WebCore::Node*, int&)
898         https://bugs.webkit.org/show_bug.cgi?id=154018
899
900         Reviewed by Chris Fleizach.
901
902         Sometimes rangeForUnorderedCharacterOffsets call is accessing derefed node objects
903         and leading to a crash. Fixed it by checking isNodeInUse before creating the CharacterOffset
904         object.
905
906         Test: accessibility/text-marker/text-marker-range-stale-node-crash.html
907
908         * accessibility/AXObjectCache.cpp:
909         (WebCore::AXObjectCache::visiblePositionForTextMarkerData):
910         (WebCore::AXObjectCache::characterOffsetForTextMarkerData):
911         (WebCore::AXObjectCache::traverseToOffsetInRange):
912         * accessibility/AXObjectCache.h:
913         * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
914         (-[WebAccessibilityObjectWrapper rangeForTextMarkerRange:]):
915         (characterOffsetForTextMarker):
916         (-[WebAccessibilityObjectWrapper characterOffsetForTextMarker:]):
917         (textMarkerForVisiblePosition):
918
919 2016-02-08  Andreas Kling  <akling@apple.com>
920
921         [iOS] Throw away some unlinked code when navigating to a new page.
922         <https://webkit.org/b/154014>
923
924         Reviewed by Gavin Barraclough.
925
926         Extended the mechanism introduced earlier to also throw away unlinked code
927         that's only relevant to the page that we're navigating away from.
928
929         The new JSC::VM API is deleteAllCodeExceptCaches() and it does what it sounds
930         like, deleting unlinked and linked code but leaving code caches alone.
931
932         This means that if the page we're navigating to wants to parse some of the
933         same JS that the page we're leaving had on it, it might still be found in the
934         JSC::CodeCache.
935
936         Doing a back navigation to a PageCache'd page may now incur some reparsing,
937         just like leaving the app or tab would.
938
939         * bindings/js/GCController.cpp:
940         (WebCore::GCController::deleteAllCodeExceptCaches):
941         (WebCore::GCController::deleteAllLinkedCode): Deleted.
942         * bindings/js/GCController.h:
943         * loader/FrameLoader.cpp:
944         (WebCore::FrameLoader::commitProvisionalLoad):
945
946 2016-02-08  Daniel Bates  <dabates@apple.com>
947
948         CSP connect-src directive should block redirects
949         https://bugs.webkit.org/show_bug.cgi?id=69359
950         <rdar://problem/24383025>
951
952         Reviewed by Brent Fulgham.
953
954         Inspired by Blink patch:
955         <https://src.chromium.org/viewvc/blink?revision=150246&view=revision>
956
957         Apply the connect-src directive of the Content Security Policy for the document or worker to the redirect URL
958         of an XMLHttpRequest and EventSource load so as to conform to section Paths and Redirects of the CSP 2.0 spec.,
959         <https://w3c.github.io/webappsec-csp/2/#source-list-paths-and-redirects> (29 August 2015).
960
961         Additionally, check that each requested script URL passed to WorkerGlobalScope.importScripts() is allowed by
962         the CSP of the worker before initiating a load for it. If some URL i is blocked by the CSP policy
963         then we do not try to load URLs j >= i.
964
965         Tests: http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-block-aborts-all-subsequent-imports.html
966                http/tests/security/contentSecurityPolicy/worker-blob-inherits-csp-importScripts-redirect-cross-origin-blocked.html
967                http/tests/security/contentSecurityPolicy/worker-csp-blocks-xhr-redirect-cross-origin.html
968                http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-allowed.html
969                http/tests/security/contentSecurityPolicy/worker-csp-importScripts-redirect-cross-origin-blocked.html
970                http/tests/security/contentSecurityPolicy/worker-without-csp-importScripts-redirect-cross-origin-allowed.html
971                http/tests/security/isolatedWorld/bypass-main-world-csp-for-xhr-redirect.html
972                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-importScript-redirect-cross-origin.html
973                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-importScripts-redirect-cross-origin.html
974                http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr-redirect-cross-origin.html
975                http/tests/security/isolatedWorld/bypass-worker-csp-for-xhr.html
976
977         * fileapi/FileReaderLoader.cpp:
978         (WebCore::FileReaderLoader::start): Do not enforce a CSP directive as CSP is not applicable to File API.
979         * inspector/InspectorNetworkAgent.cpp:
980         (WebCore::InspectorNetworkAgent::loadResource): Do not enforce a CSP directive as CSP should not interfere
981         with the Web Inspector.
982         * loader/DocumentThreadableLoader.cpp:
983         (WebCore::DocumentThreadableLoader::loadResourceSynchronously): Modified to take an optional ContentSecurityPolicy
984         and pass it through to DocumentThreadableLoader::create().
985         (WebCore::DocumentThreadableLoader::create): Modified to take an optional ContentSecurityPolicy and pass it through
986         to DocumentThreadableLoader::DocumentThreadableLoader().
987         (WebCore::DocumentThreadableLoader::DocumentThreadableLoader): Modified to take an optional ContentSecurityPolicy.
988         Asserts that the CSP allows the load of the request URL so as to catch when a caller creates a loader for a request
989         that is not allowed by the CSP. The caller should not create a loader for such a request.
990         (WebCore::DocumentThreadableLoader::redirectReceived): Check if the CSP allows the redirect URL. If it does not
991         then notify the client that the redirect check failed.
992         (WebCore::DocumentThreadableLoader::loadRequest): Ditto.
993         (WebCore::DocumentThreadableLoader::isAllowedByContentSecurityPolicy): Checks that the specified URL is allowed
994         by the enforced CSP directive.
995         (WebCore::DocumentThreadableLoader::contentSecurityPolicy): Returns the ContentSecurityPolicy object passed to
996         DocumentThreadableLoader on instantiation or the ContentSecurityPolicy object of the associated document.
997         * loader/DocumentThreadableLoader.h: Add overloaded variants of DocumentThreadableLoader::{create, loadResourceSynchronously}()
998         that take a std::unique_ptr<ContentSecurityPolicy>&&. Remove some unnecessary headers.
999         * loader/ThreadableLoader.cpp:
1000         (WebCore::ThreadableLoaderOptions::ThreadableLoaderOptions): Take the CSP directive to enforce and store it.
1001         (WebCore::ThreadableLoaderOptions::isolatedCopy): Copy the CSP directive to enforce.
1002         * loader/ThreadableLoader.h: Added member field to store the CSP directive to enforce (defaults to enforce the
1003         directive connect-src - the most appropriate directive in most circumstances). As of the time of writing,
1004         only WorkerGlobalScope.importScripts() enforces a different directive: script-src.
1005         * loader/WorkerThreadableLoader.cpp:
1006         (WebCore::WorkerThreadableLoader::WorkerThreadableLoader): Pass the SecurityOrigin and ContentSecurityPolicy associated
1007         with the WorkerGlobalScope to WorkerThreadableLoader::MainThreadBridge::MainThreadBridge().
1008         (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass a copy of the worker's ContentSecurityPolicy
1009         to the DocumentThreadableLoader.
1010         * loader/WorkerThreadableLoader.h:
1011         * page/EventSource.cpp:
1012         (WebCore::EventSource::connect): Enforce the CSP directive connect-src on redirects unless we are running in an isolated world.
1013         * workers/AbstractWorker.cpp:
1014         (WebCore::AbstractWorker::resolveURL): Modified to take a boolean whether to bypass the main world Content Security Policy
1015         instead of querying for it directly.
1016         * workers/AbstractWorker.h:
1017         * workers/Worker.cpp:
1018         (WebCore::Worker::create): Added FIXME to enforce child-src directive of the document's CSP to the worker's script URL
1019         on redirect once we fix <https://bugs.webkit.org/show_bug.cgi?id=153562>. For now, do not enforce a CSP policy on redirect
1020         of the worker's script URL.
1021         * workers/WorkerGlobalScope.cpp:
1022         (WebCore::WorkerGlobalScope::importScripts): Check that the requested URL is allowed by the CSP of the worker (if applicable).
1023         Enforce the CSP directive script-src on redirects unless we are running in an isolated world.
1024         * workers/WorkerScriptLoader.cpp:
1025         (WebCore::WorkerScriptLoader::loadSynchronously): Pass SecurityOrigin and ContentSecurityPolicyEnforcement to WorkerThreadableLoader.
1026         (WebCore::WorkerScriptLoader::loadAsynchronously): Ditto.
1027         * workers/WorkerScriptLoader.h:
1028         * xml/XMLHttpRequest.cpp:
1029         (WebCore::XMLHttpRequest::createRequest): Enforce the CSP directive connect-src on redirects unless we are running in
1030         an isolated world.
1031
1032 2016-02-08  Antti Koivisto  <antti@apple.com>
1033
1034         Try to fix Yosemite build.
1035
1036         * dom/ComposedTreeIterator.h:
1037         (WebCore::ComposedTreeIterator::ComposedTreeIterator):
1038         (WebCore::ComposedTreeIterator::traverseNext):
1039
1040 2016-02-08  Antti Koivisto  <antti@apple.com>
1041
1042         Implement ComposedTreeIterator in terms of ElementAndTextDescendantIterator
1043         https://bugs.webkit.org/show_bug.cgi?id=154003
1044
1045         Reviewed by Darin Adler.
1046
1047         Currently ComposedTreeIterator implements tree traversal using NodeTraversal. This makes it overly complicated.
1048         It can also return nodes other than Element and Text which should not be part of the composed tree.
1049
1050         This patch adds a new iterator type, ElementAndTextDescendantIterator, similar to the existing ElementDescendantIterator.
1051         ComposedTreeIterator is then implemented using this new iterator.
1052
1053         When entering a shadow tree or a slot the local iterator is pushed along with the context stack and a new local
1054         iterator is initialized for the new context. When leaving a shadow tree the context stack is popped and the previous
1055         local iterator becomes active.
1056
1057         * WebCore.xcodeproj/project.pbxproj:
1058         * dom/ComposedTreeIterator.cpp:
1059         (WebCore::ComposedTreeIterator::ComposedTreeIterator):
1060         (WebCore::ComposedTreeIterator::initializeContextStack):
1061         (WebCore::ComposedTreeIterator::pushContext):
1062         (WebCore::ComposedTreeIterator::traverseNextInShadowTree):
1063         (WebCore::ComposedTreeIterator::traverseNextLeavingContext):
1064         (WebCore::ComposedTreeIterator::advanceInSlot):
1065         (WebCore::ComposedTreeIterator::traverseSiblingInSlot):
1066         (WebCore::ComposedTreeIterator::initializeShadowStack): Deleted.
1067         (WebCore::ComposedTreeIterator::traverseParentInShadowTree): Deleted.
1068         (WebCore::ComposedTreeIterator::traverseNextSiblingSlot): Deleted.
1069         (WebCore::ComposedTreeIterator::traversePreviousSiblingSlot): Deleted.
1070         * dom/ComposedTreeIterator.h:
1071         (WebCore::ComposedTreeIterator::operator*):
1072         (WebCore::ComposedTreeIterator::operator->):
1073         (WebCore::ComposedTreeIterator::operator==):
1074         (WebCore::ComposedTreeIterator::operator!=):
1075         (WebCore::ComposedTreeIterator::operator++):
1076         (WebCore::ComposedTreeIterator::Context::Context):
1077         (WebCore::ComposedTreeIterator::context):
1078         (WebCore::ComposedTreeIterator::current):
1079         (WebCore::ComposedTreeIterator::ComposedTreeIterator):
1080         (WebCore::ComposedTreeIterator::traverseNext):
1081         (WebCore::ComposedTreeIterator::traverseNextSkippingChildren):
1082         (WebCore::ComposedTreeIterator::traverseNextSibling):
1083         (WebCore::ComposedTreeIterator::traversePreviousSibling):
1084         (WebCore::ComposedTreeDescendantAdapter::ComposedTreeDescendantAdapter):
1085         (WebCore::ComposedTreeDescendantAdapter::begin):
1086         (WebCore::ComposedTreeDescendantAdapter::end):
1087         (WebCore::ComposedTreeDescendantAdapter::at):
1088         (WebCore::ComposedTreeChildAdapter::Iterator::Iterator):
1089         (WebCore::ComposedTreeChildAdapter::ComposedTreeChildAdapter):
1090         (WebCore::ComposedTreeChildAdapter::begin):
1091         (WebCore::ComposedTreeChildAdapter::end):
1092         (WebCore::ComposedTreeChildAdapter::at):
1093         (WebCore::ComposedTreeIterator::ShadowContext::ShadowContext): Deleted.
1094         (WebCore::ComposedTreeIterator::traverseParent): Deleted.
1095         * dom/ElementAndTextDescendantIterator.h: Added.
1096
1097             New iterator type that traverses Element and Text nodes (that is renderable nodes only).
1098             It also tracks depth for future use.
1099
1100 2016-02-08  Joseph Pecoraro  <pecoraro@apple.com>
1101
1102         Web Inspector: copy({x:1}) should copy "{x:1}", not "[object Object]"
1103         https://bugs.webkit.org/show_bug.cgi?id=148605
1104
1105         Reviewed by Brian Burg.
1106
1107         Test: inspector/console/command-line-api-copy.html
1108
1109         * inspector/CommandLineAPIModuleSource.js:
1110         (CommandLineAPIImpl.prototype.copy):
1111         Support copying different types. This is meant to be more
1112         convenient then just JSON.stringify, so it handles types
1113         like Node, Symbol, RegExp, and Function a bit better.
1114
1115 2016-02-08  Said Abou-Hallawa  <sabouhallawa@apple.com>
1116
1117         REGRESSION(r181345): SVG polyline and polygon leak page
1118         https://bugs.webkit.org/show_bug.cgi?id=152759
1119
1120         Reviewed by Darin Adler.
1121
1122         The leak happens because of cyclic reference between SVGListPropertyTearOff 
1123         and SVGAnimatedListPropertyTearOff which is derived from SVGAnimatedProperty.
1124         There is also cyclic reference between SVGAnimatedProperty and SVGElement
1125         and this causes the whole document to be leaked. So if the JS requests, for
1126         example, an instance of SVGPolylineElement.points, the whole document will be
1127         leaked.
1128
1129         The fix depends on having the cyclic reference as is since the owning and the
1130         owned classes have to live together if any of them is referenced. But the owning
1131         class caches a raw 'ref-counted' pointer of the owned class. If it is requested
1132         for an instance of the owned class it returned a RefPtr<> of it. Once the owned
1133         class is not used, it can delete itself. The only thing needed here is to notify
1134         the owner class of the deletion so it cleans its caches and be able to create a
1135         new pointer if it is requested for an instance of the owned class later.
1136
1137         Revert the change of r181345 in SVGAnimatedProperty::lookupOrCreateWrapper()
1138         to break the cyclic reference between SVGElement and SVGAnimatedProperty.
1139         
1140         Also apply the same approach in SVGAnimatedListPropertyTearOff::baseVal() and
1141         animVal() to break cyclic reference between SVGListPropertyTearOff and
1142         SVGAnimatedListPropertyTearOff.
1143
1144         Test: svg/animations/smil-leak-list-property-instances.svg
1145
1146         * bindings/scripts/CodeGeneratorJS.pm:
1147         (NativeToJSValue): The SVG non-string list tear-off properties became of
1148         type RefPtr<>. So we need to use get() with the casting expressions.
1149         
1150         * svg/SVGMarkerElement.cpp:
1151         (WebCore::SVGMarkerElement::orientType):
1152         Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().
1153
1154         * svg/SVGPathElement.cpp:
1155         (WebCore::SVGPathElement::pathByteStream):
1156         (WebCore::SVGPathElement::lookupOrCreateDWrapper):
1157         Since SVGAnimatedProperty::lookupWrappe() returns a RefPtr<> we need to 
1158         use get() for the casting expressions.
1159         
1160         (WebCore::SVGPathElement::pathSegList):
1161         (WebCore::SVGPathElement::normalizedPathSegList):
1162         (WebCore::SVGPathElement::animatedPathSegList):
1163         (WebCore::SVGPathElement::animatedNormalizedPathSegList):
1164         * svg/SVGPathElement.h:
1165         Change the return value from raw pointer to RefPtr<>.
1166
1167         * svg/SVGPathSegWithContext.h:
1168         (WebCore::SVGPathSegWithContext::animatedProperty):
1169         Change the return type to be RefPtr<> to preserve the value from being deleted.
1170         
1171         * svg/SVGPolyElement.cpp:
1172         (WebCore::SVGPolyElement::parseAttribute):
1173         Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to 
1174         use get() for the casting expressions.
1175         
1176         (WebCore::SVGPolyElement::points):
1177         (WebCore::SVGPolyElement::animatedPoints):
1178         * svg/SVGPolyElement.h:
1179         Change the return value from raw pointer to RefPtr<>.
1180         
1181         * svg/SVGViewSpec.cpp:
1182         (WebCore::SVGViewSpec::setTransformString):
1183         Since SVGAnimatedProperty::lookupWrapper() returns a RefPtr<> we need to 
1184         use get() for the casting expressions.
1185
1186         (WebCore::SVGViewSpec::transform):
1187         * svg/SVGViewSpec.h:
1188         Change the return value from raw pointer to RefPtr<>.
1189         
1190         * svg/properties/SVGAnimatedListPropertyTearOff.h:
1191         (WebCore::SVGAnimatedListPropertyTearOff::baseVal):
1192         (WebCore::SVGAnimatedListPropertyTearOff::animVal):
1193         Change the return value from raw pointer to RefPtr<> and change the cached
1194         value from RefPtr<> to raw pointer. If the property is null, it will be
1195         created, its raw pointer will be cached and the only ref-counted RefPtr<>
1196         will be returned. This will guarantee, the RefPtr<> will be deleted once
1197         it is not used anymore. 
1198         
1199         (WebCore::SVGAnimatedListPropertyTearOff::propertyWillBeDeleted):
1200         Clean the raw pointer caches m_baseVal and m_animVal upon deleting the
1201         actual pointer. This function will be called from the destructor of
1202         SVGListPropertyTearOff.
1203         
1204         (WebCore::SVGAnimatedListPropertyTearOff::findItem):
1205         (WebCore::SVGAnimatedListPropertyTearOff::removeItemFromList):
1206         We have to ensure the baseVal() is created before using it.
1207         
1208         (WebCore::SVGAnimatedListPropertyTearOff::detachListWrappers):
1209         (WebCore::SVGAnimatedListPropertyTearOff::currentAnimatedValue):
1210         (WebCore::SVGAnimatedListPropertyTearOff::animationStarted):
1211         (WebCore::SVGAnimatedListPropertyTearOff::animationEnded):
1212         (WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):
1213         (WebCore::SVGAnimatedListPropertyTearOff::animValWillChange):
1214         (WebCore::SVGAnimatedListPropertyTearOff::animValDidChange):
1215         For animation, a separate RefPtr<> 'm_animatingAnimVal' will be assigned
1216         to the animVal(). This will prevent deleting m_animVal while animation.
1217         
1218         * svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
1219         (WebCore::SVGAnimatedPathSegListPropertyTearOff::baseVal):
1220         (WebCore::SVGAnimatedPathSegListPropertyTearOff::animVal):
1221         Same as what is done in SVGAnimatedListPropertyTearOff.
1222         
1223         (WebCore::SVGAnimatedPathSegListPropertyTearOff::findItem):
1224         (WebCore::SVGAnimatedPathSegListPropertyTearOff::removeItemFromList):
1225         Same as what is done in SVGAnimatedListPropertyTearOff.
1226         
1227         * svg/properties/SVGAnimatedProperty.h:
1228         (WebCore::SVGAnimatedProperty::lookupOrCreateWrapper):
1229         Change the return value from raw reference to Ref<> and change the
1230         cached value from Ref<> to raw pointer. This reverts the change of
1231         r181345 in this function.
1232         
1233         (WebCore::SVGAnimatedProperty::lookupWrapper):
1234         Change the return value from raw pointer to RefPtr<>.
1235         
1236         * svg/properties/SVGAnimatedPropertyMacros.h:
1237         Use 'auto' type for the return of SVGAnimatedProperty::lookupWrapper().
1238         
1239         * svg/properties/SVGAnimatedTransformListPropertyTearOff.h:
1240         (WebCore::SVGAnimatedTransformListPropertyTearOff::baseVal):
1241         (WebCore::SVGAnimatedTransformListPropertyTearOff::animVal):
1242         Same as what is done in SVGAnimatedListPropertyTearOff.
1243
1244         * svg/properties/SVGListPropertyTearOff.h:
1245         (WebCore::SVGListPropertyTearOff::~SVGListPropertyTearOff):
1246         Call the SVGAnimatedListPropertyTearOff::propertyWillBeDeleted() to clean
1247         its raw pointers when the RefPtr<> deletes itself.
1248
1249 2016-02-08  Carlos Garcia Campos  <cgarcia@igalia.com>
1250
1251         [GTK] WebKitWebView should send crossing events to the WebProcess
1252         https://bugs.webkit.org/show_bug.cgi?id=153740
1253
1254         Reviewed by Michael Catanzaro.
1255
1256         Update the target element under the mouse also when only updating
1257         scrollbars, so that if the mouse enters the page when the window
1258         is not active, the scroll animator is notified that the mouse
1259         entered the scrollable area.
1260
1261         * page/EventHandler.cpp:
1262         (WebCore::EventHandler::handleMouseMoveEvent): Call
1263         updateMouseEventTargetNode() before early returning in case of
1264         only updating scrollbars.
1265
1266 2016-02-08  Jeremy Jones  <jeremyj@apple.com>
1267
1268         PiP and external playback are mutually exclusive.
1269         https://bugs.webkit.org/show_bug.cgi?id=153988
1270         rdar://problem/24108661
1271
1272         Reviewed by Eric Carlson.
1273
1274         Adding isPlayingOnSecondScreen to isPlayingOnExternalScreen allows AVKit to disable PiP
1275         when appropriate. Testing video fullscreen mode in updateDisableExternalPlayback allows us to 
1276         turn-off external playback when entering picture-in-picture.
1277
1278         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
1279         (WebCore::MediaPlayerPrivateAVFoundationObjC::setVideoFullscreenMode):
1280         (WebCore::MediaPlayerPrivateAVFoundationObjC::updateDisableExternalPlayback):
1281         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
1282         (-[WebAVPlayerController isPlayingOnExternalScreen]):
1283         (+[WebAVPlayerController keyPathsForValuesAffectingPlayingOnExternalScreen]):
1284
1285 2016-02-08  Commit Queue  <commit-queue@webkit.org>
1286
1287         Unreviewed, rolling out r196253.
1288         https://bugs.webkit.org/show_bug.cgi?id=153990
1289
1290         Caused several crashes in GTK+ bots (Requested by KaL on
1291         #webkit).
1292
1293         Reverted changeset:
1294
1295         "[GTK] WebKitWebView should send crossing events to the
1296         WebProcess"
1297         https://bugs.webkit.org/show_bug.cgi?id=153740
1298         http://trac.webkit.org/changeset/196253
1299
1300 2016-02-08  Jeremy Jones  <jeremyj@apple.com>
1301
1302         WebAVPlayerController should implement currentTimeWithinEndTimes.
1303         https://bugs.webkit.org/show_bug.cgi?id=153983
1304         rdar://problem/22864621
1305
1306         Reviewed by Eric Carlson.
1307
1308         Implement currentTimeWithinEndTimes in terms of seekToTime and AVTiming. This is a trivial
1309         implementation becuase AVPlayer start and end times aren't used.
1310
1311         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
1312         (-[WebAVPlayerController currentTimeWithinEndTimes]):
1313         (-[WebAVPlayerController setCurrentTimeWithinEndTimes:]):
1314         (+[WebAVPlayerController keyPathsForValuesAffectingCurrentTimeWithinEndTimes]):
1315
1316 2016-02-08  Carlos Garcia Campos  <cgarcia@igalia.com>
1317
1318         [GTK] WebKitWebView should send crossing events to the WebProcess
1319         https://bugs.webkit.org/show_bug.cgi?id=153740
1320
1321         Reviewed by Michael Catanzaro.
1322
1323         Update the target element under the mouse also when only updating
1324         scrollbars, so that if the mouse enters the page when the window
1325         is not active, the scroll animator is notified that the mouse
1326         entered the scrollable area.
1327
1328         * page/EventHandler.cpp:
1329         (WebCore::EventHandler::handleMouseMoveEvent): Call
1330         updateMouseEventTargetNode() before early returning in case of
1331         only updating scrollbars.
1332
1333 2016-02-08  Jeremy Jones  <jeremyj@apple.com>
1334
1335         WebVideoFullscreenInterface should handle video resizing.
1336         https://bugs.webkit.org/show_bug.cgi?id=153982
1337         rdar://problem/22031249
1338
1339         Reviewed by Eric Carlson.
1340
1341         Video fullscreen can be initiated before video dimension are available.
1342         Protect against an initial width or height of zero and observe resize events 
1343         to update once video dimensions become available or change.
1344
1345         * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
1346         (WebVideoFullscreenModelVideoElement::updateForEventName):
1347         (WebVideoFullscreenModelVideoElement::observedEventNames):
1348         * platform/ios/WebVideoFullscreenInterfaceAVKit.mm:
1349         (-[WebAVPlayerLayer layoutSublayers]):
1350         (-[WebAVPlayerLayer videoRect]):
1351         (WebVideoFullscreenInterfaceAVKit::setVideoDimensions):
1352
1353 2016-02-08  Adrien Plazas  <aplazas@igalia.com>
1354
1355         Indent inline box test fails due to assertion in VisibleSelection::selectionFromContentsOfNode()
1356         https://bugs.webkit.org/show_bug.cgi?id=153824
1357
1358         Reviewed by Michael Catanzaro.
1359
1360         * editing/markup.cpp:
1361         (WebCore::highestAncestorToWrapMarkup):
1362
1363 2016-02-07  Sam Weinig  <sam@webkit.org>
1364
1365         Remove unused enum ScrollbarOverlayState.
1366
1367         Rubber-stamped by Dan Bernstein.
1368
1369         * platform/ScrollTypes.h:
1370
1371 2016-02-07  Sam Weinig  <sam@webkit.org>
1372
1373         Remove unnecessary respondsToSelector checks for methods that exist on all supported platforms
1374         https://bugs.webkit.org/show_bug.cgi?id=153970
1375
1376         Reviewed by Dan Bernstein.
1377
1378         -[NSScrollerImp mouseEnteredScroller], -[NSScrollerImp expansionTransitionProgress],
1379         -[NSScrollerImpPair contentAreaScrolledInDirection:], and -[NSScrollerImp setExpanded:]
1380         are now available on all supported OS's. No need to check for them.
1381
1382         * platform/mac/ScrollAnimatorMac.mm:
1383         (macScrollbarTheme):
1384         (-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
1385         (-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
1386         (WebCore::ScrollAnimatorMac::mouseEnteredScrollbar):
1387         (WebCore::ScrollAnimatorMac::mouseExitedScrollbar):
1388         (WebCore::ScrollAnimatorMac::sendContentAreaScrolled):
1389         (WebCore::ScrollAnimatorMac::sendContentAreaScrolledTimerFired):
1390         (supportsUIStateTransitionProgress): Deleted.
1391         (supportsExpansionTransitionProgress): Deleted.
1392         (supportsContentAreaScrolledInDirection): Deleted.
1393         * platform/mac/ScrollbarThemeMac.mm:
1394         (+[WebScrollbarPrefsObserver appearancePrefsChanged:]):
1395         (+[WebScrollbarPrefsObserver behaviorPrefsChanged:]):
1396         (WebCore::ScrollbarThemeMac::scrollbarThickness):
1397
1398 2016-02-07  Sam Weinig  <sam@webkit.org>
1399
1400         Use modern SPI header idiom for NSScrollerImp and NSScrollerImpPair
1401         https://bugs.webkit.org/show_bug.cgi?id=153969
1402
1403         Reviewed by Dan Bernstein.
1404
1405         * WebCore.xcodeproj/project.pbxproj:
1406         Add new file NSScrollerImpSPI.h
1407
1408         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
1409         Use new include of NSScrollerImpSPI.h.
1410
1411         * platform/ScrollbarThemeComposite.h:
1412         Define ScrollbarPainter more precisely as NSScrollerImp * now that the type is available to us.
1413
1414         * platform/mac/NSScrollerImpDetails.h:
1415         Remove NSObject category based SPI usage with the modern one NSScrollerImpSPI.h
1416
1417         * platform/mac/NSScrollerImpDetails.mm:
1418         (WebCore::recommendedScrollerStyle):
1419         Simplify recommendedScrollerStyle() now that all OS's we ship on have +[NSScroller preferredScrollerStyle].
1420
1421         * platform/mac/ScrollAnimatorMac.mm:
1422         (supportsUIStateTransitionProgress):
1423         (supportsExpansionTransitionProgress):
1424         (supportsContentAreaScrolledInDirection):
1425         Stop using NSClassFromString now that we can reference the classes explicitly.
1426
1427         (-[WebScrollbarPainterControllerDelegate invalidate]):
1428         (-[WebScrollbarPainterControllerDelegate contentAreaRectForScrollerImpPair:]):
1429         (-[WebScrollbarPainterControllerDelegate inLiveResizeForScrollerImpPair:]):
1430         (-[WebScrollbarPainterControllerDelegate mouseLocationInContentAreaForScrollerImpPair:]):
1431         (-[WebScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]):
1432         (-[WebScrollbarPainterControllerDelegate scrollerImpPair:setContentAreaNeedsDisplayInRect:]):
1433         (-[WebScrollbarPainterControllerDelegate scrollerImpPair:updateScrollerStyleForNewRecommendedScrollerStyle:]):
1434         (-[WebScrollbarPainterDelegate layer]):
1435         (-[WebScrollbarPainterDelegate mouseLocationInScrollerForScrollerImp:]):
1436         (-[WebScrollbarPainterDelegate convertRectToLayer:]):
1437         (-[WebScrollbarPainterDelegate shouldUseLayerPerPartForScrollerImp:]):
1438         (-[WebScrollbarPainterDelegate setUpAlphaAnimation:scrollerPainter:part:animateAlphaTo:duration:]):
1439         (-[WebScrollbarPainterDelegate scrollerImp:animateKnobAlphaTo:duration:]):
1440         (-[WebScrollbarPainterDelegate scrollerImp:animateTrackAlphaTo:duration:]):
1441         (-[WebScrollbarPainterDelegate scrollerImp:animateUIStateTransitionWithDuration:]):
1442         (-[WebScrollbarPainterDelegate scrollerImp:animateExpansionTransitionWithDuration:]):
1443         (-[WebScrollbarPainterDelegate scrollerImp:overlayScrollerStateChangedTo:]):
1444         (WebCore::ScrollAnimatorMac::ScrollAnimatorMac):
1445         (WebCore::ScrollAnimatorMac::lockOverlayScrollbarStateToHidden):
1446         (WebCore::ScrollAnimatorMac::didAddVerticalScrollbar):
1447         (WebCore::ScrollAnimatorMac::didAddHorizontalScrollbar):
1448         (WebCore::ScrollAnimatorMac::updateScrollerStyle):
1449         Add proper conforming to protocols and replace ids with proper types.
1450
1451         * platform/mac/ScrollbarThemeMac.mm:
1452         (WebCore::supportsExpandedScrollbars):
1453         (WebCore::ScrollbarThemeMac::registerScrollbar):
1454         (WebCore::ScrollbarThemeMac::scrollbarThickness):
1455         (WebCore::ScrollbarThemeMac::setUpContentShadowLayer):
1456         Stop using NSClassFromString now that we can reference the classes explicitly.
1457
1458         * platform/spi/mac/NSScrollerImpSPI.h: Added.
1459
1460 2016-02-07  Zalan Bujtas  <zalan@apple.com>
1461
1462         Outline does not clip when ancestor has overflow: hidden and requires layer.
1463         https://bugs.webkit.org/show_bug.cgi?id=153901
1464
1465         Now that outline is part of visual overflow, we no longer need the special outline cliprect.
1466         PaintPhaseChildOutlines drawing will switch to foreground cliprect. It ensures proper overflow clipping
1467         at parent level. PaintPhaseSelfOutline drawing will start using the visual overflow inflated background cliprect.
1468         With this change, outline will be using the same cliprects as the other visual overflow properties (box-shadow etc). 
1469
1470         Reviewed by David Hyatt.
1471
1472         Test: fast/repaint/outline-with-overflow-hidden-ancestor.html
1473
1474         * rendering/LayerFragment.h:
1475         (WebCore::LayerFragment::setRects):
1476         (WebCore::LayerFragment::moveBy): Deleted.
1477         (WebCore::LayerFragment::intersect): Deleted.
1478         * rendering/RenderLayer.cpp:
1479         (WebCore::RenderLayer::collectFragments):
1480         (WebCore::RenderLayer::paintOutlineForFragments):
1481         (WebCore::RenderLayer::calculateClipRects):
1482         (WebCore::RenderLayer::paintForegroundForFragments): Deleted.
1483         * rendering/RenderLayer.h:
1484         * rendering/RenderTreeAsText.cpp:
1485         (WebCore::write):
1486         (WebCore::writeLayers):
1487
1488 2016-02-07  Daniel Bates  <dabates@apple.com>
1489
1490         CSP: Allow Web Workers initiated from an isolated world to bypass the main world Content Security Policy
1491         https://bugs.webkit.org/show_bug.cgi?id=153622
1492         <rdar://problem/24400023>
1493
1494         Reviewed by Gavin Barraclough.
1495
1496         Fixes an issue where Web Workers initiated from an isolated world (say, a Safari Content Script Extension)
1497         would be subject to the Content Security Policy of the page.
1498
1499         Currently code in an isolated world that does not execute in a Web Worker is exempt from the CSP of
1500         the page. However, code that runs inside a Web Worker that was initiated from an isolated world is
1501         subject to the CSP of the page. Instead, such Web Worker code should also be exempt from the CSP of
1502         the page.
1503
1504         Tests: http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-eval.html
1505                http/tests/security/isolatedWorld/bypass-main-world-csp-worker-blob-xhr.html
1506                http/tests/security/isolatedWorld/bypass-main-world-csp-worker.html
1507
1508         * Modules/websockets/WebSocket.cpp:
1509         (WebCore::WebSocket::connect): Modified to ask the script execution context whether to bypass the
1510         main world Content Security Policy now that script execution context knows this information.
1511         * bindings/js/ScriptController.cpp:
1512         (WebCore::ScriptController::shouldBypassMainWorldContentSecurityPolicy): Deleted; moved logic from here...
1513         * bindings/js/ScriptController.h:
1514         * dom/Document.cpp:
1515         (WebCore::Document::shouldBypassMainWorldContentSecurityPolicy): ...to here.
1516         * dom/Document.h:
1517         * dom/ScriptExecutionContext.h:
1518         (WebCore::ScriptExecutionContext::shouldBypassMainWorldContentSecurityPolicy): Added; defaults to false -
1519         do not bypass the main world Content Security Policy.
1520         * page/EventSource.cpp:
1521         (WebCore::EventSource::create): Modified to ask the script execution context whether to bypass the
1522         main world Content Security Policy now that script execution context knows this information.
1523         * page/csp/ContentSecurityPolicy.cpp:
1524         (WebCore::ContentSecurityPolicy::shouldBypassMainWorldContentSecurityPolicy): Deleted.
1525         * page/csp/ContentSecurityPolicy.h:
1526         * workers/AbstractWorker.cpp:
1527         (WebCore::AbstractWorker::resolveURL): Bypass the main world Content Security Policy if applicable.
1528         Added FIXME comment to enforce the child-src directive of the document's CSP (as opposed to the script-src
1529         directive) on the worker's script URL. Also, scriptExecutionContext()->contentSecurityPolicy() should
1530         always be non-null just as we expect scriptExecutionContext()->securityOrigin() to be non-null. Assert
1531         this invariant to catch cases where a ScriptExecutionContext is not properly initialized.
1532         * workers/DedicatedWorkerGlobalScope.cpp:
1533         (WebCore::DedicatedWorkerGlobalScope::create): Modified to take boolean argument shouldBypassMainWorldContentSecurityPolicy
1534         as to whether to bypass the main world Content Security Policy and only apply the Content Security
1535         Policy headers when shouldBypassMainWorldContentSecurityPolicy is false.
1536         (WebCore::DedicatedWorkerGlobalScope::DedicatedWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
1537         as to whether to bypass the main world Content Security Policy.
1538         * workers/DedicatedWorkerGlobalScope.h:
1539         * workers/DedicatedWorkerThread.cpp:
1540         (WebCore::DedicatedWorkerThread::DedicatedWorkerThread): Ditto.
1541         (WebCore::DedicatedWorkerThread::createWorkerGlobalScope): Ditto.
1542         * workers/DedicatedWorkerThread.h:
1543         * workers/Worker.cpp:
1544         (WebCore::Worker::create): Store whether we should bypass the main world Content Security Policy so
1545         that we can pass it to WorkerMessagingProxy::startWorkerGlobalScope() in Worker::notifyFinished().
1546         We need to store this decision here as opposed to determining it at any later time (say, in Worker::notifyFinished())
1547         because it is dependent on the current JavaScript program stack at the time this function is invoked.
1548         (WebCore::Worker::notifyFinished): Pass whether to bypass the main world Content Security Policy.
1549         * workers/Worker.h:
1550         * workers/WorkerGlobalScope.cpp:
1551         (WebCore::WorkerGlobalScope::WorkerGlobalScope): Modified to take a boolean as to whether to bypass the
1552         main world Content Security Policy and store it in a member field. Also, always instantiate a Content
1553         Security Policy object as our current code assumes that one is always created.
1554         * workers/WorkerGlobalScope.h:
1555         * workers/WorkerGlobalScopeProxy.h:
1556         * workers/WorkerMessagingProxy.cpp:
1557         (WebCore::WorkerMessagingProxy::startWorkerGlobalScope): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
1558         as to whether to bypass the main world Content Security Policy.
1559         * workers/WorkerMessagingProxy.h:
1560         * workers/WorkerThread.cpp:
1561         (WebCore::WorkerThreadStartupData::WorkerThreadStartupData): Modified to take a boolean argument as to
1562         whether to bypass the main world Content Security Policy and store it in a member field.
1563         (WebCore::WorkerThread::WorkerThread): Pass through a boolean argument shouldBypassMainWorldContentSecurityPolicy
1564         as to whether to bypass the main world Content Security Policy.
1565         (WebCore::WorkerThread::workerThread): Ditto.
1566         * workers/WorkerThread.h:
1567         * xml/XMLHttpRequest.cpp:
1568         (WebCore::XMLHttpRequest::open): Modified to ask the script execution context whether to bypass the
1569         main world Content Security Policy now that script execution context knows this information.
1570
1571 2016-02-07  Dan Bernstein  <mitz@apple.com>
1572
1573         [Cocoa] Replace __has_include guards around inclusion of Apple-internal-SDK headers with USE(APPLE_INTERNAL_SDK)
1574         https://bugs.webkit.org/show_bug.cgi?id=153963
1575
1576         Reviewed by Sam Weinig.
1577
1578         * accessibility/mac/AXObjectCacheMac.mm:
1579         * crypto/CommonCryptoUtilities.cpp:
1580         * crypto/CommonCryptoUtilities.h:
1581         * editing/mac/TextUndoInsertionMarkupMac.h:
1582         * editing/mac/TextUndoInsertionMarkupMac.mm:
1583         * platform/cocoa/TelephoneNumberDetectorCocoa.cpp:
1584         * platform/graphics/cg/ImageSourceCG.cpp:
1585         * platform/graphics/mac/PDFDocumentImageMac.mm:
1586         * platform/network/ios/NetworkStateNotifierIOS.mm:
1587         * platform/network/mac/BlobDataFileReferenceMac.mm:
1588         * platform/network/mac/ResourceHandleMac.mm:
1589         * rendering/RenderThemeMac.mm:
1590
1591 2016-02-07  Carlos Garcia Campos  <cgarcia@igalia.com>
1592
1593         REGRESSION(r195661): [GTK] Scrollbar tests crashing after overlay scrollbar groundwork
1594         https://bugs.webkit.org/show_bug.cgi?id=153695
1595
1596         Reviewed by Michael Catanzaro.
1597
1598         The problem is that ScrollAnimation objects are not destroyed by
1599         the ScrollAnimator destructor, because I forgot to add a virtual
1600         destructor for ScrollAnimation in r195661.
1601
1602         * platform/ScrollAnimation.h:
1603         (WebCore::ScrollAnimation::~ScrollAnimation):
1604
1605 2016-02-06  Chris Dumez  <cdumez@apple.com>
1606
1607         Prevent cross-origin access to window.history
1608         https://bugs.webkit.org/show_bug.cgi?id=153931
1609
1610         Reviewed by Darin Adler.
1611
1612         Prevent cross-origin access to window.history to match the specification [1]
1613         and the behavior of other browsers (tested Firefox and Chrome).
1614
1615         [1] https://html.spec.whatwg.org/multipage/browsers.html#security-window
1616
1617         No new tests, already covered by existing tests that
1618         were updated in this patch.
1619
1620         * bindings/js/JSHistoryCustom.cpp:
1621         (WebCore::JSHistory::pushState):
1622         (WebCore::JSHistory::replaceState):
1623         (WebCore::JSHistory::state): Deleted.
1624         * page/DOMWindow.idl:
1625         * page/History.idl:
1626
1627 2016-02-06  Beth Dakin  <bdakin@apple.com>
1628
1629         ScrollbarPainters needs to be deallocated on the main thread
1630         https://bugs.webkit.org/show_bug.cgi?id=153932
1631         -and corresponding-
1632         rdar://problem/24015483
1633
1634         Reviewed by Dan Bernstein.
1635
1636         Darin pointed out that this was still race-y. There was still a race 
1637         condition between the destruction of the two local variables and the
1638         destruction of the lambda on the main thread. This should fix that. 
1639         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.h:
1640         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
1641         (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
1642         (WebCore::ScrollingTreeFrameScrollingNodeMac::releaseReferencesToScrollbarPaintersOnTheMainThread):
1643         (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
1644
1645 2016-02-06  Darin Adler  <darin@apple.com>
1646
1647         Finish auditing call sites of upper() and lower(), eliminate many, and rename the functions
1648         https://bugs.webkit.org/show_bug.cgi?id=153905
1649
1650         Reviewed by Sam Weinig.
1651
1652         * Modules/mediasource/MediaSource.cpp:
1653         (WebCore::MediaSource::isTypeSupported): Use convertToASCIILowercase on MIME type.
1654
1655         * accessibility/AccessibilityObject.cpp:
1656         (WebCore::AccessibilityObject::selectText): Use new names for lower and upper. Also
1657         tweaked style a tiny bit and used u_toupper rather than converting an entire
1658         string to uppercase.
1659
1660         * dom/Document.cpp:
1661         (WebCore::Document::addImageElementByCaseFoldedUsemap): Renamed to reflect the use
1662         of case folding rather than lowercasing.
1663         (WebCore::Document::removeImageElementByCaseFoldedUsemap): Ditto.
1664         (WebCore::Document::imageElementByCaseFoldedUsemap): Ditto.
1665         * dom/Document.h: Ditto.
1666         * dom/DocumentOrderedMap.cpp:
1667         (WebCore::DocumentOrderedMap::getElementByCaseFoldedMapName): Ditto.
1668         (WebCore::DocumentOrderedMap::getElementByCaseFoldedUsemap): Ditto.
1669         * dom/DocumentOrderedMap.h: Ditto.
1670
1671         * dom/TreeScope.cpp:
1672         (WebCore::TreeScope::getImageMap): Removed unneeded special case for null string.
1673         Simplified logic for cases where the URL does not have a "#" character in it.
1674         Use case folding instead of lowercase.
1675
1676         * editing/cocoa/HTMLConverter.mm:
1677         (HTMLConverter::_processText): Removed unneded special case for the empty string.
1678         Use makCapitalized instead of Cocoa function for "capitalize". Use upper and lower
1679         functions by their new names.
1680
1681         * html/HTMLImageElement.cpp:
1682         (WebCore::HTMLImageElement::parseAttribute): Use case folding instead of
1683         lowerasing for the usemap attribute.
1684         (WebCore::HTMLImageElement::insertedInto): Ditto.
1685         (WebCore::HTMLImageElement::removedFrom): Ditto.
1686         (WebCore::HTMLImageElement::matchesCaseFoldedUsemap): Ditto.
1687         * html/HTMLImageElement.h: Rename since usemap is case folded now, not lowercased.
1688
1689         * html/HTMLMapElement.cpp:
1690         (WebCore::HTMLMapElement::imageElement): Use case folding instead of lowercasing
1691         for usemap.
1692         (WebCore::HTMLMapElement::parseAttribute): Ditto.
1693
1694         * platform/Language.cpp:
1695         (WebCore::canonicalLanguageIdentifier): Use convertToASCIILowercase for language code.
1696         (WebCore::indexOfBestMatchingLanguageInList): Ditto.
1697
1698         * platform/graphics/harfbuzz/HarfBuzzShaper.cpp:
1699         (WebCore::HarfBuzzShaper::shapeHarfBuzzRuns): Use new name for the upper function.
1700
1701         * platform/network/HTTPParsers.cpp:
1702         (WebCore::parseContentTypeOptionsHeader): Use equalLettersIgnoringASCIICase instead
1703         of lowercasing to check for a specific header value.
1704
1705         * platform/network/MIMEHeader.cpp:
1706         (WebCore::retrieveKeyValuePairs): Use convertToASCIILowercase for MIME header name.
1707         (WebCore::MIMEHeader::parseContentTransferEncoding): Use equalLettersIgnoringASCIICase
1708         instead of lowercasing.
1709
1710         * platform/network/cf/ResourceHandleCFNet.cpp:
1711         (WebCore::allowsAnyHTTPSCertificateHosts): Make this hash ASCII case-insensitive.
1712         (WebCore::clientCertificates): Ditto.
1713         (WebCore::ResourceHandle::createCFURLConnection): Remove call to lower since the
1714         set is now ASCII case-insensitive.
1715         (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
1716         (WebCore::ResourceHandle::setClientCertificate): Ditto.
1717
1718         * platform/network/curl/CookieJarCurl.cpp:
1719         (WebCore::getNetscapeCookieFormat): Use equalLettersIgnoringASCIICase instead of
1720         lowercasing.
1721
1722         * platform/network/curl/MultipartHandle.cpp:
1723         (WebCore::MultipartHandle::didReceiveResponse): Use convertToASCIILowercase to
1724         make a MIME type lowercase.
1725
1726         * platform/network/curl/ResourceHandleCurl.cpp:
1727         (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Removed unneeded
1728         conversion to lowercase now that the set is ASCII case-insensitive.
1729         (WebCore::ResourceHandle::setClientCertificate): Removed code that populates a map
1730         that is then never used for anything.
1731
1732         * platform/network/curl/ResourceHandleManager.cpp:
1733         (WebCore::headerCallback): Use convertToASCIILowercase for MIME type.
1734
1735         * platform/network/curl/SSLHandle.cpp: Made hash maps keyed by host names
1736         ASCII case-insensitive.
1737         (WebCore::addAllowedClientCertificate): Removed lowercasing since the map itself
1738         is now ASCII case insensitve.
1739         (WebCore::setSSLClientCertificate): Ditto. Also use auto for iterator type so we
1740         don't have to write out the map type.
1741         (WebCore::sslIgnoreHTTPSCertificate): Ditto.
1742         (WebCore::certVerifyCallback): Ditto.
1743
1744         * platform/network/soup/ResourceHandleSoup.cpp: Made hash maps keyed by host names
1745         ASCII case-insensitive.
1746         (WebCore::allowsAnyHTTPSCertificateHosts): Ditto.
1747         (WebCore::handleUnignoredTLSErrors): Ditto.
1748         (WebCore::ResourceHandle::setHostAllowsAnyHTTPSCertificate): Ditto.
1749         (WebCore::ResourceHandle::setClientCertificate): Ditto.
1750
1751         * platform/text/LocaleToScriptMappingDefault.cpp: Made hash maps keyed by script
1752         names ASCII case-insensitive. USE WTF_ARRAY_LENGTH as appropriate.
1753         (WebCore::scriptNameToCode): Use modern style to initialize the map. Removed
1754         unnecessary lowercasing of the script name before looking at the map.
1755         (WebCore::localeToScriptCodeForFontSelection): Ditto.
1756
1757         * platform/text/win/LocaleWin.cpp:
1758         (WebCore::convertLocaleNameToLCID): Made map ASCII case-insensitive and removed
1759         unneeded lowercasing.
1760
1761         * platform/win/PasteboardWin.cpp:
1762         (WebCore::clipboardTypeFromMIMEType): Use equalLettersIgnoringASCIICase instead
1763         of lowercasing.
1764
1765         * rendering/RenderText.cpp:
1766         (WebCore::applyTextTransform): Use new names for the upper and lower functions.
1767
1768         * xml/XMLHttpRequest.cpp:
1769         (WebCore::XMLHttpRequest::responseIsXML): Remove unneeded lowercasing, since
1770         DOMImplementation now has ASCII case-insensitive handling of MIME types.
1771
1772 2016-02-06  Zalan Bujtas  <zalan@apple.com>
1773
1774         Outline should contribute to visual overflow.
1775         https://bugs.webkit.org/show_bug.cgi?id=153299
1776
1777         This patch eliminates the special outline handling (RenderView::setMaximalOutlineSize).
1778         Now that outline is part of visual overflow, we don't have to inflate the layers to accomodate
1779         outline borders.
1780         This patch fixes several focusring related repaint issues. However when both the outline: auto
1781         and the descendant renderer are composited, we still don't paint properly in certain cases. -not a regression.
1782         (Also when parent renderer has overflow: hidden repaint does not take outline into account. -regression.)
1783         It changes column behavior (see TestExpectations) since outline behaves now like any other visual overflow properties.
1784
1785         Reviewed by David Hyatt.
1786
1787         Test: fast/repaint/focus-ring-repaint.html
1788               fast/repaint/focus-ring-repaint-with-negative-offset.html
1789
1790         * css/html.css: resetting to old behavior.
1791         (:focus):
1792         (input:focus, textarea:focus, isindex:focus, keygen:focus, select:focus):
1793         * rendering/InlineFlowBox.cpp:
1794         (WebCore::InlineFlowBox::addToLine):
1795         (WebCore::InlineFlowBox::addOutlineVisualOverflow):
1796         (WebCore::InlineFlowBox::computeOverflow):
1797         (WebCore::InlineFlowBox::paint): Deleted.
1798         * rendering/InlineFlowBox.h:
1799         * rendering/RenderBlock.cpp:
1800         (WebCore::RenderBlock::computeOverflow):
1801         (WebCore::RenderBlock::outlineStyleForRepaint):
1802         (WebCore::RenderBlock::paint): Deleted.
1803         * rendering/RenderBlockFlow.cpp:
1804         (WebCore::RenderBlockFlow::layoutBlock): Deleted.
1805         (WebCore::RenderBlockFlow::addFocusRingRectsForInlineChildren): Deleted.
1806         * rendering/RenderBlockLineLayout.cpp:
1807         (WebCore::RenderBlockFlow::addOverflowFromInlineChildren):
1808         * rendering/RenderBox.cpp:
1809         (WebCore::RenderBox::addVisualEffectOverflow):
1810         (WebCore::RenderBox::applyVisualEffectOverflow):
1811         (WebCore::RenderBox::clippedOverflowRectForRepaint): Deleted.
1812         * rendering/RenderBoxModelObject.h:
1813         * rendering/RenderDetailsMarker.cpp:
1814         (WebCore::RenderDetailsMarker::paint): Deleted.
1815         * rendering/RenderElement.cpp:
1816         (WebCore::RenderElement::insertChildInternal):
1817         (WebCore::RenderElement::styleDidChange):
1818         (WebCore::RenderElement::repaintAfterLayoutIfNeeded):
1819         (WebCore::RenderElement::issueRepaintForOutlineAuto):
1820         (WebCore::RenderElement::updateOutlineAutoAncestor):
1821         (WebCore::RenderElement::computeMaxOutlineSize): Deleted.
1822         (WebCore::RenderElement::styleWillChange): Deleted.
1823         * rendering/RenderElement.h:
1824         (WebCore::RenderElement::hasContinuation):
1825         * rendering/RenderInline.cpp:
1826         (WebCore::RenderInline::paintOutlineForLine): Deleted.
1827         * rendering/RenderLayer.cpp:
1828         (WebCore::RenderLayer::calculateClipRects):
1829         * rendering/RenderLineBoxList.cpp:
1830         (WebCore::RenderLineBoxList::anyLineIntersectsRect):
1831         (WebCore::RenderLineBoxList::lineIntersectsDirtyRect):
1832         (WebCore::RenderLineBoxList::paint):
1833         (WebCore::isOutlinePhase): Deleted.
1834         * rendering/RenderLineBoxList.h:
1835         * rendering/RenderListBox.cpp:
1836         (WebCore::RenderListBox::computePreferredLogicalWidths):
1837         * rendering/RenderListMarker.cpp:
1838         (WebCore::RenderListMarker::paint): Deleted.
1839         * rendering/RenderObject.cpp:
1840         (WebCore::RenderObject::propagateRepaintToParentWithOutlineAutoIfNeeded): The renderer with outline: auto is responsible for
1841         painting focusring around the descendants. If we issued repaint only on the descendant when it changes,
1842         the focusring would not refresh properly. We have to find the ancestor with outline: auto, inflate the repaint rect and
1843         issue the repaint on the ancestor if we crossed repaint container.
1844  
1845         (WebCore::RenderObject::repaintUsingContainer):
1846         (WebCore::RenderObject::adjustRectForOutlineAndShadow):
1847         (WebCore::RenderObject::setHasOutlineAutoAncestor):
1848         (WebCore::RenderObject::adjustRectWithMaximumOutline): Deleted.
1849         
1850         * rendering/RenderObject.h: We mark the descendants of outline: auto so that
1851         when a child renderer changes we can propagate the repaint to the ancestor with outline.
1852
1853         (WebCore::RenderObject::hasOutlineAutoAncestor):
1854         (WebCore::RenderObject::RenderObjectRareData::RenderObjectRareData):
1855         * rendering/RenderRegion.cpp:
1856         (WebCore::RenderRegion::overflowRectForFlowThreadPortion):
1857         * rendering/RenderReplaced.cpp:
1858         (WebCore::RenderReplaced::shouldPaint): Deleted.
1859         (WebCore::RenderReplaced::clippedOverflowRectForRepaint): Deleted.
1860         * rendering/RenderTable.cpp:
1861         (WebCore::RenderTable::paint): Deleted.
1862         * rendering/RenderTableCell.cpp:
1863         (WebCore::RenderTableCell::clippedOverflowRectForRepaint): Deleted.
1864         (WebCore::RenderTableCell::paintCollapsedBorders): Deleted.
1865         * rendering/RenderTableRow.cpp:
1866         (WebCore::RenderTableRow::layout):
1867         (WebCore::RenderTableRow::clippedOverflowRectForRepaint): Deleted.
1868         * rendering/RenderTableSection.cpp:
1869         (WebCore::RenderTableSection::layoutRows):
1870         (WebCore::RenderTableSection::computeOverflowFromCells): Deleted.
1871         (WebCore::RenderTableSection::paintObject): Deleted.
1872         * rendering/RenderTheme.h:
1873         (WebCore::RenderTheme::platformFocusRingWidth):
1874         * rendering/RenderView.cpp:
1875         (WebCore::RenderView::setMaximalOutlineSize): Deleted.
1876         * rendering/RenderView.h:
1877         * rendering/style/RenderStyle.cpp:
1878         (WebCore::RenderStyle::changeAffectsVisualOverflow):
1879         (WebCore::RenderStyle::outlineWidth):
1880         * rendering/style/RenderStyle.h:
1881
1882 2016-02-06  Andreas Kling  <akling@apple.com>
1883
1884         [iOS] Throw away linked code when navigating to a new page.
1885         <https://webkit.org/b/153851>
1886
1887         Reviewed by Gavin Barraclough.
1888
1889         When navigating to a new page, tell JSC to throw out any linked code it has lying around.
1890         Linked code is tied to a specific global object, and as we're creating a new one for the
1891         new page, none of it is useful to us here.
1892
1893         In the event that the user navigates back, the cost of relinking some code will be far
1894         lower than the memory cost of keeping all of it around.
1895
1896         This landed previously but was rolled out due to a Speedometer regression. I've made one
1897         minor but important change here: only throw away code if we're navigating away from an
1898         existing history item. Or in other words, don't throw away code for "force peeks" or any
1899         other navigations that are not traditional top-level main frame navigations.
1900
1901         * bindings/js/GCController.cpp:
1902         (WebCore::GCController::deleteAllLinkedCode):
1903         * bindings/js/GCController.h:
1904         * loader/FrameLoader.cpp:
1905         (WebCore::FrameLoader::commitProvisionalLoad):
1906
1907 2016-02-06  Konstantin Tokarev  <annulen@yandex.ru>
1908
1909         Added implementations of AXObjectCache methods for !HAVE(ACCESSIBILITY).
1910         https://bugs.webkit.org/show_bug.cgi?id=153924
1911
1912         Reviewed by Andreas Kling.
1913
1914         No new tests needed.
1915
1916         * accessibility/AXObjectCache.h:
1917         (WebCore::AXObjectCache::ariaModalNode): Added stub implementation.
1918         (WebCore::AXObjectCache::postLiveRegionChangeNotification): Ditto.
1919         (WebCore::AXObjectCache::rangeForNodeContents): Ditto.
1920         (WebCore::AXObjectCache::setIsSynchronizingSelection): Ditto.
1921         (WebCore::AXObjectCache::setTextSelectionIntent): Ditto.
1922         (WebCore::AXAttributeCacheEnabler::AXAttributeCacheEnabler): Ditto.
1923         (WebCore::AXAttributeCacheEnabler::~AXAttributeCacheEnabler): Ditto.
1924
1925 2016-02-04  Antti Koivisto  <antti@apple.com>
1926
1927         Use scope stack instead of nested TreeResolvers for shadow trees
1928         https://bugs.webkit.org/show_bug.cgi?id=153893
1929
1930         Reviewed by Andreas Kling.
1931
1932         Make TreeResolver per-document. This is a step towards iterative style resolve.
1933
1934         This is done replacing use of nested TreeResolvers with a scope stack that maintains
1935         the style resolver and the selector filter for the current tree scope.
1936
1937         * style/StyleTreeResolver.cpp:
1938         (WebCore::Style::ensurePlaceholderStyle):
1939         (WebCore::Style::TreeResolver::Scope::Scope):
1940         (WebCore::Style::TreeResolver::TreeResolver):
1941         (WebCore::Style::shouldCreateRenderer):
1942         (WebCore::Style::TreeResolver::styleForElement):
1943         (WebCore::Style::TreeResolver::createRenderTreeForShadowRoot):
1944         (WebCore::Style::TreeResolver::createRenderTreeForSlotAssignees):
1945         (WebCore::Style::TreeResolver::createRenderTreeRecursively):
1946         (WebCore::Style::TreeResolver::resolveLocally):
1947         (WebCore::Style::TreeResolver::resolveShadowTree):
1948         (WebCore::Style::TreeResolver::resolveBeforeOrAfterPseudoElement):
1949         (WebCore::Style::TreeResolver::resolveChildren):
1950         (WebCore::Style::TreeResolver::resolveSlotAssignees):
1951         (WebCore::Style::TreeResolver::resolveRecursively):
1952         (WebCore::Style::TreeResolver::resolve):
1953         (WebCore::Style::detachRenderTree):
1954         * style/StyleTreeResolver.h:
1955         (WebCore::Style::TreeResolver::scope):
1956         (WebCore::Style::TreeResolver::pushScope):
1957         (WebCore::Style::TreeResolver::pushEnclosingScope):
1958         (WebCore::Style::TreeResolver::popScope):
1959
1960 2016-02-06  Commit Queue  <commit-queue@webkit.org>
1961
1962         Unreviewed, rolling out r196104.
1963         https://bugs.webkit.org/show_bug.cgi?id=153940
1964
1965         Regressed Speedometer on iOS (Requested by kling on #webkit).
1966
1967         Reverted changeset:
1968
1969         "[iOS] Throw away linked code when navigating to a new page."
1970         https://bugs.webkit.org/show_bug.cgi?id=153851
1971         http://trac.webkit.org/changeset/196104
1972
1973 2016-02-05  Beth Dakin  <bdakin@apple.com>
1974
1975         ScrollbarPainters needs to be deallocated on the main thread
1976         https://bugs.webkit.org/show_bug.cgi?id=153932
1977         -and corresponding-
1978         rdar://problem/24015483
1979
1980         Reviewed by Geoff Garen.
1981
1982         Follow-up fix since the first one was still race-y.
1983         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
1984         (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
1985         (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
1986
1987 2016-02-05  Beth Dakin  <bdakin@apple.com>
1988
1989         ScrollbarPainters needs to be deallocated on the main thread
1990         https://bugs.webkit.org/show_bug.cgi?id=153932
1991         -and corresponding-
1992         rdar://problem/24015483
1993
1994         Reviewed by Tim Horton.
1995
1996         Ensure the the destructor of ScrollingTreeFrameScrollingNodeMac and the 
1997         assignments done in this class are not responsible for deallocating the 
1998         ScrollbarPainter. 
1999         * page/scrolling/mac/ScrollingTreeFrameScrollingNodeMac.mm:
2000         (WebCore::ScrollingTreeFrameScrollingNodeMac::~ScrollingTreeFrameScrollingNodeMac):
2001         (WebCore::ScrollingTreeFrameScrollingNodeMac::updateBeforeChildren):
2002
2003 2016-02-05  Chris Dumez  <cdumez@apple.com>
2004
2005         Instance property getters / setters cannot be called on another instance of the same type
2006         https://bugs.webkit.org/show_bug.cgi?id=153895
2007
2008         Reviewed by Gavin Barraclough.
2009
2010         It should be possible to call instance property getters / setters on
2011         other instances of the same type, as per the WEB IDL specification:
2012         - http://heycam.github.io/webidl/#dfn-attribute-getter
2013         - http://heycam.github.io/webidl/#dfn-attribute-setter
2014
2015         This matches the behavior of Firefox.
2016
2017         The issue without our bindings was that the getters / setters were
2018         using |slotBase| instead of |thisValue| and therefore ended up using
2019         the instance the getter was taken from instead of the actual target
2020         object.
2021
2022         Test:
2023         js/instance-property-getter-other-instance.html
2024         js/instance-property-setter-other-instance.html
2025
2026         * bindings/scripts/CodeGeneratorJS.pm:
2027         (GenerateImplementation):
2028         - Have instance getters / setters use thisValue instead of slotBase.
2029         - In the case of interfaces that have attributes on the instance for
2030           compatibility reasons, try the prototype object if |thisValue| does
2031           does have the right type, instead of using slotBase like previously.
2032           I believe this maintains the original compatibility intention while
2033           also behaving correctly when called on another instance.
2034
2035         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
2036         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
2037         * bindings/scripts/test/JS/JSTestException.cpp:
2038         * bindings/scripts/test/JS/JSTestInterface.cpp:
2039         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
2040         * bindings/scripts/test/JS/JSTestNode.cpp:
2041         * bindings/scripts/test/JS/JSTestNondeterministic.cpp:
2042         * bindings/scripts/test/JS/JSTestObj.cpp:
2043         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
2044         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
2045         * bindings/scripts/test/JS/JSattribute.cpp:
2046         Rebaseline bindings tests.
2047
2048 2016-02-05  Brady Eidson  <beidson@apple.com>
2049
2050         Modern IDB: UniqueIDBDatabase's m_databaseInfo is unsafely used from multiple threads.
2051         https://bugs.webkit.org/show_bug.cgi?id=153912
2052
2053         Reviewed by Alex Christensen.
2054
2055         No new tests (Anything testable about this patch is already covered by existing tests).
2056
2057         * Modules/indexeddb/server/IDBBackingStore.h:
2058
2059         * Modules/indexeddb/server/MemoryIDBBackingStore.cpp:
2060         (WebCore::IDBServer::MemoryIDBBackingStore::infoForObjectStore):
2061         * Modules/indexeddb/server/MemoryIDBBackingStore.h:
2062
2063         Teach the SQLiteIDBBackingStore to actually keep its m_databaseInfo up to date as it changes,
2064         and to revert it when version change transactions abort:
2065         * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
2066         (WebCore::IDBServer::SQLiteIDBBackingStore::beginTransaction):
2067         (WebCore::IDBServer::SQLiteIDBBackingStore::abortTransaction):
2068         (WebCore::IDBServer::SQLiteIDBBackingStore::commitTransaction):
2069         (WebCore::IDBServer::SQLiteIDBBackingStore::createObjectStore):
2070         (WebCore::IDBServer::SQLiteIDBBackingStore::deleteObjectStore):
2071         (WebCore::IDBServer::SQLiteIDBBackingStore::createIndex):
2072         (WebCore::IDBServer::SQLiteIDBBackingStore::deleteIndex):
2073         (WebCore::IDBServer::SQLiteIDBBackingStore::infoForObjectStore):
2074         * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
2075
2076         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
2077         (WebCore::IDBServer::UniqueIDBDatabase::performPutOrAdd): Use the IDBBackingStore's copy of the 
2078           IDBObjectStoreInfo, meant only for the database thread, instead of the UniqueIDBDatabase's copy, 
2079           which is meant only for the main thread.
2080
2081 2016-02-05  Alex Christensen  <achristensen@webkit.org>
2082
2083         Clean up Blob code
2084         https://bugs.webkit.org/show_bug.cgi?id=153910
2085
2086         Reviewed by Alexey Proskuryakov.
2087
2088         No new tests, no change in behavior.
2089
2090         * css/StyleSheet.h:
2091         * fileapi/Blob.cpp:
2092         (WebCore::Blob::Blob):
2093         (WebCore::Blob::normalizedContentType):
2094         (WebCore::Blob::isNormalizedContentType):
2095         (WebCore::Blob::registry):
2096         * fileapi/Blob.h:
2097         * fileapi/BlobURL.cpp:
2098         (WebCore::BlobURL::createPublicURL):
2099         * fileapi/BlobURL.h:
2100         (WebCore::BlobURL::BlobURL):
2101         (WebCore::BlobURL::blobProtocol): Deleted.
2102         * platform/PlatformStrategies.cpp:
2103         (WebCore::setPlatformStrategies):
2104         (WebCore::hasPlatformStrategies): Deleted.
2105         * platform/PlatformStrategies.h:
2106         * platform/network/BlobRegistry.cpp:
2107         (WebCore::blobRegistry):
2108         * platform/network/BlobRegistry.h:
2109         * platform/network/BlobRegistryImpl.cpp:
2110         (WebCore::BlobRegistryImpl::~BlobRegistryImpl):
2111         (WebCore::createResourceHandle):
2112         (WebCore::registerBlobResourceHandleConstructor):
2113         (WebCore::BlobRegistryImpl::createResourceHandle):
2114         (WebCore::BlobRegistryImpl::appendStorageItems):
2115         (WebCore::BlobRegistryImpl::registerFileBlobURL):
2116         (WebCore::BlobRegistryImpl::registerBlobURL):
2117         * platform/network/BlobRegistryImpl.h:
2118         * platform/network/BlobResourceHandle.cpp:
2119         (WebCore::BlobResourceHandle::loadResourceSynchronously):
2120         (WebCore::BlobResourceHandle::BlobResourceHandle):
2121         * platform/network/ResourceHandle.h:
2122
2123 2016-02-05  Carlos Garcia Campos  <cgarcia@igalia.com>
2124
2125         [GTK] Scrollbars incorrectly rendered with older versions of GTK+
2126         https://bugs.webkit.org/show_bug.cgi?id=153861
2127
2128         Reviewed by Michael Catanzaro.
2129
2130         The theme doesn't really know it's a scrollbar. Older versions of
2131         GTK+ require to explicitly add the scrollbar style class to the
2132         child GtkStyleContext.
2133
2134         * platform/gtk/ScrollbarThemeGtk.cpp:
2135         (WebCore::createChildStyleContext):
2136
2137 2016-02-05  Carlos Garcia Campos  <cgarcia@igalia.com>
2138
2139         [GTK] Scrollbars not correctly rendered in non GNOME environments
2140         https://bugs.webkit.org/show_bug.cgi?id=153860
2141
2142         Reviewed by Michael Catanzaro.
2143
2144         I noticed this in a matchbox environment, where there's no
2145         gnome-setting-daemon running. The problem is only with the
2146         scrollbars, because we initialize the GtkSettings in
2147         RenderThemeGtk and notify the ScrollbarTheme when it changes, but
2148         ScrollbarTheme is created before RenderThemeGtk so we initialize
2149         the theme properties before the GtkSettings have been
2150         initialized. We can just let the ScrollbarTheme monitor the
2151         theme itself instead of relying on being notified by the WebCore
2152         layer.
2153
2154         * platform/gtk/ScrollbarThemeGtk.cpp:
2155         (WebCore::themeChangedCallback):
2156         (WebCore::ScrollbarThemeGtk::ScrollbarThemeGtk):
2157         * rendering/RenderThemeGtk.cpp:
2158         (WebCore::gtkStyleChangedCallback): Deleted.
2159
2160 2016-02-05  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2161
2162         Remove DOMWrapped parameter from JSKeyValueIterator
2163         https://bugs.webkit.org/show_bug.cgi?id=153859
2164
2165         Reviewed by Sam Weinig.
2166
2167         No change in behavior.
2168
2169         Using std::declval to infer DOMWrapped from JSWrapper::wrapped.
2170
2171         * bindings/js/JSFetchHeadersCustom.cpp:
2172         (WebCore::JSFetchHeaders::entries):
2173         (WebCore::JSFetchHeaders::keys):
2174         (WebCore::JSFetchHeaders::values):
2175         * bindings/js/JSKeyValueIterator.h:
2176         (WebCore::createIterator):
2177         (WebCore::JSKeyValueIterator<JSWrapper>::destroy):
2178         (WebCore::JSKeyValueIterator<JSWrapper>::next):
2179         (WebCore::JSKeyValueIteratorPrototypeFunctionNext):
2180         (WebCore::JSKeyValueIteratorPrototype<JSWrapper>::finishCreation):
2181
2182 2016-02-05  Nan Wang  <n_wang@apple.com>
2183
2184         AX: WebKit hanging when VoiceOver attempts to focus in on page
2185         https://bugs.webkit.org/show_bug.cgi?id=153899
2186         <rdar://problem/24506603>
2187
2188         Reviewed by Chris Fleizach.
2189
2190         The VisiblePosition to CharacterOffset conversion will lead to an infinite loop if the
2191         nextVisiblePostion call is returning the original VisiblePosition. Fixed it by breaking out
2192         of the loop early in that situation. 
2193
2194         Test: accessibility/text-marker/character-offset-visible-position-conversion-hang.html
2195
2196         * accessibility/AXObjectCache.cpp:
2197         (WebCore::AXObjectCache::characterOffsetFromVisiblePosition):
2198
2199 2016-02-04  Joseph Pecoraro  <pecoraro@apple.com>
2200
2201         Web Inspector: InspectorTimelineAgent doesn't need to recompile functions because it now uses the sampling profiler
2202         https://bugs.webkit.org/show_bug.cgi?id=153500
2203         <rdar://problem/24352458>
2204
2205         Reviewed by Timothy Hatcher.
2206
2207         * bindings/js/JSDOMWindowBase.cpp:
2208         (WebCore::JSDOMWindowBase::supportsLegacyProfiling):
2209         (WebCore::JSDOMWindowBase::supportsRichSourceInfo):
2210         (WebCore::JSDOMWindowBase::supportsProfiling): Deleted.
2211         * bindings/js/JSDOMWindowBase.h:
2212         * bindings/js/JSWorkerGlobalScopeBase.cpp:
2213         (WebCore::JSWorkerGlobalScopeBase::supportsLegacyProfiling):
2214         (WebCore::JSWorkerGlobalScopeBase::supportsProfiling): Deleted.
2215         * bindings/js/JSWorkerGlobalScopeBase.h:
2216         * inspector/InspectorController.h:
2217         * inspector/InspectorController.cpp:
2218         (WebCore::InspectorController::legacyProfilerEnabled):
2219         (WebCore::InspectorController::setLegacyProfilerEnabled):
2220         Be more explicit about enabling legacy profiling.
2221
2222         * inspector/InspectorTimelineAgent.cpp:
2223         (WebCore::InspectorTimelineAgent::willDestroyFrontendAndBackend):
2224         (WebCore::InspectorTimelineAgent::didCreateFrontendAndBackend): Deleted.
2225         TimelineAgent doesn't need to recompile if using the sampling profiler.
2226         This breaks console.profile, but console.profile should move to using
2227         the sampling profiler as well.
2228
2229         (WebCore::InspectorTimelineAgent::startFromConsole):
2230         (WebCore::InspectorTimelineAgent::stopFromConsole):
2231         (WebCore::startProfiling): Deleted.
2232         (WebCore::stopProfiling): Deleted.
2233         Inlined the use once static functions.
2234
2235         * page/PageConsoleClient.cpp:
2236         (WebCore::PageConsoleClient::profile):
2237         (WebCore::PageConsoleClient::profileEnd):
2238         Added FIXMEs for improving console.profile and profileEnd.
2239
2240         * testing/Internals.cpp:
2241         (WebCore::Internals::resetToConsistentState):
2242         (WebCore::Internals::setLegacyJavaScriptProfilingEnabled):
2243         (WebCore::Internals::setJavaScriptProfilingEnabled): Deleted.
2244         * testing/Internals.h:
2245         * testing/Internals.idl:
2246         Be more explicit about enabling legacy profiling.
2247
2248 2016-02-04  Brent Fulgham  <bfulgham@apple.com>
2249
2250         Follow-up: Add "WebKit built-in PDF" Plugin to set of publicly visible plugins
2251         https://bugs.webkit.org/show_bug.cgi?id=153657
2252         <rdar://problem/24413107>
2253
2254         Reviewed by Darin Adler.
2255
2256         * plugins/PluginData.cpp:
2257         (WebCore::shouldBePubliclyVisible): Revise comments to provide a
2258         better explanation of the function and why it exists.
2259
2260 2016-02-04  Jonathan Davis  <jond@apple.com>
2261
2262         Add Fetch API and CSS Variables to feature status
2263         https://bugs.webkit.org/show_bug.cgi?id=153896
2264
2265         Reviewed by Timothy Hatcher.
2266
2267         * features.json:
2268
2269 2016-02-04  Daniel Bates  <dabates@apple.com>
2270
2271         WebKit for iOS Simulator fails to build with public iOS SDK
2272         https://bugs.webkit.org/show_bug.cgi?id=153881
2273
2274         Reviewed by Alex Christensen.
2275
2276         Make constants have internal linkage to match the Apple Internal SDK.
2277
2278         * platform/spi/ios/MobileGestaltSPI.h:
2279
2280 2016-02-04  Chris Dumez  <cdumez@apple.com>
2281
2282         Object.getOwnPropertyDescriptor() returns incomplete descriptor for instance properties
2283         https://bugs.webkit.org/show_bug.cgi?id=153817
2284
2285         Reviewed by Geoffrey Garen.
2286
2287         Update the bindings generator so that property getters / setters now
2288         make sure |this| has the right type and throw a TypeError if it does
2289         not, as per:
2290         - http://heycam.github.io/webidl/#dfn-attribute-getter (step 2.4.2)
2291         - http://heycam.github.io/webidl/#dfn-attribute-setter (step 3.5)
2292
2293         This was an issue when doing something like:
2294         Object.getOwnPropertyDescriptor(window, "location").get.call(nonWindow)
2295
2296         We would call toJSDOMWindow(thisValue), which would return null as
2297         thisValue is not a JSDOMWindow. We would then dereference this null
2298         pointer and crash. We now do a null check and throw a TypeError in
2299         this case, as per the Web IDL specification.
2300
2301         The generated bindings still have some non-spec compliant behavior
2302         though:
2303         1. The getters / setters of instance properties use slotBase instead
2304            of thisValue, which means that calling instanceA's getter on
2305            instanceB returns instanceA's property insteas of instanceB's.
2306         2. Global object property getters should not require an explicit
2307            |this| so calling the following should work:
2308            - Object.getOwnPropertyDescriptor(window, "location").get.call()
2309            We currently throw in this case.
2310
2311         These issues will be addressed in follow-up patches.
2312
2313         Tests: js/getOwnPropertyDescriptor-unforgeable-attributes.html
2314                js/getOwnPropertyDescriptor-window-attributes.html
2315                js/instance-property-getter-other-instance.html
2316
2317         * bindings/scripts/CodeGeneratorJS.pm:
2318         (GenerateImplementation):
2319         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
2320         (WebCore::jsTestActiveDOMObjectExcitingAttr):
2321         * bindings/scripts/test/JS/JSTestException.cpp:
2322         (WebCore::jsTestExceptionName):
2323         * bindings/scripts/test/JS/JSTestObj.cpp:
2324         (WebCore::jsTestObjConstructorTestSubObj):
2325         (WebCore::jsTestObjTestSubObjEnabledBySettingConstructor):
2326         (WebCore::jsTestObjConditionalAttr4Constructor):
2327         (WebCore::jsTestObjConditionalAttr5Constructor):
2328         (WebCore::jsTestObjConditionalAttr6Constructor):
2329         (WebCore::jsTestObjContentDocument):
2330         (WebCore::setJSTestObjTestSubObjEnabledBySettingConstructor):
2331         (WebCore::setJSTestObjConditionalAttr4Constructor):
2332         (WebCore::setJSTestObjConditionalAttr5Constructor):
2333         (WebCore::setJSTestObjConditionalAttr6Constructor):
2334         (WebCore::setJSTestObjConstructor): Deleted.
2335         (WebCore::setJSTestObjConstructorStaticStringAttr): Deleted.
2336         (WebCore::setJSTestObjConditionalAttr3): Deleted.
2337         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
2338         (WebCore::jsTestTypedefsConstructorTestSubObj):
2339
2340 2016-02-04  Brady Eidson  <beidson@apple.com>
2341
2342         Modern IDB: LayoutTest imported/w3c/indexeddb/keyorder-private.html is flaky.
2343         https://bugs.webkit.org/show_bug.cgi?id=153438.
2344
2345         Reviewed by Alex Christensen.
2346
2347         Tests: storage/indexeddb/modern/idbkey-array-equality-private.html
2348                storage/indexeddb/modern/idbkey-array-equality.html
2349
2350         * Modules/indexeddb/IDBKeyData.cpp:
2351         (WebCore::IDBKeyData::loggingString):
2352         (WebCore::IDBKeyData::operator==): Fix obvious bug.
2353
2354 2016-02-04  Chris Dumez  <cdumez@apple.com>
2355
2356         Unreviewed, fix the EFL clean build after r196123
2357         https://bugs.webkit.org/show_bug.cgi?id=153875
2358
2359         * CMakeLists.txt:
2360         * PlatformGTK.cmake:
2361         * PlatformMac.cmake:
2362         * html/DOMSettableTokenList.h:
2363         * html/DOMSettableTokenList.idl:
2364
2365 2016-02-04  Eric Carlson  <eric.carlson@apple.com>
2366
2367         PageGroup::captionPreferences should return a reference
2368         https://bugs.webkit.org/show_bug.cgi?id=153877
2369         <rdar://problem/24506917>
2370
2371         Reviewed by Jer Noble.
2372
2373         No new tests, no functional change.
2374
2375         * Modules/mediacontrols/MediaControlsHost.cpp:
2376         (WebCore::MediaControlsHost::sortedTrackListForMenu):
2377         (WebCore::MediaControlsHost::displayNameForTrack):
2378         (WebCore::MediaControlsHost::captionMenuOffItem):
2379         (WebCore::MediaControlsHost::captionDisplayMode):
2380         * dom/Document.cpp:
2381         (WebCore::Document::registerForCaptionPreferencesChangedCallbacks):
2382         * html/HTMLMediaElement.cpp:
2383         (WebCore::HTMLMediaElement::HTMLMediaElement):
2384         (WebCore::HTMLMediaElement::addTextTrack):
2385         (WebCore::HTMLMediaElement::configureTextTrackGroup):
2386         (WebCore::HTMLMediaElement::setSelectedTextTrack):
2387         (WebCore::HTMLMediaElement::configureTextTracks):
2388         (WebCore::HTMLMediaElement::captionPreferencesChanged):
2389         (WebCore::HTMLMediaElement::mediaPlayerPreferredAudioCharacteristics):
2390         * html/shadow/MediaControlElements.cpp:
2391         (WebCore::MediaControlClosedCaptionsTrackListElement::updateDisplay):
2392         (WebCore::MediaControlClosedCaptionsTrackListElement::rebuildTrackListMenu):
2393         (WebCore::MediaControlTextTrackContainerElement::updateActiveCuesFontSize):
2394         * page/PageGroup.cpp:
2395         (WebCore::PageGroup::captionPreferencesChanged):
2396         (WebCore::PageGroup::captionPreferences):
2397         * page/PageGroup.h:
2398         * platform/cocoa/WebVideoFullscreenModelVideoElement.mm:
2399         (WebVideoFullscreenModelVideoElement::updateLegibleOptions):
2400         * testing/InternalSettings.cpp:
2401         (WebCore::InternalSettings::setShouldDisplayTrackKind):
2402         (WebCore::InternalSettings::shouldDisplayTrackKind):
2403         * testing/Internals.cpp:
2404         (WebCore::Internals::resetToConsistentState):
2405         (WebCore::Internals::Internals):
2406         (WebCore::Internals::userPreferredAudioCharacteristics):
2407         (WebCore::Internals::setUserPreferredAudioCharacteristic):
2408         (WebCore::Internals::captionsStyleSheetOverride):
2409         (WebCore::Internals::setCaptionsStyleSheetOverride):
2410         (WebCore::Internals::setPrimaryAudioTrackLanguageOverride):
2411         (WebCore::Internals::setCaptionDisplayMode):
2412
2413 2016-02-04  Konstantin Tokarev  <annulen@yandex.ru>
2414
2415         Removed unused Settings::setPrivateBrowsingEnabled.
2416         https://bugs.webkit.org/show_bug.cgi?id=153869
2417
2418         Reviewed by Alexey Proskuryakov.
2419
2420         Implementation of Settings::setPrivateBrowsingEnabled was removed
2421         in r166661, but declaration is still here.
2422
2423         No new tests needed.
2424
2425         * page/Settings.h:
2426         (WebCore::Settings::setPrivateBrowsingEnabled): Deleted.
2427
2428 2016-02-04  Eric Carlson  <eric.carlson@apple.com>
2429
2430         Don't discard in-band cues with negative start times
2431         https://bugs.webkit.org/show_bug.cgi?id=153867
2432         <rdar://problem/19588632>
2433
2434         Reviewed by Jer Noble.
2435
2436         No new tests, updated and un-skipped http/tests/media/track-in-band-hls-metadata.html.
2437
2438         * platform/graphics/avfoundation/InbandMetadataTextTrackPrivateAVF.cpp:
2439         (WebCore::InbandMetadataTextTrackPrivateAVF::addDataCue):  ASSERT if passed negative time value.
2440         (WebCore::InbandMetadataTextTrackPrivateAVF::updatePendingCueEndTimes): Ditto. Correct logging.
2441
2442         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
2443         (WebCore::MediaPlayerPrivateAVFoundationObjC::processCue): ASSERT if passed negative time value.
2444         (WebCore::MediaPlayerPrivateAVFoundationObjC::metadataDidArrive): Convert negative cue times to zero.
2445         (-[WebCoreAVFMovieObserver legibleOutput:didOutputAttributedStrings:nativeSampleBuffers:forItemTime:]):
2446           Ditto.
2447
2448 2016-02-04  Hyemi Shin  <hyemi.sin@samsung.com>
2449
2450         Specify an exception for createChannelMerger, createChannelSplitter and createPeriodicWave
2451         https://bugs.webkit.org/show_bug.cgi?id=150925
2452
2453         Reviewed by Darin Adler.
2454
2455         createChannelMerger and createChannelSplitter should throw INDEX_SIZE_ERR
2456         for invalid numberOfInputs value.
2457         createPeriodicWave should throw INDEX_SIZE_ERR for invalid lengths of parameters.
2458
2459         Tests: webaudio/audiochannelmerger-basic.html
2460                webaudio/audiochannelsplitter.html
2461                webaudio/periodicwave-lengths.html
2462
2463         * Modules/webaudio/AudioContext.cpp:
2464         (WebCore::AudioContext::createChannelSplitter):
2465         (WebCore::AudioContext::createChannelMerger):
2466         (WebCore::AudioContext::createPeriodicWave):
2467
2468 2016-02-04  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2469
2470         [Fetch API] Add support for iterating over Headers
2471         https://bugs.webkit.org/show_bug.cgi?id=153787
2472
2473         Reviewed by Darin Adler.
2474
2475         Relanding, updating bindings/js/JSKeyValueIterator.h for Windows bots.
2476
2477         Covered by updated tests.
2478         Introducing template class (JSKeyValueIterator) to support key-value iterators in DOM classes.
2479         Using JSKeyValueIterator to implement Headers entries(), keys() and values() as custom methods.
2480         Binding generator should be updated to generate directly these custom methods and handle iterator Symbol.
2481
2482         * CMakeLists.txt:
2483         * Modules/fetch/FetchHeaders.cpp:
2484         (WebCore::FetchHeaders::Iterator::next):
2485         (WebCore::FetchHeaders::Iterator::Iterator):
2486         * Modules/fetch/FetchHeaders.h:
2487         (WebCore::FetchHeaders::createIterator):
2488         * Modules/fetch/FetchHeaders.idl:
2489         * WebCore.xcodeproj/project.pbxproj:
2490         * bindings/js/JSBindingsAllInOne.cpp:
2491         * bindings/js/JSDOMBinding.h:
2492         (WebCore::jsPair):
2493         * bindings/js/JSFetchHeadersCustom.cpp: Added.
2494         (WebCore::JSFetchHeaders::entries):
2495         (WebCore::JSFetchHeaders::keys):
2496         (WebCore::JSFetchHeaders::values):
2497         * bindings/js/JSKeyValueIterator.h: Added.
2498         (WebCore::JSKeyValueIteratorPrototype::create):
2499         (WebCore::JSKeyValueIteratorPrototype::createStructure):
2500         (WebCore::JSKeyValueIteratorPrototype::JSKeyValueIteratorPrototype):
2501         (WebCore::createIterator):
2502         (WebCore::DOMWrapped>::destroy):
2503         (WebCore::DOMWrapped>::next):
2504         (WebCore::DOMWrapped>::finishCreation):
2505
2506 2016-02-04  Chris Dumez  <cdumez@apple.com>
2507
2508         Merge DOMTokenList and DOMSettableTokenList
2509         https://bugs.webkit.org/show_bug.cgi?id=153677
2510         <rdar://problem/24419675>
2511
2512         Reviewed by Sam Weinig.
2513
2514         Merge DOMTokenList and DOMSettableTokenList, as per a recent
2515         specification change:
2516         - https://github.com/whatwg/dom/pull/120
2517         - https://github.com/whatwg/html/issues/361
2518
2519         No new tests, already covered by existing tests.
2520
2521         * CMakeLists.txt:
2522         * DerivedSources.cpp:
2523         * WebCore.vcxproj/WebCore.vcxproj:
2524         * WebCore.vcxproj/WebCore.vcxproj.filters:
2525         * WebCore.xcodeproj/project.pbxproj:
2526         * dom/Element.idl:
2527         * dom/Node.h:
2528         * dom/NodeRareData.h:
2529         * html/AttributeDOMTokenList.h:
2530         * html/DOMSettableTokenList.cpp: Removed.
2531         * html/DOMSettableTokenList.h:
2532         * html/DOMSettableTokenList.idl:
2533         * html/DOMTokenList.cpp:
2534         (WebCore::DOMTokenList::setValue):
2535         * html/DOMTokenList.h:
2536         * html/DOMTokenList.idl:
2537         * html/HTMLAnchorElement.idl:
2538         * html/HTMLAreaElement.idl:
2539         * html/HTMLElement.cpp:
2540         * html/HTMLElement.idl:
2541         * html/HTMLIFrameElement.cpp:
2542         (WebCore::HTMLIFrameElement::sandbox):
2543         * html/HTMLIFrameElement.h:
2544         * html/HTMLIFrameElement.idl:
2545         * html/HTMLLinkElement.cpp:
2546         (WebCore::HTMLLinkElement::sizes):
2547         * html/HTMLLinkElement.h:
2548         * html/HTMLLinkElement.idl:
2549         * html/HTMLOutputElement.cpp:
2550         (WebCore::HTMLOutputElement::htmlFor):
2551         * html/HTMLOutputElement.h:
2552         * html/HTMLOutputElement.idl:
2553         * html/HTMLTableCellElement.idl:
2554         * page/DOMWindow.cpp:
2555         * page/DOMWindow.idl:
2556
2557 2016-02-04  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2558
2559         Unreviewed.
2560         Reverting r196115 and r19116, related tohttps://bugs.webkit.org/show_bug.cgi?id=153787.
2561
2562 2016-02-04  Alejandro G. Castro  <alex@igalia.com>
2563
2564         [GTK] Implement mediastream mediaplayer
2565         https://bugs.webkit.org/show_bug.cgi?id=153541
2566
2567         Reviewed by Martin Robinson.
2568
2569         Added the implementation of the mediaplayer for the
2570         mediastream. The code was implemented by Philippe Normand and
2571         Alessandro Decina.
2572
2573         * PlatformGTK.cmake: Added the file to the compilation.
2574         * html/HTMLMediaElement.cpp:
2575         (WebCore::HTMLMediaElement::setSrcObject): Set the src of the
2576         media element to the mediastream.
2577         * platform/graphics/MediaPlayer.cpp:
2578         (WebCore::buildMediaEnginesVector): Register the mediastream
2579         mediaplayer as an option in the media engines vector.
2580         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.cpp: Added.
2581         (WebCore::MediaPlayerPrivateGStreamerOwr::MediaPlayerPrivateGStreamerOwr):
2582         (WebCore::MediaPlayerPrivateGStreamerOwr::~MediaPlayerPrivateGStreamerOwr):
2583         (WebCore::MediaPlayerPrivateGStreamerOwr::play):
2584         (WebCore::MediaPlayerPrivateGStreamerOwr::pause):
2585         (WebCore::MediaPlayerPrivateGStreamerOwr::hasVideo):
2586         (WebCore::MediaPlayerPrivateGStreamerOwr::hasAudio):
2587         (WebCore::MediaPlayerPrivateGStreamerOwr::currentTime):
2588         (WebCore::MediaPlayerPrivateGStreamerOwr::load):
2589         (WebCore::MediaPlayerPrivateGStreamerOwr::loadingFailed):
2590         (WebCore::MediaPlayerPrivateGStreamerOwr::didLoadingProgress):
2591         (WebCore::MediaPlayerPrivateGStreamerOwr::internalLoad):
2592         (WebCore::MediaPlayerPrivateGStreamerOwr::stop):
2593         (WebCore::MediaPlayerPrivateGStreamerOwr::registerMediaEngine):
2594         (WebCore::MediaPlayerPrivateGStreamerOwr::getSupportedTypes):
2595         (WebCore::MediaPlayerPrivateGStreamerOwr::supportsType):
2596         (WebCore::MediaPlayerPrivateGStreamerOwr::isAvailable):
2597         (WebCore::MediaPlayerPrivateGStreamerOwr::createGSTAudioSinkBin):
2598         (WebCore::MediaPlayerPrivateGStreamerOwr::sourceStopped):
2599         (WebCore::MediaPlayerPrivateGStreamerOwr::sourceMutedChanged):
2600         (WebCore::MediaPlayerPrivateGStreamerOwr::sourceSettingsChanged):
2601         (WebCore::MediaPlayerPrivateGStreamerOwr::preventSourceFromStopping):
2602         (WebCore::MediaPlayerPrivateGStreamerOwr::createVideoSink):
2603         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerOwr.h: Added.
2604         (WebCore::MediaPlayerPrivateGStreamerOwr::engineDescription):
2605         (WebCore::MediaPlayerPrivateGStreamerOwr::load):
2606         (WebCore::MediaPlayerPrivateGStreamerOwr::cancelLoad):
2607         (WebCore::MediaPlayerPrivateGStreamerOwr::prepareToPlay):
2608         (WebCore::MediaPlayerPrivateGStreamerOwr::duration):
2609         (WebCore::MediaPlayerPrivateGStreamerOwr::seek):
2610         (WebCore::MediaPlayerPrivateGStreamerOwr::seeking):
2611         (WebCore::MediaPlayerPrivateGStreamerOwr::setRate):
2612         (WebCore::MediaPlayerPrivateGStreamerOwr::setPreservesPitch):
2613         (WebCore::MediaPlayerPrivateGStreamerOwr::paused):
2614         (WebCore::MediaPlayerPrivateGStreamerOwr::hasClosedCaptions):
2615         (WebCore::MediaPlayerPrivateGStreamerOwr::setClosedCaptionsVisible):
2616         (WebCore::MediaPlayerPrivateGStreamerOwr::maxTimeSeekable):
2617         (WebCore::MediaPlayerPrivateGStreamerOwr::buffered):
2618         (WebCore::MediaPlayerPrivateGStreamerOwr::totalBytes):
2619         (WebCore::MediaPlayerPrivateGStreamerOwr::bytesLoaded):
2620         (WebCore::MediaPlayerPrivateGStreamerOwr::canLoadPoster):
2621         (WebCore::MediaPlayerPrivateGStreamerOwr::setPoster):
2622         (WebCore::MediaPlayerPrivateGStreamerOwr::isLiveStream):
2623         (WebCore::MediaPlayerPrivateGStreamerOwr::audioSink):
2624
2625 2016-02-04  Youenn Fablet  <youenn.fablet@crf.canon.fr>
2626
2627         [Fetch API] Add support for iterating over Headers
2628         https://bugs.webkit.org/show_bug.cgi?id=153787
2629
2630         Reviewed by Darin Adler.
2631
2632         Covered by updated tests.
2633         Introducing template class (JSKeyValueIterator) to support key-value iterators in DOM classes.
2634         Using JSKeyValueIterator to implement Headers entries(), keys() and values() as custom methods.
2635         Binding generator should be updated to generate directly these custom methods and handle iterator Symbol.
2636
2637         * CMakeLists.txt:
2638         * Modules/fetch/FetchHeaders.cpp:
2639         (WebCore::FetchHeaders::Iterator::next):
2640         (WebCore::FetchHeaders::Iterator::Iterator):
2641         * Modules/fetch/FetchHeaders.h:
2642         (WebCore::FetchHeaders::createIterator):
2643         * Modules/fetch/FetchHeaders.idl:
2644         * WebCore.xcodeproj/project.pbxproj:
2645         * bindings/js/JSDOMBinding.h:
2646         (WebCore::jsPair):
2647         * bindings/js/JSBindingsAllInOne.cpp:
2648         * bindings/js/JSFetchHeadersCustom.cpp: Added.
2649         (WebCore::JSFetchHeaders::entries):
2650         (WebCore::JSFetchHeaders::keys):
2651         (WebCore::JSFetchHeaders::values):
2652         * bindings/js/JSKeyValueIterator.h: Added.
2653         (WebCore::JSKeyValueIteratorPrototype::create):
2654         (WebCore::JSKeyValueIteratorPrototype::createStructure):
2655         (WebCore::JSKeyValueIteratorPrototype::JSKeyValueIteratorPrototype):
2656         (WebCore::JSKeyValueIteratorPrototypeFuncNext):
2657
2658 2016-02-03  Carlos Garcia Campos  <cgarcia@igalia.com>
2659
2660         Do not show context menu when right clicking on a scrollbar
2661         https://bugs.webkit.org/show_bug.cgi?id=153493
2662
2663         Reviewed by Michael Catanzaro.
2664
2665         Scrollbars don't currently handle right clicks, but we are showing
2666         the context menu when they are right clicked. This is not desired
2667         at least in GTK+ and I've checked that it isn't consistent with
2668         other applications in Mac either.
2669
2670         Test: fast/events/contextmenu-on-scrollbars.html
2671
2672         * page/EventHandler.cpp:
2673         (WebCore::EventHandler::sendContextMenuEvent):
2674
2675 2016-02-03  Andreas Kling  <akling@apple.com>
2676
2677         [iOS] Throw away linked code when navigating to a new page.
2678         <https://webkit.org/b/153851>
2679
2680         Reviewed by Gavin Barraclough.
2681
2682         When navigating to a new page, tell JSC to throw out any linked code it has lying around.
2683         Linked code is tied to a specific global object, and as we're creating a new one for the
2684         new page, none of it is useful to us here.
2685         In the event that the user navigates back, the cost of relinking some code will be far
2686         lower than the memory cost of keeping all of it around.
2687
2688         * bindings/js/GCController.cpp:
2689         (WebCore::GCController::deleteAllLinkedCode):
2690         * bindings/js/GCController.h:
2691         * loader/FrameLoader.cpp:
2692         (WebCore::FrameLoader::commitProvisionalLoad):
2693
2694 2016-02-03  Alex Christensen  <achristensen@webkit.org>
2695
2696         Report wasBlocked and cannotShowURL errors when using NetworkSession
2697         https://bugs.webkit.org/show_bug.cgi?id=153846
2698
2699         Reviewed by Antti Koivisto.
2700
2701         No new tests, but this fixes http/tests/xmlhttprequest/redirect-cross-origin-2.html
2702         when using NetworkSession.
2703
2704         * platform/URL.h:
2705         WEBCORE_EXPORT because we are using portAllowed in WebKit2 now.
2706
2707 2016-02-03  Jer Noble  <jer.noble@apple.com>
2708
2709         iOS build fix after Yosemite build fix broke iOS build.
2710
2711         * platform/network/cocoa/WebCoreNSURLSession.h:
2712         * platform/network/cocoa/WebCoreNSURLSession.mm:
2713
2714 2016-02-03  Beth Dakin  <bdakin@apple.com>
2715
2716         Accepted candidates should not be autocorrected
2717         https://bugs.webkit.org/show_bug.cgi?id=153813
2718         -and corresponding-
2719         rdar://problem/24066924
2720
2721         Reviewed by Darin Adler.
2722
2723         New document marker to mark inserted candidates. This was we can treat 
2724         inserted candidates just like a RejectedCorrection and we won’t accidentally 
2725         autocorrect them later on.
2726         * dom/DocumentMarker.h:
2727         (WebCore::DocumentMarker::AllMarkers::AllMarkers):
2728         * editing/AlternativeTextController.cpp:
2729         (WebCore::AlternativeTextController::processMarkersOnTextToBeReplacedByResult):
2730
2731         When handling an acceptant candidate, set m_isHandlingAcceptedCandidate to
2732         true while the text is being inserted, and then mark the range as an accepted 
2733         candidate.
2734         * editing/Editor.cpp:
2735         (WebCore::Editor::handleAcceptedCandidate):
2736         * editing/Editor.h:
2737         (WebCore::Editor::isHandlingAcceptedCandidate):
2738
2739         If frame.editor. isHandlingAcceptedCandidate() then return early from 
2740         markMisspellingsAfterTyping.
2741         * editing/TypingCommand.cpp:
2742         (WebCore::TypingCommand::markMisspellingsAfterTyping):
2743
2744         Add some test infrastructure. 
2745         * testing/Internals.cpp:
2746         (WebCore::Internals::handleAcceptedCandidate):
2747         * testing/Internals.h:
2748         * testing/Internals.idl:
2749
2750 2016-02-03  Jer Noble  <jer.noble@apple.com>
2751
2752         [Win] Pass entire request (rather than just URL) to clients of WebCoreAVCFResourceLoader
2753         https://bugs.webkit.org/show_bug.cgi?id=153653
2754
2755         Reviewed by Brent Fulgham.
2756
2757         This will allow those clients to see the byte-range request ("Range:") header and respond
2758         appropriately.
2759
2760         * platform/graphics/avfoundation/cf/WebCoreAVCFResourceLoader.cpp:
2761         (WebCore::WebCoreAVCFResourceLoader::startLoading):
2762
2763 2016-02-03  Jer Noble  <jer.noble@apple.com>
2764
2765         Yosemite build fix; hide the entire WebCoreNSURLSessionDataTask class from Yosemite and prior.
2766
2767         * platform/network/cocoa/WebCoreNSURLSession.h:
2768         * platform/network/cocoa/WebCoreNSURLSession.mm:
2769         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]):
2770         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):
2771
2772 2016-02-03  Jer Noble  <jer.noble@apple.com>
2773
2774         [EME][Mac] MediaKeys.createSession() fails with initData containing a contentId whose length is > 1/2 the initData.
2775         https://bugs.webkit.org/show_bug.cgi?id=153517
2776         <rdar://problem/24303782>
2777
2778         Reviewed by Eric Carlson.
2779
2780         The length of contentId is given in bytes, not Uint16 characters. Use the former when extracting
2781         the contentId string from the initData.
2782
2783         * platform/graphics/avfoundation/MediaPlayerPrivateAVFoundation.cpp:
2784         (WebCore::MediaPlayerPrivateAVFoundation::extractKeyURIKeyIDAndCertificateFromInitData):
2785
2786 2016-02-03  Jer Noble  <jer.noble@apple.com>
2787
2788         [Mac] Wrap a resource and resource loader in a NSURLSession-like object for use by lower level frameworks
2789         https://bugs.webkit.org/show_bug.cgi?id=153669
2790
2791         Reviewed by Alex Christensen.
2792
2793         API Test: WebCore.WebCoreNSURLSession
2794
2795         Add a NSURLSession-like object, which wraps a CachedResourceLoader and CachedRawResource, which we can
2796         hand to lower-level frameworks, so that network loads by those frameworks use WebKit's loader.
2797
2798         * platform/network/cocoa/WebCoreNSURLSession.h: Added.
2799         * platform/network/cocoa/WebCoreNSURLSession.mm: Added.
2800         (-[WebCoreNSURLSession initWithResourceLoader:delegate:delegateQueue:]):
2801         (-[WebCoreNSURLSession dealloc]):
2802         (-[WebCoreNSURLSession copyWithZone:]):
2803         (-[WebCoreNSURLSession delegateQueue]):
2804         (-[WebCoreNSURLSession configuration]):
2805         (-[WebCoreNSURLSession loader]):
2806         (-[WebCoreNSURLSession finishTasksAndInvalidate]):
2807         (-[WebCoreNSURLSession invalidateAndCancel]):
2808         (-[WebCoreNSURLSession resetWithCompletionHandler:]):
2809         (-[WebCoreNSURLSession flushWithCompletionHandler:]):
2810         (-[WebCoreNSURLSession getTasksWithCompletionHandler:]):
2811         (-[WebCoreNSURLSession getAllTasksWithCompletionHandler:]):
2812         (-[WebCoreNSURLSession dataTaskWithRequest:]):
2813         (-[WebCoreNSURLSession dataTaskWithURL:]):
2814         (-[WebCoreNSURLSession uploadTaskWithRequest:fromFile:]):
2815         (-[WebCoreNSURLSession uploadTaskWithRequest:fromData:]):
2816         (-[WebCoreNSURLSession uploadTaskWithStreamedRequest:]):
2817         (-[WebCoreNSURLSession downloadTaskWithRequest:]):
2818         (-[WebCoreNSURLSession downloadTaskWithURL:]):
2819         (-[WebCoreNSURLSession downloadTaskWithResumeData:]):
2820         (-[WebCoreNSURLSession streamTaskWithHostName:port:]):
2821         (-[WebCoreNSURLSession streamTaskWithNetService:]):
2822         (-[WebCoreNSURLSession isKindOfClass:]):
2823
2824         Add a C++ class which can act as a CachedRawResourceClient, passing the results back to a WebCoreNSURLSessionDataTask:
2825
2826         (WebCore::WebCoreNSURLSessionDataTaskClient::WebCoreNSURLSessionDataTaskClient):
2827         (WebCore::WebCoreNSURLSessionDataTaskClient::dataSent):
2828         (WebCore::WebCoreNSURLSessionDataTaskClient::responseReceived):
2829         (WebCore::WebCoreNSURLSessionDataTaskClient::dataReceived):
2830         (WebCore::WebCoreNSURLSessionDataTaskClient::redirectReceived):
2831         (WebCore::WebCoreNSURLSessionDataTaskClient::notifyFinished):
2832
2833         Add a NSURLSessionDataTask-like object, which takes a request, then uses it to create and wrap a CachedRawResource.
2834         Becase NSURSessionDataTask is intended to be used off-main-thread, care must be taken to dispatch back to the main-
2835         (or web-) thread before calling CachedRawResource functions.
2836
2837         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:URL:]):
2838         (-[WebCoreNSURLSessionDataTask initWithSession:identifier:request:]):
2839         (-[WebCoreNSURLSessionDataTask copyWithZone:]):
2840         (-[WebCoreNSURLSessionDataTask _restart]):
2841         (-[WebCoreNSURLSessionDataTask _cancel]):
2842         (-[WebCoreNSURLSessionDataTask _finish]):
2843         (-[WebCoreNSURLSessionDataTask _setDefersLoading:]):
2844         (-[WebCoreNSURLSessionDataTask cancel]):
2845         (-[WebCoreNSURLSessionDataTask suspend]):
2846         (-[WebCoreNSURLSessionDataTask resume]):
2847         (-[WebCoreNSURLSessionDataTask _timingData]):
2848         (-[WebCoreNSURLSessionDataTask resource:sentBytes:totalBytesToBeSent:]):
2849         (-[WebCoreNSURLSessionDataTask resource:receivedResponse:]):
2850         (-[WebCoreNSURLSessionDataTask resource:receivedData:length:]):
2851         (-[WebCoreNSURLSessionDataTask resource:receivedRedirect:request:]):
2852         (-[WebCoreNSURLSessionDataTask resourceFinished:]):
2853         * WebCore.xcodeproj/project.pbxproj: Add new files to project.
2854
2855 2016-02-03  Darin Adler  <darin@apple.com>
2856
2857         Convert another batch of String::lower callsites to something better, typically convertToASCIILowercase
2858         https://bugs.webkit.org/show_bug.cgi?id=153789
2859
2860         Reviewed by Sam Weinig.
2861
2862         * dom/DOMImplementation.cpp:
2863         (WebCore::DOMImplementation::isXMLMIMEType): Use equalLettersIgnoringASCIICase
2864         and the boolean argument to endsWith to ignore ASCII case.
2865         (WebCore::DOMImplementation::isTextMIMEType): Ditto. Also simplified the logic
2866         by removing an if statement.
2867
2868         * dom/Document.cpp:
2869         (WebCore::isSeparator): Deleted. Moved to WindowFeatures.cpp.
2870         (WebCore::processArguments): Ditto.
2871         (WebCore::Document::processViewport): Call the processFeaturesString function
2872         from WindowFeatures.h; the code here was originally just a pasted copy of that code!
2873         (WebCore::Document::processFormatDetection): Ditto.
2874
2875         * html/HTMLCanvasElement.cpp:
2876         (WebCore::HTMLCanvasElement::toEncodingMimeType): Remove now-unneeded
2877         lowercasing of MIME type before calling isSupportedImageMIMETypeForEncoding,
2878         since the MIME type registry now ignores ASCII case. Use convertToASCIILowercase
2879         on the return value, to preserve behavior.
2880         (WebCore::HTMLCanvasElement::toDataURL): Minor coding style tweaks.
2881
2882         * html/HTMLEmbedElement.cpp:
2883         (WebCore::HTMLEmbedElement::parseAttribute): Use convertToASCIILowercase for
2884         the service type here.
2885
2886         * html/HTMLImageElement.cpp:
2887         (WebCore::HTMLImageElement::bestFitSourceFromPictureElement): Remove now-unneeded
2888         lowercasing since MIME type registry now ignores ASCII case. And use
2889         equalLettersIgnoringASCIICase for the case here.
2890
2891         * html/HTMLInputElement.cpp:
2892         (WebCore::parseAcceptAttribute): Use convertToASCIILowercase for the type here.
2893
2894         * html/HTMLLinkElement.cpp:
2895         (WebCore::HTMLLinkElement::parseAttribute): Use convertToASCIILowercase for the
2896         media value here.
2897
2898         * html/HTMLMediaElement.cpp:
2899         (WebCore::HTMLMediaElement::canPlayType): Use convertToASCIILowercase for the
2900         content type here.
2901         (WebCore::HTMLMediaElement::selectNextSourceChild): Ditto.
2902
2903         * html/HTMLObjectElement.cpp:
2904         (WebCore::HTMLObjectElement::parseAttribute): Use convertToASCIILowercase for
2905         the service type here.
2906
2907         * html/HTMLTrackElement.cpp:
2908         (WebCore::HTMLTrackElement::parseAttribute): Use convertToASCIILowercase for
2909         the kind here.
2910         (WebCore::HTMLTrackElement::ensureTrack): Ditto. Also use fastGetAttribute
2911         since this is neither the style attribute nor an animatable SVG attribute.
2912
2913         * html/parser/HTMLTreeBuilder.cpp:
2914         (WebCore::createCaseMap): Use convertToASCIILowercase for the local names here.
2915
2916         * inspector/DOMPatchSupport.cpp:
2917         (WebCore::DOMPatchSupport::patchNode): Use containsIgnoringASCIICase instead
2918         of combining lower with find == notFound here.
2919         (WebCore::nodeName): Use convertToASCIILowercase here.
2920
2921         * inspector/InspectorOverlay.cpp:
2922         (WebCore::buildObjectForElementData): Use convertToASCIILowercase for node
2923         name here.
2924
2925         * inspector/InspectorPageAgent.cpp:
2926         (WebCore::createXHRTextDecoder): Remove a now-unneeded call to lower since
2927         DOMImplementation::isXMLMIMEType now ignores ASCII case.
2928
2929         * inspector/InspectorStyleSheet.cpp:
2930         (WebCore::lowercasePropertyName): Use convertToASCIILowercase for property
2931         names here. Also use startsWith rather than a hand-written alternative.
2932         (WebCore::InspectorStyle::populateAllProperties): Use the return value of
2933         the add function to avoid doing a double hash table lookp.
2934         (WebCore::InspectorStyle::styleWithProperties): Use convertToASCIILowercase
2935         to lowercase the property name.
2936
2937         * inspector/NetworkResourcesData.cpp:
2938         (WebCore::createOtherResourceTextDecoder): Remove unneeded call to lower since
2939         DOMImplement::isXMLMIMEType now ignores ASCII case.
2940
2941         * loader/CrossOriginAccessControl.cpp:
2942         (WebCore::createAccessControlPreflightRequest): Use convertToASCIILowercase
2943         to lowercase the access control request header field value.
2944
2945         * loader/cache/CachedScript.cpp:
2946         (WebCore::CachedScript::mimeType): Use convertToASCIILowercase on the content type.
2947
2948         * page/CaptionUserPreferencesMediaAF.cpp:
2949         (WebCore::languageIdentifier): Use convertToASCIILowercase on the language code.
2950
2951         * page/DOMWindow.cpp:
2952         (WebCore::DOMWindow::open): Call parseWindowFeatures instead of using the
2953         constructor for WindowFeatures.
2954         (WebCore::DOMWindow::showModalDialog): Call parseDialogFeatures instead of
2955         using the constructor for WindowFeatures.
2956
2957         * page/EventHandler.cpp:
2958         (WebCore::findDropZone): Remove unneeded lowercasing and empty string checking,
2959         and use the option SpaceSplitString already has to convert to lowercase.
2960         (WebCore::EventHandler::handleAccessKey): Remove unneeded call to lower since
2961         getElementByAccessKey now ignores case. Also tweaked coding style a bit.
2962
2963         * page/OriginAccessEntry.cpp:
2964         (WebCore::OriginAccessEntry::OriginAccessEntry): Use convertToASCIILowercase
2965         on the protocol and host.
2966         (WebCore::OriginAccessEntry::matchesOrigin): Ditto.
2967
2968         * page/SecurityOrigin.cpp:
2969         (WebCore::shouldTreatAsUniqueOrigin): Remove unneeded call to lower since
2970         SchemeRegistry now ignores ASCII case.
2971         (WebCore::SecurityOrigin::SecurityOrigin): Use convertToASCIILowercase on
2972         the protocol and host.
2973         (WebCore::SecurityOrigin::setDomainFromDOM): Use convertToASCIILowercase on
2974         the domain.
2975         (WebCore::SecurityOrigin::canDisplay): Remove call to lower since SchemeRegistry
2976         now ignores ASCII case and because this now uses equalIgnoringASCIICase in
2977         one place that used to use exact matching.
2978
2979         * page/WindowFeatures.cpp: Refactored so this is now some helper functions
2980         plus a struct rather than a class.
2981         (WebCore::isSeparator): Renamed this and removed special handling for NUL.
2982         (WebCore::parseWindowFeatures): Moved the code that was formerly in the
2983         WindowFeatures constructor in here. Refactored the parsing into the
2984         processFeaturesString function, shared with the functions in Document that
2985         do the same kind of parsing. Removed the code that converts the entire string
2986         to lowercase before parsing.
2987         (WebCore::processFeaturesString): Moved the improved version of this function
2988         here from Document.cpp; more efficient because it doesn't allocate strings.
2989         (WebCore::setWindowFeature): Changed to be a function private to this file
2990         with internal linkage. Use equalLettersIgnoringASCIICase so we no longer
2991         rely on converting the string to lowercase before parsing.
2992         (WebCore::parseDialogFeatures): Similar refactoring, but also changed all
2993         the default handling to use Optional<> instead of default values.
2994         (WebCore::boolFeature): Changed to use option and to ignore ASCII case.
2995         (WebCore::floatFeature): Ditto.
2996         (WebCore::parseDialogFeaturesMap): Removed the calls to lower, which are
2997         not needed any more.
2998
2999         * page/WindowFeatures.h: Added default values for all the data members,
3000         and removed all the functions from the WindowFeatures struct. Added the two
3001         functions for parsing window and dialog features. Also added the
3002         processFeaturesString function so we can share it with Document.cpp.
3003
3004         * platform/SchemeRegistry.cpp:
3005         (WebCore::SchemeRegistry::removeURLSchemeRegisteredAsLocal): Use
3006         equalLettersIgnoringASCIICase to ignore ASCII case.
3007
3008         * platform/efl/MIMETypeRegistryEfl.cpp:
3009         (WebCore::MIMETypeRegistry::getMIMETypeForExtension): Use a modern for loop,
3010         and equalIgnoringASCIICase rather than calling lower.
3011
3012         * platform/graphics/MediaPlayer.cpp:
3013         (WebCore::MediaPlayer::load): Use convertToASCIILowercase on MIME type and
3014         key system.
3015         (WebCore::MediaPlayer::generateKeyRequest): Ditto.
3016         (WebCore::MediaPlayer::addKey): Ditto.
3017         (WebCore::MediaPlayer::cancelKeyRequest): Ditto.
3018
3019         * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
3020         (WebCore::Extensions3DOpenGLCommon::Extensions3DOpenGLCommon): Use
3021         convertToASCIILowercase on vendor string.
3022
3023         * platform/gtk/MIMETypeRegistryGtk.cpp:
3024         (WebCore::MIMETypeRegistry::getMIMETypeForExtension): Use a modern for loop,
3025         and equalIgnoringASCIICase rather than calling lower.
3026
3027         * platform/mac/PasteboardMac.mm:
3028         (WebCore::cocoaTypeFromHTMLClipboardType): Use convertToASCIILowercase
3029         on the type. Also did a bit of renaming and tweaking the logic.
3030
3031 2016-02-03  Dave Hyatt  <hyatt@apple.com>
3032
3033         Implement hanging-punctuation property parsing.
3034         https://bugs.webkit.org/show_bug.cgi?id=18109.
3035
3036         Reviewed by Zalan Bujtas.
3037
3038         Added parsing test in fast/css.
3039
3040         * css/CSSComputedStyleDeclaration.cpp:
3041         (WebCore::renderEmphasisPositionFlagsToCSSValue):
3042         (WebCore::hangingPunctuationToCSSValue):
3043         (WebCore::fillRepeatToCSSValue):
3044         (WebCore::ComputedStyleExtractor::propertyValue):
3045         * css/CSSParser.cpp:
3046         (WebCore::CSSParser::parseValue):
3047         (WebCore::CSSParser::parseTextIndent):
3048         (WebCore::CSSParser::parseHangingPunctuation):
3049         (WebCore::CSSParser::parseLineBoxContain):
3050         * css/CSSParser.h:
3051         * css/CSSPrimitiveValueMappings.h:
3052         (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
3053         (WebCore::CSSPrimitiveValue::operator HangingPunctuation):
3054         (WebCore::CSSPrimitiveValue::operator LineBreak):
3055         * css/CSSPropertyNames.in:
3056         * css/CSSValueKeywords.in:
3057         * css/StyleBuilderConverter.h:
3058         (WebCore::StyleBuilderConverter::convertRegionBreakInside):
3059         (WebCore::StyleBuilderConverter::convertHangingPunctuation):
3060         * rendering/style/RenderStyle.cpp:
3061         (WebCore::RenderStyle::changeRequiresLayout):
3062         * rendering/style/RenderStyle.h:
3063         * rendering/style/RenderStyleConstants.h:
3064         (WebCore::operator| ):
3065         (WebCore::operator|= ):
3066         * rendering/style/StyleRareInheritedData.cpp:
3067         (WebCore::StyleRareInheritedData::StyleRareInheritedData):
3068         (WebCore::StyleRareInheritedData::operator==):
3069         * rendering/style/StyleRareInheritedData.h:
3070
3071 2016-02-03  Jessie Berlin  <jberlin@webkit.org>
3072
3073         Build fix.
3074
3075         [NSEvent context] has always returned nil. Replace uses with nullptr.
3076
3077         * page/mac/EventHandlerMac.mm:
3078         (WebCore::EventHandler::sendFakeEventsAfterWidgetTracking):
3079
3080 2016-02-03  Carlos Garcia Campos  <cgarcia@igalia.com>
3081
3082         [GTK] Layout Test http/tests/appcache/different-https-origin-resource-main.html is failing
3083         https://bugs.webkit.org/show_bug.cgi?id=145253
3084
3085         Reviewed by Michael Catanzaro.
3086
3087         The problem is that when the load is cancelled while the
3088         connection is still being established,
3089         SoupMessage::notify::tls-errors is emitted and the handler calls
3090         ResourceHandleClient::didFail() which can delete the ResourceHandle.
3091
3092         * platform/network/soup/ResourceHandleSoup.cpp:
3093         (WebCore::tlsErrorsChangedCallback): Protect the ResourceHandle
3094         for the scope of the callback because
3095         ResourceHandleClient::didFail() could delete the object.
3096
3097 2016-02-03  Carlos Garcia Campos  <cgarcia@igalia.com>
3098
3099         REGRESSION(r191948): [GStreamer] 4 new timeouts on layout tests.
3100         https://bugs.webkit.org/show_bug.cgi?id=152797
3101
3102         Reviewed by Darin Adler.
3103
3104         Always schedule messages to the main thread, even when the bus
3105         sync handlder was called in the main thread. It seems that
3106         GStreamer expects things to happen in the next main loop
3107         iteration.
3108
3109         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
3110         (WebCore::MediaPlayerPrivateGStreamer::createGSTPlayBin):
3111
3112 2016-02-03  Zan Dobersek  <zdobersek@igalia.com>
3113
3114         [TexMap] CompositingCoordinator should store the overlay layer, flush it as appropriate
3115         https://bugs.webkit.org/show_bug.cgi?id=152058
3116
3117         Reviewed by Michael Catanzaro.
3118
3119         Previously, the CompositingCoordinator only added the overlay layer to the
3120         layer tree, but flushing its compositing state is also required. For that to
3121         happen, CompositingCoordinator has to store a pointer to the overlay layer
3122         object and flush it in ::flushPendingLayerChanges().
3123
3124         Overlay layers are most prominently used by the Web Inspector to highlight
3125         the DOM elements on the Web page that are being hovered in the inspector.
3126
3127         * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
3128         (WebCore::CompositingCoordinator::CompositingCoordinator):
3129         (WebCore::CompositingCoordinator::setRootCompositingLayer):
3130         (WebCore::CompositingCoordinator::flushPendingLayerChanges):
3131         * platform/graphics/texmap/coordinated/CompositingCoordinator.h:
3132
3133 2016-02-03  Zan Dobersek  <zdobersek@igalia.com>
3134
3135         [CoordinatedGraphics] CompositingCoordinator destructor is scheduling layer flushes
3136         https://bugs.webkit.org/show_bug.cgi?id=153823
3137
3138         Reviewed by Carlos Garcia Campos.
3139
3140         Purging the backing stores during the CompositingCoordinator destructor
3141         is also scheduling layer flushes in the object's client, which is an object
3142         of the LayerTreeHost-deriving class that owns the CompositingCoordinator
3143         object in question and is also being destroyed.
3144
3145         In case of ThreadedCoordinatedLayerTreeHost, this scheduling can access
3146         the RunLoop::Timer object which has already been destroyed, causing a
3147         crash. Another problem with this is that we're invoking a virtual function
3148         on an object that's being destructed, which works well enough in this case
3149         but should be discouraged in general.
3150
3151         In order to avoid this, add the m_isDestructing boolean to the
3152         CompositingCoordinator class, flip it to true during the destruction,
3153         and check for its falseness before scheduling a layer flush.
3154
3155         * platform/graphics/texmap/coordinated/CompositingCoordinator.cpp:
3156         (WebCore::CompositingCoordinator::CompositingCoordinator):
3157         (WebCore::CompositingCoordinator::~CompositingCoordinator):
3158         (WebCore::CompositingCoordinator::notifyFlushRequired):
3159         * platform/graphics/texmap/coordinated/CompositingCoordinator.h:
3160
3161 2016-02-03  Zan Dobersek  <zdobersek@igalia.com>
3162
3163         [TexMap] Don't use RELEASE_ASSERT in TextureMapperLayer::computeTransformsRecursive()
3164         https://bugs.webkit.org/show_bug.cgi?id=153822
3165
3166         Reviewed by Carlos Garcia Campos.
3167
3168         * platform/graphics/texmap/TextureMapperLayer.cpp:
3169         (WebCore::TextureMapperLayer::computeTransformsRecursive):
3170         Use ASSERT to check that the m_children members are indeed children
3171         of the current layer, RELEASE_ASSERT probably slipped in unnoticed
3172         at some point.
3173
3174 2016-02-03  Zan Dobersek  <zdobersek@igalia.com>
3175
3176         PlatformPathCairo: Lazily allocate the path surface
3177         https://bugs.webkit.org/show_bug.cgi?id=153821
3178
3179         Reviewed by Carlos Garcia Campos.
3180
3181         Move the static variable that holds the Cairo surface into
3182         the pathSurface() function (previously getPathSurface). This
3183         way the surface will only be allocated once the function is
3184         called for the first time from the CairoPath surface.
3185
3186         No change in functionality, just a cleanup.
3187
3188         * platform/graphics/cairo/PlatformPathCairo.cpp:
3189         (WebCore::pathSurface):
3190         (WebCore::CairoPath::CairoPath):
3191         (WebCore::getPathSurface): Deleted.
3192
3193 2016-02-02  Fujii Hironori  <Hironori.Fujii@jp.sony.com>
3194
3195         ASSERTION FAILED: roundedIntPoint(rendererMappedResult) == roundedIntPoint(result)
3196         https://bugs.webkit.org/show_bug.cgi?id=153576
3197
3198         Reviewed by Darin Adler.
3199
3200         Tests: fast/block/geometry-map-assertion-with-rounding-negative-half.html
3201
3202         The results of roundedIntPoint of FloatPoint and LayoutPoint may be different
3203         because of the uniqueness of LayoutUnit::round introduced by this bug
3204         <https://bugs.webkit.org/show_bug.cgi?id=107208>.
3205         Should convert a FloatPoint to a LayoutPoint before rounding.
3206
3207         * rendering/RenderGeometryMap.cpp:
3208         (WebCore::RenderGeometryMap::mapToContainer):
3209
3210 2016-02-02  Aakash Jain  <aakash_jain@apple.com>
3211
3212         Remove references to CallFrameInlines.h
3213         https://bugs.webkit.org/show_bug.cgi?id=153810
3214
3215         Reviewed by Mark Lam.
3216
3217         * ForwardingHeaders/interpreter/CallFrameInlines.h: Removed.
3218
3219 2016-02-02  Jinyoung Hur  <hur.ims@navercorp.com>
3220
3221         WEBGL_debug_shaders should be disabled for OpenGLES backend also
3222         https://bugs.webkit.org/show_bug.cgi?id=153788
3223
3224         Reviewed by Darin Adler.
3225
3226         WEBGL_debug_shaders extension is disabled for OpenGL backed platform
3227         because the implementation is not fully compliant to the spec yet.
3228         Because this is not an OpenGL-specific problem, WEBGL_debug_shaders extension
3229         should be disabled for OpenGLES backed platforms also.
3230
3231         No new tests, already covered by existing tests.
3232
3233         * platform/graphics/opengl/Extensions3DOpenGL.cpp:
3234         (WebCore::Extensions3DOpenGL::supportsExtension): Deleted.
3235         * platform/graphics/opengl/Extensions3DOpenGLCommon.cpp:
3236         (WebCore::Extensions3DOpenGLCommon::supports):
3237
3238 2016-02-02  Brady Eidson  <beidson@apple.com>
3239
3240         Modern IDB: storage/indexeddb/cursor-primary-key-order.html fails with SQLite backend.
3241         https://bugs.webkit.org/show_bug.cgi?id=153800
3242
3243         Reviewed by Alex Christensen.
3244
3245         No new tests (Existing tests now unskipped).
3246
3247         The IndexRecords SQL schema did not order things by primaryKey.
3248         
3249         Easy fix to the schema. Sadly requires a migration...
3250
3251         * Modules/indexeddb/server/SQLiteIDBBackingStore.cpp:
3252         (WebCore::IDBServer::v1IndexRecordsTableSchema):
3253         (WebCore::IDBServer::v1IndexRecordsTableSchemaAlternate):
3254         (WebCore::IDBServer::v2IndexRecordsTableSchema):
3255         (WebCore::IDBServer::v2IndexRecordsTableSchemaAlternate):
3256         (WebCore::IDBServer::SQLiteIDBBackingStore::ensureValidIndexRecordsTable):
3257         (WebCore::IDBServer::SQLiteIDBBackingStore::createAndPopulateInitialDatabaseInfo):
3258         * Modules/indexeddb/server/SQLiteIDBBackingStore.h:
3259
3260 2016-02-02  Tim Horton  <timothy_horton@apple.com>
3261
3262         <attachment> should attempt to guess the icon from the file extension if all else fails
3263         https://bugs.webkit.org/show_bug.cgi?id=153804
3264         <rdar://problem/24448146>
3265
3266         Reviewed by Anders Carlsson.
3267
3268         Test: fast/attachment/attachment-icon-from-file-extension.html
3269
3270         * platform/graphics/Icon.h:
3271         * platform/graphics/mac/IconMac.mm:
3272         (WebCore::Icon::createIconForFileExtension):
3273         * rendering/RenderThemeMac.mm:
3274         (WebCore::iconForAttachment):
3275         If we can't find an icon any other way, try assuming that the title is a filename,
3276         grab its extension, and have NSWorkspace try to work out an icon for it.
3277
3278 2016-02-02  Antti Koivisto  <antti@apple.com>
3279
3280         Factor style sharing code out of StyleResolver
3281         https://bugs.webkit.org/show_bug.cgi?id=153768
3282
3283         Reviewed by Darin Adler.
3284
3285         Move the code to a new class, Style::SharingResolver.
3286
3287         When resolving document style we query the sharing resolver first before using the regular style resolver.
3288         Other paths that call style resolver were mostly already disabling it with DisallowStyleSharing flag.
3289
3290         * WebCore.xcodeproj/project.pbxproj:
3291         * css/ElementRuleCollector.cpp:
3292         (WebCore::MatchRequest::MatchRequest):
3293         (WebCore::ElementRuleCollector::matchAllRules):
3294         (WebCore::ElementRuleCollector::hasAnyMatchingRules):
3295
3296             More const.
3297
3298         * css/ElementRuleCollector.h:
3299         (WebCore::ElementRuleCollector::setRegionForStyling):
3300         (WebCore::ElementRuleCollector::setMedium):
3301         * css/MediaQueryMatcher.cpp:
3302         (WebCore::MediaQueryMatcher::prepareEvaluator):
3303         * css/StyleMedia.cpp:
3304         (WebCore::StyleMedia::matchMedium):
3305         * css/StyleResolver.cpp:
3306         (WebCore::StyleResolver::State::cacheBorderAndBackground):
3307         (WebCore::StyleResolver::StyleResolver):
3308         (WebCore::StyleResolver::sweepMatchedPropertiesCache):
3309         (WebCore::StyleResolver::State::State):
3310         (WebCore::StyleResolver::State::setStyle):
3311         (WebCore::isAtShadowBoundary):
3312         (WebCore::StyleResolver::styleForElement):
3313         (WebCore::StyleResolver::classNamesAffectedByRules): Deleted.
3314         (WebCore::parentElementPreventsSharing): Deleted.
3315         (WebCore::StyleResolver::locateCousinList): Deleted.
3316         (WebCore::StyleResolver::styleSharingCandidateMatchesRuleSet): Deleted.
3317         (WebCore::StyleResolver::canShareStyleWithControl): Deleted.
3318         (WebCore::elementHasDirectionAuto): Deleted.
3319         (WebCore::StyleResolver::sharingCandidateHasIdenticalStyleAffectingAttributes): Deleted.
3320         (WebCore::StyleResolver::canShareStyleWithElement): Deleted.
3321         (WebCore::StyleResolver::findSiblingForStyleSharing): Deleted.
3322         (WebCore::StyleResolver::locateSharedStyle): Deleted.
3323
3324             Style sharing code moves to SharingResolver.
3325
3326         * css/StyleResolver.h:
3327         (WebCore::StyleResolver::mediaQueryEvaluator):
3328         (WebCore::StyleResolver::State::regionForStyling):
3329         (WebCore::StyleResolver::State::elementLinkState):
3330         (WebCore::StyleResolver::State::setApplyPropertyToRegularStyle):
3331         (WebCore::StyleResolver::State::setApplyPropertyToVisitedLinkStyle):
3332         (WebCore::StyleResolver::state):
3333         (WebCore::StyleResolver::setTextOrientation):
3334         (WebCore::StyleResolver::State::setElementAffectedByClassRules): Deleted.
3335         (WebCore::StyleResolver::State::elementAffectedByClassRules): Deleted.
3336         (WebCore::StyleResolver::styleNotYetAvailable): Deleted.
3337
3338             Placeholder code moves to TreeResolver.
3339
3340         * dom/VisitedLinkState.cpp:
3341         (WebCore::linkAttribute):
3342         (WebCore::VisitedLinkState::invalidateStyleForAllLinks):
3343         (WebCore::linkHashForElement):
3344         (WebCore::VisitedLinkState::invalidateStyleForLink):
3345         (WebCore::VisitedLinkState::determineLinkStateSlowCase):
3346         * dom/VisitedLinkState.h:
3347         (WebCore::VisitedLinkState::determineLinkState):
3348         * html/HTMLFormControlElement.h:
3349         * rendering/RenderElement.cpp:
3350         (WebCore::RenderElement::getUncachedPseudoStyle):
3351         * rendering/RenderNamedFlowFragment.cpp:
3352         (WebCore::RenderNamedFlowFragment::computeStyleInRegion):
3353         * rendering/style/RenderStyle.cpp:
3354         (WebCore::RenderStyle::isStyleAvailable):
3355         (WebCore::RenderStyle::hasUniquePseudoStyle):
3356         * style/StyleSharingResolver.cpp: Added.
3357         (WebCore::Style::SharingResolver::SharingResolver):
3358         (WebCore::Style::parentElementPreventsSharing):
3359         (WebCore::Style::elementHasDirectionAuto):
3360         (WebCore::Style::SharingResolver::searchSimilar):
3361         (WebCore::Style::SharingResolver::findSibling):
3362         (WebCore::Style::SharingResolver::locateCousinList):
3363         (WebCore::Style::canShareStyleWithControl):
3364         (WebCore::Style::SharingResolver::canShareStyleWithElement):
3365         (WebCore::Style::SharingResolver::styleSharingCandidateMatchesRuleSet):
3366         (WebCore::Style::SharingResolver::sharingCandidateHasIdenticalStyleAffectingAttributes):
3367         (WebCore::Style::SharingResolver::classNamesAffectedByRules):
3368         * style/StyleSharingResolver.h: Added.
3369         * style/StyleTreeResolver.cpp:
3370         (WebCore::Style::ensurePlaceholderStyle):
3371         (WebCore::Style::TreeResolver::TreeResolver):
3372         (WebCore::Style::TreeResolver::styleForElement):
3373
3374             Try to use SharingResolver first.
3375             Also move placeholder style handling here, it is only relevant when resolving document style.
3376
3377         (WebCore::Style::postResolutionCallbacksAreSuspended):
3378         (WebCore::Style::isPlaceholderStyle):
3379         * style/StyleTreeResolver.h:
3380         * svg/SVGElement.cpp:
3381         (WebCore::SVGElement::customStyleForRenderer):
3382         * svg/SVGElementRareData.h:
3383         (WebCore::SVGElementRareData::overrideComputedStyle):
3384
3385 2016-02-02  Tim Horton  <timothy_horton@apple.com>
3386
3387         <attachment> icon should be a folder for the custom MIME type multipart/x-folder
3388         https://bugs.webkit.org/show_bug.cgi?id=153795
3389         <rdar://problem/24416632>
3390
3391         Reviewed by Anders Carlsson.
3392
3393         Test: fast/attachment/attachment-folder-icon.html
3394
3395         * rendering/RenderThemeMac.mm:
3396         (WebCore::iconForAttachment):
3397         (WebCore::paintAttachmentIcon):
3398         Mail uses this special MIME type to indicate that something is a folder, which there
3399         isn't a normal non-deprecated MIME type for.
3400
3401 2016-02-02  Brady Eidson  <beidson@apple.com>
3402
3403         Modern IDB: storage/indexeddb/cursor-continue-validity.html fails.
3404         https://bugs.webkit.org/show_bug.cgi?id=153791
3405
3406         Reviewed by Alex Christensen.
3407
3408         No new tests (Existing test now unskipped).
3409
3410         There was a preexisting check in the SQLite cursor for remembering the current record and
3411         refusing to refetch it.
3412         
3413         This check was causing this bug, because we needed to refetch the current record.
3414         
3415         Removing the check (and its associated flag) doesn't regress any other test, and fixes this one.
3416
3417         * Modules/indexeddb/server/SQLiteIDBCursor.cpp:
3418         (WebCore::IDBServer::SQLiteIDBCursor::resetAndRebindStatement):
3419         (WebCore::IDBServer::SQLiteIDBCursor::internalAdvanceOnce):
3420         * Modules/indexeddb/server/SQLiteIDBCursor.h:
3421
3422 2016-02-01  Dave Hyatt  <hyatt@apple.com>
3423
3424         Add a line grid pagination SPI to WebKit.
3425         https://bugs.webkit.org/show_bug.cgi?id=153757
3426         <rdar://problem/23041598>
3427
3428         Reviewed by Anders Carlsson.
3429
3430         New tests in fast/multicol/pagination.
3431
3432         * page/Page.cpp:
3433         (WebCore::Page::setPaginationLineGridEnabled):
3434         * page/Page.h:
3435         (WebCore::Page::paginationLineGridEnabled):
3436         Add a boolean to the page to turn the line grid on and off.
3437
3438         * rendering/RenderBox.cpp:
3439         (WebCore::RenderBox::styleDidChange):
3440         Propagate the body's font up to the paginated RenderView so that
3441         it can be used to establish the line grid.
3442
3443         * style/StyleResolveForDocument.cpp:
3444         (WebCore::Style::resolveForDocument):
3445         Set up a line grid with containment snapping by default if the
3446         line grid enabled flag is set.
3447
3448         * testing/Internals.cpp:
3449         (WebCore::Internals::resetToConsistentState):
3450         (WebCore::Internals::setPagination):
3451         (WebCore::Internals::setPaginationLineGridEnabled):
3452         (WebCore::Internals::configurationForViewport):
3453         * testing/Internals.h:
3454         (WebCore::Internals::setPagination):
3455         * testing/Internals.idl:
3456         Add support for testing the grid being enabled.
3457
3458 2016-02-01  Antti Koivisto  <antti@apple.com>
3459
3460         Tab suspension code shouldn't use page cache cacheability logic
3461         https://bugs.webkit.org/show_bug.cgi?id=153680
3462
3463         Reviewed by Andreas Kling.
3464
3465         Most of PageCache::canCache() is unnecessary for tab suspension.
3466
3467         Also improve robustness and introduce 1 minute delay before suspending.
3468
3469         * page/Page.cpp:
3470         (WebCore::Page::setPageActivityState):
3471         (WebCore::Page::setIsVisible):
3472         (WebCore::Page::setIsVisibleInternal):
3473         (WebCore::Page::setIsPrerender):
3474         (WebCore::Page::canTabSuspend):
3475
3476             Include visibility test here.
3477
3478             Instead of calling PageCache::canCache() just check for each frame
3479             - that the document is loaded
3480             - that active DOM objects allow suspension
3481
3482         (WebCore::Page::setIsTabSuspended):
3483         (WebCore::Page::setTabSuspensionEnabled):
3484         (WebCore::Page::updateTabSuspensionState):
3485
3486             Refactor for robustness.
3487
3488         (WebCore::Page::tabSuspensionTimerFired):
3489
3490             Call canTabSuspend, the result might have changed.
3491
3492         (WebCore::Page::scheduleTabSuspension): Deleted.
3493         * page/Page.h:
3494
3495 2016-02-02  Yusuke Suzuki  <utatane.tea@gmail.com>
3496
3497         [JSC] Introduce BytecodeIntrinsic constant rep like @undefined
3498         https://bugs.webkit.org/show_bug.cgi?id=153737
3499
3500         Reviewed by Darin Adler.
3501
3502         * Modules/fetch/FetchHeaders.js:
3503         (initializeFetchHeaders):
3504         * Modules/streams/ReadableStream.js:
3505         (initializeReadableStream):
3506         (closeDestination):
3507         (abortDestination):
3508         (pipeTo):
3509         * Modules/streams/ReadableStreamInternals.js:
3510         (privateInitializeReadableStreamController):
3511         (teeReadableStream):
3512         (isReadableStreamReader):
3513         (errorReadableStream):
3514         (finishClosingReadableStream):
3515         (enqueueInReadableStream):
3516         (readFromReadableStreamReader):
3517         * Modules/streams/ReadableStreamReader.js:
3518         (releaseLock):
3519         * Modules/streams/StreamInternals.js:
3520         (shieldingPromiseResolve):
3521         (promiseInvokeOrNoopNoCatch):
3522         (promiseInvokeOrFallbackOrNoop):
3523         (validateAndNormalizeQueuingStrategy):
3524         * Modules/streams/WritableStream.js:
3525         (initializeWritableStream):
3526         (write):
3527         * Modules/streams/WritableStreamInternals.js:
3528         (errorWritableStream):
3529
3530 2016-02-02  Brady Eidson  <beidson@apple.com>
3531
3532         Modern IDB: storage/indexeddb/dont-wedge.html sometimes ASSERTs.
3533         https://bugs.webkit.org/show_bug.cgi?id=153790
3534
3535         Reviewed by Tim Horton.
3536
3537         No new tests (Failing test now unskipped).
3538
3539         This test uncovered an unhandled race where the main thread tried to perform an OpenDB operation 
3540         multiple times while it was already in-progress on the server thread.
3541
3542         There was already a flag meant to cover this race, and it just needed to be applied to one more site.
3543         
3544         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
3545         (WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation):
3546         (WebCore::IDBServer::UniqueIDBDatabase::openBackingStore):
3547
3548 2016-02-02  Daniel Bates  <dabates@apple.com>
3549
3550         CSP: Support checking content security policy without a script execution context
3551         https://bugs.webkit.org/show_bug.cgi?id=153748
3552         <rdar://problem/24439149>
3553
3554         Reviewed by Darin Alder.
3555
3556         Towards checking a Web Worker's content security policy against a redirected worker
3557         script load or redirected XHR request for an XHR request initiated from it, we should
3558         support instantiating a ContentSecurityPolicy object without a ScriptExecutionContext.
3559
3560         No functionality was changed. So, no new tests.
3561
3562         * dom/Document.cpp:
3563         (WebCore::Document::initSecurityContext): Pass |this| as a reference instead of as a pointer.
3564         * page/csp/ContentSecurityPolicy.cpp: Remove extraneous includes ScriptState.h, TextEncoding.h,
3565         and URL.h as they are included by ContentSecurityPolicy.h, FormDataList.h and FormData.h, respectively.
3566         (WebCore::CSPSource::CSPSource): Take a constant reference to a ContentSecurityPolicy instead
3567         of a pointer since we never expected a null pointer.
3568         (WebCore::CSPSource::schemeMatches): Move logic for checking the protocol of source "self"
3569         from here to ContentSecurityPolicy::protocolMatchesSelf() because we may not have a security
3570         origin if ContentSecurityPolicy was initiated without a ScriptExecutionContext object.
3571         (WebCore::CSPSourceList::allowSelf): Added.
3572         (WebCore::CSPSourceList::CSPSourceList): Take a constant reference to a ContentSecurityPolicy
3573         instead of a pointer since we never expected a null pointer. Remove fields from member
3574         initialization list that can be initialized using C++11 in-class initialization syntax.
3575         (WebCore::CSPSourceList::matches): Call ContentSecurityPolicy::urlMatchesSelf() to match the
3576         effective URL against the URL of source "self".
3577         (WebCore::CSPSourceList::parse): Update code as necessary now that m_policy is a reference
3578         instead of a pointer.
3579         (WebCore::CSPSourceList::parseSource): Simplify code by setting internal member fields directly
3580         instead of via member functions.
3581         (WebCore::CSPSourceList::parsePath): Update code as necessary now that m_policy is a reference
3582         instead of a pointer.
3583         (WebCore::CSPDirective::CSPDirective): Take a constant reference to a ContentSecurityPolicy
3584         instead of a pointer since we never expected a null pointer.
3585         (WebCore::CSPDirective::policy): Return a reference to a const ContentSecurityPolicy.
3586         (WebCore::MediaListDirective::MediaListDirective): Take a constant reference to a ContentSecurityPolicy
3587         instead of a pointer since we never expected a null pointer.
3588         (WebCore::MediaListDirective::parse): Update code as necessary now that m_policy is a reference
3589         instead of a pointer.
3590         (WebCore::SourceListDirective::SourceListDirective): Take a constant reference to a ContentSecurityPolicy
3591         instead of a pointer since we never expected a null pointer.
3592         (WebCore::SourceListDirective::allows): Write in terms of CSPSourceList::allowSelf() because we
3593         may not have a security origin to get a URL from if ContentSecurityPolicy was initiated without
3594         a ScriptExecutionContext object.
3595         (WebCore::CSPDirectiveList::reportURIs): Change return type from Vector<URL> to Vector<String>
3596         The caller will convert the strings to URLs with respect to the script execution context.
3597         (WebCore::CSPDirectiveList::parseReportURI): Store the report URI as a string instead of a URL
3598         because we may not have a security origin to compute the absolute URL if ContentSecurityPolicy
3599         was initiated without a ScriptExecutionContext object.
3600         (WebCore::CSPDirectiveList::CSPDirectiveList): Take a reference to a ContentSecurityPolicy
3601         instead of a pointer since we never expected a null pointer. It would be better to take a const
3602         reference to a ContentSecurityPolicy, but ContentSecurityPolicy::applySandboxPolicy() needs to set
3603         state on ContentSecurityPolicy :(
3604         (WebCore::CSPDirectiveList::create): Ditto.
3605         (WebCore::CSPDirectiveList::reportViolation): Update code as necessary now that m_policy is a reference
3606         instead of a pointer.
3607         (WebCore::CSPDirectiveList::checkEvalAndReportViolation): Ditto.
3608         (WebCore::CSPDirectiveList::checkInlineAndReportViolation): Ditto.
3609         (WebCore::CSPDirectiveList::parseDirective): Ditto.
3610         (WebCore::CSPDirectiveList::parseReportURI): Store the report URI as a string instead of a URL
3611         because we may not have a security origin to compute the absolute URL if ContentSecurityPolicy
3612         was initiated without a ScriptExecutionContext object.
3613         (WebCore::CSPDirectiveList::setCSPDirective): Update code as necessary now that m_policy is a reference
3614         instead of a pointer.
3615         (WebCore::CSPDirectiveList::applySandboxPolicy): Ditto.
3616         (WebCore::CSPDirectiveList::parseReflectedXSS): Ditto.
3617         (WebCore::CSPDirectiveList::addDirective): Ditto.
3618         (WebCore::ContentSecurityPolicy::ContentSecurityPolicy): Modified to take the ScriptExecutionObject
3619         as a reference and compute the CSPSource object for "self" and cache the protocol for "self". Removed
3620         field m_overrideInlineStyleAllowed from the member initialization list and used C++11 in-class
3621         initialization syntax to initialize it. Added overloaded constructor that takes a SecurityOrigin object.
3622         We are not making use of this overloaded constructor at this time. We will in a subsequent patch.
3623         (WebCore::ContentSecurityPolicy::didReceiveHeader): Store the eval disabled error message for
3624         the last parsed policy in a member field instead of using it as part of disabling eval execution
3625         on the script execution context because we may not have such a context.
3626         (WebCore::ContentSecurityPolicy::applyPolicyToScriptExecutionContext): Applies the content security
3627         policy eval and sandbox restrictions to the script execution context.
3628         (WebCore::ContentSecurityPolicy::urlMatchesSelf): Match the specified URL against the URL for
3629         source "self".
3630         (WebCore::ContentSecurityPolicy::protocolMatchesSelf): Match the protocol of the specified URL
3631         against the protocol for source "self".
3632         (WebCore::ContentSecurityPolicy::gatherReportURIs): Modified to use the script execution context
3633         to compute the absolute URL for each report URI.
3634         (WebCore::ContentSecurityPolicy::reportViolation): Bail out if we do not have a script execution
3635         context.
3636         (WebCore::ContentSecurityPolicy::logToConsole): Only log to the console if we have a script
3637         execution context.
3638         (WebCore::ContentSecurityPolicy::reportBlockedScriptExecutionToInspector): Only report blocked
3639         script execution to the Web Inspector if we have a script execution context.
3640         (WebCore::CSPSourceList::addSourceSelf): Deleted.
3641         (WebCore::CSPSourceList::addSourceStar): Deleted.
3642         (WebCore::CSPSourceList::addSourceUnsafeInline): Deleted.
3643         (WebCore::CSPSourceList::addSourceUnsafeEval): Deleted.
3644         (WebCore::CSPDirectiveList::gatherReportURIs): Deleted.
3645         (WebCore::ContentSecurityPolicy::securityOrigin): Deleted.
3646         (WebCore::ContentSecurityPolicy::url): Deleted.
3647         (WebCore::ContentSecurityPolicy::completeURL): Deleted.
3648         (WebCore::ContentSecurityPolicy::enforceSandboxFlags): Deleted.
3649         * page/csp/ContentSecurityPolicy.h:
3650         (WebCore::ContentSecurityPolicy::enforceSandboxFlags): Accumulates the parsed sandbox flags. We
3651         will apply the sandbox flags in ContentSecurityPolicy::applyPolicyToScriptExecutionContext().
3652         * workers/WorkerGlobalScope.cpp:
3653         (WebCore::WorkerGlobalScope::WorkerGlobalScope): Instantiate ContentSecurityPolicy.
3654         (WebCore::WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders): Move instantiation of
3655         ContentSecurityPolicy from here to constructor.
3656
3657 2016-02-02  Eric Carlson  <eric.carlson@apple.com>
3658
3659         Allow ports to disable automatic text track selection
3660         https://bugs.webkit.org/show_bug.cgi?id=153761
3661         <rdar://problem/24416768>
3662
3663         Reviewed by Darin Adler.
3664
3665         Test: media/track/track-manual-mode.html
3666
3667         * Modules/mediacontrols/MediaControlsHost.cpp:
3668         (WebCore::MediaControlsHost::manualKeyword): New.
3669         (WebCore::MediaControlsHost::captionDisplayMode): Support 'manual' mode.
3670         * Modules/mediacontrols/MediaControlsHost.h:
3671
3672         * Modules/mediacontrols/mediaControlsApple.js:
3673         (Controller.prototype.buildCaptionMenu): Check the 'off' item when in manual mode.
3674
3675         * html/HTMLMediaElement.cpp:
3676         (WebCore::HTMLMediaElement::addTextTrack): Update m_captionDisplayMode when called for the first
3677           time so it is always correct. Set the track's manual selection mode as appropriate.
3678         (WebCore::HTMLMediaElement::captionPreferencesChanged): Set each track's manual selection 
3679           mode as appropriate.
3680
3681         * html/track/TextTrack.cpp:
3682         (WebCore::TextTrack::kind): Return 'subtitles' for forced tracks when in manual mode.
3683         * html/track/TextTrack.h:
3684
3685         * html/track/TrackBase.h:
3686         (WebCore::TrackBase::kind): Make virtual.
3687
3688         * page/CaptionUserPreferences.cpp:
3689         (WebCore::CaptionUserPreferences::beginBlockingNotifications): New.
3690         (WebCore::CaptionUserPreferences::endBlockingNotifications): Ditto.
3691         (WebCore::CaptionUserPreferences::notify): Don't notify when blocked.
3692         * page/CaptionUserPreferences.h:
3693
3694         * page/CaptionUserPreferencesMediaAF.cpp:
3695         (WebCore::CaptionUserPreferencesMediaAF::CaptionUserPreferencesMediaAF): Set manual mode 
3696           when appropriate.
3697         (WebCore::CaptionUserPreferencesMediaAF::captionDisplayMode): Check manual mode.
3698         (WebCore::CaptionUserPreferencesMediaAF::setCaptionDisplayMode): Ditto.
3699         (WebCore::CaptionUserPreferencesMediaAF::setPreferredLanguage): Ditto.
3700         (WebCore::CaptionUserPreferencesMediaAF::textTrackSelectionScore): Return zero when in manual mode.
3701         (WebCore::CaptionUserPreferencesMediaAF::sortedTrackListForMenu): Consider manual mode. Fix
3702           typos in logging.
3703
3704         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
3705         (WebCore::mediaDescriptionForKind): Return 'auxiliary' when in manual mode.
3706
3707         * testing/Internals.cpp:
3708         (WebCore::Internals::setCaptionDisplayMode): Support manual mode.
3709
3710 2016-02-02  Adrien Plazas  <aplazas@igalia.com>
3711
3712         REGRESSION(r195899): ASSERTION FAILED: is<Target>(source) in EventPath::retargetTouch() since r195899
3713         https://bugs.webkit.org/show_bug.cgi?id=153741
3714
3715         Reviewed by Ryosuke Niwa.
3716
3717         * dom/EventDispatcher.cpp:
3718         (WebCore::EventPath::retargetTouch):
3719
3720 2016-02-01  Joseph Pecoraro  <pecoraro@apple.com>
3721
3722         Web Inspector: High Level Memory Overview Instrument
3723         https://bugs.webkit.org/show_bug.cgi?id=153516
3724         <rdar://problem/24356378>
3725
3726         Reviewed by Brian Burg.
3727
3728         Add a new agent that gathers data from the ResourceUsageThread
3729         and sends to the frontend.
3730
3731         Test: inspector/memory/tracking.html
3732
3733         * CMakeLists.txt:
3734         * Configurations/FeatureDefines.xcconfig:
3735         * WebCore.xcodeproj/project.pbxproj:
3736         New files.
3737
3738         * inspector/InspectorController.cpp:
3739         (WebCore::InspectorController::InspectorController):
3740         Add the new agent.
3741
3742         * inspector/InspectorMemoryAgent.h: Added.
3743         * inspector/InspectorMemoryAgent.cpp: Added.
3744         (WebCore::InspectorMemoryAgent::InspectorMemoryAgent):
3745         (WebCore::InspectorMemoryAgent::didCreateFrontendAndBackend):
3746         (WebCore::InspectorMemoryAgent::willDestroyFrontendAndBackend):
3747         (WebCore::InspectorMemoryAgent::startTracking):
3748         (WebCore::InspectorMemoryAgent::stopTracking):
3749         (WebCore::InspectorMemoryAgent::collectSample):
3750         Implement the agent by adding / removing it as a ResourceUsage
3751         observer. When receiving the data forward it to the frontend.
3752
3753 2016-02-01  Alex Christensen  <achristensen@webkit.org>
3754
3755         Fix CMake build.
3756
3757         * PlatformMac.cmake:
3758
3759 2016-02-01  Brady Eidson  <beidson@apple.com>
3760
3761         Modern IDB: Cursors (still) do not keep their opening request alive.
3762         https://bugs.webkit.org/show_bug.cgi?id=153724
3763
3764         Reviewed by Alex Christensen.
3765
3766         No new tests (All existing tests pass without flakiness).
3767
3768         IDBCursors did not properly keep their JS wrappers alive.
3769         Making them ActiveDOMObjects that keep track of how many requests might be in flight fixes this.
3770         This also makes them actually keep their opening-request live via the opaque-root mechanism.
3771         
3772         IDBCursorWithValue also needed to opt in to all of these mechanisms.
3773
3774         * CMakeLists.txt:
3775         * WebCore.xcodeproj/project.pbxproj:
3776
3777         * Modules/indexeddb/IDBCursor.h:
3778         (WebCore::IDBCursor::hasPendingActivity): The base IDBCursor always has no pending activity,
3779           to maintain current behavior in LegacyIDB. This weirdness will go away when LegacyIDB does.
3780         * Modules/indexeddb/IDBCursor.idl:
3781         * Modules/indexeddb/IDBCursorWithValue.idl:
3782
3783         Track a count for all outstanding requests to keep the cursor alive as an ActiveDOMObject.
3784         * Modules/indexeddb/client/IDBCursorImpl.cpp:
3785         (WebCore::IDBClient::IDBCursor::IDBCursor):
3786         (WebCore::IDBClient::IDBCursor::update):
3787         (WebCore::IDBClient::IDBCursor::uncheckedIterateCursor):
3788         (WebCore::IDBClient::IDBCursor::deleteFunction):
3789         (WebCore::IDBClient::IDBCursor::activeDOMObjectName):
3790         (WebCore::IDBClient::IDBCursor::canSuspendForDocumentSuspension):
3791         (WebCore::IDBClient::IDBCursor::hasPendingActivity):
3792         (WebCore::IDBClient::IDBCursor::decrementOutstandingRequestCount):
3793         * Modules/indexeddb/client/IDBCursorImpl.h:
3794         
3795         Rework the "delete" family of functions on the object store to allow for returning a modern IDBRequest.
3796         A lot of this can go away when LegacyIDB does.
3797         * Modules/indexeddb/client/IDBObjectStoreImpl.cpp:
3798         (WebCore::IDBClient::IDBObjectStore::deleteFunction):
3799         (WebCore::IDBClient::IDBObjectStore::doDelete):
3800         (WebCore::IDBClient::IDBObjectStore::modernDelete):
3801         * Modules/indexeddb/client/IDBObjectStoreImpl.h:
3802         
3803         * Modules/indexeddb/client/IDBRequestImpl.cpp:
3804         (WebCore::IDBClient::IDBRequest::setSource): Setup a ScopeGuard to decrement the cursor's request
3805           count whenever it makes sense to do so.
3806         (WebCore::IDBClient::IDBRequest::dispatchEvent): Clear the ScopeGuard (if it exists) to decrement the count.
3807         (WebCore::IDBClient::IDBRequest::willIterateCursor): Set the ScopeGuard.
3808         (WebCore::IDBClient::IDBRequest::didOpenOrIterateCursor): Clear the ScopeGuard (if it exists) to decrement the count.
3809         * Modules/indexeddb/client/IDBRequestImpl.h:
3810         
3811         * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
3812         (WebCore::IDBServer::ScopeGuard::ScopeGuard): Deleted.
3813         (WebCore::IDBServer::ScopeGuard::~ScopeGuard): Deleted.
3814         (WebCore::IDBServer::ScopeGuard::enable): Deleted.
3815         (WebCore::IDBServer::ScopeGuard::disable): Deleted.
3816         
3817         * bindings/js/JSIDBCursorWithValueCustom.cpp: Added.
3818         (WebCore::JSIDBCursorWithValue::visitAdditionalChildren):
3819         
3820         * platform/ScopeGuard.h: Added.
3821         (WebCore::ScopeGuard::ScopeGuard):
3822         (WebCore::ScopeGuard::~ScopeGuard):
3823         (WebCore::ScopeGuard::enable):
3824         (WebCore::ScopeGuard::disable):
3825
3826 2016-02-01  Sun-woo Nam  <sunny.nam@samsung.com>
3827
3828         Free Colormap when XWindow is destroyed.
3829         https://bugs.webkit.org/show_bug.cgi?id=153413
3830
3831         Reviewed by Žan Doberšek.
3832
3833         Colormap is needed to create XWindow and it should be freed when XWindow is destroyed.
3834         Unless Colormap is freed before destroying XWindow, memory leak is suspected.
3835         XFreeColormap therefore is needed on X11Helper.
3836
3837         * platform/graphics/surfaces/glx/X11Helper.cpp: Added XFreeColormap.
3838         (WebCore::X11Helper::destroyWindow):
3839
3840 2016-02-01  Tim Horton  <timothy_horton@apple.com>
3841
3842         Move some SPI declarations into the appropriate SPI header
3843         https://bugs.webkit.org/show_bug.cgi?id=153755
3844
3845         Reviewed by Darin Adler.
3846
3847         * platform/graphics/cocoa/IOSurface.mm:
3848         * platform/spi/cg/CoreGraphicsSPI.h:
3849
3850 2016-02-01  Tim Horton  <timothy_horton@apple.com>
3851
3852         Snapshot surfaces are forever wired after being compressed
3853         https://bugs.webkit.org/show_bug.cgi?id=153751
3854         <rdar://problem/24354546>
3855
3856         Reviewed by Darin Adler.
3857
3858         * platform/graphics/cocoa/IOSurface.mm:
3859         (IOSurface::convertToFormat):
3860         Allow IOSurfaceAccelerator to unwire surfaces after they're transformed.
3861
3862 2016-02-01  Dan Bernstein  <mitz@apple.com>
3863
3864         <rdar://problem/20150072> [iOS] Remove some file upload code only needed before iOS 9
3865         https://bugs.webkit.org/show_bug.cgi?id=153754
3866
3867         Reviewed by Darin Adler.
3868
3869         * English.lproj/Localizable.strings: Updated for removal of WebKit2 string.
3870
3871 2016-02-01  Said Abou-Hallawa  <sabouhallawa@apple.com>
3872
3873         Cache the Path instead of creating it every time it is required
3874         https://bugs.webkit.org/show_bug.cgi?id=152939
3875
3876         Reviewed by Darin Adler.
3877
3878         Instead of creating the Path object every time it is required, we should 
3879         cache it in an LRU cache. TinyLRUCache returns a reference to the cached
3880         entry so we do not have to pay the cost of copying it either.
3881
3882         * platform/graphics/FloatRoundedRect.h:
3883         (WebCore::operator!=):
3884         Implement the inequality operator for FloatRoundedRect since it is
3885         called by TinyLRUCache.
3886         
3887         * rendering/ClipPathOperation.h:
3888         Return a reference to the path in the cache since instead of creating a
3889         new copy.
3890         
3891         * rendering/style/BasicShapes.cpp:
3892         (WebCore::SVGPathTranslatedByteStream::SVGPathTranslatedByteStream):
3893         (WebCore::SVGPathTranslatedByteStream::operator==):
3894         (WebCore::SVGPathTranslatedByteStream::operator!=):
3895         (WebCore::SVGPathTranslatedByteStream::isEmpty):
3896         (WebCore::SVGPathTranslatedByteStream::path):
3897         This struct holds an offset and an SVGPathByteStream. It is the key of 
3898         the LRU cache for the the translated SVGPathByteStream.
3899         
3900         (WebCore::EllipsePathPolicy::isKeyNull):
3901         (WebCore::EllipsePathPolicy::createValueForKey):
3902         (WebCore::RoundedRectPathPolicy::isKeyNull):
3903         (WebCore::RoundedRectPathPolicy::createValueForKey):
3904         (WebCore::PolygonPathPolicy::isKeyNull):
3905         (WebCore::PolygonPathPolicy::createValueForKey):
3906         (WebCore::TranslatedByteStreamPathPolicy::isKeyNull):
3907         (WebCore::TranslatedByteStreamPathPolicy::createValueForKey):
3908         Inherit from the LRU cache policy template, so have a specific name for
3909         the desired path contents and pass this class explicitly to the LRU cache
3910         template.
3911         
3912         (WebCore::cachedEllipsePath):
3913         (WebCore::cachedRoundedRectPath):
3914         (WebCore::cachedPolygonPath):
3915         (WebCore::cachedTranslatedByteStreamPath):
3916         Return a cached path object for specific path contents.
3917         
3918         (WebCore::BasicShapeCircle::path):
3919         (WebCore::BasicShapeEllipse::path):
3920         (WebCore::BasicShapePolygon::path):
3921         (WebCore::BasicShapePath::path):
3922         (WebCore::BasicShapeInset::path):
3923         Get the Path object from the cache; create a new one if it does not exist.
3924         
3925         * rendering/style/BasicShapes.h:
3926         Change the prototype of the path() function to return a reference to the
3927         path in the cache instead of a having to copying it.
3928         
3929         * svg/SVGPathByteStream.h:
3930         (WebCore::SVGPathByteStream::operator!=):
3931         Implement the inequality operator for SVGPathByteStream because it is
3932         called by TinyLRUCache.
3933
3934 2016-02-01  Chris Dumez  <cdumez@apple.com>
3935
3936         Move properties that use custom bindings to the prototype
3937         https://bugs.webkit.org/show_bug.cgi?id=153735
3938
3939         Reviewed by Darin Adler.
3940
3941         Move properties that use custom bindings to the prototype. Whether a
3942         property's bindings code is generated or custom-written should not
3943         impact where the property is located.
3944
3945         No new tests, already covered by existing tests.
3946
3947         * bindings/js/JSHTMLDocumentCustom.cpp:
3948         (WebCore::JSHTMLDocument::getOwnPropertySlot):
3949         Add null-check for staticPropHashTable. HTMLDocument no longer has
3950         any property on the instance so staticPropHashTable is&nb