[WebKit-https.git] / Source / WebCore / ChangeLog

2012-08-21  Sukolsak Sakshuwong  <sukolsak@google.com>

        Remove UndoManager's undoscope content attribute
        https://bugs.webkit.org/show_bug.cgi?id=94637

        Reviewed by Ryosuke Niwa.

        No new tests. Covered by existing tests.

        * bindings/v8/DOMTransaction.cpp:
        (WebCore::DOMTransaction::callFunction):
        * dom/Document.cpp:
        (WebCore::Document::undoManager):
        * dom/Element.cpp:
        (WebCore::Element::~Element):
        (WebCore):
        * dom/Element.h:
        (Element):
        * dom/Element.idl:
        * dom/ElementRareData.h:
        (ElementRareData):
        * editing/UndoManager.cpp:
        (WebCore::UndoManager::create):
        (WebCore::UndoManager::UndoManager):
        (WebCore::UndoManager::disconnect):
        (WebCore::UndoManager::transact):
        (WebCore::UndoManager::undo):
        (WebCore::UndoManager::redo):
        (WebCore::UndoManager::clearUndo):
        (WebCore::UndoManager::clearRedo):
        (WebCore):
        * editing/UndoManager.h:
        (WebCore):
        (UndoManager):
        (WebCore::UndoManager::document):
        (WebCore::UndoManager::ownerNode):
        * html/HTMLAttributeNames.in:
        * html/HTMLElement.cpp:
        (WebCore::HTMLElement::parseAttribute):
        (WebCore::HTMLElement::setContentEditable):

2012-08-21  Joanmarie Diggs  <jdiggs@igalia.com>

        [Gtk] No accessible caret-moved events found in certain content
        https://bugs.webkit.org/show_bug.cgi?id=72811

        Reviewed by Chris Fleizach.

        Part of the bug is due to objects which should claim to implement AtkText
        failed to do so as a result of containing a mixture of inline and block
        spans.

        An updated unit test was provided.

        * accessibility/gtk/WebKitAccessibleWrapperAtk.cpp:
        (roleIsTextType): New method to check if a role is one expected to have
        implemented the AtkText interface. Currently that is defined as:
         - ParagraphRole
         - HeadingRole
         - DivRole
         - CellRole
        (getInterfaceMaskFromObject): If a role is one of the text type roles,
        automatically add WAI_TEXT to the accessible object's interface mask.

2012-08-21  Tony Chang  <tony@chromium.org>

        Force XML comments to maintain whitespace
        https://bugs.webkit.org/show_bug.cgi?id=94620

        Reviewed by Pavel Feldman.

        Fix a typo in XMLViewer.css for white-space formatting. This seems
        like the desired behavior so you can see, e.g., code formatted in an
        XML comment.

        Covered by existing xmlviewer tests in http/tests/xmlviewer/dumpAsText

        * xml/XMLViewer.css:
        (.comment): Fix typo.
        * xml/XMLViewer.js:
        (createComment): Add style to comment nodes.

2012-08-21  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r126202.
        http://trac.webkit.org/changeset/126202
        https://bugs.webkit.org/show_bug.cgi?id=94657

        Causes assertion failures on Chromium Linux dbg compositing
        layout tests (Requested by dominicc on #webkit).

        * platform/graphics/chromium/FrameBufferSkPictureCanvasLayerTextureUpdater.cpp:
        (WebCore::FrameBufferSkPictureCanvasLayerTextureUpdater::updateTextureRect):
        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::applyFilters):
        (WebCore::LayerRendererChromium::drawRenderPassQuad):
        (WebCore::LayerRendererChromium::drawTileQuad):
        (WebCore::LayerRendererChromium::drawYUVVideoQuad):
        (WebCore::LayerRendererChromium::drawTextureQuad):
        (WebCore::LayerRendererChromium::getFramebufferTexture):
        (WebCore::LayerRendererChromium::bindFramebufferToTexture):
        * platform/graphics/chromium/LayerRendererChromium.h:
        (LayerRendererChromium):
        * platform/graphics/chromium/cc/CCResourceProvider.cpp:
        (WebCore::CCResourceProvider::createResource):
        (WebCore::CCResourceProvider::createResourceFromExternalTexture):
        (WebCore::CCResourceProvider::deleteResource):
        (WebCore::CCResourceProvider::upload):
        (WebCore::CCResourceProvider::lockForWrite):
        (WebCore::CCResourceProvider::unlockForWrite):
        (WebCore::CCResourceProvider::flush):
        (WebCore::CCResourceProvider::shallowFlushIfSupported):
        (WebCore::CCResourceProvider::lockForRead):
        (WebCore::CCResourceProvider::unlockForRead):
        (WebCore::CCResourceProvider::CCResourceProvider):
        * platform/graphics/chromium/cc/CCResourceProvider.h:
        (WebCore):
        (CCResourceProvider):
        (WebCore::CCResourceProvider::Resource::Resource):
        (Resource):
        (CCScopedLockResourceForRead):
        (WebCore::CCScopedLockResourceForRead::CCScopedLockResourceForRead):
        (WebCore::CCScopedLockResourceForRead::~CCScopedLockResourceForRead):
        (WebCore::CCScopedLockResourceForRead::textureId):
        (CCScopedLockResourceForWrite):
        (WebCore::CCScopedLockResourceForWrite::CCScopedLockResourceForWrite):
        (WebCore::CCScopedLockResourceForWrite::~CCScopedLockResourceForWrite):
        (WebCore::CCScopedLockResourceForWrite::textureId):

2012-08-21  David Grogan  <dgrogan@chromium.org>

        IndexedDB: Fire error at request when abort is called in upgradeneeded
        https://bugs.webkit.org/show_bug.cgi?id=94402

        Reviewed by Tony Chang.

        Tests - updated intversion-abort-in-initial-upgradeneeded-expected.txt

        * Modules/indexeddb/IDBDatabaseBackendImpl.cpp:
        (WebCore::IDBDatabaseBackendImpl::transactionFinishedAndAbortFired):
        (WebCore::IDBDatabaseBackendImpl::transactionFinishedAndCompleteFired):
        (WebCore):
        (WebCore::IDBDatabaseBackendImpl::runIntVersionChangeTransaction):
        Now that second-half open calls don't get abandoned on the queue, we
        can ASSERT that there's at most one of them at any time.

        * Modules/indexeddb/IDBDatabaseBackendImpl.h:
        (IDBDatabaseBackendImpl):
        * Modules/indexeddb/IDBRequest.cpp:
        (WebCore::IDBRequest::dispatchEvent):
        Move setting m_didFireUpgradeNeededEvent before dispatching the event.
        If abort is called in the event handler an error event will be
        enqueued and ASSERT_WITH_MESSAGE(m_readyState == PENDING ||
        m_didFireUpgradeNeededEvent, ...) needs to pass.

        * Modules/indexeddb/IDBTransactionBackendImpl.cpp:
        (WebCore::IDBTransactionBackendImpl::abort):
        (WebCore::IDBTransactionBackendImpl::commit):

2012-08-21  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r126233.
        http://trac.webkit.org/changeset/126233
        https://bugs.webkit.org/show_bug.cgi?id=94656

        Broke Chromium Mac build (Requested by dominicc on #webkit).

        * CMakeLists.txt:
        * GNUmakefile.list.am:
        * Target.pri:
        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * css/mediaControls.css:
        (video::-webkit-media-text-track-display):
        * html/shadow/MediaControlElements.cpp:
        (RenderTextTrackContainerElement):
        (WebCore::MediaControlTextTrackContainerElement::updateDisplay):
        * html/track/TextTrack.cpp:
        * html/track/TextTrack.h:
        (TextTrack):
        * html/track/TextTrackCue.cpp:
        (WebCore::TextTrackCue::TextTrackCue):
        (WebCore::TextTrackCue::calculateComputedLinePosition):
        (WebCore::TextTrackCue::calculateDisplayParameters):
        (WebCore::TextTrackCue::getDisplayTree):
        (WebCore::TextTrackCue::getPositionCoordinates):
        * html/track/TextTrackCue.h:
        (WebCore):
        (TextTrackCue):
        * rendering/RenderTextTrackCue.cpp: Removed.
        * rendering/RenderTextTrackCue.h: Removed.

2012-08-20  Kentaro Hara  <haraken@chromium.org>

        [V8] Remove getToStringName() and getToStringTemplate() from V8Binding
        https://bugs.webkit.org/show_bug.cgi?id=94573

        Reviewed by Adam Barth.

        - Remove V8Binding::getToStringName() and V8Binding::getToStringTemplate().

        - Replace getToStringName() with String::NewSymbol("toString").

        - Fix V8PerIsolateData::getToStringTemplate() so that it caches a persistent
        handle of a created FunctionTemplate. Before this patch, a FunctionTemplate
        had been created for each toString().

        No tests. No change in behavior.

        * bindings/v8/V8Binding.cpp:
        (WebCore::constructorToString):
        * bindings/v8/V8Binding.h:
        (WebCore):
        * bindings/scripts/CodeGeneratorV8.pm:
        (GenerateImplementation):
        * bindings/scripts/test/V8/V8Float64Array.cpp:
        (WebCore::ConfigureV8Float64ArrayTemplate):
        * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp:
        (WebCore::ConfigureV8TestActiveDOMObjectTemplate):
        * bindings/scripts/test/V8/V8TestCustomNamedGetter.cpp:
        (WebCore::ConfigureV8TestCustomNamedGetterTemplate):
        * bindings/scripts/test/V8/V8TestEventConstructor.cpp:
        (WebCore::ConfigureV8TestEventConstructorTemplate):
        * bindings/scripts/test/V8/V8TestEventTarget.cpp:
        (WebCore::ConfigureV8TestEventTargetTemplate):
        * bindings/scripts/test/V8/V8TestException.cpp:
        (WebCore::ConfigureV8TestExceptionTemplate):
        * bindings/scripts/test/V8/V8TestInterface.cpp:
        (WebCore::ConfigureV8TestInterfaceTemplate):
        * bindings/scripts/test/V8/V8TestMediaQueryListListener.cpp:
        (WebCore::ConfigureV8TestMediaQueryListListenerTemplate):
        * bindings/scripts/test/V8/V8TestNamedConstructor.cpp:
        (WebCore::ConfigureV8TestNamedConstructorTemplate):
        * bindings/scripts/test/V8/V8TestNode.cpp:
        (WebCore::ConfigureV8TestNodeTemplate):
        * bindings/scripts/test/V8/V8TestObj.cpp:
        (WebCore::ConfigureV8TestObjTemplate):
        * bindings/scripts/test/V8/V8TestSerializedScriptValueInterface.cpp:
        (WebCore::ConfigureV8TestSerializedScriptValueInterfaceTemplate):
        * bindings/v8/V8PerIsolateData.h:
        (V8PerIsolateData):

2012-08-21  Arvid Nilsson  <anilsson@rim.com>

        [BlackBerry] WebGL Aquarium fails to render
        https://bugs.webkit.org/show_bug.cgi?id=94634

        The aquarium leaves with a glColorMask(false, false, false, true) which
        caused us to fail to blit the color components of the aquarium to the
        EGLImage.

        Fixed by setting an appropriate color mask for a blit operation.

        Reviewed by Yong Li.

        No new tests, tested manually.

        * platform/graphics/blackberry/EGLImageLayerWebKitThread.cpp:
        (WebCore::EGLImageLayerWebKitThread::blitToFrontBuffer):

2012-08-21  Victor Carbune  <victor@rosedu.org>

        Display a TextTrackCue when snap-to-lines flag is set
        https://bugs.webkit.org/show_bug.cgi?id=79751

        Reviewed by Tony Chang.

        This patch implements rendering functionality for a given text track,
        following closer the exact WebVTT specification. There are two new classes
        which have been added in order to succesfully cover rendering when of a text
        track cue.

        RenderTextTrackCue handles the specific rendering algorithm required,
        by checking for overlaps with other boxes that are in the same
        container (these can be any other boxes, not necessarily other cues,
        the video controls, for example).

        TextTrackCueBox extends HTMLDivElement and is an intermediate layer
        between the renderer class and the actual cue object. Its purpose is
        to instantiate the particular renderer and cover all the default CSS
        styling that needs to be applied to the cue.

        The layout is done in two steps:
          - Step 1: Layout the TextTrackCue with default CSS properties set (this is
        the TextTrackCueBox decorated with the respective CSS elements)
          - Step 2: RenderTextTrackCue adjusts the box position depending on the
        parameters of the TextTrackCue object and the overlaps that may occur with
        previously positioned cues.

        Tests: media/track/track-cue-rendering-horizontal.html
               media/track/track-cue-rendering-vertical.html

        * CMakeLists.txt: Updated to include RenderTextTrackCue.
        * GNUmakefile.list.am: Updated to include RenderTextTrackCue.
        * Target.pri: Updated to include RenderTextTrackCue.
        * WebCore.gypi: Updated to include RenderTextTrackCue.
        * WebCore.vcproj/WebCore.vcproj: Updated to include RenderTextTrackCue.
        * WebCore.xcodeproj/project.pbxproj: Updated to include RenderTextTrackCue.
        * css/mediaControls.css: Removed unreliable CSS.
        (video::-webkit-media-text-track-display): Removed properties.
        * html/shadow/MediaControlElements.cpp: Updated to not use the new class.
        (RenderTextTrackContainerElement):
        (WebCore::MediaControlTextTrackContainerElement::updateDisplay): Simplified
        the function by moving the check if track is rendered in TextTrack and used
        the TextTrackCueBox for cues.
        * html/track/TextTrack.cpp: Added a new method.
        (WebCore::TextTrack::isRendered): Method that returns whether the track should
        be rendered or not.
        (WebCore):
        * html/track/TextTrack.h: Added the isRendered method.
        (TextTrack):
        * html/track/TextTrackCue.cpp: Added several helper methods and
        the TextTrackCueBox.
        (WebCore):
        (WebCore::TextTrackCueBox::TextTrackCueBox): The TextTrackCueBox extends
        the HTMLDivElement and represents a bridge class between RenderTextTrackCue
        and TextTrackCue. This is required as the layout is done in two steps, as
        explained on top of the ChangeLog entry.
        (WebCore::TextTrackCueBox::getCue): Returns the associated TextTrackCue object.
        (WebCore::TextTrackCueBox::applyCSSProperties): Applies a part of the default CSS
        properties, as defined by section 3.5.1 of the WebVTT specification.
        (WebCore::TextTrackCueBox::shadowPseudoId): Moved the shadow pseudo id.
        (WebCore::TextTrackCueBox::createRenderer): Creates the particular renderer.
        (WebCore::TextTrackCue::TextTrackCue): Corrected the internal writing mode map.
        (WebCore::TextTrackCue::calculateComputedLinePosition): Updated the compute line
        position algorithm. This requires, however, a method to consider only rendered
        tracks (and therefore will be addressed completely in subsequent changeset).
        (WebCore::TextTrackCue::calculateDisplayParameters): Updated and corrected the
        computed display parameters to match the current specification.
        (WebCore::TextTrackCue::getDisplayTree): Update to use the TextTrackCueBox class
        and moved CSS application to the respective class.
        (WebCore::TextTrackCue::getPositionCoordinates): Added comment to specify in which
        situation this method is used and change visibility to private.
        (WebCore::TextTrackCue::getCSSWritingMode): Returns the CSS writing mode corresponding
        to the cue writing mode.
        (WebCore::TextTrackCue::getCSSSize): Returns the cue width / height (depending on the
        writing direction.
        (WebCore::TextTrackCue::getCSSPosition): Returns the default display position, that is
        used in the first layout step.
        * html/track/TextTrackCue.h:
        (WebCore):
        (TextTrackCueBox):
        (WebCore::TextTrackCueBox::create): Initialization method.
        (TextTrackCue):
        (WebCore::TextTrackCue::getWritingDirection): Helper method to return the internal
        values used to represent the writing direction.
        * rendering/RenderTextTrackCue.cpp: Added.
        (WebCore):
        (WebCore::RenderTextTrackCue::RenderTextTrackCue):
        (WebCore::RenderTextTrackCue::layout): The rendering steps, as mentioned in
        the WebVTT rendering rules. Currently, this treats only the snap-to-lines set
        case. It is implemented following closely the spec, and might be subject to
        change as discussions on various bugs evolve.
        (WebCore::RenderTextTrackCue::initializeLayoutParameters): Steps 1 - 7.
        (WebCore::RenderTextTrackCue::placeBoxInDefaultPosition): Steps 8 - 10.
        (WebCore::RenderTextTrackCue::isOutside): Inline method to check if the cue is outside.
        (WebCore::RenderTextTrackCue::isOverlapping): Inline method to check if the cue overlaps other boxes.
        (WebCore::RenderTextTrackCue::shouldSwitchDirection): Step 12.
        (WebCore::RenderTextTrackCue::moveBoxesByStep): Step 13.
        (WebCore::RenderTextTrackCue::switchDirection): Steps 15 - 18.
        (WebCore::RenderTextTrackCue::repositionCueSnapToLinesSet): Cue repositioning
        for text track cue when the snap to lines flag is set.
        (WebCore::RenderTextTrackCue::repositionCueSnapToLinesNotSet): Cue repositioning
        for text track cue when the snap to lines flag is not set. Not implemented yet.
        * rendering/RenderTextTrackCue.h: Added.
        (WebCore):
        (RenderTextTrackCue): Rendering class, handling the display of cues.

2012-08-21  Lianghui Chen  <liachen@rim.com>

        [BlackBerry] Add RSS content handling support
        https://bugs.webkit.org/show_bug.cgi?id=93496

        Reviewed by Rob Buis.

        Add code to filter RSS content, and properly convert them to HTML
        content so they can display nicely, instead of as plain text.

        Following modules are included:

        RSSFilterStream: the code for detecting RSS content, and controlling
        the handling of these content.

        RSSParserBase: the base class for the following 3 RSS parser.
        RSS10Parser: the code for decoding RSS 1.0 content.
        RSS20Parser: the code for decoding RSS 2.0 content.
        RSSAtomParser: the code for decoding Atom format RSS content.
        RSSGenerator: the code for generating HTML content based on RSS feed.

        No new tests as it's not changing how HTML content is handled.

        * PlatformBlackBerry.cmake:
        * platform/network/blackberry/NetworkJob.cpp:
        (WebCore::NetworkJob::initialize):
        * platform/network/blackberry/rss/RSS10Parser.cpp: Added.
        (WebCore):
        (WebCore::RSS10Parser::RSS10Parser):
        (WebCore::RSS10Parser::parseBuffer):
        (WebCore::RSS10Parser::parseXmlDoc):
        (WebCore::RSS10Parser::parseItemBaseAttribute):
        (WebCore::RSS10Parser::parseItem):
        (WebCore::RSS10Parser::parseFeed):
        * platform/network/blackberry/rss/RSS10Parser.h: Added.
        (WebCore):
        (RSS10Parser):
        * platform/network/blackberry/rss/RSS20Parser.cpp: Added.
        (WebCore):
        (WebCore::RSS20Parser::RSS20Parser):
        (WebCore::RSS20Parser::parseBuffer):
        (WebCore::RSS20Parser::parseXmlDoc):
        (WebCore::RSS20Parser::parseItemBaseAttribute):
        (WebCore::RSS20Parser::parseItem):
        (WebCore::RSS20Parser::parseFeed):
        (WebCore::RSS20Parser::parseEnclosure):
        * platform/network/blackberry/rss/RSS20Parser.h: Added.
        (WebCore):
        (RSS20Parser):
        * platform/network/blackberry/rss/RSSAtomParser.cpp: Added.
        (WebCore):
        (WebCore::isRelativePath):
        (WebCore::RSSAtomLink::relType):
        (WebCore::RSSAtomParser::RSSAtomParser):
        (WebCore::RSSAtomParser::parseBuffer):
        (WebCore::RSSAtomParser::parseXmlDoc):
        (WebCore::RSSAtomParser::parseItemBaseAttribute):
        (WebCore::RSSAtomParser::parseItem):
        (WebCore::RSSAtomParser::parseFeed):
        (WebCore::RSSAtomParser::parseLink):
        (WebCore::RSSAtomParser::enclosureFromLink):
        (WebCore::RSSAtomParser::parseContent):
        (WebCore::RSSAtomParser::parseAuthor):
        (WebCore::RSSAtomParser::parseCategory):
        * platform/network/blackberry/rss/RSSAtomParser.h: Added.
        (WebCore):
        (RSSAtomLink):
        (WebCore::RSSAtomLink::RSSAtomLink):
        (RSSAtomParser):
        * platform/network/blackberry/rss/RSSFilterStream.cpp: Added.
        (WebCore):
        (WebCore::isASCIISpaceLowerByte):
        (WebCore::stripWhiteSpace):
        (WebCore::equalIgnoringCase):
        (WebCore::isAtomMIMEType):
        (WebCore::isRSSMIMEType):
        (WebCore::isPotentialRSSMIMEType):
        (WebCore::isRSSContent):
        (WebCore::RSSTypeFromContentType):
        (WebCore::RSSTypeFromContent):
        (WebCore::createParser):
        (WebCore::findXMLEncodingPosition):
        (WebCore::findXMLLanguagePosition):
        (WebCore::defaultEncodingForLanguage):
        (WebCore::isTranscodingNeeded):
        (WebCore::transcode):
        (WebCore::transcodeContent):
        (WebCore::RSSFilterStream::RSSFilterStream):
        (WebCore::RSSFilterStream::notifyStatusReceived):
        (WebCore::RSSFilterStream::notifyHeadersReceived):
        (WebCore::RSSFilterStream::notifyDataReceived):
        (WebCore::RSSFilterStream::notifyClose):
        (WebCore::RSSFilterStream::convertContentToHtml):
        (WebCore::RSSFilterStream::handleRSSContent):
        (WebCore::RSSFilterStream::charset):
        (WebCore::RSSFilterStream::encoding):
        (WebCore::RSSFilterStream::saveHeaders):
        (WebCore::RSSFilterStream::removeHeader):
        (WebCore::RSSFilterStream::updateHeader):
        (WebCore::RSSFilterStream::updateRSSHeaders):
        (WebCore::RSSFilterStream::sendSavedHeaders):
        (WebCore::RSSFilterStream::appendData):
        * platform/network/blackberry/rss/RSSFilterStream.h: Added.
        (WebCore):
        (RSSFilterStream):
        * platform/network/blackberry/rss/RSSGenerator.cpp: Added.
        (WebCore):
        (WebCore::RSSGenerator::RSSGenerator):
        (WebCore::RSSGenerator::~RSSGenerator):
        (WebCore::RSSGenerator::generateHtml):
        * platform/network/blackberry/rss/RSSGenerator.h: Added.
        (WebCore):
        (RSSGenerator):
        * platform/network/blackberry/rss/RSSParserBase.cpp: Added.
        (WebCore):
        (WebCore::RSSEnclosure::RSSEnclosure):
        (WebCore::RSSEnclosure::typeInEnum):
        (WebCore::RSSEnclosure::suggestedName):
        (WebCore::RSSFeed::RSSFeed):
        (WebCore::RSSFeed::~RSSFeed):
        (WebCore::RSSFeed::clear):
        (WebCore::RSSItem::RSSItem):
        (WebCore::RSSItem::~RSSItem):
        (WebCore::RSSItem::clear):
        (WebCore::RSSParserBase::RSSParserBase):
        (WebCore::RSSParserBase::~RSSParserBase):
        (WebCore::textFromXMLAttr):
        (WebCore::textFromXMLNode):
        * platform/network/blackberry/rss/RSSParserBase.h: Added.
        (WebCore):
        (RSSEnclosure):
        (RSSItemBase):
        (RSSParserBase):

2012-08-21  Andrew Lo  <anlo@rim.com>

        [BlackBerry] requestAnimationFrame: Unscheduled display link frames need to be sent to main thread
        https://bugs.webkit.org/show_bug.cgi?id=94600

        Reviewed by Rob Buis.

        http://trac.webkit.org/changeset/116792 implements destroying
        DisplayRefreshMonitor after the number of unscheduled frames exceeds 10.

        Part of that change involves dispatching to the main thread whether
        the frame was scheduled or not.

        Make the corresponding change for the BlackBerry port that was made for
        DisplayRefreshMonitorMac.cpp.

        Tests covered by http://trac.webkit.org/changeset/116792

        * platform/graphics/blackberry/DisplayRefreshMonitorBlackBerry.cpp:
        (WebCore::DisplayRefreshMonitor::displayLinkFired):

2012-08-21  Brian Salomon  <bsalomon@google.com>

        [Chromium/Skia] Filters should flush the SkCanvas
        https://bugs.webkit.org/show_bug.cgi?id=94602

        Reviewed by Stephen White.

        Adds a SkCanvas::flush call to FilterBufferState::swap() to ensure the textures are updated before they are consumed by the compositor.

        Covered by existing css3/filters layout tests.

        * platform/graphics/chromium/cc/CCRenderSurfaceFilters.cpp:

2012-08-21  Lianghui Chen  <liachen@rim.com>

        [BlackBerry] Use new method to create socket handle
        https://bugs.webkit.org/show_bug.cgi?id=89991

        Reviewed by Rob Buis.

        Update the way to create SocketStream as the platform API has changed.

        No new tests as no change of behaviour, just API change adaptation.

        * platform/network/blackberry/SocketStreamHandleBlackBerry.cpp:
        (WebCore::SocketStreamHandle::SocketStreamHandle):

2012-08-21  Kentaro Hara  <haraken@chromium.org>

        [V8] Move compileScript() from V8Proxy to ScriptSourceCode
        https://bugs.webkit.org/show_bug.cgi?id=94561

        Reviewed by Adam Barth.

        To kill V8Proxy, this patch moves compileScript() from V8Proxy
        to ScriptSourceCode. This patch also removes fromWebCoreString().

        No tests. No change in behavior.

        * UseV8.cmake:
        * WebCore.gypi:
        * bindings/v8/ScriptController.h:
        (ScriptController):
        * bindings/v8/ScriptSourceCode.cpp: Added.
        (WebCore):
        (WebCore::ScriptSourceCode::compileScript):
        * bindings/v8/ScriptSourceCode.h:
        (ScriptSourceCode):
        * bindings/v8/V8Binding.h:
        * bindings/v8/V8LazyEventListener.cpp:
        (WebCore::V8LazyEventListener::prepareListenerObject):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::evaluate):
        * bindings/v8/V8Proxy.h:
        (V8Proxy):
        * bindings/v8/WorkerContextExecutionProxy.cpp:
        (WebCore::WorkerContextExecutionProxy::evaluate):
        (WebCore::WorkerContextExecutionProxy::runScript):
        * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
        (WebCore::V8InjectedScriptHost::getEventListenersCallback):
        * bindings/v8/custom/V8MessageEventCustom.cpp:
        (WebCore::V8MessageEvent::dataAccessorGetter):
        * bindings/v8/custom/V8WebGLRenderingContextCustom.cpp:
        (WebCore::toV8Object):
        (WebCore::V8WebGLRenderingContext::getSupportedExtensionsCallback):

2012-08-21  Kentaro Hara  <haraken@chromium.org>

        [V8] Move toV8Context() from V8Proxy to V8Binding
        https://bugs.webkit.org/show_bug.cgi?id=94597

        Reviewed by Adam Barth.

        To kill V8Proxy, we can move toV8Context() from V8Proxy to V8Binding.

        No tests. No change in behavior.

        * bindings/v8/V8Binding.cpp:
        (WebCore::toV8Context):
        (WebCore):
        * bindings/v8/V8Binding.h:
        (WebCore):
        * bindings/v8/V8Proxy.cpp:
        * bindings/v8/V8Proxy.h:

2012-08-21  Gabriel Peal  <gpeal@google.com>

        Web Inspector: Embeddable Web Inspector
        https://bugs.webkit.org/show_bug.cgi?id=91528

        Reviewed by Pavel Feldman.

        Adds functionality to the inspector such that it is better suited to run embedded in another webpage. It adds the ability to prepopulate the timeline panel with an existing recording among other controls.

        * English.lproj/localizedStrings.js:
        * inspector/front-end/InspectorFrontendAPI.js:
        (InspectorFrontendAPI.dispatchQueryParameters):
        (InspectorFrontendAPI.loadTimelineFromURL):
        * inspector/front-end/InspectorFrontendHostStub.js:
        (.WebInspector.InspectorFrontendHostStub.prototype.hiddenPanels):
        (.WebInspector.InspectorFrontendHostStub.prototype.loadResourceSynchronously):
        * inspector/front-end/InspectorView.js:
        * inspector/front-end/TimelineModel.js:
        (WebInspector.TimelineModel.prototype.loadFromURL.onDataReceived):
        (WebInspector.TimelineModel.prototype.loadFromURL.parseAndImportData):
        (WebInspector.TimelineModel.prototype.loadFromURL.onLoad):
        (WebInspector.TimelineModel.prototype.loadFromURL):
        * inspector/front-end/TimelinePanel.js:
        (WebInspector.TimelinePanel.prototype.loadFromURL):
        * inspector/front-end/inspector.js:
        (WebInspector._createPanels):
        (WebInspector.loaded):
        * inspector/front-end/utilities.js:

2012-08-21  Robin Cao  <robin.cao@torchmobile.com.cn>

        [BlackBerry] Add support for getUserMedia
        https://bugs.webkit.org/show_bug.cgi?id=94591

        Reviewed by George Staikos.

        Implement getUserMedia feature using the platform API.

        Tests in fast/mediastream cover this.

        PR #153571

        Reviewed internally by George Staikos.

        * platform/graphics/blackberry/MediaPlayerPrivateBlackBerry.cpp:
        (WebCore::toWebMediaStreamSource):
        (WebCore):
        (WebCore::toWebMediaStreamDescriptor):
        (WebCore::MediaPlayerPrivate::lookupMediaStream):
        * platform/graphics/blackberry/MediaPlayerPrivateBlackBerry.h:
        (MediaPlayerPrivate):

2012-08-21  Pavel Feldman  <pfeldman@chromium.org>

        Web Inspector: remove DOMNodeRemoved listener from the DefaultTextEditor
        https://bugs.webkit.org/show_bug.cgi?id=94592

        Reviewed by Yury Semikhatsky.

        It seems to be not necessary.

        * inspector/front-end/DefaultTextEditor.js:
        (WebInspector.TextEditorMainPanel):
        (WebInspector.TextEditorMainPanel.prototype._handleDOMUpdates):
        (WebInspector.TextEditorMainChunk):
        (WebInspector.TextEditorMainChunk.prototype.set expanded):

2012-08-21  Thiago Marcos P. Santos  <thiago.santos@intel.com>

        CodeGeneratorInspector.py: Generate guards for type validators
        https://bugs.webkit.org/show_bug.cgi?id=94511

        Reviewed by Yury Semikhatsky.

        Fix regression when building debug and one of the generated types is
        disabled by a compile flag. We should generate guards for these type
        validators the same way as we are doing on the include headers.

        * inspector/CodeGeneratorInspector.py:
        (TypeBindings.create_type_declaration_.EnumBinding.get_code_generator.CodeGenerator.generate_type_builder):

2012-08-21  Florin Malita  <fmalita@chromium.org>

        ASSERT triggered in SVGTRefTargetEventListener::handleEvent()
        https://bugs.webkit.org/show_bug.cgi?id=94487

        Reviewed by Nikolas Zimmermann.

        The current way of tracking tref target elements by id can leave stale event listeners
        under certain circumstances. This patch switches to storing a target RefPtr instead
        to avoid an id lookup which may not return the original/attached element.

        Test: svg/custom/tref-stale-listener-crash.html

        * svg/SVGTRefElement.cpp:
        (SVGTRefTargetEventListener):
        (WebCore::SVGTRefTargetEventListener::isAttached): use m_target instead of an explicit bool.
        (WebCore::SVGTRefTargetEventListener::SVGTRefTargetEventListener):
        (WebCore::SVGTRefTargetEventListener::attach): save a target RefPtr instead of an id.
        (WebCore::SVGTRefTargetEventListener::detach): detach the target element directly without
        going through a lookup.
        (WebCore::SVGTRefTargetEventListener::handleEvent):
        (WebCore::SVGTRefElement::updateReferencedText): use an explicit target pointer instead of
        the id-based lookup.
        (WebCore::SVGTRefElement::buildPendingResource):
        * svg/SVGTRefElement.h:
        (SVGTRefElement):

2012-08-21  Alexandre Elias  <aelias@google.com>

        [chromium] Add software bitmap resources to CCResourceProvider
        https://bugs.webkit.org/show_bug.cgi?id=93677

        Reviewed by Adrienne Walker.

        This adds the ability to CCResourceProvider to use software bitmaps.
        They are allocated as plain-old-memory, and exposed as Skia objects.

        We want the ResourceProvider to be able to handle different resource
        types at the same time.  In practice, a default resource type is
        desired for most uses within a single compositor instance, which is
        specified by the default resource type.  Default resource types are
        expected to be mostly 1-to-1 with CCRenderer types.

        New tests added by parametrizing existing CCResourceProvider tests.

        * platform/graphics/chromium/FrameBufferSkPictureCanvasLayerTextureUpdater.cpp:
        (WebCore::FrameBufferSkPictureCanvasLayerTextureUpdater::updateTextureRect):
        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::applyFilters):
        (WebCore::LayerRendererChromium::drawRenderPassQuad):
        (WebCore::LayerRendererChromium::drawTileQuad):
        (WebCore::LayerRendererChromium::drawYUVVideoQuad):
        (WebCore::LayerRendererChromium::drawTextureQuad):
        (WebCore::LayerRendererChromium::getFramebufferTexture):
        (WebCore::LayerRendererChromium::bindFramebufferToTexture):
        * platform/graphics/chromium/LayerRendererChromium.h:
        (DrawingFrame):
        * platform/graphics/chromium/cc/CCResourceProvider.cpp:
        (WebCore::CCResourceProvider::createResource):
        (WebCore):
        (WebCore::CCResourceProvider::createGLTexture):
        (WebCore::CCResourceProvider::createBitmap):
        (WebCore::CCResourceProvider::createResourceFromExternalTexture):
        (WebCore::CCResourceProvider::deleteResource):
        (WebCore::CCResourceProvider::upload):
        (WebCore::CCResourceProvider::flush):
        (WebCore::CCResourceProvider::shallowFlushIfSupported):
        (WebCore::CCResourceProvider::lockForRead):
        (WebCore::CCResourceProvider::unlockForRead):
        (WebCore::CCResourceProvider::lockForWrite):
        (WebCore::CCResourceProvider::unlockForWrite):
        (WebCore::CCResourceProvider::ScopedReadLockGL::ScopedReadLockGL):
        (WebCore::CCResourceProvider::ScopedReadLockGL::~ScopedReadLockGL):
        (WebCore::CCResourceProvider::ScopedWriteLockGL::ScopedWriteLockGL):
        (WebCore::CCResourceProvider::ScopedWriteLockGL::~ScopedWriteLockGL):
        (WebCore::CCResourceProvider::populateSkBitmapWithResource):
        (WebCore::CCResourceProvider::ScopedReadLockSoftware::ScopedReadLockSoftware):
        (WebCore::CCResourceProvider::ScopedReadLockSoftware::~ScopedReadLockSoftware):
        (WebCore::CCResourceProvider::ScopedWriteLockSoftware::ScopedWriteLockSoftware):
        (WebCore::CCResourceProvider::ScopedWriteLockSoftware::~ScopedWriteLockSoftware):
        (WebCore::CCResourceProvider::CCResourceProvider):
        * platform/graphics/chromium/cc/CCResourceProvider.h:
        (WebCore):
        (WebCore::CCResourceProvider::setCreationPolicy):
        (WebCore::CCResourceProvider::creationPolicy):
        (CCResourceProvider):
        (ScopedReadLockGL):
        (WebCore::CCResourceProvider::ScopedReadLockGL::textureId):
        (ScopedWriteLockGL):
        (WebCore::CCResourceProvider::ScopedWriteLockGL::textureId):
        (ScopedReadLockSoftware):
        (WebCore::CCResourceProvider::ScopedReadLockSoftware::skBitmap):
        (ScopedWriteLockSoftware):
        (WebCore::CCResourceProvider::ScopedWriteLockSoftware::skCanvas):
        (Resource):

2012-08-21  Tab Atkins  <tabatkins@google.com>

        Track -webkit property usage.
        https://bugs.webkit.org/show_bug.cgi?id=93420

        Reviewed by Ojan Vafai.

        First draft of an attempt to track all usage of -webkit prefixed properties across the web.
        This attempt is dumb, but should provide useful data as a first-pass.
        I plan to optimize this for better data collection in the future.

        No tests added, as this is untestable currently.
        It should have zero effect besides histogramming.

        * css/CSSParser.cpp:
        (WebCore::cssPropertyID):

2012-08-21  Alec Flett  <alecflett@chromium.org>

        IndexedDB: remove old update/openCursor glue
        https://bugs.webkit.org/show_bug.cgi?id=94378

        Reviewed by Tony Chang.

        Remove old openCursor and update methods after landing
        https://bugs.webkit.org/show_bug.cgi?id=91125 and removing
        Chromium-side glue.

        No new tests: this code is dead.

        * Modules/indexeddb/IDBObjectStoreBackendImpl.cpp:
        * Modules/indexeddb/IDBObjectStoreBackendImpl.h:
        (IDBObjectStoreBackendImpl):
        * Modules/indexeddb/IDBObjectStoreBackendInterface.h:
        * inspector/InspectorIndexedDBAgent.cpp:
        (WebCore):

2012-08-21  James Robinson  <jamesr@chromium.org>

        [chromium] Should be able to destroy a CCLayerTreeHost without manually setting the root layer
        https://bugs.webkit.org/show_bug.cgi?id=94631

        Reviewed by Adrienne Walker.

        In the depths of time when dinosaurs roamed the earth, LayerChromium and CCLayerTreeHost were both reference
        counted and there was a cycle between the root LayerChromium and CCLayerTreeHost. This required all users of
        CCLayerTreeHost to manually break the cycle by calling setRootLayer(0) before dropping their reference to the
        host. Nowadays, CCLayerTreeHost has a single owner and LayerChromiums only have a weak pointer to their host
        so we should just do this cleanup ourselves instead of imposing it on callers.

        Unit test added to LayerChromiumTest.cpp

        * platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
        (WebCore::CCLayerTreeHost::~CCLayerTreeHost):

2012-08-21  Ulan Degenbaev  <ulan@chromium.org>

        Call AdjustAmountOfExternalAllocatedMemory when V8ArrayBuffer constructed and destructed
        https://bugs.webkit.org/show_bug.cgi?id=92993

        Reviewed by Kenneth Russell.

        Call AdjustAmountOfExternalAllocatedMemory when V8ArrayBuffer
        is constructed and destructed so that V8's garbage collection
        heuristics can account for the memory held by these objects.

        * WebCore.gypi:
        * bindings/v8/SerializedScriptValue.cpp:
        * bindings/v8/custom/V8ArrayBufferCustom.cpp:
        (WebCore::V8ArrayBufferDeallocationObserver::instance):
        (WebCore):
        (WebCore::V8ArrayBuffer::constructorCallback):
        * bindings/v8/custom/V8ArrayBufferCustom.h: Added.
        (WebCore):
        * bindings/v8/custom/V8ArrayBufferViewCustom.cpp:
        * bindings/v8/custom/V8ArrayBufferViewCustom.h:
        (WebCore::constructWebGLArray):
        * dom/MessageEvent.cpp:
        (WebCore::MessageEvent::MessageEvent):
        (WebCore::MessageEvent::initMessageEvent):

2012-08-21  Taiju Tsuiki  <tzik@chromium.org>

        Web Inspector: Completion events of InspectorFileSystemAgent should be fired asynchronously.
        https://bugs.webkit.org/show_bug.cgi?id=93933

        Reviewed by Yury Semikhatsky.

        InspectorFileSystemAgent fires completion event too early in error case. It should wait
        until JS code is ready.

        Test: http/tests/inspector/filesystem/request-directory-content.html
              http/tests/inspector/filesystem/request-file-content.html
              http/tests/inspector/filesystem/request-metadata.html

        * inspector/InspectorFileSystemAgent.cpp:
        (WebCore): Add ReportErrorTask class

2012-08-21  Mike West  <mkwst@chromium.org>

        Blocking a resource via Content Security Policy should trigger an Error event.
        https://bugs.webkit.org/show_bug.cgi?id=89440

        Reviewed by Jochen Eisinger.

        If a CSP directive is violated, CachedResourceLoader will trigger a
        console error, and return a null image. In that case, we now dispatch
        an error on the relevant element.

        Adjusted http/tests/security/contentSecurityPolicy/image-blocked.html
        and http/tests/security/contentSecurityPolicy/register-bypassing-scheme.html
        to test the new behavior.

        This has the side-effect of also generating errors for images blocked by
        Chromium's content settings. Adjusted
        platform/chromium/permissionclient/image-permissions.html to agree with
        the new behavior.

        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::updateFromElement):

2012-08-21  Taiju Tsuiki  <tzik@chromium.org>

        Web Inspector: Split out crumb list part of styles from elementsPanel.css
        https://bugs.webkit.org/show_bug.cgi?id=94301

        Reviewed by Pavel Feldman.

        As a preparation to use BreadcrumbList on FileSystem, introduce breadcrumbList.css and
        move crumb-related style entries into it from elementsPanel.css.

        No new tests. This change does not make functional change.

        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * inspector/front-end/ElementsPanel.js:
        * inspector/front-end/WebKit.qrc:
        * inspector/front-end/breadcrumbList.css: Added.
        (.crumbs):
        (.crumbs .crumb):
        (.crumbs .crumb.collapsed > *):
        (.crumbs .crumb.collapsed::before):
        (.crumbs .crumb.compact .extra):
        (.crumbs .crumb.dimmed):
        (.crumbs .crumb.start):
        (.crumbs .crumb.end):
        (.crumbs .crumb.selected):
        (.crumbs .crumb.selected:hover):
        (.crumbs .crumb.selected.end, .crumbs .crumb.selected.end:hover):
        (.crumbs .crumb:hover):
        (.crumbs .crumb.dimmed:hover):
        (.crumbs .crumb.end:hover):
        * inspector/front-end/elementsPanel.css:

2012-08-21  Sudarsana Nagineni  <sudarsana.nagineni@linux.intel.com>

        canvas/philip/tests/2d.fillStyle.parse.invalid.rgba-6.html fails
        https://bugs.webkit.org/show_bug.cgi?id=50797

        Reviewed by Andreas Kling.

        Add a check in fast-path parseAlphaValue() to return early
        if the CSS <alphavalue> ended with an invalid digit.

        Test: canvas/philip/tests/2d.fillStyle.parse.invalid.rgba-6.html

        * css/CSSParser.cpp:
        (WebCore::parseAlphaValue):

2012-08-21  Benjamin Poulain  <bpoulain@apple.com>

        Store CString data in the CStringBuffer to avoid the double indirection
        https://bugs.webkit.org/show_bug.cgi?id=94562

        Reviewed by Darin Adler.

        * bindings/cpp/WebDOMCString.cpp:
        (WebDOMCString::length): With the patch, CStringBuffer hold the real string length instead of the
        size of the buffer including the terminating zero. WebDOMCString is updated accordingly.

2012-08-21  Benjamin Poulain  <bpoulain@apple.com>

        Create CSS color output string on 8 bits
        https://bugs.webkit.org/show_bug.cgi?id=94625

        Reviewed by Andreas Kling.

        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::customCssText):
        Previously, the output string for a CSS color was computed on 16 bits.
        This was mainly forced by the use of String::number().

        Since the double to string conversion is done on 8bits anyway, I changed
        the code to use dtoa's numberToFixedPrecisionString directly instead of
        String::number().
        All the other parts were already on 8bits.

2012-08-21  Martin Robinson  <mrobinson@igalia.com>

        [GTK] Using a native window for the WebView breaks GtkOverlay
        https://bugs.webkit.org/show_bug.cgi?id=90085

        Reviewed by Alejandro G. Castro.

        No new tests. This will be covered by pixel test for accelerated
        compositing when they are activated.

        * GNUmakefile.am: Add XComposite libraries to the linker list.
        * GNUmakefile.list.am: Add RedirectedXCompositeWindow files to the source list.
        Make a new section for GLX specific files.
        * platform/graphics/glx/GLContextGLX.cpp:
        (WebCore::GLContextGLX::sharedDisplay): Expose sharedDisplay as a static method
        so that it can be called by other X11 specific code.
        * platform/graphics/glx/GLContextGLX.h: Ditto.
        * platform/gtk/RedirectedXCompositeWindow.cpp: Added. An implementation of a GL surface
        that renders to an X-window which redirects to a pixmap.
        * platform/gtk/RedirectedXCompositeWindow.h: Added.

2012-08-21  David Hyatt  <hyatt@apple.com>

        [New Multicolumn] Make column rules paint properly.
        https://bugs.webkit.org/show_bug.cgi?id=94616

        Reviewed by Simon Fraser.

        Make the new multi-column code paint column rules and also prepare it for painting
        the actual column contents.

        * rendering/RenderMultiColumnBlock.cpp:
        (WebCore::RenderMultiColumnBlock::ensureColumnSets):
        Remove the addRegionToThread call, since this is now done automatically in RenderRegion::insertedIntoTree.
        
        * rendering/RenderMultiColumnBlock.h:
        (WebCore::RenderMultiColumnBlock::flowThread):
        Make public so that RenderMultiColumnSet can access it.
        
        (RenderMultiColumnBlock):
        * rendering/RenderMultiColumnSet.cpp:
        (WebCore::RenderMultiColumnSet::columnGap):
        Add a column gap fetch method. It's identical to the one on RenderBlock (which will eventually go away
        when we kill the old multi-column code).
        
        (WebCore::RenderMultiColumnSet::columnRectAt):
        Also identical to the RenderBlock version of this method. Gets the rect for the nth column.
        
        (WebCore::RenderMultiColumnSet::paintReplaced):
        Subclass paintReplaced in order to do column rules and contents painting.
        
        (WebCore::RenderMultiColumnSet::paintColumnRules):
        (WebCore::RenderMultiColumnSet::paintColumnContents):
        Similar to the methods on RenderBlock. The former paints the rules and the latter paints the contents of
        the flow thread into the columns.
        
        * rendering/RenderMultiColumnSet.h:
        (RenderMultiColumnSet):
        Add the declarations of all the new methods.
        
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::installFlowThread):
        Added a new virtual function for installing flow threads when they didn't exist at construction time.
        This only applies to actual CSS Regions, so the subclass of the method in RenderRegionSet just does
        nothing.
        
        (WebCore::RenderRegion::attachRegion):
        Get the named flow thread code out of attachRegion, since it broke multi-column. Moved it into a
        virtual function, installFlowThread, that is only used by actual CSS regions. Eventually we may
        want a RenderRegion subclass that represents a region for a named flow thread only, but for now
        let the code sit in installFlowThread in the base class.
        
        * rendering/RenderRegion.h:
        (RenderRegion):
        Add installFlowThread declaration.
        
        * rendering/RenderRegionSet.cpp:
        (WebCore::RenderRegionSet::installFlowThread):
        installFlowThread for region sets just does nothing, since we don't use named flow threads.
        
        * rendering/RenderRegionSet.h:
        (RenderRegionSet):
        Add the override of installFlowThread.

2012-08-21  Patrick Gansterer  <paroga@webkit.org>

        [WIN] Build fix for !ENABLE(DRAG_SUPPORT).

        * page/win/EventHandlerWin.cpp:
        (WebCore):
        (WebCore::EventHandler::passMouseMoveEventToSubframe):

2012-08-21  James Robinson  <jamesr@chromium.org>

        Unreviewed, rolling out r126170.
        http://trac.webkit.org/changeset/126170
        https://bugs.webkit.org/show_bug.cgi?id=94614

        I spoke too soon

        * page/scrolling/chromium/ScrollingCoordinatorChromium.cpp:
        (WebCore::ScrollingCoordinatorPrivate::ScrollingCoordinatorPrivate):
        (WebCore::ScrollingCoordinatorPrivate::setScrollLayer):
        (WebCore::ScrollingCoordinatorPrivate::setHorizontalScrollbarLayer):
        (WebCore::ScrollingCoordinatorPrivate::setVerticalScrollbarLayer):
        (WebCore::ScrollingCoordinatorPrivate::hasScrollLayer):
        (WebCore::ScrollingCoordinatorPrivate::scrollLayer):
        (ScrollingCoordinatorPrivate):
        (WebCore::createScrollbarLayer):
        (WebCore::ScrollingCoordinator::frameViewHorizontalScrollbarLayerDidChange):
        (WebCore::ScrollingCoordinator::frameViewVerticalScrollbarLayerDidChange):
        (WebCore::ScrollingCoordinator::setScrollLayer):
        (WebCore::ScrollingCoordinator::setNonFastScrollableRegion):
        (WebCore::ScrollingCoordinator::setWheelEventHandlerCount):
        (WebCore::ScrollingCoordinator::setShouldUpdateScrollLayerPositionOnMainThread):
        (WebCore::ScrollingCoordinator::setLayerIsContainerForFixedPositionLayers):
        (WebCore::ScrollingCoordinator::setLayerIsFixedToContainerLayer):
        * platform/graphics/chromium/Canvas2DLayerBridge.cpp:
        (WebCore::Canvas2DLayerBridge::Canvas2DLayerBridge):
        (WebCore::Canvas2DLayerBridge::~Canvas2DLayerBridge):
        (WebCore::Canvas2DLayerBridge::prepareForDraw):
        (WebCore::Canvas2DLayerBridge::layer):
        (WebCore::Canvas2DLayerBridge::contextAcquired):
        * platform/graphics/chromium/Canvas2DLayerBridge.h:
        (Canvas2DLayerBridge):
        * platform/graphics/chromium/DrawingBufferChromium.cpp:
        (WebCore::DrawingBufferPrivate::DrawingBufferPrivate):
        (WebCore::DrawingBufferPrivate::~DrawingBufferPrivate):
        (WebCore::DrawingBufferPrivate::layer):
        (DrawingBufferPrivate):
        * platform/graphics/chromium/GraphicsLayerChromium.cpp:
        (WebCore::GraphicsLayerChromium::GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::~GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::willBeDestroyed):
        (WebCore):
        (WebCore::GraphicsLayerChromium::updateNames):
        (WebCore::GraphicsLayerChromium::removeFromParent):
        (WebCore::GraphicsLayerChromium::setSize):
        (WebCore::GraphicsLayerChromium::clearBackgroundColor):
        (WebCore::GraphicsLayerChromium::setContentsOpaque):
        (WebCore::GraphicsLayerChromium::setFilters):
        (WebCore::GraphicsLayerChromium::setBackgroundFilters):
        (WebCore::GraphicsLayerChromium::setMaskLayer):
        (WebCore::GraphicsLayerChromium::setBackfaceVisibility):
        (WebCore::GraphicsLayerChromium::setOpacity):
        (WebCore::GraphicsLayerChromium::setReplicatedByLayer):
        (WebCore::GraphicsLayerChromium::setContentsNeedsDisplay):
        (WebCore::GraphicsLayerChromium::setNeedsDisplay):
        (WebCore::GraphicsLayerChromium::setNeedsDisplayInRect):
        (WebCore::GraphicsLayerChromium::setContentsToImage):
        (WebCore::GraphicsLayerChromium::setContentsToCanvas):
        (WebCore::GraphicsLayerChromium::addAnimation):
        (WebCore::GraphicsLayerChromium::pauseAnimation):
        (WebCore::GraphicsLayerChromium::removeAnimation):
        (WebCore::GraphicsLayerChromium::suspendAnimations):
        (WebCore::GraphicsLayerChromium::resumeAnimations):
        (WebCore::GraphicsLayerChromium::addLinkHighlight):
        (WebCore::GraphicsLayerChromium::didFinishLinkHighlight):
        (WebCore::GraphicsLayerChromium::setContentsToMedia):
        (WebCore::GraphicsLayerChromium::primaryLayer):
        (WebCore::GraphicsLayerChromium::platformLayer):
        (WebCore::GraphicsLayerChromium::setDebugBackgroundColor):
        (WebCore::GraphicsLayerChromium::setDebugBorder):
        (WebCore::GraphicsLayerChromium::updateChildList):
        (WebCore::GraphicsLayerChromium::updateLayerPosition):
        (WebCore::GraphicsLayerChromium::updateLayerSize):
        (WebCore::GraphicsLayerChromium::updateAnchorPoint):
        (WebCore::GraphicsLayerChromium::updateTransform):
        (WebCore::GraphicsLayerChromium::updateChildrenTransform):
        (WebCore::GraphicsLayerChromium::updateMasksToBounds):
        (WebCore::GraphicsLayerChromium::updateLayerPreserves3D):
        (WebCore::GraphicsLayerChromium::updateLayerIsDrawable):
        (WebCore::GraphicsLayerChromium::updateLayerBackgroundColor):
        (WebCore::GraphicsLayerChromium::updateContentsRect):
        (WebCore::GraphicsLayerChromium::updateContentsScale):
        (WebCore::GraphicsLayerChromium::setupContentsLayer):
        * platform/graphics/chromium/GraphicsLayerChromium.h:
        (WebCore::GraphicsLayerChromium::hasContentsLayer):
        (GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::contentsLayer):
        * platform/graphics/chromium/LayerChromium.cpp:
        (WebCore::LayerChromium::rootLayer):
        * platform/graphics/chromium/LayerChromium.h:

2012-08-21  Adam Barth  <abarth@webkit.org>

        Update run-bindings-tests results after http://trac.webkit.org/changeset/126165

        * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
        (WebCore::jsTestActiveDOMObjectExcitingAttr):
        (WebCore::jsTestActiveDOMObjectConstructor):
        (WebCore::jsTestActiveDOMObjectPrototypeFunctionExcitingFunction):

2012-08-21  Vincent Scheib  <scheib@chromium.org>

        Add parsing logic for allow-pointer-lock to iframe sandbox attribute.
        https://bugs.webkit.org/show_bug.cgi?id=94513

        Reviewed by Adam Barth.

        Pointer lock was previously blocked from all sandboxed iframes.
        Parsing the sandbox="allow-pointer-lock" attribute allows pages
        to control the feature and enable it in sandboxed iframes.

        Tests: http/tests/pointer-lock/iframe-sandboxed-allow-pointer-lock.html
               http/tests/pointer-lock/iframe-sandboxed-nested-allow-pointer-lock.html
               http/tests/pointer-lock/iframe-sandboxed-nested-disallow-then-allow-pointer-lock.html

        * dom/SecurityContext.cpp:
        (WebCore::SecurityContext::parseSandboxPolicy):

2012-08-21  James Robinson  <jamesr@chromium.org>

        Unreviewed, rolling out r126169.
        http://trac.webkit.org/changeset/126169
        https://bugs.webkit.org/show_bug.cgi?id=94614

        Crashes already fixed downstream

        * page/scrolling/chromium/ScrollingCoordinatorChromium.cpp:
        (WebCore::ScrollingCoordinatorPrivate::ScrollingCoordinatorPrivate):
        (ScrollingCoordinatorPrivate):
        (WebCore::ScrollingCoordinatorPrivate::setScrollLayer):
        (WebCore::ScrollingCoordinatorPrivate::setHorizontalScrollbarLayer):
        (WebCore::ScrollingCoordinatorPrivate::setVerticalScrollbarLayer):
        (WebCore::ScrollingCoordinatorPrivate::scrollLayer):
        (WebCore::scrollableLayerForGraphicsLayer):
        (WebCore):
        (WebCore::createScrollbarLayer):
        (WebCore::ScrollingCoordinator::frameViewHorizontalScrollbarLayerDidChange):
        (WebCore::ScrollingCoordinator::frameViewVerticalScrollbarLayerDidChange):
        (WebCore::ScrollingCoordinator::setScrollLayer):
        (WebCore::ScrollingCoordinator::setNonFastScrollableRegion):
        (WebCore::ScrollingCoordinator::setWheelEventHandlerCount):
        (WebCore::ScrollingCoordinator::setShouldUpdateScrollLayerPositionOnMainThread):
        (WebCore::ScrollingCoordinator::setLayerIsContainerForFixedPositionLayers):
        (WebCore::ScrollingCoordinator::setLayerIsFixedToContainerLayer):
        * platform/graphics/chromium/Canvas2DLayerBridge.cpp:
        (WebCore::Canvas2DLayerBridge::Canvas2DLayerBridge):
        (WebCore::Canvas2DLayerBridge::~Canvas2DLayerBridge):
        (WebCore::Canvas2DLayerBridge::prepareForDraw):
        (WebCore::Canvas2DLayerBridge::layer):
        (WebCore::Canvas2DLayerBridge::contextAcquired):
        * platform/graphics/chromium/Canvas2DLayerBridge.h:
        (Canvas2DLayerBridge):
        * platform/graphics/chromium/DrawingBufferChromium.cpp:
        (WebCore::DrawingBufferPrivate::DrawingBufferPrivate):
        (WebCore::DrawingBufferPrivate::~DrawingBufferPrivate):
        (WebCore::DrawingBufferPrivate::layer):
        (DrawingBufferPrivate):
        * platform/graphics/chromium/GraphicsLayerChromium.cpp:
        (WebCore::GraphicsLayerChromium::GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::~GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::updateNames):
        (WebCore::GraphicsLayerChromium::removeFromParent):
        (WebCore::GraphicsLayerChromium::setSize):
        (WebCore::GraphicsLayerChromium::clearBackgroundColor):
        (WebCore::GraphicsLayerChromium::setContentsOpaque):
        (WebCore::GraphicsLayerChromium::setFilters):
        (WebCore::GraphicsLayerChromium::setBackgroundFilters):
        (WebCore::GraphicsLayerChromium::setMaskLayer):
        (WebCore::GraphicsLayerChromium::setBackfaceVisibility):
        (WebCore::GraphicsLayerChromium::setOpacity):
        (WebCore::GraphicsLayerChromium::setReplicatedByLayer):
        (WebCore::GraphicsLayerChromium::setContentsNeedsDisplay):
        (WebCore::GraphicsLayerChromium::setNeedsDisplay):
        (WebCore::GraphicsLayerChromium::setNeedsDisplayInRect):
        (WebCore::GraphicsLayerChromium::setContentsToImage):
        (WebCore::GraphicsLayerChromium::setContentsToCanvas):
        (WebCore):
        (WebCore::GraphicsLayerChromium::setContentsToMedia):
        (WebCore::GraphicsLayerChromium::setContentsTo):
        (WebCore::GraphicsLayerChromium::addAnimation):
        (WebCore::GraphicsLayerChromium::pauseAnimation):
        (WebCore::GraphicsLayerChromium::removeAnimation):
        (WebCore::GraphicsLayerChromium::suspendAnimations):
        (WebCore::GraphicsLayerChromium::resumeAnimations):
        (WebCore::GraphicsLayerChromium::addLinkHighlight):
        (WebCore::GraphicsLayerChromium::didFinishLinkHighlight):
        (WebCore::GraphicsLayerChromium::platformLayer):
        (WebCore::GraphicsLayerChromium::setDebugBackgroundColor):
        (WebCore::GraphicsLayerChromium::setDebugBorder):
        (WebCore::GraphicsLayerChromium::updateChildList):
        (WebCore::GraphicsLayerChromium::updateLayerPosition):
        (WebCore::GraphicsLayerChromium::updateLayerSize):
        (WebCore::GraphicsLayerChromium::updateAnchorPoint):
        (WebCore::GraphicsLayerChromium::updateTransform):
        (WebCore::GraphicsLayerChromium::updateChildrenTransform):
        (WebCore::GraphicsLayerChromium::updateMasksToBounds):
        (WebCore::GraphicsLayerChromium::updateLayerPreserves3D):
        (WebCore::GraphicsLayerChromium::updateLayerIsDrawable):
        (WebCore::GraphicsLayerChromium::updateLayerBackgroundColor):
        (WebCore::GraphicsLayerChromium::updateContentsRect):
        (WebCore::GraphicsLayerChromium::updateContentsScale):
        (WebCore::GraphicsLayerChromium::setupContentsLayer):
        * platform/graphics/chromium/GraphicsLayerChromium.h:
        (WebCore::GraphicsLayerChromium::hasContentsLayer):
        (WebCore::GraphicsLayerChromium::contentLayer):
        (GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::contentsLayer):
        * platform/graphics/chromium/LayerChromium.cpp:
        (WebCore::LayerChromium::rootLayer):
        * platform/graphics/chromium/LayerChromium.h:

2012-08-21  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r126076, r126099, and r126106.
        http://trac.webkit.org/changeset/126076
        http://trac.webkit.org/changeset/126099
        http://trac.webkit.org/changeset/126106
        https://bugs.webkit.org/show_bug.cgi?id=94614

        Caused crashes during compositor shutdown in Aura builds of
        Chromium (Requested by kbr_google on #webkit).

        * page/scrolling/chromium/ScrollingCoordinatorChromium.cpp:
        (WebCore::ScrollingCoordinatorPrivate::ScrollingCoordinatorPrivate):
        (WebCore::ScrollingCoordinatorPrivate::setScrollLayer):
        (WebCore::ScrollingCoordinatorPrivate::setHorizontalScrollbarLayer):
        (WebCore::ScrollingCoordinatorPrivate::setVerticalScrollbarLayer):
        (WebCore::ScrollingCoordinatorPrivate::hasScrollLayer):
        (WebCore::ScrollingCoordinatorPrivate::scrollLayer):
        (ScrollingCoordinatorPrivate):
        (WebCore::createScrollbarLayer):
        (WebCore::ScrollingCoordinator::frameViewHorizontalScrollbarLayerDidChange):
        (WebCore::ScrollingCoordinator::frameViewVerticalScrollbarLayerDidChange):
        (WebCore::ScrollingCoordinator::setScrollLayer):
        (WebCore::ScrollingCoordinator::setNonFastScrollableRegion):
        (WebCore::ScrollingCoordinator::setWheelEventHandlerCount):
        (WebCore::ScrollingCoordinator::setShouldUpdateScrollLayerPositionOnMainThread):
        (WebCore::ScrollingCoordinator::setLayerIsContainerForFixedPositionLayers):
        (WebCore::ScrollingCoordinator::setLayerIsFixedToContainerLayer):
        * platform/graphics/chromium/Canvas2DLayerBridge.cpp:
        (WebCore::Canvas2DLayerBridge::Canvas2DLayerBridge):
        (WebCore::Canvas2DLayerBridge::~Canvas2DLayerBridge):
        (WebCore::Canvas2DLayerBridge::prepareForDraw):
        (WebCore::Canvas2DLayerBridge::layer):
        (WebCore::Canvas2DLayerBridge::contextAcquired):
        * platform/graphics/chromium/Canvas2DLayerBridge.h:
        (Canvas2DLayerBridge):
        * platform/graphics/chromium/DrawingBufferChromium.cpp:
        (WebCore::DrawingBufferPrivate::DrawingBufferPrivate):
        (WebCore::DrawingBufferPrivate::~DrawingBufferPrivate):
        (WebCore::DrawingBufferPrivate::layer):
        (DrawingBufferPrivate):
        * platform/graphics/chromium/GraphicsLayerChromium.cpp:
        (WebCore::GraphicsLayerChromium::GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::~GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::willBeDestroyed):
        (WebCore):
        (WebCore::GraphicsLayerChromium::updateNames):
        (WebCore::GraphicsLayerChromium::removeFromParent):
        (WebCore::GraphicsLayerChromium::setSize):
        (WebCore::GraphicsLayerChromium::clearBackgroundColor):
        (WebCore::GraphicsLayerChromium::setContentsOpaque):
        (WebCore::GraphicsLayerChromium::setFilters):
        (WebCore::GraphicsLayerChromium::setBackgroundFilters):
        (WebCore::GraphicsLayerChromium::setMaskLayer):
        (WebCore::GraphicsLayerChromium::setBackfaceVisibility):
        (WebCore::GraphicsLayerChromium::setOpacity):
        (WebCore::GraphicsLayerChromium::setReplicatedByLayer):
        (WebCore::GraphicsLayerChromium::setContentsNeedsDisplay):
        (WebCore::GraphicsLayerChromium::setNeedsDisplay):
        (WebCore::GraphicsLayerChromium::setNeedsDisplayInRect):
        (WebCore::GraphicsLayerChromium::setContentsToImage):
        (WebCore::GraphicsLayerChromium::setContentsToCanvas):
        (WebCore::GraphicsLayerChromium::addAnimation):
        (WebCore::GraphicsLayerChromium::pauseAnimation):
        (WebCore::GraphicsLayerChromium::removeAnimation):
        (WebCore::GraphicsLayerChromium::suspendAnimations):
        (WebCore::GraphicsLayerChromium::resumeAnimations):
        (WebCore::GraphicsLayerChromium::addLinkHighlight):
        (WebCore::GraphicsLayerChromium::didFinishLinkHighlight):
        (WebCore::GraphicsLayerChromium::setContentsToMedia):
        (WebCore::GraphicsLayerChromium::primaryLayer):
        (WebCore::GraphicsLayerChromium::platformLayer):
        (WebCore::GraphicsLayerChromium::setDebugBackgroundColor):
        (WebCore::GraphicsLayerChromium::setDebugBorder):
        (WebCore::GraphicsLayerChromium::updateChildList):
        (WebCore::GraphicsLayerChromium::updateLayerPosition):
        (WebCore::GraphicsLayerChromium::updateLayerSize):
        (WebCore::GraphicsLayerChromium::updateAnchorPoint):
        (WebCore::GraphicsLayerChromium::updateTransform):
        (WebCore::GraphicsLayerChromium::updateChildrenTransform):
        (WebCore::GraphicsLayerChromium::updateMasksToBounds):
        (WebCore::GraphicsLayerChromium::updateLayerPreserves3D):
        (WebCore::GraphicsLayerChromium::updateLayerIsDrawable):
        (WebCore::GraphicsLayerChromium::updateLayerBackgroundColor):
        (WebCore::GraphicsLayerChromium::updateContentsRect):
        (WebCore::GraphicsLayerChromium::updateContentsScale):
        (WebCore::GraphicsLayerChromium::setupContentsLayer):
        * platform/graphics/chromium/GraphicsLayerChromium.h:
        (WebCore::GraphicsLayerChromium::hasContentsLayer):
        (GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::contentsLayer):
        * platform/graphics/chromium/LayerChromium.cpp:
        (WebCore::LayerChromium::rootLayer):
        * platform/graphics/chromium/LayerChromium.h:

2012-08-21  Pavel Feldman  <pfeldman@chromium.org>

        Web Inspector: do not use window's eval in InjectedScript
        https://bugs.webkit.org/show_bug.cgi?id=94610

        Reviewed by Yury Semikhatsky.

        Otherwise, inspector does not work when eval is overriden.

        Test: inspector/console/console-eval-fake.html

        * bindings/js/JSInjectedScriptHostCustom.cpp:
        (WebCore::JSInjectedScriptHost::evaluate):
        (WebCore):
        * bindings/v8/custom/V8InjectedScriptHostCustom.cpp:
        (WebCore::V8InjectedScriptHost::evaluateCallback):
        (WebCore):
        * inspector/InjectedScriptHost.idl:
        * inspector/InjectedScriptSource.js:
        (.):

2012-08-21  Adam Barth  <abarth@webkit.org>

        Implement JSDOMWindow*::allowsAccessFrom* in terms of BindingSecurity
        https://bugs.webkit.org/show_bug.cgi?id=93407

        Reviewed by Eric Seidel.

        This patch removes allowsAccessFrom and implements the security checks
        in terms of shouldAllowAccessToDOMWindow directly.

        * bindings/generic/BindingSecurity.cpp:
        (WebCore::BindingSecurity::shouldAllowAccessToDOMWindow):
        (WebCore):
        * bindings/generic/BindingSecurity.h:
        (BindingSecurity):
        * bindings/js/JSDOMBinding.cpp:
        (WebCore::shouldAllowAccessToFrame):
        (WebCore):
        (WebCore::shouldAllowAccessToDOMWindow):
        * bindings/js/JSDOMBinding.h:
        (WebCore):
        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::shouldAllowAccessFrom):
        (WebCore):
        * bindings/js/JSDOMWindowBase.h:
        (JSDOMWindowBase):
        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::namedItemGetter):
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        (WebCore::JSDOMWindow::getOwnPropertyDescriptor):
        (WebCore::JSDOMWindow::put):
        (WebCore::JSDOMWindow::deleteProperty):
        (WebCore::JSDOMWindow::getPropertyNames):
        (WebCore::JSDOMWindow::getOwnPropertyNames):
        (WebCore::JSDOMWindow::defineOwnProperty):
        (WebCore::JSDOMWindow::setLocation):
        * bindings/js/JSDOMWindowCustom.h:
        * bindings/js/JSInjectedScriptManager.cpp:
        (WebCore::InjectedScriptManager::canAccessInspectedWindow):
        * bindings/objc/WebScriptObject.mm:
        (-[WebScriptObject _isSafeScript]):
        * bindings/scripts/CodeGeneratorJS.pm:
        (GenerateGetOwnPropertyDescriptorBody):
        (GenerateImplementation):

2012-08-21  Dan Bernstein  <mitz@apple.com>

        <rdar://problem/12104508> TextIterator takes O(n^2) to iterate over n empty blocks
        https://bugs.webkit.org/show_bug.cgi?id=94429

        Reviewed by Sam Weinig.

        No new tests, because behavior is unchanged.

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::shouldRepresentNodeOffsetZero): Enhanced the check for nodes that
        cannot contain VisiblePosition to also check for zero-height blocks.

2012-08-21  'Pavel Feldman'  <pfeldman@chromium.org>

        Web Inspector: break on exceptions decoration was lost, restoring.

        Not reviewed - a follow up to 126012.

        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel.prototype._pauseOnExceptionStateChanged.get switch):
        (WebInspector.ScriptsPanel.prototype._pauseOnExceptionStateChanged):

2012-08-21  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r126146.
        http://trac.webkit.org/changeset/126146
        https://bugs.webkit.org/show_bug.cgi?id=94606

        It made all tests assert (Requested by Ossy on #webkit).

        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::prototypeForSignalsAndSlots):
        (JSC::Bindings::QtRuntimeMethod::call):
        (JSC::Bindings::QtRuntimeMethod::jsObjectRef):
        (JSC::Bindings::QtRuntimeMethod::connectOrDisconnect):
        * bridge/qt/qt_runtime.h:
        (QtRuntimeMethod):

2012-08-21  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r126150.
        http://trac.webkit.org/changeset/126150
        https://bugs.webkit.org/show_bug.cgi?id=94605

        Breaks 73 layout tests on chromium.webkit builder (Requested
        by pfeldman on #webkit).

        * UseV8.cmake:
        * WebCore.gypi:
        * bindings/v8/V8Binding.cpp:
        (StringTraits):
        (WebCore):
        (WebCore::v8StringToWebCoreString):
        (WebCore::int32ToWebCoreStringFast):
        (WebCore::int32ToWebCoreString):
        * bindings/v8/V8Binding.h:
        (WebCore):
        (V8ParameterBase):
        (WebCore::V8ParameterBase::operator String):
        (WebCore::V8ParameterBase::operator AtomicString):
        (WebCore::V8ParameterBase::V8ParameterBase):
        (WebCore::V8ParameterBase::prepareBase):
        (WebCore::V8ParameterBase::object):
        (WebCore::V8ParameterBase::setString):
        (WebCore::V8ParameterBase::toString):
        (WebCore::::prepare):
        * bindings/v8/V8StringResource.cpp: Removed.
        * bindings/v8/V8StringResource.h: Removed.

2012-08-21  Philippe Normand  <pnormand@igalia.com>

        Early returns in MediaPlayer setters
        https://bugs.webkit.org/show_bug.cgi?id=87304

        Calls to the MediaPlayerPrivate implementation can be avoided if
        the value to set and the current value are equal.

        Reviewed by Eric Carlson.

        * platform/graphics/MediaPlayer.cpp:
        (WebCore::MediaPlayer::loadWithNextMediaEngine): Once a new
        MediaPlayerPrivate has been created propagate the playback rate
        value to it, as it is done for some other attributes like preload
        or preservePitch.
        (WebCore::MediaPlayer::setVolume): Perform action only if current
        and new values differ.
        (WebCore::MediaPlayer::setMuted): Ditto.
        (WebCore::MediaPlayer::setPreservesPitch): Ditto.
        (WebCore::MediaPlayer::setSize): Ditto.
        (WebCore::MediaPlayer::setVisible): Ditto.
        (WebCore::MediaPlayer::setPreload): Ditto.

2012-08-21  Ilya Tikhonovsky  <loislo@chromium.org>

        Web Inspector: NMI: OwnPtr<T> was counted as RefPtr<T>
        https://bugs.webkit.org/show_bug.cgi?id=94599

        Reviewed by Yury Semikhatsky.

        * dom/MemoryInstrumentation.h:
        (WebCore::MemoryObjectInfo::MemoryObjectInfo):
        (WebCore::MemoryInstrumentation::addInstrumentedObjectImpl):
        (WebCore::MemoryInstrumentation::addObjectImpl):

2012-08-21  Ilya Tikhonovsky  <loislo@chromium.org>

        Web Inspector: NMI: rename addMember for strings and KURL to addInstrumentedMember.
        https://bugs.webkit.org/show_bug.cgi?id=94580

        Reviewed by Yury Semikhatsky.

        Drive by fix: immutable ElementAttrybuteData uses the same trick with placement new as in StylePropertySet.

        * css/CSSCanvasValue.cpp:
        (WebCore::CSSCanvasValue::reportDescendantMemoryUsage):
        * css/CSSCharsetRule.cpp:
        (WebCore::CSSCharsetRule::reportDescendantMemoryUsage):
        * css/CSSFontFaceSrcValue.cpp:
        (WebCore::CSSFontFaceSrcValue::reportDescendantMemoryUsage):
        * css/CSSFunctionValue.cpp:
        (WebCore::CSSFunctionValue::reportDescendantMemoryUsage):
        * css/CSSImageSetValue.cpp:
        (WebCore::CSSImageSetValue::ImageWithScale::reportMemoryUsage):
        * css/CSSImageValue.cpp:
        (WebCore::CSSImageValue::reportDescendantMemoryUsage):
        * css/CSSPrimitiveValue.cpp:
        (WebCore::CSSPrimitiveValue::reportDescendantMemoryUsage):
        * css/CSSStyleSheet.cpp:
        (WebCore::CSSStyleSheet::reportMemoryUsage):
        * css/CSSValue.cpp:
        (WebCore::TextCloneCSSValue::reportDescendantMemoryUsage):
        * css/CSSVariableValue.h:
        (WebCore::CSSVariableValue::reportDescendantMemoryUsage):
        * css/FontFeatureValue.cpp:
        (WebCore::FontFeatureValue::reportDescendantMemoryUsage):
        * css/MediaQuery.cpp:
        (WebCore::MediaQuery::reportMemoryUsage):
        * css/MediaQueryExp.cpp:
        (WebCore::MediaQueryExp::reportMemoryUsage):
        * css/StyleRuleImport.cpp:
        (WebCore::StyleRuleImport::reportDescendantMemoryUsage):
        * css/StyleSheetContents.cpp:
        (WebCore::StyleSheetContents::reportMemoryUsage):
        * css/WebKitCSSKeyframeRule.cpp:
        (WebCore::StyleKeyframe::reportMemoryUsage):
        * css/WebKitCSSKeyframesRule.cpp:
        (WebCore::StyleRuleKeyframes::reportDescendantMemoryUsage):
        * css/WebKitCSSSVGDocumentValue.cpp:
        (WebCore::WebKitCSSSVGDocumentValue::reportDescendantMemoryUsage):
        * css/WebKitCSSShaderValue.cpp:
        (WebCore::WebKitCSSShaderValue::reportDescendantMemoryUsage):
        * dom/Attribute.h:
        (WebCore::Attribute::reportMemoryUsage):
        * dom/CharacterData.cpp:
        (WebCore::CharacterData::reportMemoryUsage):
        * dom/Document.cpp:
        (WebCore::Document::reportMemoryUsage):
        * dom/ElementAttributeData.cpp:
        (WebCore::immutableElementAttributeDataSize):
        (WebCore):
        (WebCore::ElementAttributeData::createImmutable):
        (WebCore::ElementAttributeData::reportMemoryUsage):
        * dom/Event.cpp:
        (WebCore::Event::reportMemoryUsage):
        * dom/MemoryInstrumentation.cpp:
        (WebCore::MemoryInstrumentation::addInstrumentedObjectImpl):
        * dom/MemoryInstrumentation.h:
        (MemoryInstrumentation):
        * dom/QualifiedName.h:
        (WebCore::QualifiedName::QualifiedNameImpl::reportMemoryUsage):
        * loader/DocumentLoader.cpp:
        (WebCore::DocumentLoader::reportMemoryUsage):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::reportMemoryUsage):
        * loader/SubstituteData.cpp:
        (WebCore::SubstituteData::reportMemoryUsage):
        * loader/cache/CachedCSSStyleSheet.cpp:
        (WebCore::CachedCSSStyleSheet::reportMemoryUsage):
        * loader/cache/CachedResource.cpp:
        (WebCore::CachedResource::reportMemoryUsage):
        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::reportMemoryUsage):
        * loader/cache/CachedScript.cpp:
        (WebCore::CachedScript::reportMemoryUsage):
        * loader/cache/CachedShader.cpp:
        (WebCore::CachedShader::reportMemoryUsage):
        * loader/cache/CachedXSLStyleSheet.cpp:
        (WebCore::CachedXSLStyleSheet::reportMemoryUsage):
        * loader/cache/MemoryCache.cpp:
        (WebCore::MemoryCache::reportMemoryUsage):
        * platform/network/ResourceRequestBase.cpp:
        (WebCore::ResourceRequestBase::reportMemoryUsage):
        * platform/network/ResourceResponseBase.cpp:
        (WebCore::ResourceResponseBase::reportMemoryUsage):
        * rendering/style/StyleRareInheritedData.cpp:
        (WebCore::StyleRareInheritedData::reportMemoryUsage):
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::reportMemoryUsage):
        * svg/SVGPaint.cpp:
        (WebCore::SVGPaint::reportDescendantMemoryUsage):

2012-08-20  Kentaro Hara  <haraken@chromium.org>

        [V8] Move String related code in V8Binding to a separate file
        https://bugs.webkit.org/show_bug.cgi?id=94571

        Reviewed by Adam Barth.

        This patch moves V8Parameter, V8ParameterBase and String related code
        in V8Binding to a separate file.

        No tests. No change in behavior.

        * UseV8.cmake:
        * WebCore.gypi:
        * bindings/v8/V8Binding.cpp:
        * bindings/v8/V8Binding.h:
        * bindings/v8/V8StringResource.cpp: Added.
        * bindings/v8/V8StringResource.h: Added.
        (WebCore):

2012-08-17  Simon Hausmann  <simon.hausmann@nokia.com>

        [Qt] REGRESSION(r125428): fast/profiler/nested-start-and-stop-profiler.html fails
        https://bugs.webkit.org/show_bug.cgi?id=93897

        Reviewed by Kenneth Rohde Christiansen.

        Before r125428 run-time methods (wrapped signals, slots or invokable functions) were subclasses of
        JSInternalFunction and therefore real function objects in the JavaScript sense. r125428 changed them
        to be just callable objects, but they did not have Function.prototype as prototype anymore for example
        nor was their name correct (resulting in a layout test failure).

        This patch changes run-time methods back to being real function objects that have a correct name and
        have Function.prototype in their prototype change

        The objects returned by JSObjectMakeFunctionWithCallbackInjected are light-weight internal function objects
        that do not support JSObject{Set/Get}Private. Therefore we inject our own prototype right before the
        Function.prototype prototype, which uses private data to store a pointer to our C++ QtRuntimeMethod object.
        This complicates the retrieval of the pointer to that instance slightly, which is why this patch introduces
        the toRuntimeMethod convenience function that looks up our prototype first and does a check for type-safety.

        At the same time the patch removes the length properties from the run-time method itself as well as connect/disconnect.
        The length property on a function signifies the number of arguments, but in all three cases that number is
        actually variable, because of overloading. That is why we choose not to expose it in the first place.

        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::prototypeForSignalsAndSlots):
        (JSC::Bindings::QtRuntimeMethod::call):
        (JSC::Bindings::QtRuntimeMethod::jsObjectRef):
        (JSC::Bindings::QtRuntimeMethod::toRuntimeMethod):
        (Bindings):
        (JSC::Bindings::QtRuntimeMethod::connectOrDisconnect):
        * bridge/qt/qt_runtime.h:
        (QtRuntimeMethod): Remove unused member variables.

2012-08-21  Simon Hausmann  <simon.hausmann@nokia.com>

        Unreviewed build fix for newer Qt 5 versions: QVariant::WidgetStar has been removed,
        but fortunately QMetaType has a much more powerful function available for us to use.

        Thanks to Jedrzej Nowacki for the hint :)

        * bridge/qt/qt_runtime.cpp:
        (JSC::Bindings::convertQVariantToValue):

2012-08-21  Kentaro Hara  <haraken@chromium.org>

        [V8] Remove String::New() from V8 binding (Part 1)
        https://bugs.webkit.org/show_bug.cgi?id=94574

        Reviewed by Adam Barth.

        Currently, V8 binding mixes String::New(), String::NewSymbol() and v8String().
        String::New() should be replaced with String::NewSymbol() or v8String(),
        depending on use cases:

        - If it is a symbol (e.g. attribute name, constant string, etc),
        String::NewSymbol() should be used. Cache of created symbols is managed by V8.

        - If it is not a symbol, v8String() should be used. Cache of created strings
        is managed by V8 binding (i.e. StringCache class).

        This patch replaces String::New() for symbols with String::NewSymbol().

        No tests. No change in behavior.

        * bindings/scripts/CodeGeneratorV8.pm:
        (GenerateNamedConstructorCallback):
        (GenerateNonStandardFunction):
        (GenerateImplementation):
        * bindings/scripts/test/V8/V8Float64Array.cpp:
        (WebCore::ConfigureV8Float64ArrayTemplate):
        * bindings/scripts/test/V8/V8TestActiveDOMObject.cpp:
        (WebCore::ConfigureV8TestActiveDOMObjectTemplate):
        * bindings/scripts/test/V8/V8TestEventTarget.cpp:
        (WebCore::ConfigureV8TestEventTargetTemplate):
        * bindings/scripts/test/V8/V8TestInterface.cpp:
        (WebCore::ConfigureV8TestInterfaceTemplate):
        * bindings/scripts/test/V8/V8TestNamedConstructor.cpp:
        (WebCore::V8TestNamedConstructorConstructor::GetTemplate):
        * bindings/scripts/test/V8/V8TestObj.cpp:
        (WebCore::ConfigureV8TestObjTemplate):
        (WebCore::V8TestObj::installPerContextProperties):
        * bindings/v8/V8DOMConfiguration.cpp:
        (WebCore::V8DOMConfiguration::batchConfigureConstants):
        (WebCore::V8DOMConfiguration::batchConfigureCallbacks):
        (WebCore::V8DOMConfiguration::configureTemplate):
        * bindings/v8/V8DOMConfiguration.h:
        (WebCore::V8DOMConfiguration::configureAttribute):

2012-08-21  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r126028.
        http://trac.webkit.org/changeset/126028
        https://bugs.webkit.org/show_bug.cgi?id=94576

        it broke compilation on apple webkit win. (Requested by loislo
        on #webkit).

        * inspector/CodeGeneratorInspector.py:
        * inspector/InjectedScriptWebGLModule.cpp:
        (WebCore::InjectedScriptWebGLModule::captureFrame):
        * inspector/InjectedScriptWebGLModule.h:
        (InjectedScriptWebGLModule):
        * inspector/Inspector.json:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        * inspector/InspectorWebGLAgent.cpp:
        (WebCore::InspectorWebGLAgent::InspectorWebGLAgent):
        * inspector/InspectorWebGLAgent.h:
        (WebCore):
        (WebCore::InspectorWebGLAgent::create):
        (InspectorWebGLAgent):

2012-08-20  Ilya Tikhonovsky  <loislo@chromium.org>

        Web Inspector: NMI: wrong size was reported for immutable StylePropertySet
        https://bugs.webkit.org/show_bug.cgi?id=94489

        Reviewed by Yury Semikhatsky.

        Immutable StylePropertySet is created via placement new.
        The rest of the allocated buffer is used as an array of CSSProperty.
        This means that we don't need to report m_properties member but have to report actual size of the buffer
        used for both, the object and CSSProperty array.

        * css/StylePropertySet.cpp:
        (WebCore::immutableStylePropertySetSize):
        (WebCore):
        (WebCore::StylePropertySet::createImmutable):
        (WebCore::StylePropertySet::reportMemoryUsage):
        * dom/MemoryInstrumentation.h:
        (WebCore::MemoryObjectInfo::reportObjectInfo):
        (WebCore::MemoryClassInfo::MemoryClassInfo):

2012-08-20  Kentaro Hara  <haraken@chromium.org>

        [V8] Move handleOutOfMemory() from V8Proxy to V8Binding
        https://bugs.webkit.org/show_bug.cgi?id=94563

        Reviewed by Adam Barth.

        To kill V8Proxy, this patch moves handleOutOfMemory() from V8Proxy to V8Binding.

        No tests. No change in behavior.

        * bindings/v8/V8AbstractEventListener.cpp:
        (WebCore::V8AbstractEventListener::invokeEventHandler):
        * bindings/v8/V8Binding.cpp:
        (WebCore::handleOutOfMemory):
        (WebCore):
        * bindings/v8/V8Binding.h:
        (WebCore):
        * bindings/v8/V8Proxy.cpp:
        * bindings/v8/V8Proxy.h:
        (V8Proxy):
        * bindings/v8/WorkerContextExecutionProxy.cpp:
        (WebCore::WorkerContextExecutionProxy::runScript):

2012-08-20  MORITA Hajime  <morrita@google.com>

        InsertionShouldCallDidNotifyDescendantInsertions should be merged to InsertionShouldCallDidNotifySubtreeInsertions
        https://bugs.webkit.org/show_bug.cgi?id=94570

        Reviewed by Ryosuke Niwa.

        Node::didNotifySubtreeInsertions() and Node::didNotifyDescendantInsertions() are used for similar purpose and
        we could unify them to the safer one, which is didNotifySubtreeInsertions().

        This change replaces the last didNotifyDescendantInsertions() implementation in HTMLBodyElement with didNotifySubtreeInsertions()
        then eliminates related code which is no longer used.

        No new tests. Covered by existing tests.

        * dom/ContainerNodeAlgorithms.h:
        (WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument):
        (WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoTree):
        * dom/Node.h: Removed didNotifyDescendantInsertions() stub and InsertionShouldCallDidNotifyDescendantInsertions enum value.
        * html/HTMLBodyElement.cpp:
        (WebCore::HTMLBodyElement::insertedInto):
        (WebCore::HTMLBodyElement::didNotifySubtreeInsertions): morphed from didNotifyDescendantInsertions()
        * html/HTMLBodyElement.h:
        (HTMLBodyElement):
        * html/HTMLFormElement.cpp:
        (WebCore::HTMLFormElement::insertedInto): Remove useless InsertionShouldCallDidNotifyDescendantInsertions return statement.

2012-08-20  Rob Buis  <rbuis@rim.com>

        Reduce GradientAttributes object size
        https://bugs.webkit.org/show_bug.cgi?id=86151

        Reviewed by Eric Seidel.

        This reduces GradientAttributes in memory size by 8 bytes on my 64-bit system. It also
        reduces the size of RenderSVGResourceLinearGradient and RenderSVGResourceRadialGradient.

        * svg/GradientAttributes.h:
        (WebCore::GradientAttributes::spreadMethod):
        (WebCore::GradientAttributes::gradientUnits):
        (GradientAttributes):
        (WebCore):
        (SameSizeAsGradientAttributes):

2012-08-20  Keishi Hattori  <keishi@webkit.org>

        Clicking input type=range with padding or border sets wrong value
        https://bugs.webkit.org/show_bug.cgi?id=94473

        Reviewed by Kent Tamura.

        We should take the padding and border width into account when calculating the value from the mouse location.

        Test: fast/forms/range/range-hit-test-with-padding.html

        * html/shadow/SliderThumbElement.cpp:
        (WebCore::sliderTrackElementOf):
        (WebCore):
        (WebCore::SliderThumbElement::setPositionFromPoint):
        * html/shadow/SliderThumbElement.h:
        (WebCore):

2012-08-20  MORITA Hajime  <morrita@google.com>

        load event shouldn't fired during node insertion traversals.
        https://bugs.webkit.org/show_bug.cgi?id=94447

        Reviewed by Ryosuke Niwa.

        HTMLFrameElementBase::didNotifyDescendantInsertions() with empty @src
        can trigger a load event during ChildNodeInsertionNotifier
        traversal, whose handler can make DOM tree state inconsistent.

        This change introduces a post traversal hook,
        didNotifySubtreeInsertions(), for the insertion traversal and
        replaces the problematic didNotifyDescendantInsertions() with it.

        Since didNotifySubtreeInsertions() is invoked after the traversal,
        it is safe for event handlers to mutate the tree.

        Test: fast/frames/iframe-onload-and-domnodeinserted.html

        * dom/ContainerNodeAlgorithms.h:
        (ChildNodeInsertionNotifier): Added a post subtree notification.
        (WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument):
        (WebCore::ChildNodeInsertionNotifier::notify):
        * dom/Node.h:
        (WebCore::Node::didNotifySubtreeInsertions): Newly added.
        * html/HTMLFrameElementBase.cpp:
        (WebCore::HTMLFrameElementBase::insertedInto): Now returns InsertionShouldCallDidNotifySubtreeInsertions
        (WebCore::HTMLFrameElementBase::didNotifySubtreeInsertions): Replaced didNotifyDescendantInsertions()
        * html/HTMLFrameElementBase.h:
        (HTMLFrameElementBase):

2012-08-20  Shinya Kawanaka  <shinyak@chromium.org> 

        Regression(r126127): Build break on multiple platforms
        https://bugs.webkit.org/show_bug.cgi?id=94568

        Reviewed by Hajime Morita.

        Notation::cloneNode should also have ExceptionCode. We add it in this patch.

        No new tests, no change in behavior.

        * dom/Notation.cpp:
        (WebCore::Notation::cloneNode):
        * dom/Notation.h:
        (Notation):

2012-08-20  Shinya Kawanaka  <shinyak@chromium.org>

        ShadowRoot.cloneNode() must always throw a DATA_CLONE_ERR exception.
        https://bugs.webkit.org/show_bug.cgi?id=91704

        Reviewed by Dimitri Glazkov.

        According to the spec, ShadowRoot.cloneNode() should throw a DATA_CLONE_ERR exception. The existing implementation
        returned null object instead.

        We change the cloneNode() interface so that we can throw an exception from cloneNode().

        Test: fast/dom/shadow/shadowroot-clonenode.html

        * dom/Attr.cpp:
        (WebCore::Attr::cloneNode):
        * dom/Attr.h:
        * dom/CDATASection.cpp:
        (WebCore::CDATASection::cloneNode):
        * dom/CDATASection.h:
        (CDATASection):
        * dom/Comment.cpp:
        (WebCore::Comment::cloneNode):
        * dom/Comment.h:
        (Comment):
        * dom/Document.cpp:
        (WebCore::Document::cloneNode):
        * dom/Document.h:
        (Document):
        * dom/DocumentFragment.cpp:
        (WebCore::DocumentFragment::cloneNode):
        * dom/DocumentFragment.h:
        (DocumentFragment):
        * dom/DocumentType.cpp:
        (WebCore::DocumentType::cloneNode):
        * dom/DocumentType.h:
        (DocumentType):
        * dom/Element.cpp:
        (WebCore::Element::cloneNode):
        * dom/Element.h:
        (Element):
        * dom/EntityReference.cpp:
        (WebCore::EntityReference::cloneNode):
        * dom/EntityReference.h:
        (EntityReference):
        * dom/Node.h:
        (Node):
        (WebCore::Node::cloneNode):
        * dom/Node.idl:
        * dom/ProcessingInstruction.cpp:
        (WebCore::ProcessingInstruction::cloneNode):
        * dom/ProcessingInstruction.h:
        (ProcessingInstruction):
        * dom/ShadowRoot.cpp:
        (WebCore::ShadowRoot::cloneNode):
        * dom/ShadowRoot.h:
        (ShadowRoot):
        * dom/Text.cpp:
        (WebCore::Text::cloneNode):
        * dom/Text.h:
        (Text):

2012-08-20  Kent Tamura  <tkent@chromium.org>

        [Chromium-win] Use native digits in parsing/formatting dates in the textfield part of input[type=date]
        https://bugs.webkit.org/show_bug.cgi?id=94281

        Reviewed by Hajime Morita.

        Tests: Add some cases to Source/WebKit/chromium/tests/LocaleWinTest.cpp

        * platform/text/LocaleWin.cpp:
        (WebCore::LocaleWin::isLocalizedDigit): A helper for parseNumber(). This
        return true if the specified character is one of native digits.
        (WebCore::LocaleWin::parseNumber):
        Try to parse ASCII digits, then try to parse native digtis. This
        becomes a member of LocaleWin because it uses
        convertFromLocalizedNumber().
        (WebCore::LocaleWin::appendNumber): Apply convertToLocalizedNumber().
        (WebCore::LocaleWin::appendTwoDigitsNumber): ditto.
        (WebCore::LocaleWin::appendFourDigitsNumber): ditto.
        * platform/text/LocaleWin.h:
        (LocaleWin):
        - Make some static functions member functions of LocaleWin.
        - Add isLocalizedDigit().

2012-08-20  Kentaro Hara  <haraken@chromium.org>

        Rename collectGarbageIfNecessary() to hintForCollectGarbage()
        https://bugs.webkit.org/show_bug.cgi?id=94455

        Reviewed by Adam Barth.

        This is a follow-up patch for r126098.

        collectGarbage() always collects garbage. collectGarbageIfNecessary() just sends
        an idle notification to V8, which is just a hint for V8 to trigger GC.
        To clarify the difference, this patch renames collectGarbageIfNecessary()
        to hintForCollectGarbage().

        No tests. No change in behavior.

        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::clearForClose):
        (WebCore::ScriptController::clearForNavigation):
        * bindings/v8/V8GCController.cpp:
        (WebCore::V8GCController::hintForCollectGarbage):
        * bindings/v8/V8GCController.h:
        (V8GCController):

2012-08-20  Alexandre Elias  <aelias@google.com>

        [chromium] Texture layer should not generate zero textureId quads
        https://bugs.webkit.org/show_bug.cgi?id=94550

        Reviewed by Adrienne Walker.

        After a context loss, CCTextureLayerImpl would clear its textureId
        but continued to produce external resources and quads with the zero
        textureid.  Add early returns so that CCTextureLayerImpl becomes
        inert after a context loss.

        Added assertion in read lock so that dontUseOldResourcesAfterLostContext
        test catches the problem.

        * platform/graphics/chromium/cc/CCResourceProvider.h:
        (WebCore::CCScopedLockResourceForRead::CCScopedLockResourceForRead):
        * platform/graphics/chromium/cc/CCTextureLayerImpl.cpp:
        (WebCore::CCTextureLayerImpl::willDraw):
        (WebCore::CCTextureLayerImpl::appendQuads):
        (WebCore::CCTextureLayerImpl::didDraw):
        (WebCore::CCTextureLayerImpl::didLoseContext):

2012-08-20  Kent Tamura  <tkent@chromium.org>

        [Chromium] Make the popup positioning code testable
        https://bugs.webkit.org/show_bug.cgi?id=94086

        Reviewed by Hajime Morita.

        Introduce PopupContent interface in order to make a mock.

        * platform/chromium/PopupContainer.cpp:
        (WebCore::PopupContainer::layoutAndCalculateWidgetRectInternal):
         - Make it a member of PopupContainer to avoid namespace pollution.
         - Use PopupContent interface.
         - Make the code clearer.
        * platform/chromium/PopupContainer.h:
        (PopupContainer): Expose layoutAndCalculateWidgetRectInternal.

        * platform/chromium/PopupListBox.cpp:
        (WebCore::PopupListBox::popupContentHeight): Added.
        * platform/chromium/PopupListBox.h:
        (PopupContent): Added.
        (PopupListBox): Inherit PopupContent.
        (WebCore::PopupListBox::~PopupListBox):
        Make this virtual because this class has some virtual functions.

2012-08-20  Tom Sepez  <tsepez@chromium.org>

        XSSAuditor too tolerant of injected data: URLs from other "hostless" schemes.
        https://bugs.webkit.org/show_bug.cgi?id=94547

        Reviewed by Adam Barth.

        Check that there is a host before making same-host tests.

        Test: fast/frames/xss-auditor-handles-file-urls.html

        * html/parser/XSSAuditor.cpp:
        (WebCore::XSSAuditor::eraseAttributeIfInjected):
        (WebCore::XSSAuditor::isLikelySafeResource):
        * html/parser/XSSAuditor.h:

2012-08-20  Elliott Sprehn  <esprehn@chromium.org>

        Removed dead code from a very old iteration of CSS counters.
        https://bugs.webkit.org/show_bug.cgi?id=94539

        Reviewed by Eric Seidel.

        Remove two unused shorts that were on StyleRareNonInheritedData that are no longer used.

        No tests, this just removes dead code.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::diff):
        * rendering/style/RenderStyle.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:
        (StyleRareNonInheritedData):

2012-08-20  Luke Macpherson   <macpherson@chromium.org>

        Fix inspector with variables enabled and enable inspector variables tests by default.
        https://bugs.webkit.org/show_bug.cgi?id=94296

        Reviewed by Hajime Morita.

        Change from using getPropertyName static function to CSSProperty::cssName(), which can resolve variables if needed.

        Covered by inspector/styles/variables.

        * css/PropertySetCSSStyleDeclaration.cpp:
        (WebCore::PropertySetCSSStyleDeclaration::item):

2012-08-20  Sudarsana Nagineni  <sudarsana.nagineni@linux.intel.com>

        Cancel the outstanding vibration pattern if the pattern is 0 or an empty list
        https://bugs.webkit.org/show_bug.cgi?id=94085

        Reviewed by Kentaro Hara.

        vibrate() method to stop the device from vibrating is getting called before the
        vibration is in effect. Hence, it is failing to cancel the pre-existing instance
        of processing vibration patterns. 

        This patch cancel the pre-existing instance of the processing vibration patterns
        always when the vibrate() method called with pattern 0 or an empty list.

        No new tests since there is no return value in the Vibration API to test this
        particular case. Existing test fast/dom/navigator-vibration.html covers testing of
        the Vibration API.

        * Modules/vibration/Vibration.cpp:
        (WebCore::Vibration::vibrate):

2012-08-20  Adam Klein  <adamk@chromium.org>

        Allow MutationEvents to be enabled/disabled per context
        https://bugs.webkit.org/show_bug.cgi?id=94016

        Reviewed by Ojan Vafai.

        Chromium wants to be able to turn MutationEvents off for some
        Documents (e.g., for Apps V2). This patch makes the firing (and the
        constructor on DOMWindow) of MutationEvents a per-context feature, with
        the default being enabled.

        No functional change (since the feature defaults to enabled).
        It's not clear to me that there's a way to test this in DRT without
        adding a special hook for this one feature. It will be tested in
        Chromium once it's implemented in Chromium.

        * dom/ContextFeatures.cpp:
        (WebCore::ContextFeatures::mutationEventsEnabled): Add new method,
        with the default being enabled.
        * dom/ContextFeatures.h:
        * dom/Document.cpp:
        (WebCore::Document::addMutationEventListenerTypeIfEnabled): Add new
        method that checks the ContextFeature flag before adding the passed-in
        listener type.
        (WebCore::Document::addListenerTypeIfNeeded): Call the new method
        instead of addListenerType for MutationEvent types.
        * dom/Document.h:
        (WebCore::Document::addListenerType): Make private to avoid anyone
        outside Document from enabling MutationEvent listeners. All callers
        must go through addListenerTypeIfNeeded.

2012-08-20  Levi Weintraub  <leviw@chromium.org>

        [Sub-pixel Layout] Block selection gap repainting can leave one pixel gaps
        https://bugs.webkit.org/show_bug.cgi?id=94526

        Reviewed by Eric Seidel.

        Reverting RenderLayer's m_blockSelectionGapsBounds to be an IntRect and applying enclosingIntRect to the
        gapRects added to the bounds. Previously, we'd end multiple block gaps and pixel snap the result, which
        can yield results one pixel off in width and height.

        Covered by existing tests. This undoes some of the rebaselining from when sub-pixel was enabled for Chromium.

        * rendering/RenderLayer.cpp:
        * rendering/RenderLayer.h:

2012-08-20  Kentaro Hara  <haraken@chromium.org>

        [V8] Move instrumentedCallFunction() from V8Proxy to ScriptController
        https://bugs.webkit.org/show_bug.cgi?id=94456

        Reviewed by Adam Barth.

        To kill V8Proxy, this patch moves instrumentedCallFunction() from V8Proxy
        to ScriptController. Also this patch renames instrumentedCallFunction()
        to callFunctionWithInstrumentation(), for consistency with callFunction().

        No tests. No change in behavior.

        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::callFunction):
        (WebCore):
        (WebCore::handleMaxRecursionDepthExceeded):
        (WebCore::resourceInfo):
        (WebCore::resourceString):
        (WebCore::ScriptController::callFunctionWithInstrumentation):
        * bindings/v8/ScriptController.h:
        (ScriptController):
        * bindings/v8/ScriptFunctionCall.cpp:
        (WebCore::ScriptCallback::call):
        * bindings/v8/V8Callback.cpp:
        (WebCore::invokeCallback):
        * bindings/v8/V8NodeFilterCondition.cpp:
        (WebCore::V8NodeFilterCondition::acceptNode):
        * bindings/v8/V8Proxy.cpp:
        (WebCore):
        * bindings/v8/V8Proxy.h:
        (V8Proxy):
        * bindings/v8/V8WindowErrorHandler.cpp:
        (WebCore::V8WindowErrorHandler::callListenerFunction):
        * bindings/v8/custom/V8CustomXPathNSResolver.cpp:
        (WebCore::V8CustomXPathNSResolver::lookupNamespaceURI):

2012-08-20  Elliott Sprehn  <esprehn@chromium.org>

        Never notify of insertedIntoTree during document destruction.
        https://bugs.webkit.org/show_bug.cgi?id=94535

        Reviewed by Eric Seidel.

        Never notify of insertedIntoTree during document destruction. Previously since we
        avoid notifying of willBeRemovedFromTree it's possible we could have gotten several
        insertedIntoTree notifications without ever being told we were removed.

        No tests needed since this just closes holes related to future code.

        * rendering/RenderObjectChildList.cpp:
        (WebCore::RenderObjectChildList::appendChildNode): Never call insertedIntoTree during document destruction.
        (WebCore::RenderObjectChildList::insertChildNode): Same.
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::attachRegion): Removed unneeded document destruction check.

2012-08-20  James Robinson  <jamesr@chromium.org>

        [chromium] Initialize GraphicsLayerChromium::m_contentsLayerId when setting contents layer
        https://bugs.webkit.org/show_bug.cgi?id=94552

        Reviewed by Kenneth Russell.

        Set it or it don't work good.

        * platform/graphics/chromium/GraphicsLayerChromium.cpp:
        (WebCore::GraphicsLayerChromium::setupContentsLayer):

2012-08-20  Rik Cabanier  <cabanier@adobe.com>

        parse CSS attribute -webkit-blend-mode
        https://bugs.webkit.org/show_bug.cgi?id=94024
 
        Reviewed by Dirk Schulze.

        Added parsing and general CSS handling of -webkit-blend-mode per http://www.w3.org/TR/2012/WD-compositing-20120816/

        Tests: css3/compositing/blend-mode-property-parsing-invalid.html
               css3/compositing/blend-mode-property-parsing.html
               css3/compositing/blend-mode-property.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore):
        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        (WebCore::isKeywordPropertyID):
        (WebCore::CSSParser::parseValue):
        * css/CSSProperty.cpp:
        (WebCore::CSSProperty::isInheritedProperty):
        * css/CSSPropertyNames.in:
        * css/CSSValueKeywords.in:
        * css/StyleBuilder.cpp:
        (WebCore::StyleBuilder::StyleBuilder):
        * rendering/RenderLayer.h:
        (RenderLayer):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer):
        (WebCore):
        (WebCore::RenderLayerBacking::updateLayerBlendMode):
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        (WebCore::RenderLayerBacking::setBlendMode):
        * rendering/RenderLayerBacking.h:
        (RenderLayerBacking):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::diff):
        * rendering/style/RenderStyle.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:
        (StyleRareNonInheritedData):

2012-08-20  Kentaro Hara  <haraken@chromium.org>

        [V8] Move retrieve{Window,Frame,PerContextData}() from V8Proxy to V8Binding
        https://bugs.webkit.org/show_bug.cgi?id=94460

        Reviewed by Adam Barth.

        To kill V8Proxy, we move retrieve{Window,Frame,PerContextData}()
        from V8Proxy to V8Binding. Also, this patch renames these methods as follows:

        - retrieveWindow() -> toDOMWindow()
        - retrieveFrame() -> toFrameIfNotDetached()
        - retrievePerContextData() -> perContextDataForCurrentWorld()

        No tests. No change in behavior.

        * bindings/v8/BindingState.cpp:
        (WebCore::activeDOMWindow):
        (WebCore::firstDOMWindow):
        (WebCore::activeFrame):
        (WebCore::firstFrame):
        (WebCore::currentFrame):
        (WebCore::currentDocument):
        * bindings/v8/PageScriptDebugServer.cpp:
        (WebCore::retrieveFrameWithGlobalObjectCheck):
        (WebCore::PageScriptDebugServer::getDebugListenerForContext):
        (WebCore::PageScriptDebugServer::runMessageLoopOnPause):
        * bindings/v8/V8Binding.cpp:
        (WebCore::retrieveWindow):
        (WebCore):
        (WebCore::retrieveFrame):
        (WebCore::retrievePerContextData):
        * bindings/v8/V8Binding.h:
        (WebCore):
        * bindings/v8/V8DOMWrapper.cpp:
        (WebCore::V8DOMWrapper::constructorForType):
        * bindings/v8/V8NPUtils.cpp:
        (WebCore::convertV8ObjectToNPVariant):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::handleOutOfMemory):
        (WebCore::V8Proxy::context):
        (WebCore::V8Proxy::matchesCurrentContext):
        * bindings/v8/V8Proxy.h:
        (V8Proxy):

2012-08-20  Abhishek Arya  <inferno@chromium.org>

        Yank an unneccessary if added in r125810.
        https://bugs.webkit.org/show_bug.cgi?id=85804

        Reviewed by Levi Weintraub.

        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::RenderBlock::layoutInlineChildren):

2012-08-20  James Robinson  <jamesr@chromium.org>

        [chromium] REGRESSION(126076) Should not touch old GraphicsLayerChromium::m_contentsLayer when setting up a new contents layer
        https://bugs.webkit.org/show_bug.cgi?id=94544

        Reviewed by Adrienne Walker.

        GraphicsLayerChromium only keeps a weak pointer to its m_contentsLayer. When replacing it with a new contents
        layer, it may be unsafe to touch the old value. It's also completely unnecessary.

        * platform/graphics/chromium/GraphicsLayerChromium.cpp:
        (WebCore::GraphicsLayerChromium::GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::setContentsToImage):
        (WebCore::GraphicsLayerChromium::setContentsTo):
        (WebCore::GraphicsLayerChromium::setupContentsLayer):
        * platform/graphics/chromium/GraphicsLayerChromium.h:

2012-08-20  Kentaro Hara  <haraken@chromium.org>

        [V8] Move collectGarbage() from ScriptController to V8GCController
        https://bugs.webkit.org/show_bug.cgi?id=94455

        Reviewed by Adam Barth.

        - This patch moves collectGarbage() from ScriptController to V8GCController.
        - This patch makes collectGarbage() a static method.
        - This patch removes ScriptController::lowMemoryNotification()
        since it is not used at all.

        No tests. No change in behavior.

        * bindings/v8/ScriptController.cpp:
        * bindings/v8/ScriptController.h:
        * bindings/v8/V8GCController.cpp:
        (WebCore::V8GCController::collectGarbage):
        (WebCore):
        * bindings/v8/V8GCController.h:
        (V8GCController):

2012-08-20  Kentaro Hara  <haraken@chromium.org>

        [V8] Remove V8Proxy from V8IsolatedContext
        https://bugs.webkit.org/show_bug.cgi?id=94450

        Reviewed by Adam Barth.

        This patch removes dependency on V8Proxy from V8IsolatedContext.

        No tests. No change in behavior.

        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::evaluateInIsolatedWorld):
        * bindings/v8/V8IsolatedContext.cpp:
        (WebCore::V8IsolatedContext::V8IsolatedContext):
        * bindings/v8/V8IsolatedContext.h:
        (WebCore):
        (V8IsolatedContext):

2012-08-20  Philip Rogers  <pdr@google.com>

        Canvas drawImage() should draw SVG at the correct scale.
        https://bugs.webkit.org/show_bug.cgi?id=94377

        Previously, drawing SVG in canvas would render at the incorrect scale
        because imageSizeForRenderer did not take into account the page scale.
        After this patch, we now incorporate the page scale in
        CachedImage::imageSizeForRenderer().

        Reviewed by Tim Horton.

        Test: svg/as-image/svg-as-image-canvas.html

        * loader/cache/CachedImage.cpp:
        (WebCore::CachedImage::imageSizeForRenderer):

2012-08-20  Simon Fraser  <simon.fraser@apple.com>

        Assertion going back to results.html page from an image diff result
        https://bugs.webkit.org/show_bug.cgi?id=94143

        Reviewed by Adam Barth.

        Avoid redundantly setting the DOMWindow on a JSDOMWindow shell in
        ScriptCachedFrameData::restore(), as we may have already done this
        in ScriptController::clearWindowShell(). This avoids an assertion
        on some platforms when going Back to the test results page from
        a diff image.

        * bindings/js/ScriptCachedFrameData.cpp:
        (WebCore::ScriptCachedFrameData::restore):

2012-08-20  Dean Jackson  <dino@apple.com>

        [WebGL] OES_vertex_array_object is not correctly un/binding or deleting
        https://bugs.webkit.org/show_bug.cgi?id=94029

        Reviewed by Ken Russell.

        When the currently bound vertex array is deleted, the specification says that
        the default object should be bound in its place. Also, binding a null object
        as a vertex array was not actually clearing the bound object at the GL layer.
        And lastly, it should not be possible to bind a deleted vertex array.

        The test case for this is the public Khronos WebGL conformance suite, in particular:
        conformance/extensions/oes-vertex-array-object.html

        * html/canvas/OESVertexArrayObject.cpp:
        (WebCore::OESVertexArrayObject::deleteVertexArrayOES): Check if the deleted array is
        currently bound, and if so, unbind it.
        (WebCore::OESVertexArrayObject::bindVertexArrayOES): Make sure never to bind an
        array that has been marked as deleted.
        * platform/graphics/opengl/Extensions3DOpenGL.cpp:
        (WebCore::Extensions3DOpenGL::bindVertexArrayOES): Remove the null check on bind. We
        do need to call glBindVertexArrayAPPLE with a null value in order to clear it.

2012-08-20  Kentaro Hara  <haraken@chromium.org>

        [V8] Move clearForClose() and clearForNavigation() from V8Proxy to ScriptController
        https://bugs.webkit.org/show_bug.cgi?id=94459

        Reviewed by Adam Barth.

        To kill V8Proxy, we can move clearForClose() and
        clearForNavigation() from V8Proxy to ScriptController.

        No tests. No change in behavior.

        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::~ScriptController):
        (WebCore::ScriptController::resetIsolatedWorlds):
        (WebCore):
        (WebCore::ScriptController::clearForClose):
        (WebCore::ScriptController::clearForNavigation):
        (WebCore::ScriptController::clearWindowShell):
        * bindings/v8/ScriptController.h:
        (ScriptController):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::~V8Proxy):
        (WebCore::V8Proxy::handleOutOfMemory):
        * bindings/v8/V8Proxy.h:
        (V8Proxy):

2012-08-20  Dirk Schulze  <krit@webkit.org>

        CSS Masking and CSS Filters applied in wrong order
        https://bugs.webkit.org/show_bug.cgi?id=94354

        Reviewed by Dean Jackson.

        According to the Filter Effects spec, the order should be first filters, then masking and clipping.
        Changed the order on applying the different effects in RenderLayer.

        Test: css3/filters/filter-mask-clip-order.html

        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::paintLayerContents): First filter, then mask and clip the content.

2012-08-20  Kentaro Hara  <haraken@chromium.org>

        [V8] Move mainWorldContext() from V8Proxy to ScriptController
        https://bugs.webkit.org/show_bug.cgi?id=94453

        Reviewed by Adam Barth.

        This patch moves mainWorldContext() from V8Proxy to ScriptController.
        In addition, this patch removes dependency on V8Proxy from WorldContextHandle.

        No tests. No change in behavior.

        * bindings/v8/DOMTransaction.cpp:
        (WebCore::DOMTransaction::callFunction):
        * bindings/v8/NPV8Object.cpp:
        (WebCore::toV8Context):
        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::evaluate):
        (WebCore::ScriptController::mainWorldContext):
        (WebCore):
        (WebCore::ScriptController::bindToWindowObject):
        (WebCore::createScriptObject):
        (WebCore::ScriptController::createScriptObjectForPluginElement):
        * bindings/v8/ScriptController.h:
        (ScriptController):
        * bindings/v8/ScriptState.cpp:
        (WebCore::mainWorldScriptState):
        * bindings/v8/V8LazyEventListener.cpp:
        (WebCore::V8LazyEventListener::prepareListenerObject):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::context):
        (WebCore::toV8Context):
        * bindings/v8/V8Proxy.h:
        (V8Proxy):
        * bindings/v8/WorldContextHandle.cpp:
        (WebCore::WorldContextHandle::adjustedContext):
        * bindings/v8/WorldContextHandle.h:
        (WebCore):
        (WorldContextHandle):

2012-08-20  Adam Klein  <adamk@chromium.org>

        Remove redundant TOUCH_LISTENER event type
        https://bugs.webkit.org/show_bug.cgi?id=94524

        Reviewed by Ryosuke Niwa.

        Code that needs to determine whether there are touch listeners
        can instead call Document::touchEventHandlerCount(), added in r107832.
        TOUCH_LISTENER didn't fit very well into the hasListenerType() model
        anyway, as there's not a 1:1 correspondance between the enum value and
        an event.

        * dom/Document.cpp:
        (WebCore::Document::addListenerTypeIfNeeded): Remove two bits of code:
        the bookkeeping for TOUCH_LISTENER, and the notification into
        ChromeClient (which is handled by calls to didAddTouchEventHandler in
        all the places that call addListenerTypeIfNeeded).
        (WebCore::Document::didRemoveTouchEventHandler): Remove bookkeeping for TOUCH_LISTENER.
        * dom/Document.h:
        * history/CachedFrame.cpp:
        (WebCore::CachedFrameBase::restore): Call touchEventHandlerCount instead of hasListenerType.
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::updateType): ditto
        * page/EventHandler.cpp:
        (WebCore::EventHandler::handleTouchEvent): ditto
        * page/Frame.cpp:
        (WebCore::Frame::setDocument): ditto
        * testing/Internals.cpp: Remove hasTouchEventListener method since its
        data source no longer exists.
        * testing/Internals.h: ditto
        (Internals):
        * testing/Internals.idl: ditto

2012-08-16  James Robinson  <jamesr@chromium.org>

        [chromium] Change WebLayer from a concrete type to a pure virtual interface
        https://bugs.webkit.org/show_bug.cgi?id=94174

        Reviewed by Adrienne Walker.

        This updates WebCore code for the WebLayer interface changes. Classes that have ownership of specific layer
        types (such as DrawingBufferChromium, Canvas2DLayerBridge and ScrollingCoordinatorChromium) hold ownership
        of a specific type and a pointer to the WebLayer to GraphicsLayerChromium to be included in the final layer
        tree. GraphicsLayerChromium holds a WebContentLayer and (optionally) a WebImageLayer and WebLayer (for
        m_transformLayer) and assembles the final layer tree.

        * page/scrolling/chromium/ScrollingCoordinatorChromium.cpp:
        (WebCore::ScrollingCoordinatorPrivate::ScrollingCoordinatorPrivate):
        (ScrollingCoordinatorPrivate):
        (WebCore::ScrollingCoordinatorPrivate::setScrollLayer):
        (WebCore::ScrollingCoordinatorPrivate::setHorizontalScrollbarLayer):
        (WebCore::ScrollingCoordinatorPrivate::setVerticalScrollbarLayer):
        (WebCore::ScrollingCoordinatorPrivate::scrollLayer):
        (WebCore::scrollableLayerForGraphicsLayer):
        (WebCore):
        (WebCore::createScrollbarLayer):
        (WebCore::ScrollingCoordinator::setScrollLayer):
        (WebCore::ScrollingCoordinator::setNonFastScrollableRegion):
        (WebCore::ScrollingCoordinator::setWheelEventHandlerCount):
        (WebCore::ScrollingCoordinator::setShouldUpdateScrollLayerPositionOnMainThread):
        (WebCore::ScrollingCoordinator::setLayerIsContainerForFixedPositionLayers):
        (WebCore::ScrollingCoordinator::setLayerIsFixedToContainerLayer):
        * platform/graphics/chromium/Canvas2DLayerBridge.cpp:
        (WebCore::AcceleratedDeviceContext::AcceleratedDeviceContext):
        (WebCore::AcceleratedDeviceContext::clearLayer):
        (AcceleratedDeviceContext):
        (WebCore::AcceleratedDeviceContext::prepareForDraw):
        (WebCore::Canvas2DLayerBridge::Canvas2DLayerBridge):
        (WebCore::Canvas2DLayerBridge::~Canvas2DLayerBridge):
        (WebCore::Canvas2DLayerBridge::skCanvas):
        (WebCore::Canvas2DLayerBridge::layer):
        (WebCore::Canvas2DLayerBridge::contextAcquired):
        * platform/graphics/chromium/Canvas2DLayerBridge.h:
        (WebCore):
        (Canvas2DLayerBridge):
        * platform/graphics/chromium/DrawingBufferChromium.cpp:
        (WebCore::DrawingBufferPrivate::DrawingBufferPrivate):
        (WebCore::DrawingBufferPrivate::~DrawingBufferPrivate):
        (WebCore::DrawingBufferPrivate::layer):
        (DrawingBufferPrivate):
        * platform/graphics/chromium/GraphicsLayerChromium.cpp:
        (WebCore::GraphicsLayerChromium::GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::~GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::updateNames):
        (WebCore::GraphicsLayerChromium::removeFromParent):
        (WebCore::GraphicsLayerChromium::setSize):
        (WebCore::GraphicsLayerChromium::clearBackgroundColor):
        (WebCore::GraphicsLayerChromium::setContentsOpaque):
        (WebCore::GraphicsLayerChromium::setFilters):
        (WebCore::GraphicsLayerChromium::setBackgroundFilters):
        (WebCore::GraphicsLayerChromium::setMaskLayer):
        (WebCore::GraphicsLayerChromium::setBackfaceVisibility):
        (WebCore::GraphicsLayerChromium::setOpacity):
        (WebCore::GraphicsLayerChromium::setReplicatedByLayer):
        (WebCore::GraphicsLayerChromium::setContentsNeedsDisplay):
        (WebCore::GraphicsLayerChromium::setNeedsDisplay):
        (WebCore::GraphicsLayerChromium::setNeedsDisplayInRect):
        (WebCore::GraphicsLayerChromium::setContentsToImage):
        (WebCore::GraphicsLayerChromium::setContentsToCanvas):
        (WebCore):
        (WebCore::GraphicsLayerChromium::setContentsToMedia):
        (WebCore::GraphicsLayerChromium::setContentsTo):
        (WebCore::GraphicsLayerChromium::addAnimation):
        (WebCore::GraphicsLayerChromium::pauseAnimation):
        (WebCore::GraphicsLayerChromium::removeAnimation):
        (WebCore::GraphicsLayerChromium::suspendAnimations):
        (WebCore::GraphicsLayerChromium::resumeAnimations):
        (WebCore::GraphicsLayerChromium::addLinkHighlight):
        (WebCore::GraphicsLayerChromium::didFinishLinkHighlight):
        (WebCore::GraphicsLayerChromium::platformLayer):
        (WebCore::GraphicsLayerChromium::setDebugBackgroundColor):
        (WebCore::GraphicsLayerChromium::setDebugBorder):
        (WebCore::GraphicsLayerChromium::updateChildList):
        (WebCore::GraphicsLayerChromium::updateLayerPosition):
        (WebCore::GraphicsLayerChromium::updateLayerSize):
        (WebCore::GraphicsLayerChromium::updateAnchorPoint):
        (WebCore::GraphicsLayerChromium::updateTransform):
        (WebCore::GraphicsLayerChromium::updateChildrenTransform):
        (WebCore::GraphicsLayerChromium::updateMasksToBounds):
        (WebCore::GraphicsLayerChromium::updateLayerPreserves3D):
        (WebCore::GraphicsLayerChromium::updateLayerIsDrawable):
        (WebCore::GraphicsLayerChromium::updateLayerBackgroundColor):
        (WebCore::GraphicsLayerChromium::updateContentsRect):
        (WebCore::GraphicsLayerChromium::updateContentsScale):
        (WebCore::GraphicsLayerChromium::setupContentsLayer):
        * platform/graphics/chromium/GraphicsLayerChromium.h:
        (WebCore::GraphicsLayerChromium::hasContentsLayer):
        (WebCore::GraphicsLayerChromium::contentLayer):
        (GraphicsLayerChromium):
        (WebCore::GraphicsLayerChromium::contentsLayer):
        * platform/graphics/chromium/LayerChromium.cpp:
        (WebCore::LayerChromium::rootLayer):
        * platform/graphics/chromium/LayerChromium.h:

2012-08-20  Leandro Gracia Gil  <leandrogracia@chromium.org>

        Move transformFriendlyBoundingBox out of Range
        https://bugs.webkit.org/show_bug.cgi?id=94366

        Reviewed by Simon Fraser and Ryosuke Niwa.

        Bug 93111 introduced a new method in Range called transformFriendlyBoundingBox.
        However, this method should not have been added there in order to reduce the
        dependencies between Range and the rendering code. This patch moves it to a
        static method in RenderObject.

        Tests: existing tests, no new feature added by this patch.

        * dom/Range.cpp:
        * dom/Range.h:
        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::absoluteBoundingBoxRectForRange):
        (WebCore):
        * rendering/RenderObject.h:
        (RenderObject):

2012-08-20  Ryosuke Niwa  <rniwa@webkit.org>

        Replace isolate || bidi-override by isolate-override
        https://bugs.webkit.org/show_bug.cgi?id=89746

        Reviewed by Levi Weintraub.

        The combination of bidi-isolate and isolate was replaced by a single isolate-override in
        http://lists.w3.org/Archives/Public/www-style/2012May/0541.html. The spec. has been updated accordingly:
        http://dev.w3.org/csswg/css3-writing-modes/#unicode-bidi

        To follow the specification change, added -webkit-isolate-override and removed the support for
        isolate || bidi-override, simplifying the CSS parser and serializer.

        Test: fast/text/bidi-override-isolate.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue): Removed. We can just new a CSSPrimitiveValue
        constructor now.
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue): Added now that unicode-bidi always creates a signle
        primitive value instead of a primitive value of css value list.
        (WebCore::CSSPrimitiveValue::operator EUnicodeBidi):
        * css/CSSValueKeywords.in: Added -webkit-isolate-override
        * css/StyleBuilder.cpp:
        (WebCore): Removed ApplyPropertyUnicodeBidi since we can use ApplyPropertyDefault now.
        (WebCore::StyleBuilder::StyleBuilder): Use ApplyPropertyDefault.
        * platform/text/UnicodeBidi.h: Renamed OverrideIsolate to IsolateOverride to match the spec.
        (WebCore::isIsolated):
        (WebCore::isOverride):
        * rendering/RenderBlockLineLayout.cpp:
        (WebCore::constructBidiRuns):

2012-08-20  Tony Chang  <tony@chromium.org>

        RenderGrid children should always be RenderBoxes
        https://bugs.webkit.org/show_bug.cgi?id=94305

        Reviewed by Abhishek Arya.

        During RenderGrid::layout, we assume all the children are RenderBoxes.
        When removing children, if the last child is an anonymous block, we don't
        want to remove the anonymous block for grids. Ensure this doesn't happen
        by adding canCollapseAnonymousBlockChild to RenderBlock (flexboxen and
        grid can override this method).

        Test: fast/css-grid-layout/should-not-collapse-anonymous-blocks.html

        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::removeChild): Check canCollapseAnonymousBlockChild().
        * rendering/RenderBlock.h:
        (WebCore::RenderBlock::canCollapseAnonymousBlockChild):
        (RenderBlock):
        * rendering/RenderDeprecatedFlexibleBox.h: canCollapseAnonymousBlockChild returns false.
        * rendering/RenderFlexibleBox.h: canCollapseAnonymousBlockChild returns false.
        * rendering/RenderGrid.h: canCollapseAnonymousBlockChild returns false.

2012-08-20  Kenneth Russell  <kbr@google.com>

        Unreviewed, rolling out r126026.
        http://trac.webkit.org/changeset/126026
        https://bugs.webkit.org/show_bug.cgi?id=94449

        Caused assertion failure in layout test touchadjustment/context-menu.html

        * page/TouchAdjustment.cpp:
        (TouchAdjustment):
        (WebCore::TouchAdjustment::providesContextMenuItems):
        (WebCore::TouchAdjustment::appendSubtargetsForNodeToList):
        (WebCore::TouchAdjustment::compileSubtargetList):
        (WebCore::findBestClickableCandidate):
        (WebCore::findBestContextMenuCandidate):

2012-08-20  Andrew Lo  <anlo@rim.com>

        [BlackBerry] Enabling DEBUG_LAYER_ANIMATION results in build break & warnings
        https://bugs.webkit.org/show_bug.cgi?id=94514

        Reviewed by Rob Buis.

        Add wtf::CString definition to fix build break when enabling DEBUG_LAYER_ANIMATION
        debug prints. Fix build warnings from prints.

        No new tests, non-functional change.

        * platform/graphics/blackberry/GraphicsLayerBlackBerry.cpp:
        (WebCore::GraphicsLayerBlackBerry::addAnimation):
        (WebCore::GraphicsLayerBlackBerry::pauseAnimation):

2012-08-20  Christophe Dumez  <christophe.dumez@intel.com>

        [JSC] SerializedScriptValue::create() should throw a DataCloneError if input is an unsupported object
        https://bugs.webkit.org/show_bug.cgi?id=94493

        Reviewed by Oliver Hunt.

        Update JSC implementation for SerializedScriptValue::create() so that
        a DataCloneError is thrown when the input value is an unsupported
        object. The previous implementation was not throwing any error.

        This change is according to the structured clone specification at:
        http://www.w3.org/TR/html5/common-dom-interfaces.html#structured-clone

        This also matches the corresponding V8 implementation.

        Test: fast/events/message-port-multi.html.

        * bindings/js/SerializedScriptValue.cpp:
        (WebCore::CloneSerializer::dumpIfTerminal):
        (WebCore::CloneSerializer::serialize):
        (WebCore::SerializedScriptValue::maybeThrowExceptionIfSerializationFailed):
        * bindings/js/SerializedScriptValue.h:

2012-08-20  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r125884.
        http://trac.webkit.org/changeset/125884
        https://bugs.webkit.org/show_bug.cgi?id=94523

        Appears to be causing a top crash in the Canary channel
        (Requested by abarth on #webkit).

        * UseV8.cmake:
        * WebCore.gypi:
        * bindings/v8/DOMWrapperWorld.cpp:
        (WebCore::DOMWrapperWorld::DOMWrapperWorld):
        (WebCore::mainThreadNormalWorld):
        * bindings/v8/DOMWrapperWorld.h:
        (WebCore):
        (WebCore::DOMWrapperWorld::create):
        (WebCore::DOMWrapperWorld::~DOMWrapperWorld):
        (DOMWrapperWorld):
        * bindings/v8/IsolatedWorld.cpp: Copied from Source/WebCore/bindings/v8/DOMWrapperWorld.cpp.
        (WebCore):
        (WebCore::IsolatedWorld::IsolatedWorld):
        (WebCore::IsolatedWorld::~IsolatedWorld):
        * bindings/v8/IsolatedWorld.h: Copied from Source/WebCore/bindings/v8/DOMWrapperWorld.h.
        (WebCore):
        (IsolatedWorld):
        (WebCore::IsolatedWorld::create):
        (WebCore::IsolatedWorld::count):
        (WebCore::IsolatedWorld::id):
        (WebCore::IsolatedWorld::domDataStore):
        * bindings/v8/V8DOMWrapper.h:
        (WebCore::V8DOMWrapper::getCachedWrapper):
        * bindings/v8/V8IsolatedContext.cpp:
        (WebCore::V8IsolatedContext::V8IsolatedContext):
        (WebCore::V8IsolatedContext::destroy):
        * bindings/v8/V8IsolatedContext.h:
        (WebCore::V8IsolatedContext::getEntered):
        (WebCore::V8IsolatedContext::world):
        (V8IsolatedContext):
        * bindings/v8/V8PerIsolateData.h:
        (WebCore::V8PerIsolateData::registerDOMDataStore):
        (WebCore::V8PerIsolateData::unregisterDOMDataStore):

2012-08-20  Chris Rogers  <crogers@google.com>

        Remove improper ASSERT in AudioParamTimeline::valuesForTimeRangeImpl()
        https://bugs.webkit.org/show_bug.cgi?id=94504

        Reviewed by Kenneth Russell.

        AudioParamTimeline::valuesForTimeRangeImpl() is able to handle the case where there are no timeline events.
        So don't ASSERT for that case.

        * Modules/webaudio/AudioParamTimeline.cpp:
        (WebCore::AudioParamTimeline::valuesForTimeRangeImpl):

2012-08-20  Ken Buchanan  <kenrb@chromium.org>
        Line boxes not being dirtied correctly during inline removal
        https://bugs.webkit.org/show_bug.cgi?id=93156

        Reviewed by David Hyatt.

        When two inline objects were being removed from different lineboxes
        in an ancestral RenderBlock, the way the RenderBlock was being marked
        prevented the second linebox from being marked dirty. This causes
        it to not get layout in the subsequent layout pass.

        This patch causes only the descendants corresponding to actual changed
        lineboxes to have their ancestorLineBoxDirty bit set, rather than
        the RenderBlock that contains the lineboxes themselves.

        * rendering/RenderLineBoxList.cpp:
        (WebCore::RenderLineBoxList::dirtyLinesFromChangedChild):

2012-08-20  John Mellor  <johnme@chromium.org>

        Text Autosizing: Only take into account block width <= document layout width.
        https://bugs.webkit.org/show_bug.cgi?id=93862

        Reviewed by Kenneth Rohde Christiansen.

        Instead of calculating the textAutosizingMultiplier purely based on the
        width of each block, we now work out the maximum width of the block
        that could be displayed onscreen at any one time, and use that value.
        This avoids excessive text size multiplication (there's no point making
        text bigger than this, since you wouldn't be able to zoom out far
        enough to read it!).

        To determine the maximum onscreen block width, we take the minimum of
        the block width and the layoutWidth of the narrowest non-flattened
        ancestor frame. Flattened frames are ignored since they don't impose a
        hard limit on the maximum width that can be displayed, instead they can
        stretch to fit their contents. Note that on mobile the layoutWidth of
        the main frame is the fixed layout width aka viewport width.

        In practice this caps the maximum multiplier to a value that depends
        on the metrics of the device. For example on a Nexus S (480 x 800px
        and 1.5x devicePixelRatio) with a 980px default fixed layout width,
        this limits the multiplier to: 980 / (480/1.5) = 3.0625

        Most pages won't have blocks that actually hit this cap, or they will
        only slightly exceed it (so their multiplier will only be slightly
        reduced). For example it's not uncommon for desktop pages to be
        slightly wider than 980px, but they would have to additionally have
        text that spans the full width of the page for this to affect them, and
        even then it would merely slightly decrease their multiplier).

        This will have more dramatic effects on the rare desktop pages which
        give a width=device-width (or similar) mobile viewport tag (on ports
        which support viewports). A follow-up patch will hopefully address this
        by wrapping the text in such excessively wide blocks to the layoutWidth.

        Tests: fast/text-autosizing/narrow-iframe-flattened.html
               fast/text-autosizing/narrow-iframe.html
               fast/text-autosizing/wide-block.html
               fast/text-autosizing/wide-iframe.html

        * page/FrameView.cpp:
        (WebCore::FrameView::isInChildFrameWithFrameFlattening):

            Made public and const, so can be used from TextAutosizer.

        * rendering/TextAutosizer.cpp:
        (WebCore::TextAutosizer::processSubtree):

            Computes the minimum layout width of the parent frames, as described
            above.

        (WebCore::TextAutosizer::processBlock):

            Limits used block width to this min layout width.

2012-08-20  Hans Wennborg  <hans@chromium.org>

        Respect runtime flags for Device Orientation and Device Motion
        https://bugs.webkit.org/show_bug.cgi?id=94479

        Reviewed by Adam Barth.

        There are flags that allows disabling of device orientation and device
        motion at runtime. These flags determine the availability of the
        corresponding event constructors in DOMWindow.

        However, the flags should also control the ability to add event
        listeners for these events, otherwise the feature can be used even if
        it is disabled.

        * page/DOMWindow.cpp:
        (WebCore::DOMWindow::addEventListener):

2012-08-20  Philip Rogers  <pdr@google.com>

        Remove incorrect getBBox() code
        https://bugs.webkit.org/show_bug.cgi?id=94419

        Reviewed by Dirk Schulze.

        SVGPathElement defines a getBBox() function that is wrong and
        should use objectBoundingBox(). This patch cleans this up.

        No new tests as this is just a cleanup of old code.

        * svg/SVGPathElement.cpp:
        (WebCore):
        * svg/SVGPathElement.h:
        (SVGPathElement):

2012-08-20  David Reveman  <reveman@chromium.org>

        [Chromium] Schedule texture uploads based on hard-coded timer and vsync.
        https://bugs.webkit.org/show_bug.cgi?id=84281

        Reviewed by James Robinson.

        Improve interaction between vsync and texture uploads by performing
        uploads in smaller batches and use a hard-coded timer to emulate
        upload completion. This greatly reduces the chance of the compositor
        missing a vsync due to being busy with texture uploads.

        The CCScheduler client is now given a time limit when told to update
        more resources. This time limit is passed to an instance of the
        CCTextureUpdateController class, which is responsible for performing
        texture updates until the limit is reached.

        Unit tests: CCSchedulerTest.RequestCommit
                    CCTextureUpdateControllerTest.UpdateMoreTextures
                    CCTextureUpdateControllerTest.HasMoreUpdates

        * platform/graphics/chromium/cc/CCFrameRateController.cpp:
        (WebCore::CCFrameRateController::nextTickTime):
        (WebCore):
        * platform/graphics/chromium/cc/CCFrameRateController.h:
        (CCFrameRateController):
        * platform/graphics/chromium/cc/CCScheduler.cpp:
        (WebCore::CCScheduler::processScheduledActions):
        * platform/graphics/chromium/cc/CCScheduler.h:
        (CCSchedulerClient):
        * platform/graphics/chromium/cc/CCTextureUpdateController.cpp:
        (WebCore::CCTextureUpdateController::maxPartialTextureUpdates):
        (WebCore::CCTextureUpdateController::CCTextureUpdateController):
        (WebCore::CCTextureUpdateController::updateMoreTextures):
        (WebCore):
        (WebCore::CCTextureUpdateController::onTimerFired):
        (WebCore::CCTextureUpdateController::monotonicTimeNow):
        (WebCore::CCTextureUpdateController::updateMoreTexturesTime):
        (WebCore::CCTextureUpdateController::updateMoreTexturesSize):
        (WebCore::CCTextureUpdateController::updateMoreTexturesIfEnoughTimeRemaining):
        (WebCore::CCTextureUpdateController::updateMoreTexturesNow):
        * platform/graphics/chromium/cc/CCTextureUpdateController.h:
        (WebCore::CCTextureUpdateController::create):
        (CCTextureUpdateController):
        * platform/graphics/chromium/cc/CCThreadProxy.cpp:
        (WebCore::CCThreadProxy::beginFrameCompleteOnImplThread):
        (WebCore::CCThreadProxy::scheduledActionUpdateMoreResources):
        * platform/graphics/chromium/cc/CCThreadProxy.h:

2012-08-20  Bruno de Oliveira Abinader  <bruno.abinader@basyskom.com>

        [css3-text] Add parsing support for -webkit-text-decoration-style
        https://bugs.webkit.org/show_bug.cgi?id=94093

        Reviewed by Julien Chaffraix.

        This patch implements the "text-decoration-style" property parsing as specified
        in CSS3 working draft, with "-webkit-" prefix. The specification can be found
        here: http://dev.w3.org/csswg/css3-text/#text-decoration-style

        Additionally, Mozilla implementation details can be found here:
        https://developer.mozilla.org/en-US/docs/CSS/text-decoration-style

        This is an individual task for bug 90958. Rendering support will be handled on a
        different bug.

        Test: fast/css3-text-decoration/getComputedStyle/getComputedStyle-text-decoration-style.html

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::renderTextDecorationStyleFlagsToCSSValue):
        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
        * css/CSSParser.cpp:
        (WebCore::CSSParser::parseValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::operator TextDecorationStyle):
        * css/CSSProperty.cpp:
        (WebCore::CSSProperty::isInheritedProperty):
        * css/CSSPropertyNames.in:
        * css/CSSValueKeywords.in:
        * css/StyleBuilder.cpp:
        (WebCore::StyleBuilder::StyleBuilder):
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::collectMatchingRulesForList):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::diff):
        * rendering/style/RenderStyle.h:
        * rendering/style/RenderStyleConstants.h: Added non-bitwise TextDecorationStyle enum.
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData): Added m_textDecorationStyle to default and copy constructors.
        (WebCore::StyleRareNonInheritedData::operator==): Include m_textDecorationStyle in comparison.
        * rendering/style/StyleRareNonInheritedData.h:
        (StyleRareNonInheritedData):
        Added m_textDecorationStyle here as it won't be used regularly.

2012-08-20  Jakob Petsovits  <jpetsovits@rim.com>

        [BlackBerry] Persist cookies not from atexit() but the new onThreadFinished()
        https://bugs.webkit.org/show_bug.cgi?id=94482
        RIM PR 184923

        Reviewed by Yong Li.

        BlackBerry::Platform recently made changes that ensure
        that MessageClient threads are being shut down correctly.
        A new onThreadFinished() virtual was introduced for
        custom clean-up functionality and can replace the
        atexit() handler that we previously used to flush cookies
        to the cookie database backingstore.

        No new functionality, no new tests.

        * platform/blackberry/CookieDatabaseBackingStore/CookieDatabaseBackingStore.cpp:
        (WebCore):
        (WebCore::CookieDatabaseBackingStore::onThreadFinished):
        (WebCore::CookieDatabaseBackingStore::sendChangesToDatabaseSynchronously):
        * platform/blackberry/CookieDatabaseBackingStore/CookieDatabaseBackingStore.h:
        (CookieDatabaseBackingStore):
        * platform/blackberry/CookieManager.cpp:
        (WebCore):
        (WebCore::cookieManager):
        * platform/blackberry/CookieManager.h:

2012-08-20  Alexandre Elias  <aelias@google.com>

        [chromium] Move non-GL-specific code out of LayerRendererChromium
        https://bugs.webkit.org/show_bug.cgi?id=93927

        Reviewed by Adrienne Walker.

        This patch moves most of the generic logic dealing with matrices and
        render passes into a new class "CCDirectRenderer" that sits between
        CCRenderer and LayerRendererChromium, and also publicly exposes a
        few other things like the UnthrottledTextureUploader.

        The plan is for the future software compositing implementation to also
        derive from CCDirectRenderer, whereas the ubercompositor delegating
        renderer will still derive from CCRenderer.

        No new tests (no-op refactoring).

        * WebCore.gypi:
        * platform/graphics/chromium/GeometryBinding.cpp:
        (WebCore::GeometryBinding::GeometryBinding):
        * platform/graphics/chromium/GeometryBinding.h:
        (GeometryBinding):
        * platform/graphics/chromium/LayerRendererChromium.cpp:
        (WebCore::LayerRendererChromium::LayerRendererChromium):
        (WebCore::LayerRendererChromium::beginDrawingFrame):
        (WebCore::LayerRendererChromium::drawQuad):
        (WebCore::LayerRendererChromium::drawRenderPassQuad):
        (WebCore::LayerRendererChromium::drawTileQuad):
        (WebCore::LayerRendererChromium::finishDrawingFrame):
        (WebCore::LayerRendererChromium::drawQuadGeometry):
        (WebCore::LayerRendererChromium::bindFramebufferToOutputSurface):
        (WebCore):
        (WebCore::LayerRendererChromium::bindFramebufferToTexture):
        (WebCore::LayerRendererChromium::enableScissorTestRect):
        (WebCore::LayerRendererChromium::disableScissorTest):
        (WebCore::LayerRendererChromium::setDrawViewportSize):
        (WebCore::LayerRendererChromium::makeContextCurrent):
        (WebCore::LayerRendererChromium::initializeSharedObjects):
        * platform/graphics/chromium/LayerRendererChromium.h:
        (LayerRendererChromium):
        * platform/graphics/chromium/TextureCopier.h:
        (TextureCopier):
        * platform/graphics/chromium/TextureUploader.h:
        (UnthrottledTextureUploader):
        (WebCore::UnthrottledTextureUploader::create):
        (WebCore::UnthrottledTextureUploader::~UnthrottledTextureUploader):
        (WebCore::UnthrottledTextureUploader::UnthrottledTextureUploader):
        (WebCore):
        * platform/graphics/chromium/cc/CCDirectRenderer.cpp: Added.
        (projectionMatrix):
        (canvasMatrix):
        (WebCore):
        (WebCore::CCDirectRenderer::DrawingFrame::initializeMatrices):
        (WebCore::CCDirectRenderer::DrawingFrame::initializeScissors):
        (WebCore::CCDirectRenderer::decideRenderPassAllocationsForFrame):
        (WebCore::CCDirectRenderer::drawFrame):
        (WebCore::CCDirectRenderer::drawRenderPass):
        (WebCore::CCDirectRenderer::useRenderPass):
        (WebCore::CCDirectRenderer::haveCachedResourcesForRenderPassId):
        (WebCore::CCDirectRenderer::renderPassTextureSize):
        (WebCore::CCDirectRenderer::renderPassTextureFormat):
        * platform/graphics/chromium/cc/CCDirectRenderer.h: Added.
        (WebCore):
        (CCDirectRenderer):
        (WebCore::CCDirectRenderer::~CCDirectRenderer):
        (WebCore::CCDirectRenderer::resourceProvider):
        (WebCore::CCDirectRenderer::CCDirectRenderer):
        (DrawingFrame):
        (WebCore::CCDirectRenderer::DrawingFrame::DrawingFrame):
        (CachedTexture):
        (WebCore::CCDirectRenderer::CachedTexture::create):
        (WebCore::CCDirectRenderer::CachedTexture::~CachedTexture):
        (WebCore::CCDirectRenderer::CachedTexture::isComplete):
        (WebCore::CCDirectRenderer::CachedTexture::setIsComplete):
        (WebCore::CCDirectRenderer::CachedTexture::CachedTexture):
        (WebCore::CCDirectRenderer::quadVertexRect):
        (WebCore::CCDirectRenderer::quadRectTransform):

2012-08-20  Julien Chaffraix  <jchaffraix@webkit.org>

        Introduce a will-be-removed-from-tree notification in RenderObject
        https://bugs.webkit.org/show_bug.cgi?id=94271

        Reviewed by Abhishek Arya.

        Following bug 93874, we have an insertion notification. This change adds the
        matching removal notification (willBeRemovedFromTree).

        Refactoring covered by existing tests.

        * rendering/RenderObjectChildList.cpp:
        (WebCore::RenderObjectChildList::removeChildNode):
        Removed the code from here and moved it below.

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::willBeRemovedFromTree):
        * rendering/RenderObject.h:
        This is the base function that should be called by every instance.

        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::willBeRemovedFromTree):
        * rendering/RenderListItem.h:
        * rendering/RenderQuote.cpp:
        (WebCore::RenderQuote::willBeRemovedFromTree):
        * rendering/RenderQuote.h:
        * rendering/RenderRegion.cpp:
        (WebCore::RenderRegion::willBeRemovedFromTree):
        * rendering/RenderRegion.h:
        Overriden functions.

2012-08-20  Mike West  <mkwst@chromium.org>

        CSP 1.1: The 'plugin-types' warning should include details about explicit type declaration when relevant.
        https://bugs.webkit.org/show_bug.cgi?id=94432

        Reviewed by Adam Barth.

        Given a 'plugin-types' Content Security Policy directive, an 'object' or
        'embed' tag is blocked if it doesn't include an explicit declaration of
        the plugin's expected media type. This restriction should be made clear
        in the console warning that's generated.

        Existing tests have been adjusted to agree with the new error string.

        * page/ContentSecurityPolicy.cpp:
        (WebCore::CSPDirectiveList::checkMediaTypeAndReportViolation):
            If a media type fail to match the policy's restrictions, and the
            declared type attribute is empty, then add another line to the
            console warning, espousing the virtues of explicit declaration.

2012-08-20  Dana Jansens  <danakj@chromium.org>

        [chromium] Update HUD resources as a final step to drawing a frame
        https://bugs.webkit.org/show_bug.cgi?id=93743

        Reviewed by Adrienne Walker.

        The HUD should be painted as a last step, after the whole frame has been
        generated. This introduces a new "updateHudTexture" method on the HUD layer
        and has the HUD layer save itself on CCLayerTreeHostImpl so that it can
        call back to this method.

        This allows the CCLayerTreeHostImpl to cause the HUD layer to update its
        texture as a final step before drawing the frame, allowing the HUD texture
        to contain all possible information about the current frame.

        * platform/graphics/chromium/cc/CCHeadsUpDisplayLayerImpl.cpp:
        (WebCore::CCHeadsUpDisplayLayerImpl::willDraw):
        (WebCore):
        (WebCore::CCHeadsUpDisplayLayerImpl::appendQuads):
        (WebCore::CCHeadsUpDisplayLayerImpl::updateHudTexture):
        * platform/graphics/chromium/cc/CCHeadsUpDisplayLayerImpl.h:
        (CCHeadsUpDisplayLayerImpl):
        * platform/graphics/chromium/cc/CCLayerTreeHost.cpp:
        (WebCore::CCLayerTreeHost::finishCommitOnImplThread):
        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
        (WebCore::CCLayerTreeHostImpl::CCLayerTreeHostImpl):
        (WebCore::CCLayerTreeHostImpl::drawLayers):
        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
        (WebCore):
        (WebCore::CCLayerTreeHostImpl::setHudLayer):
        (WebCore::CCLayerTreeHostImpl::hudLayer):
        (CCLayerTreeHostImpl):

2012-08-20  Ian Vollick  <vollick@chromium.org>

        [chromium] Add tracing for active composited animations
        https://bugs.webkit.org/show_bug.cgi?id=84210

        Reviewed by James Robinson.

        This patch issues the trace events from the animations. Animations will
        report when they start and finish on the main and impl threads (via
        TRACE_EVENT_ASYNC*), and also issues instant trace events whenever they
        change state.

        No new tests, only changes tracing behavior.

        * platform/graphics/chromium/cc/CCActiveAnimation.cpp:
        (WebCore::CCActiveAnimation::CCActiveAnimation):
        (WebCore::CCActiveAnimation::~CCActiveAnimation):
        (WebCore::CCActiveAnimation::setRunState):
        (WebCore::CCActiveAnimation::clone):
        (WebCore):
        (WebCore::CCActiveAnimation::cloneAndInitialize):
        * platform/graphics/chromium/cc/CCActiveAnimation.h:
        (WebCore::CCActiveAnimation::isControllingInstance):
        (CCActiveAnimation):
        * platform/graphics/chromium/cc/CCLayerAnimationController.cpp:
        (WebCore::CCLayerAnimationController::pushNewAnimationsToImplThread):
        (WebCore::CCLayerAnimationController::replaceImplThreadAnimations):
        (WebCore::CCLayerAnimationController::tickAnimations):

2012-08-20  Bill Budge  <bbudge@chromium.org>

        webkitfullscreenchange not fired properly in iframe.
        https://bugs.webkit.org/show_bug.cgi?id=93525

        Reviewed by Adam Barth.

        webkitCancelFullScreen exits fullscreen by invoking webkitExitFullScreen on topDocument.
        However, if webkitDidExitFullScreenForElement is invoked on a descendant document, no events
        get dispatched. This change starts the event dispatch delay timer on the document where
        webkitCancelFullScreen was called, so that the events get dispatched. In addition, when events
        are dispatched, the check whether a node has been removed is changed to also check that the
        node isn't in another document, as can happen with frames. Finally, webkitExitFullscreen
        is fixed to remove unnecessary code and conform to the spec.

        No new tests (the existing fullscreen/exit-full-screen-iframe.html test now passes).

        * dom/Document.cpp:
        (WebCore::Document::webkitExitFullscreen):
        (WebCore::Document::webkitDidExitFullScreenForElement):
        (WebCore::Document::fullScreenChangeDelayTimerFired):

2012-08-20  Yuzhu Shen  <yzshen@chromium.com>

        [chromium] pepper plugins sometimes are shifted by 1 pixel
        https://bugs.webkit.org/show_bug.cgi?id=94257

        Reviewed by Levi Weintraub.

        Change RenderWidget::updateWidgetGeometry() to use LayoutRect instead of IntRect to avoid unwanted truncation
        (when converting from FloatRect to IntRect).

        This makes sure that the optimized rendering code path of Pepper plugin
        (PluginInstance::GetBitmapForOptimizedPluginPaint) has consistent coordinates with the normal WebKit rendering
        code path.

        No new tests because we don't have Pepper plugin tests in WebKit.

        * rendering/RenderWidget.cpp:
        (WebCore::RenderWidget::updateWidgetGeometry):

2012-08-20  Christophe Dumez  <christophe.dumez@intel.com>

        postMessage() in MessagePort.idl does not match spec
        https://bugs.webkit.org/show_bug.cgi?id=94477

        Reviewed by Kentaro Hara.

        Update definition of postMessage() in MessagePort.idl
        to match the specification at:
        http://www.w3.org/TR/html5/comms.html#messageport

        The first argument should be of type 'any', not
        'DOMString'.

        No new tests, no behavior change.

        * dom/MessagePort.idl:

2012-08-20  Sheriff Bot  <webkit.review.bot@gmail.com>

        Unreviewed, rolling out r125989.
        http://trac.webkit.org/changeset/125989
        https://bugs.webkit.org/show_bug.cgi?id=94485

        "Two of the new tests always failed on Mac bots" (Requested by
        bradee-oh on #webkit).

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore):
        (WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue):
        * css/CSSParser.cpp:
        (WebCore::isValidKeywordPropertyAndValue):
        (WebCore::isKeywordPropertyID):
        (WebCore::CSSParser::parseValue):
        * css/CSSProperty.cpp:
        (WebCore::CSSProperty::isInheritedProperty):
        * css/CSSPropertyNames.in:
        * css/CSSValueKeywords.in:
        * css/StyleBuilder.cpp:
        (WebCore::StyleBuilder::StyleBuilder):
        * rendering/RenderLayer.h:
        (RenderLayer):
        * rendering/RenderLayerBacking.cpp:
        (WebCore::RenderLayerBacking::createPrimaryGraphicsLayer):
        (WebCore):
        (WebCore::RenderLayerBacking::updateGraphicsLayerGeometry):
        * rendering/RenderLayerBacking.h:
        (RenderLayerBacking):
        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::diff):
        * rendering/style/RenderStyle.h:
        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData):
        (WebCore::StyleRareNonInheritedData::operator==):
        * rendering/style/StyleRareNonInheritedData.h:
        (StyleRareNonInheritedData):

2012-08-20  Allan Sandfeld Jensen  <allan.jensen@nokia.com>

        [Qt] Custom tap-highlight-color renders fully opaque
        https://bugs.webkit.org/show_bug.cgi?id=94468

        Reviewed by Kenneth Rohde Christiansen.

        Adjust the default tap-highlight-color to figure in that is will be
        drawn semi-transparent.

        * rendering/RenderTheme.h:
        (RenderTheme):

2012-08-20  Andrey Adaikin  <aandrey@chromium.org>

        Web Inspector: [WebGL] Add minimum transport protocol from backend to frontend
        https://bugs.webkit.org/show_bug.cgi?id=88973

        Reviewed by Pavel Feldman.

        Added the following protocol methods to communicate with the WebGL injected
        module: captureFrame, getTraceLog, dropTraceLog, replayTraceLog.

        * inspector/CodeGeneratorInspector.py:
        * inspector/InjectedScriptWebGLModule.cpp:
        (WebCore::InjectedScriptWebGLModule::captureFrame):
        (WebCore):
        (WebCore::InjectedScriptWebGLModule::dropTraceLog):
        (WebCore::InjectedScriptWebGLModule::getTraceLog):
        (WebCore::InjectedScriptWebGLModule::replayTraceLog):
        * inspector/InjectedScriptWebGLModule.h:
        (InjectedScriptWebGLModule):
        * inspector/Inspector.json:
        * inspector/InspectorController.cpp:
        (WebCore::InspectorController::InspectorController):
        * inspector/InspectorWebGLAgent.cpp:
        (WebCore::InspectorWebGLAgent::InspectorWebGLAgent):
        (WebCore::InspectorWebGLAgent::dropTraceLog):
        (WebCore):
        (WebCore::InspectorWebGLAgent::captureFrame):
        (WebCore::InspectorWebGLAgent::getTraceLog):
        (WebCore::InspectorWebGLAgent::replayTraceLog):
        * inspector/InspectorWebGLAgent.h:
        (WebCore):
        (WebCore::InspectorWebGLAgent::create):
        (InspectorWebGLAgent):

2012-08-20  Allan Sandfeld Jensen  <allan.jensen@nokia.com>

        [TouchAdjustment] Adjust to word or selection
        https://bugs.webkit.org/show_bug.cgi?id=94449

        Reviewed by Antonio Gomes.

        Makes each separate word a separate subtarget when context menu triggers
        selections, and only the selected part of a partial selected node a 
        target when selections are not overridden.

        Test: touchadjustment/context-menu-text-subtargets.html

        * page/TouchAdjustment.cpp:
        (TouchAdjustment):
        (WebCore::TouchAdjustment::providesContextMenuItems):
        (WebCore::TouchAdjustment::appendQuadsToSubtargetList):
        (WebCore::TouchAdjustment::appendBasicSubtargetsForNode):
        (WebCore::TouchAdjustment::appendContextSubtargetsForNode):
        (WebCore::TouchAdjustment::compileSubtargetList):
        (WebCore::findBestClickableCandidate):
        (WebCore::findBestContextMenuCandidate):

2012-08-20  Xan Lopez  <xlopez@igalia.com>

        [GTK] Provide backwards compatible method for WebKitDOMWebKitNamedFlow::overflow
        https://bugs.webkit.org/show_bug.cgi?id=94464

        Reviewed by Carlos Garcia Campos.

        Provide a compatibility method to access the new 'overset'
        property through the old 'overflow' name in
        WebKitDOMWebKitNamedFlow. Note that trying to access it through
        g_object_get directly will give a runtime warning, since the
        property does not actually exist anymore; this is done purely to
        maintain API compatibility.

        * bindings/gobject/WebKitDOMCustom.cpp:
        (webkit_dom_webkit_named_flow_get_overflow): add method.
        * bindings/gobject/WebKitDOMCustom.h:

2012-08-20  Sami Kyostila  <skyostil@chromium.org>

        [chromium] Convert screen space scroll gestures to layer space
        https://bugs.webkit.org/show_bug.cgi?id=92499

        Reviewed by James Robinson.

        Scroll gestures should be converted from screen space to local layer space to
        correctly apply the scroll delta to page scaled and/or transformed layers.
        Visually this means that the scrolled content will always follow the user's
        finger for any "well-formed" layer transform.

        Wheel scroll deltas will still be directly interpreted as local layer scroll
        coordinates.

        We also adjust the logic for propagating ("bubbling") scroll events to parent
        layers. Previously a parent layer was allowed to scroll in the screen-space
        axis orthogonal to the direction the starting layer scrolled toward. For
        example if a vertically scrolling layer is scrolled diagonally down and right,
        the layer moves down and its parent to the right.

        This patch generalizes this behavior to non-axis aligned transformed layers so
        that the scrolling direction of any parent is constrained to be perpendicular
        direction of movement of the starting layer. This makes the scrolling behavior
        of transformed layers physically plausible. For instance, assume a 45 degree
        rotated, vertically scrollable layer. Dragging your finger vertically
        (relative to the layer) scrolls the layer up and down, while horizontal
        movement results in the parent of the layer moving in a corresponding way.

        Since generally users want to scroll a single layer in one direction, this
        patch also introduces a rule that if the resulting movement of a layer is
        within 45 degrees of the original scroll input, the bubbling process is
        stopped. This makes it possible to reliably scroll a single layer without
        affecting any of its parents.

        Added new unit tests:
            CCLayerTreeHostImplTest.scrollAxisAlignedRotatedLayer
            CCLayerTreeHostImplTest.scrollNonAxisAlignedRotatedLayer
            CCLayerTreeHostImplTest.scrollScaledLayer
            CCMathUtilTest.smallestAngleBetweenVectors
            CCMathUtilTest.vectorProjection

        * platform/graphics/chromium/cc/CCInputHandler.h:
        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.cpp:
        (WebCore::CCLayerTreeHostImpl::CCLayerTreeHostImpl):
        (WebCore::CCLayerTreeHostImpl::scrollBegin):
        (WebCore::scrollLayerWithScreenSpaceDelta):
        (WebCore):
        (WebCore::scrollLayerWithLocalDelta):
        (WebCore::CCLayerTreeHostImpl::scrollBy):
        * platform/graphics/chromium/cc/CCLayerTreeHostImpl.h:
        (CCLayerTreeHostImpl):
        * platform/graphics/chromium/cc/CCMathUtil.cpp:
        (WebCore::CCMathUtil::smallestAngleBetweenVectors):
        (WebCore):
        (WebCore::CCMathUtil::projectVector):
        * platform/graphics/chromium/cc/CCMathUtil.h:
        (CCMathUtil):

2012-08-20  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Add API to set preferred languages to WebKit2 GTK+
        https://bugs.webkit.org/show_bug.cgi?id=90878

        Unreviewed. Fix mac build.

        * WebCore.exp.in: Export WebCore::languageDidChange().

2012-08-20  Pavel Feldman  <pfeldman@chromium.org>

        Web Inspector: improve standalone test harness to allow attaching to inspector before test.
        https://bugs.webkit.org/show_bug.cgi?id=94426

        Reviewed by Vsevolod Vlasov.

        - User can not "Debug", attach inspector to the front-end and "Continue" test execution.
        - You can also assign filter from the query parameter.

        * inspector/front-end/test-runner.html:

2012-08-20  Pavel Feldman  <pfeldman@chromium.org>

        Web Inspector: load scripts panel lazily
        https://bugs.webkit.org/show_bug.cgi?id=94416

        Reviewed by Vsevolod Vlasov.

        - removes access to WebInspector.panels.scripts and loads it lazily.
        - extracts classes to their own files when classes residing in one file belong to different modules
        - removes StylesPanel.js in favor of the actual classes it contains 

        * WebCore.gypi:
        * WebCore.vcproj/WebCore.vcproj:
        * WebCore.xcodeproj/project.pbxproj:
        * inspector/compile-front-end.py:
        * inspector/front-end/AdvancedSearchController.js:
        (WebInspector.AdvancedSearchController.prototype.handleShortcut):
        * inspector/front-end/BreakpointsSidebarPane.js:
        * inspector/front-end/FilteredItemSelectionDialog.js:
        * inspector/front-end/InspectorFrontendAPI.js:
        (InspectorFrontendAPI._pendingCommands.isDebuggingEnabled):
        (InspectorFrontendAPI.setDebuggingEnabled):
        * inspector/front-end/NativeBreakpointsSidebarPane.js: Added.
        (WebInspector.NativeBreakpointsSidebarPane):
        (WebInspector.NativeBreakpointsSidebarPane.prototype._addListElement):
        (WebInspector.NativeBreakpointsSidebarPane.prototype._removeListElement):
        (WebInspector.NativeBreakpointsSidebarPane.prototype._reset):
        * inspector/front-end/ObjectPropertiesSection.js:
        (WebInspector.ObjectPropertyTreeElement.prototype._functionContextMenuEventFired):
        * inspector/front-end/ScriptSnippetModel.js:
        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel.prototype.showGoToSourceDialog):
        * inspector/front-end/SnippetJavaScriptSourceFrame.js: Added.
        (WebInspector.SnippetJavaScriptSourceFrame):
        (WebInspector.SnippetJavaScriptSourceFrame.prototype.statusBarItems):
        (WebInspector.SnippetJavaScriptSourceFrame.prototype._runButtonClicked):
        * inspector/front-end/StyleSheetOutlineDialog.js: Added.
        (WebInspector.StyleSheetOutlineDialog):
        (WebInspector.StyleSheetOutlineDialog.show):
        (WebInspector.StyleSheetOutlineDialog.prototype.itemTitleAt):
        (WebInspector.StyleSheetOutlineDialog.prototype.itemSubtitleAt):
        (WebInspector.StyleSheetOutlineDialog.prototype.itemKeyAt):
        (WebInspector.StyleSheetOutlineDialog.prototype.itemsCount):
        (WebInspector.StyleSheetOutlineDialog.prototype.requestItems):
        (WebInspector.StyleSheetOutlineDialog.prototype.requestItems.didGetStyleSheet):
        (WebInspector.StyleSheetOutlineDialog.prototype.selectItem):
        (WebInspector.StyleSheetOutlineDialog.prototype.rewriteQuery):
        * inspector/front-end/StyleSource.js: Renamed from Source/WebCore/inspector/front-end/StylesPanel.js.
        (WebInspector.StylesUISourceCodeProvider):
        (WebInspector.StylesUISourceCodeProvider.prototype.uiSourceCodes):
        (WebInspector.StylesUISourceCodeProvider.prototype.rawLocationToUILocation):
        (WebInspector.StylesUISourceCodeProvider.prototype.uiLocationToRawLocation):
        (WebInspector.StylesUISourceCodeProvider.prototype._populate):
        (WebInspector.StylesUISourceCodeProvider.prototype._resourceAdded):
        (WebInspector.StylesUISourceCodeProvider.prototype.reset):
        (WebInspector.StyleSource):
        (WebInspector.StyleSource.prototype.isEditable):
        (WebInspector.StyleSource.prototype.workingCopyCommitted):
        (WebInspector.StyleSource.prototype.workingCopyChanged):
        (WebInspector.StyleSource.prototype._callOrSetTimeout):
        (WebInspector.StyleSource.prototype._commitIncrementalEdit):
        (WebInspector.StyleSource.prototype._clearIncrementalUpdateTimer):
        (WebInspector.InspectorStyleSource):
        * inspector/front-end/WebKit.qrc:
        * inspector/front-end/inspector.html:
        * inspector/front-end/inspector.js:
        (WebInspector._panelDescriptors):
        (WebInspector._registerShortcuts):
        (WebInspector.documentKeyDown):
        (WebInspector._showAnchorLocation):

2012-08-20  Dominik Röttsches  <dominik.rottsches@intel.com>

        [EFL] Get rid of pango backend support once harfbuzz-ng is working
        https://bugs.webkit.org/show_bug.cgi?id=92102

        Reviewed by Kenneth Rohde Christiansen.

        Removing support for Pango complex font rendering now that we HarfBuzz.

        No new tests, no change in behavior.

        * PlatformEfl.cmake: Removing Pango specific includes and libraries.

2012-08-20  Pavel Feldman  <pfeldman@chromium.org>

        Web Inspector: prepare scripts panel to be lazily loaded
        https://bugs.webkit.org/show_bug.cgi?id=94423

        Reviewed by Vsevolod Vlasov.

        - makes scripts panel read workspace data upon creation
        - moves pause on script state management into the debugger model
        - updates frontend API to use debugger model, not scripts panel

        * inspector/front-end/DebuggerModel.js:
        (WebInspector.DebuggerModel.prototype.debuggerEnabled):
        (WebInspector.DebuggerModel.prototype.disableDebugger):
        (WebInspector.DebuggerModel.prototype._debuggerWasEnabled):
        (WebInspector.DebuggerModel.prototype._pauseOnExceptionStateChanged):
        (WebInspector.DebuggerModel.prototype.get _debuggerWasDisabled):
        * inspector/front-end/InspectorFrontendAPI.js:
        (InspectorFrontendAPI._pendingCommands.isDebuggingEnabled):
        (InspectorFrontendAPI.setDebuggingEnabled):
        * inspector/front-end/ScriptsPanel.js:
        (WebInspector.ScriptsPanel):
        (WebInspector.ScriptsPanel.prototype._debuggerWasEnabled):
        (WebInspector.ScriptsPanel.prototype._debuggerWasDisabled):
        (WebInspector.ScriptsPanel.prototype._reset):
        (WebInspector.ScriptsPanel.prototype.canShowAnchorLocation):
        (WebInspector.ScriptsPanel.prototype._updateDebuggerButtons):
        (WebInspector.ScriptsPanel.prototype._enableDebugging):
        (WebInspector.ScriptsPanel.prototype._togglePauseOnExceptions):
        (WebInspector.ScriptsPanel.prototype.showGoToSourceDialog):
        * inspector/front-end/inspector.js:
        (WebInspector.documentKeyDown):

2012-08-20  Robin Cao  <robin.cao@torchmobile.com.cn>

        [BlackBerry] Adapt to changes in the platform media player API
        https://bugs.webkit.org/show_bug.cgi?id=94329
        PR #194237

        Reviewed by Antonio Gomes.

        The interface to platform's media player has changed from MMRPlayer
        to PlatformPlayer. This patch adapts to this change.

        And we also decided to postpone the creation of PlatformPlayer until
        the loading started. This is needed because we may create different
        types of player for different media sources.

        This is a refactor, no new tests.

        * platform/graphics/blackberry/MediaPlayerPrivateBlackBerry.cpp:
        (WebCore::MediaPlayerPrivate::getSupportedTypes):
        (WebCore::MediaPlayerPrivate::supportsType):
        (WebCore::MediaPlayerPrivate::notifyAppActivatedEvent):
        (WebCore::MediaPlayerPrivate::setCertificatePath):
        (WebCore::MediaPlayerPrivate::MediaPlayerPrivate):
        (WebCore::MediaPlayerPrivate::load):
        (WebCore::MediaPlayerPrivate::cancelLoad):
        (WebCore::MediaPlayerPrivate::prepareToPlay):
        (WebCore::MediaPlayerPrivate::play):
        (WebCore::MediaPlayerPrivate::pause):
        (WebCore::MediaPlayerPrivate::naturalSize):
        (WebCore::MediaPlayerPrivate::hasVideo):
        (WebCore::MediaPlayerPrivate::hasAudio):
        (WebCore::MediaPlayerPrivate::duration):
        (WebCore::MediaPlayerPrivate::currentTime):
        (WebCore::MediaPlayerPrivate::seek):
        (WebCore::MediaPlayerPrivate::setRate):
        (WebCore::MediaPlayerPrivate::paused):
        (WebCore::MediaPlayerPrivate::setVolume):
        (WebCore::MediaPlayerPrivate::maxTimeSeekable):
        (WebCore::MediaPlayerPrivate::buffered):
        (WebCore::MediaPlayerPrivate::paint):
        (WebCore::MediaPlayerPrivate::hasAvailableVideoFrame):
        (WebCore::MediaPlayerPrivate::movieLoadType):
        (WebCore::MediaPlayerPrivate::setAllowPPSVolumeUpdates):
        (WebCore::MediaPlayerPrivate::updateStates):
        (WebCore):
        (WebCore::MediaPlayerPrivate::onStateChanged):
        (WebCore::MediaPlayerPrivate::onMediaStatusChanged):
        (WebCore::MediaPlayerPrivate::onError):
        (WebCore::MediaPlayerPrivate::waitMetadataTimerFired):
        (WebCore::MediaPlayerPrivate::showErrorDialog):
        * platform/graphics/blackberry/MediaPlayerPrivateBlackBerry.h:
        (MediaPlayerPrivate):

2012-08-19  Kentaro Hara  <haraken@chromium.org>

        [V8] Move contextDebugId() and setContextDebugId() from V8Proxy to ScriptController
        https://bugs.webkit.org/show_bug.cgi?id=94446

        Reviewed by Adam Barth.

        To kill V8Proxy, we can move contextDebugId() and setContextDebugId()
        from V8Proxy to ScriptController.

        No tests. No change in behavior.

        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::setContextDebugId):
        (WebCore):
        (WebCore::ScriptController::contextDebugId):
        * bindings/v8/ScriptController.h:
        (ScriptController):
        * bindings/v8/V8IsolatedContext.cpp:
        (WebCore::V8IsolatedContext::V8IsolatedContext):
        * bindings/v8/V8Proxy.cpp:
        * bindings/v8/V8Proxy.h:
        (V8Proxy):

2012-08-20  Kentaro Hara  <haraken@chromium.org>

        [V8] Move V8Proxy::newInstance() to V8ObjectConstructor
        https://bugs.webkit.org/show_bug.cgi?id=94443

        Reviewed by Adam Barth.

        To kill V8Proxy, this patch moves V8Proxy::newInstance() to
        V8ObjectConstructor::newInstanceInFrame().
        In addition, this patch does the following things:

        - For consistency with V8ObjectConstructor::newInstanceInFrame(),
        this patch inserts an if(v8::V8::IsDead()) check to just after
        Function::NewInstance(). The check is done by V8Binding::assertIfV8IsDead().

        - To avoid #include circular dependency, this patch de-inline
        V8ObjectConstructor::newInstance()s. I didn't observe any perf regression.
        I don't think these methods are worth being inlined, because
        these methods call Function::NewInstance(), which is not inlined
        and calls a bunch of heavy mehtods in V8.

        No tests. No change in behavior.

        * bindings/v8/NPV8Object.cpp:
        (_NPN_Construct):
        * bindings/v8/V8Binding.cpp:
        (WebCore::assertIfV8IsDead):
        (WebCore):
        * bindings/v8/V8Binding.h:
        (WebCore):
        * bindings/v8/V8ObjectConstructor.cpp:
        (WebCore::V8ObjectConstructor::newInstance):
        (WebCore):
        (WebCore::V8ObjectConstructor::newInstanceInFrame):
        * bindings/v8/V8ObjectConstructor.h:
        (WebCore):
        (V8ObjectConstructor):
        * bindings/v8/V8Proxy.cpp:
        (WebCore::V8Proxy::runScript):
        (WebCore::V8Proxy::instrumentedCallFunction):

2012-08-20  Kentaro Hara  <haraken@chromium.org>

        [V8] Move V8Proxy::m_extensions to ScriptController
        https://bugs.webkit.org/show_bug.cgi?id=94444

        Reviewed by Adam Barth.

        To kill V8Proxy, this patch moves V8Proxy::m_extensions to ScriptController.
        This patch also renames extensions() to registeredExtensions() for clarification.

        No tests. No change in behavior.

        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::registeredExtensions):
        (WebCore):
        (WebCore::ScriptController::registerExtensionIfNeeded):
        * bindings/v8/ScriptController.h:
        (WebCore):
        (ScriptController):
        * bindings/v8/V8DOMWindowShell.cpp:
        (WebCore::V8DOMWindowShell::createNewContext):
        * bindings/v8/V8Proxy.cpp:
        * bindings/v8/V8Proxy.h:
        (WebCore):
        (V8Proxy):

2012-08-20  Pavel Feldman  <pfeldman@chromium.org>

        Web Inspector: toolbar causes 8 reflows upon opening
        https://bugs.webkit.org/show_bug.cgi?id=94422

        Reviewed by Yury Semikhatsky.

        Toolbar's overflow code causes inspector to do 8 reflows upon opening.
        Fixing it via introducing batch toolbar update.

        * inspector/front-end/Toolbar.js:
        (WebInspector.Toolbar):
        (WebInspector.Toolbar.prototype.setCoalescingUpdate):
        (WebInspector.Toolbar.prototype._updateDropdownButtonAndHideDropdown):
        * inspector/front-end/inspector.css:
        (body.compact .toolbar-icon):
        (body.compact .toolbar-icon.custom-toolbar-icon):
        (body.compact .toolbar-item:active .toolbar-icon):
        (body.compact .toolbar-label):
        (body.compact .toolbar-item.resources .toolbar-icon):
        (body.compact .toolbar-item.network .toolbar-icon):
        (body.compact .toolbar-item.scripts .toolbar-icon):
        (body.compact .toolbar-item.timeline .toolbar-icon):
        (body.compact .toolbar-item.profiles .toolbar-icon):
        (body.compact .toolbar-item.audits .toolbar-icon):
        (body.compact .toolbar-item.console .toolbar-icon):
        * inspector/front-end/inspector.js:
        (WebInspector.get _setCompactMode):
        (WebInspector.windowResize):

2012-08-19  Kentaro Hara  <haraken@chromium.org>

        [V8] Replace proxy()->windowShell() in ScriptController with windowShell()
        https://bugs.webkit.org/show_bug.cgi?id=94445

        Reviewed by Adam Barth.

        Now ScriptController owns windowShell. So ScriptController doesn't
        need to get windowShell through V8Proxy.

        No tests. No change in behavior.

        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::updateSecurityOrigin):
        (WebCore::ScriptController::haveInterpreter):
        (WebCore::ScriptController::enableEval):
        (WebCore::ScriptController::disableEval):
        (WebCore::ScriptController::updateDocument):
        (WebCore::ScriptController::namedItemAdded):
        (WebCore::ScriptController::namedItemRemoved):

2012-08-19  Kentaro Hara  <haraken@chromium.org>

        [V8] Move V8Proxy::callFunction() to ScriptController
        https://bugs.webkit.org/show_bug.cgi?id=94437

        Reviewed by Adam Barth.

        To kill V8Proxy, this patch moves callFunction() from V8Proxy to ScriptController.

        No tests. No change in behavior.

        * bindings/v8/DOMTransaction.cpp:
        (WebCore::DOMTransaction::callFunction):
        * bindings/v8/NPV8Object.cpp:
        (_NPN_Invoke):
        (_NPN_InvokeDefault):
        * bindings/v8/ScheduledAction.cpp:
        (WebCore::ScheduledAction::execute):
        * bindings/v8/ScheduledAction.h:
        (WebCore):
        (ScheduledAction):
        * bindings/v8/ScriptController.cpp:
        (WebCore::ScriptController::callFunction):
        (WebCore):
        (WebCore::ScriptController::callFunctionEvenIfScriptDisabled):
        * bindings/v8/ScriptController.h:
        (ScriptController):
        * bindings/v8/V8EventListener.cpp:
        (WebCore::V8EventListener::callListenerFunction):
        * bindings/v8/V8LazyEventListener.cpp:
        (WebCore::V8LazyEventListener::callListenerFunction):
        * bindings/v8/V8Proxy.cpp:
        * bindings/v8/V8Proxy.h:
        (V8Proxy):
        * bindings/v8/custom/V8HTMLDocumentCustom.cpp:
        (WebCore::V8HTMLDocument::openCallback):

2012-08-19  Yoshifumi Inoue  <yosin@chromium.org>

        [Forms] Set SpinButtonElement free from HTMLInputElement
        https://bugs.webkit.org/show_bug.cgi?id=93941

        Reviewed by Kent Tamura.

        This patch removes dependency to HTMLInputElement from SpinButtonElement.

        Functionalities used to be calling HTMLInputElement functions are
        replaced to calling functions SpinButtonOwner class.

        * html/TextFieldInputType.cpp:
        (WebCore::TextFieldInputType::focusAndSelectSpinButtonOwner): Moved functionality from SpinButtonElement::defaultEventHandler.
        (WebCore::TextFieldInputType::shouldSpinButtonRespondToMouseEvents): Moved code from SpinButtonElement::willRespondToMouseClickEvents
        (WebCore::TextFieldInputType::shouldSpinButtonRespondToWheelEvents): Moved code from SpinButtonElement::forwardEvent
        * html/TextFieldInputType.h:
        (TextFieldInputType):
        * html/TimeInputType.cpp:
        (WebCore::TimeInputType::DateTimeEditControlOwnerImpl::focusAndSelectEditControlOwner): Moved functionality from SpinButtonElement::defaultEventHandler.
        (WebCore::TimeInputType::DateTimeEditControlOwnerImpl::isEditControlOwnerFocused): Added for DateTimeEditElement::shouldSpinButtonRespondToWheelEvents.
        * html/TimeInputType.h:
        * html/shadow/DateTimeEditElement.cpp:
        (WebCore::DateTimeEditElement::focusAndSelectSpinButtonOwner): Added for SpinButtonElementOwner class change.
        (WebCore::DateTimeEditElement::shouldSpinButtonRespondToMouseEvents): ditto
        (WebCore::DateTimeEditElement::shouldSpinButtonRespondToWheelEvents): ditto
        * html/shadow/DateTimeEditElement.h:
        (EditControlOwner): Added new virtual function declarations for SpinButtonElementOwner class change.
        (DateTimeEditElement): Added new function declarations for SpinButtonElementOwner.
        * html/shadow/SpinButtonElement.cpp:
        (WebCore::SpinButtonElement::defaultEventHandler): Changed to use SpinButtonElementOwner instead of HTMLInputElement.
        (WebCore::SpinButtonElement::forwardEvent): ditto
        (WebCore::SpinButtonElement::willRespondToMouseMoveEvents): ditto
        (WebCore::SpinButtonElement::willRespondToMouseClickEvents): ditto
        (WebCore::SpinButtonElement::step): ditto
        (WebCore::SpinButtonElement::shouldRespondToMouseEvents): Added helper function for calling SpinButtonOwner instance.
        * html/shadow/SpinButtonElement.h:
        (SpinButtonOwner): Added new virtual function declarations.
        (SpinButtonElement):

2012-08-19  Yoshifumi Inoue  <yosin@chromium.org>

        [Tests] time-multiple-fields-appearance-basic.html and time-multiple-fields-appearance-pseudo-elements.html are failed on Chromium Mac
        https://bugs.webkit.org/show_bug.cgi?id=94439

        Reviewed by Kent Tamura.

        This patch disabled CSS selector for Firefox compatibility applied to
        multiple fields time input UI, because it is supposed to apply text
        field rather than multiple fields.

        This patch allows us to have same appearance among Chromium-Linux,
        Mac and Win.

        No new tests. Following existing tests cover this change:
          fast/forms/time-multiple-fields/time-multiple-fields-appearance-basic.html
          fast/forms/time-multiple-fields/time-multiple-fields-appearance-disabled-readonly.html
          fast/forms/time-multiple-fields/time-multiple-fields-appearance-pseudo-classes.html
          fast/forms/time-multiple-fields/time-multiple-fields-appearance-pseudo-elements.html
          fast/forms/time-multiple-fields/time-multiple-fields-appearance-style.html

        * css/themeWin.css: Exclude input[type="time"] selector if ENABLE_INPUT_TYPE_TIME_MULTIPLE_FIELDS
        enabled.

2012-08-19  Kentaro Hara  <haraken@chromium.org>

        [V8] Rename SafeAllocation to V8ObjectConstructor
        https://bugs.webkit.org/show_bug.cgi?id=94436

        Reviewed by Adam Barth.

        For clarification.

        No tests. No change in behavior.

        * UseV8.cmake:
        * WebCore.gypi:
        * bindings/v8/ScriptFunctionCall.cpp:
        (WebCore::ScriptFunctionCall::construct):
        * bindings/v8/V8Binding.cpp:
        (WebCore::createRawTemplate):
        * bindings/v8/V8Binding.h:
        * bindings/v8/V8DOMWindowShell.cpp:
        (WebCore::V8DOMWindowShell::installDOMWindow):
        * bindings/v8/V8DOMWrapper.cpp:
        (WebCore::V8DOMWrapper::instantiateV8Object):
        * bindings/v8/V8NPObject.cpp:
        (WebCore::createV8ObjectForNPObject):
        * bindings/v8/V8ObjectConstructor.cpp: Renamed from Source/WebCore/bindings/v8/SafeAllocation.cpp.
        (WebCore):
        (WebCore::V8ObjectConstructor::isValidConstructorMode):
        * bindings/v8/V8ObjectConstructor.h: Renamed from Source/WebCore/bindings/v8/SafeAllocation.h.
        (WebCore):
        (ConstructorMode):
        (WebCore::ConstructorMode::ConstructorMode):
        (WebCore::ConstructorMode::~ConstructorMode):
        (WebCore::ConstructorMode::current):
        (V8ObjectConstructor):
        (WebCore::V8ObjectConstructor::newInstance):
        * bindings/v8/V8PerContextData.cpp:
        (WebCore::V8PerContextData::createWrapperFromCacheSlowCase):
        * bindings/v8/WorkerContextExecutionProxy.