80c27c853b14578ce5b3ff68c07bfaef9dae5d76
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2018-05-12  Zalan Bujtas  <zalan@apple.com>
2
3         Use WeakPtr for m_enclosingPaginationLayer in RenderLayer
4         https://bugs.webkit.org/show_bug.cgi?id=185566
5         <rdar://problem/36486052>
6
7         Reviewed by Simon Fraser.
8
9         Since RenderLayer does not own the enclosing pagination layout, it should
10         construct a weak pointer instead of holding on to a raw pointer.
11
12         Unable to create a reliably reproducible test case.
13
14         * page/mac/EventHandlerMac.mm:
15         (WebCore::scrollableAreaForEventTarget):
16         (WebCore::scrollableAreaForContainerNode):
17         (WebCore::EventHandler::platformPrepareForWheelEvents):
18         * platform/ScrollableArea.h:
19         (WebCore::ScrollableArea::weakPtrFactory const):
20         (WebCore::ScrollableArea::createWeakPtr): Deleted.
21         * rendering/RenderLayer.cpp:
22         (WebCore::RenderLayer::RenderLayer):
23         (WebCore::RenderLayer::updatePagination):
24         * rendering/RenderLayer.h:
25
26 2018-05-11  Daniel Bates  <dabates@apple.com>
27
28         X-Frame-Options: SAMEORIGIN needs to check all ancestor frames
29         https://bugs.webkit.org/show_bug.cgi?id=185567
30         <rdar://problem/40175008>
31
32         Reviewed by Brent Fulgham.
33
34         Change the behavior of "X-Frame-Options: SAMEORIGIN" to ensure that all ancestors frames
35         are same-origin with the document that delivered this header. This prevents an intermediary
36         malicious frame from clickjacking a child frame whose document is same-origin with the top-
37         level frame. It also makes the behavior of X-Frame-Options in WebKit more closely match
38         the behavior of X-Frame-Options in other browsers, including Chrome and Firefox.
39         
40         Currently a document delivered with "X-Frame-Options: SAMEORIGIN" must only be same-origin
41         with the top-level frame's document in order to be displayed. This prevents clickjacking by
42         a malicious page that embeds a page delivered with "X-Frame-Options: SAMEORIGIN". However,
43         it does not protect against clickjacking of the "X-Frame-Options: SAMEORIGIN" page (victim)
44         if embedded by an intermediate malicious iframe, say a "rogue ad", that was embedded in a
45         document same origin with the victim page. We should protect against such attacks. 
46
47         Tests: http/tests/security/XFrameOptions/x-frame-options-ancestors-same-origin-allow.html
48                http/tests/security/XFrameOptions/x-frame-options-ancestors-same-origin-deny.html
49
50         * loader/FrameLoader.cpp:
51         (WebCore::FrameLoader::shouldInterruptLoadForXFrameOptions):
52
53 2018-05-11  Daniel Bates  <dabates@apple.com>
54
55         [iOS] Text decoration of dragged content does not paint with opacity
56         https://bugs.webkit.org/show_bug.cgi?id=185551
57         <rdar://problem/40166867>
58
59         Reviewed by Wenson Hsieh.
60
61         Respect alpha when painting the text decoration for dragged content.
62
63         * rendering/InlineTextBox.cpp:
64         (WebCore::InlineTextBox::MarkedTextStyle::areDecorationMarkedTextStylesEqual): Consider alpha when
65         comparing decoration styles for equality so that we do not coalesce styles with differing alpha.
66         (WebCore::InlineTextBox::paintMarkedTextDecoration): Respect alpha when painting dragged content.
67
68 2018-05-11  Nan Wang  <n_wang@apple.com>
69
70         AX: In role=dialog elements with aria-modal=true VoiceOver iOS/macOS can't manually focus or read dialog paragraph description text inside the modal.
71         https://bugs.webkit.org/show_bug.cgi?id=185219
72         <rdar://problem/39920009>
73
74         Reviewed by Chris Fleizach.
75
76         The text node descendants of a modal dialog are ignored. Fixed it by using AccessibilityObject's 
77         node() to determine if it's the descendant of the modal dialog node.
78
79         Test: accessibility/aria-modal-text-descendants.html
80
81         * accessibility/AccessibilityObject.cpp:
82         (WebCore::AccessibilityObject::isModalDescendant const):
83
84 2018-05-11  Ryosuke Niwa  <rniwa@webkit.org>
85
86         Tapping after CSS-based table casues an infinite loop in wordRangeFromPosition
87         https://bugs.webkit.org/show_bug.cgi?id=185465
88         <rdar://problem/35263057>
89
90         Reviewed by Antti Koivisto.
91
92         The bug was caused by TextIterator not emitting a line break when exiting a CSS-based table when an element
93         with `display: table-row` has an invisible text node. Specifically, TextIterator::exitNode is never called on
94         an element with `table-cell: row` when m_node is a text node with whitespaces which appears after an element
95         with `display: table-cell`.
96
97         For example, for a tree structure like:
98         table-row (R)
99           table-cell (C)
100             "text" (1)
101           " " (2)
102         Getting out of (C) would result in moving onto (2) without generating a line break for (R).
103
104         When this happens in nextBoundary as it tries to find the end of the last word in the table cell, we end up
105         finding the end of the document as the end of the word. As a result, nextWordBoundaryInDirection, the caller
106         of nextBoundary, ends up infinite looping between the positon at the end of the document and the position
107         immediately before the last word in the last table cell when it traverses words backwards.
108
109         This patch fixes the hang by addressing this root cause in TextIterator. Namely, TextIterator now generates
110         a line break when exiting a block while walking up ancestors in TextIterator::advance().
111
112         Tests: editing/selection/tapping-in-table-at-end-of-document.html
113                editing/text-iterator/table-at-end-of-document.html
114
115         * editing/TextIterator.cpp:
116         (WebCore::TextIterator::advance): Fixed the bug.
117         (WebCore::shouldEmitNewlineAfterNode): Do generate a new line at the end of a document when we're trying to
118         generate every visible poitions even there are no renderers beyond this point. e.g. a position inside the
119         last cell of a table at the end of a document hits this condition.
120         (WebCore::shouldEmitExtraNewlineForNode): Don't emit a line break when the render box's height is 0px
121         to avoid generating many empty lines for empty paragraph and header elements (this function is used to generate
122         a blank line between p's and h1/h2/...'s).
123         (WebCore::TextIterator::exitNode):
124
125 2018-05-11  Dean Jackson  <dino@apple.com>
126
127         System preview badge doesn't show on <picture> elements
128         https://bugs.webkit.org/show_bug.cgi?id=185559
129         <rdar://problem/40150066>
130
131         Reviewed by Tim Horton.
132
133         We should also identify <img>s that are the child of a <picture>
134         contained inside the appropriate <a> element.
135
136         Tested internally, since the badge is platform specific.
137
138         * html/HTMLImageElement.cpp:
139         (WebCore::HTMLImageElement::isSystemPreviewImage const): Add logic
140         to look for <picture> parents.
141
142 2018-05-11  Chris Dumez  <cdumez@apple.com>
143
144         REGRESSION (async policy delegate): Revoking an object URL immediately after triggering download breaks file download
145         https://bugs.webkit.org/show_bug.cgi?id=185531
146         <rdar://problem/39909589>
147
148         Reviewed by Geoffrey Garen.
149
150         Whenever we start an asynchronous navigation policy decision for a blob URL, create a temporary
151         blob URL pointing to the same data, and update the request's URL. This way, if the page's JS revokes
152         the URL during the policy decision, the load will still succeed.
153
154         Test: fast/dom/HTMLAnchorElement/anchor-file-blob-download-then-revoke.html
155
156         * loader/DocumentLoader.cpp:
157         (WebCore::DocumentLoader::willSendRequest):
158         * loader/FrameLoader.cpp:
159         (WebCore::FrameLoader::loadURL):
160         (WebCore::FrameLoader::load):
161         (WebCore::FrameLoader::loadPostRequest):
162         * loader/PolicyChecker.cpp:
163         (WebCore::PolicyChecker::extendBlobURLLifetimeIfNecessary const):
164         (WebCore::PolicyChecker::checkNavigationPolicy):
165         (WebCore::PolicyChecker::checkNewWindowPolicy):
166         * loader/PolicyChecker.h:
167
168 2018-05-11  Antti Koivisto  <antti@apple.com>
169
170         LinkLoader fails to remove CachedResourceClient in some cases
171         https://bugs.webkit.org/show_bug.cgi?id=185553
172         <rdar://problem/36879656>
173
174         Reviewed by Geoffrey Garen.
175
176         Test: http/tests/preload/link-preload-client-remove.html
177
178         * loader/LinkLoader.cpp:
179         (WebCore::LinkLoader::loadLink):
180
181         If there is a link preload already in progress, we fail to clear the client for the ongoing load.
182         This may leave the CachedResource client map in a bad state.
183
184 2018-05-11  Charles Vazac  <cvazac@gmail.com>
185
186         Runtime feature flag for Server-Timing
187         https://bugs.webkit.org/show_bug.cgi?id=184758
188
189         Reviewed by Youenn Fablet.
190
191         * Source/WebCore/CMakeLists.txt: Added reference to PerformanceServerTiming.idl.
192         * Source/WebCore/DerivedSources.make: Added reference to PerformanceServerTiming.idl.
193         * Source/WebCore/Sources.txt: Added reference to PerformanceServerTiming.cpp and JSPerformanceServerTiming.cpp.
194         * Source/WebCore/WebCore.xcodeproj/project.pbxproj: Added references to PerformanceServerTiming.cpp, PerformanceServerTiming.h, and PerformanceServerTiming.idl.
195         * Source/WebCore/bindings/js/WebCoreBuiltinNames.h: Added PerformanceServerTiming.
196         * Source/WebCore/page/PerformanceResourceTiming.h: Added serverTiming member.
197         * Source/WebCore/page/PerformanceResourceTiming.idl: Added serverTiming attribute.
198         * Source/WebCore/page/PerformanceServerTiming.cpp: Added.
199         * Source/WebCore/page/PerformanceServerTiming.h: Added.
200         * Source/WebCore/page/PerformanceServerTiming.idl: Added.
201
202 2018-05-11  Brady Eidson  <beidson@apple.com>
203
204         Make sure history navigations reuse the existing process when necessary.
205         <rdar://problem/39746516> and https://bugs.webkit.org/show_bug.cgi?id=185532
206
207         Reviewed by Ryosuke Niwa.
208
209         Covered by new API tests.
210
211         In WebCore-land, make sure *all* NavigationActions to a back/forward item are tagged with
212         the item identifier.
213
214         * history/HistoryItem.cpp:
215         (WebCore::HistoryItem::HistoryItem):
216         (WebCore::HistoryItem::logString const):
217         * history/HistoryItem.h:
218
219         * loader/FrameLoader.cpp:
220         (WebCore::FrameLoader::loadDifferentDocumentItem):
221
222         * loader/NavigationAction.cpp:
223         (WebCore::NavigationAction::setTargetBackForwardItem):
224
225         * loader/NavigationAction.h:
226         (WebCore::NavigationAction::targetBackForwardItemIdentifier const):
227
228 2018-05-11  Yacine Bandou  <yacine.bandou_ext@softathome.com>
229
230         [EME][GStreamer] Handle the protection event in MediaPlayerPrivate
231         https://bugs.webkit.org/show_bug.cgi?id=185535
232
233         Reviewed by Xabier Rodriguez-Calvar.
234
235         This patch is based on this calvaris's commit
236         https://github.com/WebPlatformForEmbedded/WPEWebKit/commit/d966168b0d2b65f9ca9415426e26d3752c78b03e
237
238         It adds a handler for the protection event in MediaPalyerPrivateGStreamerBase, it extracts the InitData from the event
239         and sends the encrypted event to JS via HTMLMediaElement.
240         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
241         (WebCore::MediaPlayerPrivateGStreamerBase::initializationDataEncountered):
242         (WebCore::MediaPlayerPrivateGStreamerBase::handleProtectionEvent):
243         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h:
244         * platform/graphics/gstreamer/eme/GStreamerEMEUtilities.h: Add a new type InitData.
245
246 2018-05-11  Basuke Suzuki  <Basuke.Suzuki@sony.com>
247
248         [Curl] Make the cipher suites, the signing algorithms and the curve lists configurable.
249         https://bugs.webkit.org/show_bug.cgi?id=185139
250
251         Add interface to configure the cipher suites, the signing algorithms and the curve lists 
252         used by OpenSSL and libcurl to exchange, to sign or to verify keys.
253
254         Reviewed by Youenn Fablet.
255
256         No new tests in public. Have tested internally.
257
258         * platform/network/curl/CurlContext.cpp:
259         (WebCore::CurlHandle::setSslCipherList):
260         * platform/network/curl/CurlContext.h:
261         * platform/network/curl/CurlRequest.cpp:
262         (WebCore::CurlRequest::setupTransfer):
263         (WebCore::CurlRequest::willSetupSslCtx):
264         * platform/network/curl/CurlSSLHandle.cpp:
265         (WebCore::CurlSSLHandle::getCACertPathEnv):
266         * platform/network/curl/CurlSSLHandle.h:
267         (WebCore::CurlSSLHandle::getCipherList const):
268         (WebCore::CurlSSLHandle::getSignatureAlgorithmsList const):
269         (WebCore::CurlSSLHandle::getCurvesList const):
270         (WebCore::CurlSSLHandle::setCipherList):
271         (WebCore::CurlSSLHandle::setSignatureAlgorithmsList):
272         (WebCore::CurlSSLHandle::setCurvesList):
273         (WebCore::CurlSSLHandle::getCACertPath const):
274         (WebCore::CurlSSLHandle::setCACertPath):
275         * platform/network/curl/CurlSSLVerifier.cpp:
276         (WebCore::CurlSSLVerifier::CurlSSLVerifier):
277
278 2018-05-10  Daniel Bates  <dabates@apple.com>
279
280         Use PlatformStrategies to switch between WebKit and WebKitLegacy checking of CSP frame-ancestors and X-Frame-Options
281         https://bugs.webkit.org/show_bug.cgi?id=185412
282
283         Reviewed by Ryosuke Niwa.
284
285         Consolidate the knowledge on how to determine whether security checks were performed on a ResourceResponse
286         into LoaderStrategy::havePerformedSecurityChecks() (default implementation returns false) and query it
287         to determine whether CSP frame-ancestors and X-Frame-Options need to be checked for a ResourceResponse.
288
289         Additionally, rename LoaderStrategy::isDoingLoadingSecurityChecks() to shouldPerformSecurityChecks()
290         for consistency with havePerformedSecurityChecks(). Querying shouldPerformSecurityChecks() answers the
291         question of whether the loader strategy is responsible for performing security checks when building up
292         a ResourceRequest to have the loader strategy load. And LoaderStrategy::havePerformedSecurityChecks()
293         is used to determine whether the loader strategy performed these security checks for a given ResourceResponse.
294
295         * inspector/agents/InspectorNetworkAgent.cpp:
296         (WebCore::InspectorNetworkAgent::didReceiveResponse):
297         (WebCore::InspectorNetworkAgent::didFinishLoading):
298         (WebCore::isResponseProbablyComingFromNetworkProcess): Deleted.
299         * loader/DocumentLoader.cpp:
300         (WebCore::DocumentLoader::responseReceived):
301         * loader/DocumentThreadableLoader.cpp:
302         (WebCore::shouldPerformSecurityChecks):
303         (WebCore::DocumentThreadableLoader::shouldSetHTTPHeadersToKeep const):
304         (WebCore::DocumentThreadableLoader::makeCrossOriginAccessRequest):
305         (WebCore::DocumentThreadableLoader::makeSimpleCrossOriginAccessRequest):
306         (WebCore::DocumentThreadableLoader::redirectReceived):
307         (WebCore::DocumentThreadableLoader::didFail):
308         (WebCore::DocumentThreadableLoader::loadRequest):
309         (WebCore::isDoingSecurityChecksInNetworkProcess): Deleted.
310         (WebCore::isResponseComingFromNetworkProcess): Deleted.
311         * loader/LoaderStrategy.cpp:
312         * loader/LoaderStrategy.h:
313         * page/Settings.yaml: Remove setting networkProcessCSPFrameAncestorsCheckingEnabled as we now make
314         use of the loader strategy to determine whether to perform CSP frame-ancestors and X-Frame-Options
315         checking in DocumentLoader.
316         * platform/network/ResourceResponseBase.h:
317         (WebCore::ResourceResponseBase::setSource): Added an ASSERT to catch the programming error of setting
318         source to ResourceResponse::Source::Unknown. This source type represents an uninitialized ResourceResponse.
319
320 2018-05-10  Tim Horton  <timothy_horton@apple.com>
321
322         Lookup sometimes shows a second yellow highlight on top of WebKit's TextIndicator
323         https://bugs.webkit.org/show_bug.cgi?id=185538
324         <rdar://problem/38817825>
325
326         Reviewed by Sam Weinig.
327
328         * editing/mac/DictionaryLookup.mm:
329         (WebCore::showPopupOrCreateAnimationController):
330         Options can be nil, in which case we can't mutableCopy it and add
331         LUTermOptionDisableSearchTermIndicator. Instead, create a new dictionary,
332         and add the items from options, if it's not nil.
333
334 2018-05-10  Matt Baker  <mattbaker@apple.com>
335
336         Web Inspector: ASSERT_NOT_REACHED in PageDebuggerAgent::didAddEventListener when page adds attribute event listener
337         https://bugs.webkit.org/show_bug.cgi?id=181580
338         <rdar://problem/36461309>
339
340         Reviewed by Brian Burg.
341
342         EventTarget should pass newly added EventListeners to InspectorInstrumentation,
343         instead of PageDebuggerAgent assuming the last item in the EventListenerVector
344         is the most recently added listener. This assumption does not hold when
345         the new listener replaces an existing listener.
346
347         * dom/EventTarget.cpp:
348         (WebCore::EventTarget::addEventListener):
349         (WebCore::EventTarget::setAttributeEventListener):
350
351         * inspector/InspectorInstrumentation.cpp:
352         (WebCore::InspectorInstrumentation::didAddEventListenerImpl):
353
354         * inspector/InspectorInstrumentation.h:
355         (WebCore::InspectorInstrumentation::didAddEventListener):
356
357         * inspector/agents/page/PageDebuggerAgent.cpp:
358         (WebCore::PageDebuggerAgent::didAddEventListener):
359         * inspector/agents/page/PageDebuggerAgent.h:
360
361 2018-05-10  Chris Dumez  <cdumez@apple.com>
362
363         'Cross-Origin-Options header implementation follow-up
364         https://bugs.webkit.org/show_bug.cgi?id=185520
365
366         Reviewed by Ryosuke Niwa.
367
368         * dom/Document.cpp:
369         * dom/Document.h:
370         * loader/FrameLoader.cpp:
371         (WebCore::FrameLoader::didBeginDocument):
372         Using isNull() check is sufficient here as the header parsing
373         function will do the right thing when passed the empty string.
374         Also set the options directly on the window instead of the
375         document. The window is guaranteed to have been constructed
376         by then because didBeginDocument() is called DocumentWriter::begin()
377         which calls Document::createDOMWindow() or Document::takeDOMWindowFrom().
378
379         * page/AbstractDOMWindow.cpp:
380         (WebCore::AbstractDOMWindow::AbstractDOMWindow):
381         * page/AbstractDOMWindow.h:
382         * page/DOMWindow.cpp:
383         (WebCore::DOMWindow::DOMWindow):
384         (WebCore::DOMWindow::didSecureTransitionTo):
385         * page/RemoteDOMWindow.cpp:
386         (WebCore::RemoteDOMWindow::RemoteDOMWindow):
387         * page/RemoteDOMWindow.h:
388         CrossOriginOptions are now stored only on the Window, not the Document.
389
390         * platform/network/HTTPParsers.cpp:
391         (WebCore::parseCrossOriginOptionsHeader):
392         Drop strippedHeader local variable as it is not strictly needed.
393
394 2018-05-10  Tim Horton  <timothy_horton@apple.com>
395
396         Fix the build after r231393
397         https://bugs.webkit.org/show_bug.cgi?id=185519
398         <rdar://problem/40131741>
399
400         Reviewed by Simon Fraser.
401
402         * Configurations/WebCore.xcconfig:
403
404 2018-05-10  Eric Carlson  <eric.carlson@apple.com>
405
406         Log missing cues correctly
407         https://bugs.webkit.org/show_bug.cgi?id=185499
408         <rdar://problem/40113821>
409
410         Reviewed by Daniel Bates.
411
412         No new tests, tested manually.
413
414         * html/track/InbandGenericTextTrack.cpp:
415         (WebCore::InbandGenericTextTrack::removeGenericCue): Log the cue we searched for, not
416         the NULL cue.
417
418 2018-05-10  Zalan Bujtas  <zalan@apple.com>
419
420         [LFC] Implement height computation for non-replaced inflow elements.
421         https://bugs.webkit.org/show_bug.cgi?id=185474
422
423         Reviewed by Antti Koivisto.
424
425         Initial implementation. Does not cover all the cases.
426
427         * layout/FormattingContext.cpp:
428         (WebCore::Layout::FormattingContext::computeHeight const):
429         * layout/FormattingContext.h:
430         * layout/blockformatting/BlockFormattingContext.cpp:
431         (WebCore::Layout::BlockFormattingContext::layout const):
432         (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
433         (WebCore::Layout::BlockFormattingContext::computeInFlowNonReplacedHeight const):
434         * layout/blockformatting/BlockFormattingContext.h:
435         * layout/blockformatting/BlockMarginCollapse.cpp:
436         (WebCore::Layout::collapsedMarginBottomFromLastChild):
437         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithParent):
438         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithParentMarginBottom):
439         (WebCore::Layout::isMarginBottomCollapsedWithParent): Deleted.
440         * layout/blockformatting/BlockMarginCollapse.h:
441         * layout/inlineformatting/InlineFormattingContext.cpp:
442         (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
443         * layout/inlineformatting/InlineFormattingContext.h:
444         * layout/layouttree/LayoutBox.cpp:
445         (WebCore::Layout::Box::isReplaced const):
446         * layout/layouttree/LayoutBox.h:
447
448 2018-05-10  Thibault Saunier  <tsaunier@igalia.com>
449
450         [GTK] Implement ImageBuffer::toBGRAData
451         https://bugs.webkit.org/show_bug.cgi?id=185511
452
453         Reviewed by Michael Catanzaro.
454
455         This was never implemented but will be required for the MediaStream API
456         tests.
457
458         * platform/graphics/ImageBuffer.cpp:
459         (WebCore::ImageBuffer::toBGRAData const):
460         * platform/graphics/cg/ImageBufferCG.cpp:
461         (WebCore::ImageBuffer::toBGRAData const):
462         * platform/graphics/gtk/ImageBufferGtk.cpp:
463         (WebCore::ImageBuffer::toBGRAData const):
464
465 2018-05-10  Yacine Bandou  <yacine.bandou_ext@softathome.com>
466
467         [EME][GStreamer] Add a handler for GStreamer protection event
468         https://bugs.webkit.org/show_bug.cgi?id=185245
469
470         Reviewed by Xabier Rodriguez-Calvar.
471
472         Qtdemux sends the protection event when encountered a new PSSH box (encrypted content).
473
474         The Decryptor is moved from AppendPipeline to PlaybackPipeline (see https://bugs.webkit.org/show_bug.cgi?id=181855),
475         thus the protection event is no longer handled because the Decryptor is not in the same pipeline as qtdemux.
476
477         AppendPipeline: httpsrc-->qtdemux-->appsink
478         PlaybackPipeline: appsrc-->parser--> decryptor-->decoder-->sink
479
480         This patch attaches a probe to the sink pad of the appsink in the appendPipeline in order to
481         catch and manage the protection event.
482
483         * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
484         (WebCore::AppendPipeline::AppendPipeline):
485         (WebCore::AppendPipeline::~AppendPipeline):
486         (WebCore::appendPipelineAppsinkPadEventProbe):
487         * platform/graphics/gstreamer/mse/AppendPipeline.h:
488         (WebCore::AppendPipeline::playerPrivate):
489
490 2018-05-10  Yacine Bandou  <yacine.bandou_ext@softathome.com>
491
492         [EME][GStreamer] Move the decryptor from AppendPipeline to PlaybackPipeline.
493         https://bugs.webkit.org/show_bug.cgi?id=181855
494
495         Reviewed by Xabier Rodriguez-Calvar.
496
497         The goal of this move is to handle the limitation of SVP (Secure Video Path) memory size.
498
499         When the decryptor is in the AppendPipeline and we use SVP, we buffer in MediaSource queue
500         the decrypted GstBuffers that are in SVP memory.
501         This behavior cause an out-of-memory error, because we are limited in SVP memory size.
502
503         By moving the decryptor in PlaybackPipeline, we avoid to buffer the decrypted GstBuffers
504         which use the SVP memory and we buffer the encrypted GstBuffers that are in system memory.
505
506         This new architecture also allows to start the buffering before obtaining the DRM license
507         and it makes easier to manage dynamic change of the license or Key.
508
509         The decryptor is auto plugged by GStreamer playbin in PlaybackPipeline.
510
511         SVP: Secure Video Path also named trusted or protected video path, it is a memory which is
512         protected by a hardware access control engine, it is not accessible to other unauthorised
513         software or hardware components.
514
515         Tests:
516             media/encrypted-media/clearKey/clearKey-cenc-audio-playback-mse.html
517             media/encrypted-media/clearKey/clearKey-cenc-video-playback-mse.html
518
519         * platform/graphics/gstreamer/eme/WebKitCommonEncryptionDecryptorGStreamer.cpp:
520         (webkitMediaCommonEncryptionDecryptSinkEventHandler):
521         * platform/graphics/gstreamer/mse/AppendPipeline.cpp:
522         (WebCore::dumpAppendState):
523         (WebCore::AppendPipeline::AppendPipeline):
524         (WebCore::AppendPipeline::handleNeedContextSyncMessage):
525         (WebCore::AppendPipeline::handleAppsrcNeedDataReceived):
526         (WebCore::AppendPipeline::setAppendState):
527         (WebCore::AppendPipeline::parseDemuxerSrcPadCaps):
528         (WebCore::AppendPipeline::appsinkNewSample):
529         (WebCore::AppendPipeline::connectDemuxerSrcPadToAppsinkFromAnyThread):
530         (WebCore::AppendPipeline::disconnectDemuxerSrcPadFromAppsinkFromAnyThread):
531         (WebCore::appendPipelineElementMessageCallback): Deleted.
532         (WebCore::AppendPipeline::handleElementMessage): Deleted.
533         (WebCore::AppendPipeline::dispatchPendingDecryptionStructure): Deleted.
534         (WebCore::AppendPipeline::dispatchDecryptionStructure): Deleted.
535         * platform/graphics/gstreamer/mse/AppendPipeline.h:
536         * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
537         (WebCore::MediaPlayerPrivateGStreamerMSE::attemptToDecryptWithInstance):
538         * platform/graphics/gstreamer/mse/PlaybackPipeline.cpp:
539
540 2018-05-09  Nan Wang  <n_wang@apple.com>
541
542         AX: VoiceOver iframe scrolling focus jumping bug
543         https://bugs.webkit.org/show_bug.cgi?id=176615
544         <rdar://problem/34333067>
545
546         Reviewed by Chris Fleizach.
547
548         Scrolling to make elements visible is not working correctly for elements inside an
549         offscreen iframe. Fixed it by using RenderLayer::scrollRectToVisible() to handle
550         scrolling more properly.
551
552         Test: accessibility/scroll-to-make-visible-iframe-offscreen.html
553
554         * accessibility/AccessibilityObject.cpp:
555         (WebCore::AccessibilityObject::scrollToMakeVisible const):
556
557 2018-05-09  Joanmarie Diggs  <jdiggs@igalia.com>
558
559         AX: accessibleNameForNode should simplify whitespace when using innerText
560         https://bugs.webkit.org/show_bug.cgi?id=185498
561
562         Reviewed by Chris Fleizach.
563
564         Test: accessibility/text-alternative-calculation-from-unrendered-table.html
565
566         Call simplifyWhiteSpace() before returning the innerText value.
567
568         * accessibility/AccessibilityNodeObject.cpp:
569         (WebCore::accessibleNameForNode):
570
571 2018-05-09  Chris Dumez  <cdumez@apple.com>
572
573         Add initial support for 'Cross-Origin-Options' HTTP response header
574         https://bugs.webkit.org/show_bug.cgi?id=184996
575         <rdar://problem/39664620>
576
577         Reviewed by Geoff Garen.
578
579         Add initial support for 'Cross-Origin-Options' HTTP response header behind an experimental
580         feature flag, on by default. When the HTTP server services this HTTP response header for a
581         main resource, we'll set these options on the corresponding Document. This will impact the
582         behavior of the Document's associated Window API when cross-origin.
583
584         The HTTP header has 3 possible values:
585         - allow: This is the default. Regular cross-origin Window API is available.
586         - allow-postmessage: Only postMessage() is available on a cross-origin window, trying to
587           access anything else will throw a SecurityError.
588         - deny: Trying to do anything with a cross-origin window will throw a SecurityError.
589
590         The header has no effect when accessing same origin windows.
591
592         Note that on cross-origin access from Window A to Window B, we check the cross-origin
593         options for both Window A and Window B and use the lowest common denominator as effective
594         cross-origin options for the access. So if Window A has 'Cross-Origin-Options: deny' and
595         tries to call postMessage() on Window B which has 'Cross-Origin-Options: allow-postmessage',
596         we will throw a SecurityError. This is because Window A's more restrictive options (deny)
597         apply.
598
599         Tests: http/wpt/cross-origin-options/allow-postmessage-from-deny.html
600                http/wpt/cross-origin-options/allow-postmessage.html
601                http/wpt/cross-origin-options/cross-origin-options-header.html
602
603         * bindings/js/JSDOMBindingSecurity.cpp:
604         (WebCore::BindingSecurity::shouldAllowAccessToDOMWindowGivenMinimumCrossOriginOptions):
605         * bindings/js/JSDOMBindingSecurity.h:
606         * bindings/js/JSDOMWindowCustom.cpp:
607         (WebCore::effectiveCrossOriginOptionsForAccess):
608         (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
609         (WebCore::JSDOMWindow::getOwnPropertySlot):
610         (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
611         (WebCore::addCrossOriginWindowPropertyNames):
612         (WebCore::addScopedChildrenIndexes):
613         (WebCore::addCrossOriginWindowOwnPropertyNames):
614         (WebCore::JSDOMWindow::getOwnPropertyNames):
615         * bindings/js/JSDOMWindowCustom.h:
616         * bindings/js/JSRemoteDOMWindowCustom.cpp:
617         (WebCore::JSRemoteDOMWindow::getOwnPropertySlot):
618         (WebCore::JSRemoteDOMWindow::getOwnPropertySlotByIndex):
619         (WebCore::JSRemoteDOMWindow::getOwnPropertyNames):
620         * bindings/scripts/CodeGeneratorJS.pm:
621         (GenerateAttributeGetterBodyDefinition):
622         (GetCrossOriginsOptionsFromExtendedAttributeValue):
623         (GenerateAttributeSetterBodyDefinition):
624         (GenerateOperationBodyDefinition):
625         * bindings/scripts/IDLAttributes.json:
626         * dom/Document.cpp:
627         (WebCore::Document::setCrossOriginOptions):
628         * dom/Document.h:
629         (WebCore::Document::crossOriginOptions const):
630         * loader/FrameLoader.cpp:
631         (WebCore::FrameLoader::didBeginDocument):
632         * page/AbstractDOMWindow.cpp:
633         (WebCore::AbstractDOMWindow::AbstractDOMWindow):
634         * page/AbstractDOMWindow.h:
635         (WebCore::AbstractDOMWindow::crossOriginOptions):
636         (WebCore::AbstractDOMWindow::setCrossOriginOptions):
637         * page/DOMWindow.cpp:
638         (WebCore::DOMWindow::DOMWindow):
639         (WebCore::DOMWindow::didSecureTransitionTo):
640         * page/DOMWindow.idl:
641         * page/Frame.h:
642         * page/RemoteDOMWindow.cpp:
643         (WebCore::RemoteDOMWindow::RemoteDOMWindow):
644         * page/RemoteDOMWindow.h:
645         * page/Settings.yaml:
646         * platform/network/HTTPHeaderNames.in:
647         * platform/network/HTTPParsers.cpp:
648         (WebCore::parseCrossOriginOptionsHeader):
649         * platform/network/HTTPParsers.h:
650
651 2018-05-09  Ryosuke Niwa  <rniwa@webkit.org>
652
653         Release assert in TreeScopeOrderedMap::remove via HTMLImageElement::removedFromAncestor
654         https://bugs.webkit.org/show_bug.cgi?id=185493
655
656         Reviewed by Brent Fulgham.
657
658         Fixed the bug that HTMLImageElement::removedFromAncestor and HTMLMapElement::removedFromAncestor
659         were calling removeImageElementByUsemap on the document instead of the shadow tree from which it was removed.
660
661         Test: fast/images/imagemap-in-shadow-tree-removed.html
662
663         * html/HTMLImageElement.cpp:
664         (WebCore::HTMLImageElement::removedFromAncestor):
665         * html/HTMLMapElement.cpp:
666         (WebCore::HTMLMapElement::removedFromAncestor):
667
668 2018-05-09  Joanmarie Diggs  <jdiggs@igalia.com>
669
670         AX: Hidden nodes which are not directly referenced should not participate name/description from content
671         https://bugs.webkit.org/show_bug.cgi?id=185478
672
673         Reviewed by Chris Fleizach.
674
675         Add a check to AccessibilityNodeObject::textUnderElement() and return early
676         if the node is hidden, not referenced by aria-labelledby or aria-describedby,
677         not an HTMLLabelElement, and not fallback content for an HTMLCanvasElement.
678
679         Test: accessibility/text-alternative-calculation-hidden-nodes.html
680
681         * accessibility/AccessibilityNodeObject.cpp:
682         (WebCore::AccessibilityNodeObject::textUnderElement const):
683
684 2018-05-09  Eric Carlson  <eric.carlson@apple.com>
685
686         Update MediaSession to use release logging
687         https://bugs.webkit.org/show_bug.cgi?id=185376
688         <rdar://problem/40022203>
689
690         Reviewed by Youenn Fablet.
691
692         No new tests, tested manually.
693
694         * Modules/mediastream/MediaStream.h: hostingDocument() doesn't need to return a const Document.
695         * Modules/webaudio/AudioContext.cpp:
696         (WebCore::AudioContext::hostingDocument const): Ditto.
697         * Modules/webaudio/AudioContext.h:
698
699         * html/HTMLMediaElement.h: Ditto.
700
701         * html/MediaElementSession.cpp:
702         (WebCore::MediaElementSession::MediaElementSession):
703         (WebCore::MediaElementSession::addBehaviorRestriction):
704         (WebCore::MediaElementSession::removeBehaviorRestriction):
705         (WebCore::MediaElementSession::dataLoadingPermitted const):
706         (WebCore::MediaElementSession::fullscreenPermitted const):
707         (WebCore::MediaElementSession::pageAllowsDataLoading const):
708         (WebCore::MediaElementSession::pageAllowsPlaybackAfterResuming const):
709         (WebCore::MediaElementSession::canShowControlsManager const):
710         (WebCore::MediaElementSession::showPlaybackTargetPicker):
711         (WebCore::MediaElementSession::hasWirelessPlaybackTargets const):
712         (WebCore::MediaElementSession::wirelessVideoPlaybackDisabled const):
713         (WebCore::MediaElementSession::setWirelessVideoPlaybackDisabled):
714         (WebCore::MediaElementSession::setHasPlaybackTargetAvailabilityListeners):
715         (WebCore::MediaElementSession::externalOutputDeviceAvailableDidChange):
716         (WebCore::MediaElementSession::setShouldPlayToPlaybackTarget):
717         (WebCore::MediaElementSession::mediaEngineUpdated):
718         (WebCore::MediaElementSession::willLog const): Deleted.
719         (WebCore::MediaElementSession::logger const): Deleted.
720         (WebCore::MediaElementSession::logIdentifier const): Deleted.
721         (WebCore::MediaElementSession::logChannel const): Deleted.
722         * html/MediaElementSession.h:
723
724         * platform/audio/PlatformMediaSession.cpp:
725         (WebCore::nextLogIdentifier):
726         (WebCore::convertEnumerationToString):
727         (WebCore::PlatformMediaSession::PlatformMediaSession):
728         (WebCore::PlatformMediaSession::setState):
729         (WebCore::PlatformMediaSession::beginInterruption):
730         (WebCore::PlatformMediaSession::endInterruption):
731         (WebCore::PlatformMediaSession::clientWillBeginAutoplaying):
732         (WebCore::PlatformMediaSession::clientWillPausePlayback):
733         (WebCore::PlatformMediaSession::pauseSession):
734         (WebCore::PlatformMediaSession::stopSession):
735         (WebCore::PlatformMediaSession::clientDataBufferingTimerFired):
736         (WebCore::PlatformMediaSession::logChannel const):
737         (WebCore::stateName): Deleted.
738         (WebCore::interruptionName): Deleted.
739         * platform/audio/PlatformMediaSession.h:
740         (WTF::LogArgument<WebCore::PlatformMediaSession::State>::toString):
741         (WTF::LogArgument<WebCore::PlatformMediaSession::InterruptionType>::toString):
742
743 2018-05-09  Thibault Saunier  <tsaunier@igalia.com>
744
745         [GStreamer] Never call updateTracks if running on legacy pipeline
746         https://bugs.webkit.org/show_bug.cgi?id=184581
747
748         This makes sure failling code path is never reached in the conditions where it should not have been reached.
749
750         Reviewed by Philippe Normand.
751
752         Re enables all tests that were disabled after fixing.
753
754         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
755         (WebCore::MediaPlayerPrivateGStreamer::handleMessage):
756
757 2018-05-09  Daniel Bates  <dabates@apple.com>
758
759         REGRESSION (r231479): http/tests/appcache/x-frame-options-prevents-framing.php is timing out
760         https://bugs.webkit.org/show_bug.cgi?id=185443
761         <rdar://problem/40100660>
762
763         Reviewed by Andy Estes.
764
765         Following r231479 when using WebKit2 and Restricted HTTP Response Access is enabled (enabled in
766         WebKitTestRunner) we only check the CSP frame-ancestors directive and X-Frame-Options in
767         NetworkProcess. We need to check these security requirements in WebContent process whenever
768         we are performing a substitute data load, such as for app cache, as these loads do not go
769         through NetworkProcess.
770
771         * loader/DocumentLoader.cpp:
772         (WebCore::DocumentLoader::responseReceived):
773
774 2018-05-09  Justin Fan  <justin_fan@apple.com>
775
776         Hooked up ASTC support in WebGL; requires OpenGL ES 3 context to work. 
777         https://bugs.webkit.org/show_bug.cgi?id=185272
778         <rdar://problem/15745737>
779
780         Reviewed by Dean Jackson.
781
782         Also added in Khronos' ASTC test from version 1.0.4 beta of their conformance test suite,
783         although again, this requires OpenGL ES 3 context for WebKit to detect proper support.
784
785         Test: fast/canvas/webgl/webgl-compressed-texture-astc.html
786
787         * DerivedSources.make:
788         * Sources.txt:
789         * WebCore.xcodeproj/project.pbxproj:
790         * bindings/js/JSDOMConvertWebGL.cpp:
791         (WebCore::convertToJSValue):
792         * html/canvas/WebGL2RenderingContext.cpp:
793         (WebCore::WebGL2RenderingContext::getExtension):
794         (WebCore::WebGL2RenderingContext::getSupportedExtensions):
795         * html/canvas/WebGLCompressedTextureASTC.cpp: Added.
796         (WebCore::WebGLCompressedTextureASTC::WebGLCompressedTextureASTC):
797         (WebCore::WebGLCompressedTextureASTC::getName const):
798         (WebCore::WebGLCompressedTextureASTC::supported):
799         (WebCore::WebGLCompressedTextureASTC::getSupportedProfiles):
800         * html/canvas/WebGLCompressedTextureASTC.h: Added.
801         * html/canvas/WebGLCompressedTextureASTC.idl: Added.
802         * html/canvas/WebGLExtension.h:
803         * html/canvas/WebGLRenderingContext.cpp:
804         (WebCore::WebGLRenderingContext::getExtension):
805         (WebCore::WebGLRenderingContext::getSupportedExtensions):
806         * html/canvas/WebGLRenderingContextBase.cpp:
807         (WebCore::WebGLRenderingContextBase::validateCompressedTexFuncData):
808         (WebCore::WebGLRenderingContextBase::validateCompressedTexDimensions):
809         * html/canvas/WebGLRenderingContextBase.h:
810         * platform/graphics/Extensions3D.h:
811
812 2018-05-09  Youenn Fablet  <youenn@apple.com>
813
814         Allow WebResourceLoader to cancel a load served from a service worker
815         https://bugs.webkit.org/show_bug.cgi?id=185274
816
817         Reviewed by Chris Dumez.
818
819         Add support for cancelling a fetch from WebProcess to service worker process.
820         Use FetchIdentifier instead of uint64_t.
821
822         * Modules/fetch/FetchIdentifier.h: Added.
823         * WebCore.xcodeproj/project.pbxproj:
824         * workers/service/context/ServiceWorkerFetch.h:
825         * workers/service/context/ServiceWorkerThreadProxy.cpp:
826         (WebCore::ServiceWorkerThreadProxy::startFetch):
827         (WebCore::ServiceWorkerThreadProxy::cancelFetch):
828         * workers/service/context/ServiceWorkerThreadProxy.h:
829
830 2018-05-09  Thibault Saunier  <tsaunier@igalia.com>
831
832         [GStreamer] Fix style issue in MediaPlayerPrivateGStreamer
833         https://bugs.webkit.org/show_bug.cgi?id=185479
834
835         Reviewed by Philippe Normand.
836
837         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:114:  Multi line control clauses should use braces.  [whitespace/braces] [4]
838         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:194:  Multi line control clauses should use braces.  [whitespace/braces] [4]
839         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:398:  One line control clauses should not use braces.  [whitespace/braces] [4]
840         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:440:  One line control clauses should not use braces.  [whitespace/braces] [4]
841         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:806:  More than one command on the same line  [whitespace/newline] [4]
842         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:869:  More than one command on the same line  [whitespace/newline] [4]
843         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:880:  More than one command on the same line  [whitespace/newline] [4]
844         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:940:  More than one command on the same line  [whitespace/newline] [4]
845         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:1102:  Multi line control clauses should use braces.  [whitespace/braces] [4]
846         ERROR: Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:1109:  Multi line control clauses should use braces.  [whitespace/braces] [4]
847
848         Indentation and style issue fixed only.
849
850         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
851         (WebCore::MediaPlayerPrivateGStreamer::registerMediaEngine):
852         (WebCore::MediaPlayerPrivateGStreamer::~MediaPlayerPrivateGStreamer):
853         (WebCore::MediaPlayerPrivateGStreamer::changePipelineState):
854         (WebCore::MediaPlayerPrivateGStreamer::play):
855         (WebCore::MediaPlayerPrivateGStreamer::videoChangedCallback):
856         (WebCore::MediaPlayerPrivateGStreamer::videoSinkCapsChangedCallback):
857         (WebCore::MediaPlayerPrivateGStreamer::audioChangedCallback):
858         (WebCore::MediaPlayerPrivateGStreamer::textChangedCallback):
859         (WebCore::MediaPlayerPrivateGStreamer::buffered const):
860         (WebCore::MediaPlayerPrivateGStreamer::loadNextLocation):
861
862 2018-05-09  Daniel Bates  <dabates@apple.com>
863
864         REGRESSION (r231479): com.apple.WebCore crash in WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied()
865         https://bugs.webkit.org/show_bug.cgi?id=185475
866         <rdar://problem/40093853>
867
868         Reviewed by Andy Estes.
869
870         DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() must extends its lifetime
871         until completion as dispatching a DOM load event at the associated frame can cause JavaScript execution
872         that can do anything, including destroying the loader that dispatched the event.
873
874         Following r231479 DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() is now
875         invoked by both DocumentLoader::responseReceived() and WebResourceLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().
876         The latter only can happen when using WebKit2 and the experimental feature Restricted HTTP Response Access
877         is enabled (RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()). Unlike DocumentLoader::responseReceived()
878         WebResourceLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() does not take out a ref
879         on the DocumentLoader before invoking DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().
880         Therefore, DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() can cause its
881         own destruction as a result of dispatching a DOM load event at the frame. We should take out a ref on
882         the DocumentLoader when executing DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied().
883
884         * loader/DocumentLoader.cpp:
885         (WebCore::DocumentLoader::stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied):
886
887 2018-05-09  Tim Horton  <timothy_horton@apple.com>
888
889         Fix the build by ignoring some deprecation warnings
890
891         * platform/graphics/avfoundation/objc/MediaPlayerPrivateAVFoundationObjC.mm:
892         (WebCore::MediaPlayerPrivateAVFoundationObjC::setShouldDisableSleep):
893
894 2018-05-09  Michael Catanzaro  <mcatanzaro@igalia.com>
895
896         [WPE] Build cleanly with GCC 8 and ICU 60
897         https://bugs.webkit.org/show_bug.cgi?id=185462
898
899         Reviewed by Carlos Alberto Lopez Perez.
900
901         * PlatformGTK.cmake: Include directories are in the wrong place.
902         * accessibility/AXObjectCache.cpp: Silence -Wclass-memaccess problems and leave warnings.
903         (WebCore::AXObjectCache::startOrEndTextMarkerDataForRange):
904         (WebCore::AXObjectCache::textMarkerDataForCharacterOffset):
905         (WebCore::AXObjectCache::textMarkerDataForVisiblePosition):
906         (WebCore::AXObjectCache::textMarkerDataForFirstPositionInTextControl):
907         * css/CSSFontFace.cpp: Silence -Wfallthrough
908         (WebCore::CSSFontFace::fontLoadTiming const):
909         * css/CSSSelectorList.cpp: Silence -Wclass-memaccess, this one is intentional.
910         (WebCore::CSSSelectorList::adoptSelectorVector):
911         * editing/TextIterator.cpp: Silence ICU deprecation warnings.
912         * platform/Length.h:
913         (WebCore::Length::operator=): More -Wclass-memaccess, looks benign.
914         * platform/graphics/Gradient.cpp:
915         (WebCore::Gradient::hash const): -Wclass-memaccess again. Leave a warning.
916         * platform/graphics/SurrogatePairAwareTextIterator.cpp: Silence ICU deprecation warnings.
917         * platform/graphics/cairo/FontCairoHarfbuzzNG.cpp:
918         (WebCore::FontCascade::fontForCombiningCharacterSequence const): Silence ICU deprecation.
919         * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
920         (WebCore::FontCustomPlatformData::FontCustomPlatformData): Silence -Wcast-function-type.
921         * platform/graphics/freetype/SimpleFontDataFreeType.cpp:
922         (WebCore::Font::canRenderCombiningCharacterSequence const): Silence ICU deprecation.
923         * platform/graphics/gstreamer/GstAllocatorFastMalloc.cpp:
924         (gstAllocatorFastMallocMemUnmap): Fix -Wcast-function-type.
925         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
926         (WebCore::MediaPlayerPrivateGStreamer::updateTracks): Fix bad printf.
927         (WebCore::MediaPlayerPrivateGStreamer::enableTrack): Another bad printf.
928         (WebCore::findHLSQueue): Fix -Wcast-function-type.
929         * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
930         (webKitMediaClearKeyDecryptorDecrypt): Fix another bad printf.
931         * platform/network/soup/SocketStreamHandleImplSoup.cpp: Silence -Wcast-function-type.
932         (WebCore::SocketStreamHandleImpl::beginWaitingForSocketWritability):
933         * platform/text/TextEncoding.cpp: Silence ICU deprecration.
934
935 2018-05-08  Simon Fraser  <simon.fraser@apple.com>
936
937         SVG lighting colors need to be converted into linearSRGB
938         https://bugs.webkit.org/show_bug.cgi?id=181196
939
940         Reviewed by Darin Adler.
941
942         Address post-commit comments. Don't make a Color that contains linearRGB components,
943         but use FloatComponents instead. Since these FloatComponents are in the 0-1 range,
944         FELighting::setPixelInternal() needs to multiply by 255 since the output pixels are
945         8-bit 0-255.
946         
947         Change linearToSRGBColorComponent() and sRGBToLinearColorComponent() to do math in
948         floats without promoting to doubles.
949
950         * platform/graphics/ColorUtilities.cpp:
951         (WebCore::FloatComponents::FloatComponents):
952         (WebCore::linearToSRGBColorComponent):
953         (WebCore::sRGBToLinearColorComponent):
954         (WebCore::sRGBColorToLinearComponents):
955         (WebCore::linearToSRGBColor): Deleted.
956         (WebCore::sRGBToLinearColor): Deleted.
957         * platform/graphics/ColorUtilities.h:
958         * platform/graphics/filters/FELighting.cpp:
959         (WebCore::FELighting::setPixelInternal):
960         (WebCore::FELighting::drawLighting):
961
962 2018-05-09  Timothy Hatcher  <timothy@apple.com>
963
964         Use StyleColor::Options in more places.
965
966         https://bugs.webkit.org/show_bug.cgi?id=185458
967         rdar://problem/39853798
968
969         Add UseDefaultAppearance to StyleColor::Options, to avoid passing yet another
970         boolean on some of these functions.
971
972         Reviewed by Tim Horton.
973
974         * css/MediaQueryEvaluator.cpp:
975         * css/StyleColor.h:
976         * dom/Document.cpp:
977         (WebCore::Document::useDefaultAppearance const):
978         (WebCore::Document::styleColorOptions const):
979         * dom/Document.h:
980         * platform/Theme.cpp:
981         (WebCore::Theme::paint):
982         * platform/Theme.h:
983         * platform/mac/LocalDefaultSystemAppearance.h:
984         * platform/mac/LocalDefaultSystemAppearance.mm:
985         (WebCore::LocalDefaultSystemAppearance::LocalDefaultSystemAppearance):
986         (WebCore::LocalDefaultSystemAppearance::~LocalDefaultSystemAppearance):
987         * platform/mac/ThemeMac.h:
988         * platform/mac/ThemeMac.mm:
989         (WebCore::paintToggleButton):
990         (WebCore::paintButton):
991         (WebCore::ThemeMac::ensuredView):
992         (WebCore::ThemeMac::drawCellOrFocusRingWithViewIntoContext):
993         (WebCore::ThemeMac::paint):
994         (-[WebCoreThemeView initWithUseSystemAppearance:]): Deleted.
995         * platform/wpe/ThemeWPE.cpp:
996         (WebCore::ThemeWPE::paint):
997         * platform/wpe/ThemeWPE.h:
998         * rendering/RenderListBox.cpp:
999         (WebCore::RenderListBox::paintItemBackground):
1000         * rendering/RenderTheme.cpp:
1001         (WebCore::RenderTheme::paint):
1002         (WebCore::RenderTheme::inactiveListBoxSelectionBackgroundColor const):
1003         (WebCore::RenderTheme::platformInactiveListBoxSelectionBackgroundColor const):
1004         * rendering/RenderTheme.h:
1005         * rendering/RenderThemeGtk.cpp:
1006         (WebCore::RenderThemeGtk::platformInactiveListBoxSelectionBackgroundColor const):
1007         * rendering/RenderThemeGtk.h:
1008         * rendering/RenderThemeMac.h:
1009         * rendering/RenderThemeMac.mm:
1010         (WebCore::RenderThemeMac::documentViewFor const):
1011         (WebCore::RenderThemeMac::platformInactiveListBoxSelectionBackgroundColor const):
1012         (WebCore::RenderThemeMac::systemColor const):
1013         (WebCore::RenderThemeMac::paintCellAndSetFocusedElementNeedsRepaintIfNecessary):
1014         (WebCore::RenderThemeMac::paintSliderThumb):
1015
1016 2018-05-09  Yacine Bandou  <yacine.bandou_ext@softathome.com>
1017
1018         [EME][GStreamer] Crash when the mediaKeys are created before loading the media in debug conf
1019         https://bugs.webkit.org/show_bug.cgi?id=185244
1020
1021         Reviewed by Xabier Rodriguez-Calvar.
1022
1023         The function "MediaPlayerPrivateGStreamerBase::cdmInstanceAttached" is expected to be called once,
1024         so there is an ASSERT(!m_cdmInstance).
1025         But when the MediaKeys are created before loading the media, the cdminstance is created and attached
1026         to the MediaPlayerPrivate via "MediaPlayerPrivateGStreamerBase::cdmInstanceAttached" before loading
1027         the media, then when the media is loading, the function "MediaPlayerPrivateGStreamerBase::cdmInstanceAttached"
1028         will be called several times via the function "mediaEngineWasUpdated" wich is called for each change
1029         in the MediaElement state, thus the WebProcess crashes in the ASSERT(!m_cdmInstance).
1030
1031         This commit avoid the crash by replacing the assert with a simple check.
1032
1033         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
1034         (WebCore::MediaPlayerPrivateGStreamerBase::cdmInstanceAttached):
1035         (WebCore::MediaPlayerPrivateGStreamerBase::cdmInstanceDetached):
1036
1037 2018-05-09  Antti Koivisto  <antti@apple.com>
1038
1039         Add OptionSet::operator& and operator bool
1040         https://bugs.webkit.org/show_bug.cgi?id=185306
1041
1042         Reviewed by Anders Carlsson.
1043
1044         Use it in a few places.
1045
1046         * loader/FrameLoader.cpp:
1047         (WebCore::FrameLoader::reload):
1048         * rendering/RenderLayerCompositor.cpp:
1049         (WebCore::RenderLayerCompositor::logReasonsForCompositing):
1050         (WebCore::RenderLayerCompositor::updateScrollCoordinatedLayer):
1051
1052 2018-05-08  Dean Jackson  <dino@apple.com>
1053
1054         Disable system preview link fetching
1055         https://bugs.webkit.org/show_bug.cgi?id=185463
1056
1057         Reviewed by Jon Lee.
1058
1059         Temporarily disable system preview detection when a link
1060         is clicked.
1061
1062         * html/HTMLAnchorElement.cpp:
1063         (WebCore::HTMLAnchorElement::handleClick):
1064
1065 2018-05-08  Wenson Hsieh  <wenson_hsieh@apple.com>
1066
1067         Unreviewed, fix the internal iOS build
1068
1069         Add a missing import statement in an implementation file.
1070
1071         * editing/cocoa/WebContentReaderCocoa.mm:
1072
1073 2018-05-08  Ryan Haddad  <ryanhaddad@apple.com>
1074
1075         Unreviewed, rolling out r231486.
1076
1077         Caused service worker LayoutTest failures on macOS Debug WK2.
1078
1079         Reverted changeset:
1080
1081         "Allow WebResourceLoader to cancel a load served from a
1082         service worker"
1083         https://bugs.webkit.org/show_bug.cgi?id=185274
1084         https://trac.webkit.org/changeset/231486
1085
1086 2018-05-08  Wenson Hsieh  <wenson_hsieh@apple.com>
1087
1088         Consolidate WebContentReaderIOS and WebContentReaderMac into WebContentReaderCocoa
1089         https://bugs.webkit.org/show_bug.cgi?id=185340
1090
1091         Reviewed by Tim Horton.
1092
1093         WebContentReader::readURL is currently the only method implemented separately in iOS and macOS platform
1094         WebContentReader files. The implementation across macOS and iOS is nearly identical (with some exceptions with
1095         the way iOS handles file URLs and plain text editing), so we can merge these into a single method
1096         WebContentReaderCocoa and delete WebContentReaderIOS and WebContentReaderMac.
1097
1098         This also has the added bonus of fixing a latent bug in WebContentReaderMac, wherein URLs written to the
1099         pasteboard using -[NSPasteboard writeObjects:] are currently pasted as empty anchor elements. In this case, the
1100         link title isn't made explicit, so the `title` passed in to WebContentReader::readURL is empty. On iOS, we have
1101         code to fall back to pasting the absolute string of the URL if the title is empty, but on macOS, we'll just use
1102         this empty string as the title of the anchor.
1103
1104         Test: PasteMixedContent.PasteURLWrittenToPasteboardUsingWriteObjects
1105
1106         * SourcesCocoa.txt:
1107         * WebCore.xcodeproj/project.pbxproj:
1108         * editing/cocoa/WebContentReaderCocoa.mm:
1109         (WebCore::WebContentReader::readURL):
1110         * editing/ios/WebContentReaderIOS.mm: Removed.
1111         * editing/mac/WebContentReaderMac.mm: Removed.
1112
1113 2018-05-08  Zalan Bujtas  <zalan@apple.com>
1114
1115         [Simple line layout] Cache run resolver.
1116         https://bugs.webkit.org/show_bug.cgi?id=185411
1117
1118         Reviewed by Antti Koivisto.
1119
1120         This patch caches the run resolver on the [SimpleLine]Layout object. 
1121         In certain cases, when the block container has thousands of elements (foobar1<br>foobar2<br>.....foobar9999<br>),
1122         constructing the resolver (and its dependencies) in a repeating fashion could hang the WebProcess.
1123
1124         Covered by existing tests.
1125
1126         * rendering/SimpleLineLayout.cpp:
1127         (WebCore::SimpleLineLayout::create):
1128         (WebCore::SimpleLineLayout::Layout::create):
1129         (WebCore::SimpleLineLayout::Layout::Layout):
1130         * rendering/SimpleLineLayout.h:
1131         (WebCore::SimpleLineLayout::Layout::runResolver const):
1132         * rendering/SimpleLineLayoutFunctions.cpp:
1133         (WebCore::SimpleLineLayout::paintFlow):
1134         (WebCore::SimpleLineLayout::hitTestFlow):
1135         (WebCore::SimpleLineLayout::collectFlowOverflow):
1136         (WebCore::SimpleLineLayout::computeBoundingBox):
1137         (WebCore::SimpleLineLayout::computeFirstRunLocation):
1138         (WebCore::SimpleLineLayout::collectAbsoluteRects):
1139         (WebCore::SimpleLineLayout::collectAbsoluteQuads):
1140         (WebCore::SimpleLineLayout::textOffsetForPoint):
1141         (WebCore::SimpleLineLayout::collectAbsoluteQuadsForRange):
1142         (WebCore::SimpleLineLayout::generateLineBoxTree):
1143         * rendering/SimpleLineLayoutResolver.cpp:
1144         (WebCore::SimpleLineLayout::LineResolver::LineResolver):
1145         * rendering/SimpleLineLayoutResolver.h:
1146         (WebCore::SimpleLineLayout::lineResolver):
1147
1148 2018-05-08  Brent Fulgham  <bfulgham@apple.com>
1149
1150         Switch some RELEASE_ASSERTS to plain debug ASSERTS in PlatformScreenMac.mm
1151         https://bugs.webkit.org/show_bug.cgi?id=185451
1152         <rdar://problem/39620348>
1153
1154         Reviewed by Zalan Bujtas.
1155
1156         Change a set of RELEASE_ASSERTS used to prevent accessing NSScreen related functions in the
1157         PlatformScreenMac implementation to less expensive Debug ASSERTS.
1158
1159         No change in behavior.
1160
1161         * platform/mac/PlatformScreenMac.mm:
1162         (WebCore::screenHasInvertedColors):
1163         (WebCore::screenDepth):
1164         (WebCore::screenDepthPerComponent):
1165         (WebCore::screenRectForDisplay):
1166         (WebCore::screenRect):
1167         (WebCore::screenAvailableRect):
1168         (WebCore::screenColorSpace):
1169         (WebCore::screenSupportsExtendedColor):
1170
1171 2018-05-08  Daniel Bates  <dabates@apple.com>
1172
1173         Resign Strong Password appearance when text field value changes
1174         https://bugs.webkit.org/show_bug.cgi?id=185433
1175         <rdar://problem/39958508>
1176
1177         Reviewed by Ryosuke Niwa.
1178
1179         Remove the Strong Password decoration when the text field's value changes to avoid interfering
1180         with web sites that allow a person to clear the password field.
1181
1182         Tests: fast/forms/auto-fill-button/auto-fill-strong-password-button-when-maxlength-changes.html
1183                fast/forms/auto-fill-button/auto-fill-strong-password-button-when-minlength-changes.html
1184                fast/forms/auto-fill-button/hide-auto-fill-strong-password-button-when-value-changes.html
1185
1186         * html/HTMLInputElement.cpp:
1187         (WebCore::HTMLInputElement::resignStrongPasswordAppearance): Extracted from HTMLInputElement::updateType().
1188         (WebCore::HTMLInputElement::updateType): Extract out logic to resign the Strong Password appearance
1189         into a function that can be shared by this function and HTMLInputElement::setValue().
1190         (WebCore::HTMLInputElement::setValue): Resign the Strong Password appearance if this field was
1191         changed programmatically (i.e. no DOM change event was dispatched).
1192         * html/HTMLInputElement.h:
1193
1194 2018-05-08  Jer Noble  <jer.noble@apple.com>
1195
1196         Unreviewed build fix; add missing function definition.
1197
1198         * html/HTMLMediaElement.h:
1199         (WebCore::HTMLMediaElement::didPassCORSAccessCheck const):
1200
1201 2018-05-08  Jer Noble  <jer.noble@apple.com>
1202
1203         Mute MediaElementSourceNode when tainted.
1204         https://bugs.webkit.org/show_bug.cgi?id=184866
1205
1206         Reviewed by Eric Carlson.
1207
1208         Test: http/tests/security/webaudio-render-remote-audio-blocked-no-crossorigin.html
1209
1210         * Modules/webaudio/AudioContext.cpp:
1211         (WebCore::AudioContext::wouldTaintOrigin const):
1212         * Modules/webaudio/AudioContext.h:
1213         * Modules/webaudio/MediaElementAudioSourceNode.cpp:
1214         (WebCore::MediaElementAudioSourceNode::setFormat):
1215         (WebCore::MediaElementAudioSourceNode::wouldTaintOrigin):
1216         (WebCore::MediaElementAudioSourceNode::process):
1217         * Modules/webaudio/MediaElementAudioSourceNode.h:
1218
1219 2018-05-08  Eric Carlson  <eric.carlson@apple.com>
1220
1221         Log rtcstats as JSON
1222         https://bugs.webkit.org/show_bug.cgi?id=185437
1223         <rdar://problem/40065332>
1224
1225         Reviewed by Youenn Fablet.
1226
1227         * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
1228         (WebCore::RTCStatsLogger::RTCStatsLogger): Create a wrapper class so we don't have to add a
1229         toJSONString method to libwebrtc.
1230         (WebCore::RTCStatsLogger::toJSONString const): Log stats as JSON.
1231         (WebCore::LibWebRTCMediaEndpoint::OnStatsDelivered): Don't use the LOGIDENTIFIER macro because
1232         it doesn't work well inside of a lambda.
1233         (WTF::LogArgument<WebCore::RTCStatsLogger>::toString): Move into .cpp file because it is only
1234         used here.
1235         * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.h:
1236         (WTF::LogArgument<webrtc::RTCStats>::toString): Deleted. Move to .cpp file.
1237
1238 2018-05-08  Dean Jackson  <dino@apple.com>
1239
1240         System Preview links should trigger a download
1241         https://bugs.webkit.org/show_bug.cgi?id=185439
1242         <rdar://problem/40065545>
1243
1244         Reviewed by Jon Lee.
1245
1246         Add a new field to FrameLoadRequest, which then is copied
1247         into ResourceRequest, identifying if the link clicked
1248         is a system preview.
1249
1250         * html/HTMLAnchorElement.cpp:
1251         (WebCore::HTMLAnchorElement::handleClick): Look for isSystemPreviewLink().
1252         * loader/FrameLoadRequest.cpp:
1253         (WebCore::FrameLoadRequest::FrameLoadRequest):
1254         * loader/FrameLoadRequest.h: New property.
1255         (WebCore::FrameLoadRequest::FrameLoadRequest):
1256         (WebCore::FrameLoadRequest::isSystemPreview const):
1257         * loader/FrameLoader.cpp:
1258         (WebCore::FrameLoader::urlSelected):
1259         (WebCore::FrameLoader::loadURL):
1260         * loader/FrameLoader.h:
1261         * platform/network/ResourceRequestBase.cpp:
1262         (WebCore::ResourceRequestBase::isSystemPreview const):
1263         (WebCore::ResourceRequestBase::setSystemPreview):
1264         * platform/network/ResourceRequestBase.h:
1265
1266 2018-05-08  Commit Queue  <commit-queue@webkit.org>
1267
1268         Unreviewed, rolling out r231491.
1269         https://bugs.webkit.org/show_bug.cgi?id=185434
1270
1271         Setting the Created key on a cookie does not work yet, due a
1272         bug in CFNetwork (Requested by ggaren on #webkit).
1273
1274         Reverted changeset:
1275
1276         "[WKHTTPCookieStore getAllCookies] returns inconsistent
1277         creation time"
1278         https://bugs.webkit.org/show_bug.cgi?id=185041
1279         https://trac.webkit.org/changeset/231491
1280
1281 2018-05-08  Sihui Liu  <sihui_liu@apple.com>
1282
1283         [WKHTTPCookieStore getAllCookies] returns inconsistent creation time
1284         https://bugs.webkit.org/show_bug.cgi?id=185041
1285         <rdar://problem/34684214>
1286
1287         Reviewed by Geoffrey Garen.
1288
1289         Set creationtime property when creating Cookie object to keep consistency after conversion.
1290
1291         New API test: WebKit.WKHTTPCookieStoreCreationTime.
1292
1293         * platform/network/cocoa/CookieCocoa.mm:
1294         (WebCore::Cookie::operator NSHTTPCookie * const):
1295
1296 2018-05-08  Eric Carlson  <eric.carlson@apple.com>
1297
1298         Text track cue logging should include cue text
1299         https://bugs.webkit.org/show_bug.cgi?id=185353
1300         <rdar://problem/40003565>
1301
1302         Reviewed by Brent Fulgham.
1303
1304         No new tests, tested manually.
1305
1306         * html/track/VTTCue.cpp:
1307         (WebCore::VTTCue::toJSON const):
1308         * platform/graphics/InbandTextTrackPrivateClient.h:
1309         (WebCore::GenericCueData::toJSONString const):
1310         * platform/graphics/iso/ISOVTTCue.cpp:
1311         (WebCore::ISOWebVTTCue::toJSONString const):
1312
1313 2018-05-08  Sam Weinig  <sam@webkit.org>
1314
1315         More cleanup of XMLHttpRequestUpload
1316         https://bugs.webkit.org/show_bug.cgi?id=185409
1317
1318         Reviewed by Alex Christensen.
1319
1320         - Remove unneeded #includes
1321         - Rename m_xmlHttpRequest to m_request
1322         - Make some overloaded some methods private, and mark them as final rather
1323           than override.
1324
1325         * xml/XMLHttpRequestUpload.cpp:
1326         (WebCore::XMLHttpRequestUpload::XMLHttpRequestUpload):
1327         * xml/XMLHttpRequestUpload.h:
1328
1329 2018-05-08  Zalan Bujtas  <zalan@apple.com>
1330
1331         [LFC] Start using BlockMarginCollapse
1332         https://bugs.webkit.org/show_bug.cgi?id=185424
1333
1334         Reviewed by Antti Koivisto.
1335
1336         BlockMarginCollapse could be all static.
1337
1338         * layout/blockformatting/BlockFormattingContext.cpp:
1339         (WebCore::Layout::BlockFormattingContext::marginTop const):
1340         (WebCore::Layout::BlockFormattingContext::marginBottom const):
1341         * layout/blockformatting/BlockMarginCollapse.cpp:
1342         (WebCore::Layout::isMarginTopCollapsedWithSibling):
1343         (WebCore::Layout::isMarginBottomCollapsedWithSibling):
1344         (WebCore::Layout::isMarginTopCollapsedWithParent):
1345         (WebCore::Layout::isMarginBottomCollapsedWithParent):
1346         (WebCore::Layout::collapsedMarginTopFromFirstChild):
1347         (WebCore::Layout::collapsedMarginBottomFromLastChild):
1348         (WebCore::Layout::nonCollapsedMarginTop):
1349         (WebCore::Layout::nonCollapsedMarginBottom):
1350         (WebCore::Layout::BlockMarginCollapse::marginTop):
1351         (WebCore::Layout::BlockMarginCollapse::marginBottom):
1352         (WebCore::Layout::BlockMarginCollapse::BlockMarginCollapse): Deleted.
1353         (WebCore::Layout::BlockMarginCollapse::marginTop const): Deleted.
1354         (WebCore::Layout::BlockMarginCollapse::marginBottom const): Deleted.
1355         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithSibling const): Deleted.
1356         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithSibling const): Deleted.
1357         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithParent const): Deleted.
1358         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithParent const): Deleted.
1359         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginTop const): Deleted.
1360         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginBottom const): Deleted.
1361         (WebCore::Layout::BlockMarginCollapse::collapsedMarginTopFromFirstChild const): Deleted.
1362         (WebCore::Layout::BlockMarginCollapse::collapsedMarginBottomFromLastChild const): Deleted.
1363         (WebCore::Layout::BlockMarginCollapse::hasAdjoiningMarginTopAndBottom const): Deleted.
1364         * layout/blockformatting/BlockMarginCollapse.h:
1365
1366 2018-05-08  Youenn Fablet  <youenn@apple.com>
1367
1368         Allow WebResourceLoader to cancel a load served from a service worker
1369         https://bugs.webkit.org/show_bug.cgi?id=185274
1370
1371         Reviewed by Chris Dumez.
1372
1373         Add support for cancelling a fetch from WebProcess to service worker process.
1374         Use FetchIdentifier instead of uint64_t.
1375
1376         * Modules/fetch/FetchIdentifier.h: Added.
1377         * WebCore.xcodeproj/project.pbxproj:
1378         * workers/service/context/ServiceWorkerFetch.h:
1379         * workers/service/context/ServiceWorkerThreadProxy.cpp:
1380         (WebCore::ServiceWorkerThreadProxy::startFetch):
1381         (WebCore::ServiceWorkerThreadProxy::cancelFetch):
1382         * workers/service/context/ServiceWorkerThreadProxy.h:
1383
1384 2018-05-08  Said Abou-Hallawa  <sabouhallawa@apple.com>
1385
1386         feTurbulence is not rendered correctly on Retina display
1387         https://bugs.webkit.org/show_bug.cgi?id=183798
1388
1389         Reviewed by Simon Fraser.
1390
1391         On 2x display the feTurbulence filter creates a scaled ImageBuffer but
1392         processes only the unscaled size. This is a remaining work of r168577 and
1393         is very similar to what was done for the feMorphology filter in r188271.
1394
1395         Test: fast/hidpi/filters-turbulence.html
1396
1397         * platform/graphics/filters/FETurbulence.cpp:
1398         (WebCore::FETurbulence::fillRegion const):
1399         (WebCore::FETurbulence::platformApplySoftware):
1400
1401 2018-05-07  Zalan Bujtas  <zalan@apple.com>
1402
1403         [LFC] Add FormattingContext::layoutOutOfFlowDescendants implementation
1404         https://bugs.webkit.org/show_bug.cgi?id=185377
1405
1406         Reviewed by Antti Koivisto.
1407
1408         Also, remove FormattingContext's m_layoutContext member and pass it in to ::layout() instead.
1409         In theory LayoutContext is needed only during ::layout() call. 
1410
1411         * layout/FormattingContext.cpp:
1412         (WebCore::Layout::FormattingContext::layoutOutOfFlowDescendants const):
1413         * layout/FormattingContext.h:
1414         (WebCore::Layout::FormattingContext::layoutContext const):
1415         * layout/LayoutContext.cpp:
1416         (WebCore::Layout::LayoutContext::updateLayout):
1417         * layout/blockformatting/BlockFormattingContext.cpp:
1418         (WebCore::Layout::BlockFormattingContext::layout const):
1419         * layout/blockformatting/BlockFormattingContext.h:
1420         * layout/inlineformatting/InlineFormattingContext.cpp:
1421         (WebCore::Layout::InlineFormattingContext::layout const):
1422         * layout/inlineformatting/InlineFormattingContext.h:
1423
1424 2018-05-07  Daniel Bates  <dabates@apple.com>
1425
1426         Check X-Frame-Options and CSP frame-ancestors in network process
1427         https://bugs.webkit.org/show_bug.cgi?id=185410
1428         <rdar://problem/37733934>
1429
1430         Reviewed by Ryosuke Niwa.
1431
1432         * WebCore.xcodeproj/project.pbxproj: Make PingLoader.h a private header so that we can include it in WebKit.
1433         * loader/DocumentLoader.cpp:
1434         (WebCore::DocumentLoader::responseReceived): Only check CSP frame-ancestors and X-Frame-Options here if
1435         we are not checking them in the NetworkProcess and HTTP response access is restricted. I code is otherwise kept
1436         unchanged. There may be opportunities to clean this code up more and share more of it. We should look into this
1437         in subsequent bugs.
1438         * loader/DocumentLoader.h: Change visibility of stopLoadingAfterXFrameOptionsOrContentSecurityPolicyDenied() from
1439         private to public and export it so that we can call it from the WebKit.
1440         * loader/PingLoader.h:
1441         * page/Settings.yaml: Add a new setting called networkProcessCSPFrameAncestorsCheckingEnabled (defaults: false)
1442         and is hardcoded in WebPage.cpp to be enabled. This setting is used to determine if we will be using the NetworkProcess.
1443         Ideally we wouldn't have this setting and just key off RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess().
1444         However RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess() is always enabled in WebKit Legacy
1445         at the time of writing (why?). And, strangely, RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
1446         is conditionally enabled in WebKit. For now, we add a new setting, networkProcessCSPFrameAncestorsCheckingEnabled,
1447         to determine if CSP checking should be performed in NetworkProcess. For checking to actually happen in NetworkProcess
1448         and not in DocumentLoader::responseReceived() RuntimeEnabledFeatures::sharedFeatures().restrictedHTTPResponseAccess()
1449         will also need to be enabled.
1450         * page/csp/ContentSecurityPolicy.cpp:
1451         (WebCore::ContentSecurityPolicy::allowFrameAncestors const): Added a variant that takes a vector of ancestor origins.
1452         * page/csp/ContentSecurityPolicy.h:
1453         * page/csp/ContentSecurityPolicyDirectiveList.cpp:
1454         (WebCore::checkFrameAncestors): Ditto.
1455         (WebCore::ContentSecurityPolicyDirectiveList::violatedDirectiveForFrameAncestorOrigins const): Ditto.
1456         * page/csp/ContentSecurityPolicyDirectiveList.h: Export constructor so that we can invoke it from NetworkResourceLoader::shouldInterruptLoadForCSPFrameAncestorsOrXFrameOptions().
1457         * page/csp/ContentSecurityPolicyResponseHeaders.h:
1458         * platform/network/HTTPParsers.h: Export XFrameOptionsDisposition() so that we can use in WebKit.
1459
1460 2018-05-07  Daniel Bates  <dabates@apple.com>
1461
1462         Abstract logic to log console messages and send CSP violation reports into a client
1463         https://bugs.webkit.org/show_bug.cgi?id=185393
1464         <rdar://problem/40036053>
1465
1466         Reviewed by Brent Fulgham.
1467
1468         First pass at adding infrastructure to supporting CSP reporting from NetworkProcess and workers.
1469         Replaces the existing ContentSecurityPolicy constructor that takes a Frame with one that
1470         takes a ContentSecurityPolicyClient to delegate to for logging and sending reports. We will look
1471         to remove ContentSecurityPolicy constructor that takes a ScriptExecutionContext in a follow up.
1472
1473         Standardize on instantiating a ContentSecurityPolicy with the full URL to resource that it protects
1474         instead of taking only the SecurityOrigin of this URL. By taking the full URL the ContentSecurityPolicy
1475         object is now capable of resolving a relative report URL without needing a Document/ScriptExecutionContext.
1476
1477         We are underutilizing the CSPInfo struct and ContentSecurityPolicyClient::willSendCSPViolationReport()
1478         delegate callback in this patch. We will make use of this functionality in a subsequent patch to
1479         support collecting script state (e.g. source line number) when reporting CSP violations in worker
1480         threads. We also no longer go through the unnecessary motions to try to collect script state for a
1481         frame-ancestors violation (since DocumentLoader extends ContentSecurityPolicyClient and does not
1482         implement ContentSecurityPolicyClient::willSendCSPViolationReport()). The frame-ancestors directive
1483         is checked before a document is parsed and executes script; => there will never be any script state
1484         to collect; => it is not necessary to try to collect it as we currently do.
1485
1486         * Sources.txt: Add file ContentSecurityPolicyClient.cpp. See the remarks for ContentSecurityPolicyClient.cpp
1487         below on why we have this file.
1488         * WebCore.xcodeproj/project.pbxproj: Add files ContentSecurityPolicyClient.{h, cpp}.
1489         * dom/Document.cpp:
1490         (WebCore::Document::initSecurityContext): Pass the URL of the protected document.
1491         * loader/DocumentLoader.cpp:
1492         (WebCore::DocumentLoader::responseReceived): Ditto.
1493         (WebCore::DocumentLoader::addConsoleMessage): Added.
1494         (WebCore::DocumentLoader::sendCSPViolationReport): Added.
1495         (WebCore::DocumentLoader::dispatchSecurityPolicyViolationEvent): Added.
1496         * loader/DocumentLoader.h:
1497         * loader/FrameLoaderClient.h: Fix typo in comment.
1498         * loader/WorkerThreadableLoader.cpp:
1499         (WebCore::WorkerThreadableLoader::MainThreadBridge::MainThreadBridge): Pass the URL of the worker script.
1500         * page/csp/ContentSecurityPolicy.cpp:
1501         (WebCore::ContentSecurityPolicy::ContentSecurityPolicy): Added overload that takes a URL&& and an optional
1502         ContentSecurityPolicyClient*.
1503         (WebCore::ContentSecurityPolicy::deprecatedURLForReporting const): Extracted and simplified stripURLForUseInReport()
1504         into this member function.
1505         (WebCore::ContentSecurityPolicy::reportViolation const): Modified to make use of the client, if we have
1506         one and removed code for handling a ContentSecurityPolicy that was instantiated with a Frame.
1507         (WebCore::ContentSecurityPolicy::logToConsole const): Ditto.
1508         (WebCore::stripURLForUseInReport): Deleted; incorporated into ContentSecurityPolicy::deprecatedURLForReporting().
1509         * page/csp/ContentSecurityPolicy.h:
1510         * page/csp/ContentSecurityPolicyClient.cpp: Added. This file exists so that we can define the virtual
1511         destructor out-of-line and export this abstract class so as to avoid the need for the vtable to be
1512         defined in the translation unit of each derived class.
1513         * page/csp/ContentSecurityPolicyClient.h: Added.
1514         * page/csp/ContentSecurityPolicySource.cpp:
1515         (WebCore::ContentSecurityPolicySource::operator SecurityOriginData const): Added.
1516         * page/csp/ContentSecurityPolicySource.h:
1517         * workers/WorkerGlobalScope.cpp:
1518         (WebCore::WorkerGlobalScope::WorkerGlobalScope): Instantiate the ContentSecurityPolicy object with the
1519         URL of the worker script.
1520
1521 2018-05-07  Simon Fraser  <simon.fraser@apple.com>
1522
1523         CSS filters which reference SVG filters fail to respect the "color-interpolation-filters" of the filter
1524         https://bugs.webkit.org/show_bug.cgi?id=185343
1525
1526         Reviewed by Dean Jackson.
1527
1528         Test: css3/filters/color-interpolation-filters.html
1529         
1530         When applying CSS reference filters, apply the value of "color-interpolation-filters" for the
1531         referenced filter effect element, just as we do for SVG filters.
1532
1533         * rendering/FilterEffectRenderer.cpp:
1534         (WebCore::FilterEffectRenderer::buildReferenceFilter):
1535
1536 2018-05-07  Daniel Bates  <dabates@apple.com>
1537
1538         CSP status-code incorrect for document blocked due to violation of its frame-ancestors directive
1539         https://bugs.webkit.org/show_bug.cgi?id=185366
1540         <rdar://problem/40035116>
1541
1542         Reviewed by Brent Fulgham.
1543
1544         Fixes an issue where the status-code in the sent CSP report for an HTTP document blocked because
1545         its frame-ancestors directive was violated would be the status code of the previously loaded
1546         document in the frame. If the previously loaded document was about:blank then this would be 0.
1547
1548         Currently whenever we send a CSP report we ask the document's loader (Document::loader()) for the
1549         HTTP status code for the last response. Document::loader() returns the loader for the last committed
1550         document its frame. For a frame-ancestors violation, a CSP report is sent before the document
1551         that had the frame-ancestors directive has been committed and after it has been associate with a frame.
1552         As a result we are in are in a transient transition state for the frame and hence the last response
1553         for new document's loader (Document::loader()) is actually the last response of the previously loaded
1554         document in the frame. Instead we need to take care to tell CSP about the HTTP status code for the
1555         response associated with the document the CSP came from.
1556
1557         * dom/Document.cpp:
1558         (WebCore::Document::processHttpEquiv):
1559         (WebCore::Document::initSecurityContext):
1560         Pass the HTTP status code to CSP.
1561
1562         * page/csp/ContentSecurityPolicy.cpp:
1563         (WebCore::ContentSecurityPolicy::copyStateFrom):
1564         (WebCore::ContentSecurityPolicy::responseHeaders const):
1565         (WebCore::ContentSecurityPolicy::didReceiveHeaders):
1566         (WebCore::ContentSecurityPolicy::didReceiveHeader):
1567         (WebCore::ContentSecurityPolicy::reportViolation const):
1568         * page/csp/ContentSecurityPolicy.h:
1569         Modify existing functions to take the HTTP status code, store it in a instance variable,
1570         and reference this variable when reporting a violation.
1571
1572         * page/csp/ContentSecurityPolicyResponseHeaders.cpp:
1573         (WebCore::ContentSecurityPolicyResponseHeaders::ContentSecurityPolicyResponseHeaders):
1574         (WebCore::ContentSecurityPolicyResponseHeaders::isolatedCopy const):
1575         * page/csp/ContentSecurityPolicyResponseHeaders.h:
1576         (WebCore::ContentSecurityPolicyResponseHeaders::encode const):
1577         (WebCore::ContentSecurityPolicyResponseHeaders::decode):
1578         Store the HTTP status code along with the response headers.
1579
1580 2018-05-07  Daniel Bates  <dabates@apple.com>
1581
1582         CSP referrer incorrect for document blocked due to violation of its frame-ancestors directive
1583         https://bugs.webkit.org/show_bug.cgi?id=185380
1584
1585         Reviewed by Brent Fulgham.
1586
1587         Similar to <https://bugs.webkit.org/show_bug.cgi?id=185366>, fixes an issue where the referrer
1588         in the sent CSP report for an HTTP document blocked because its frame-ancestors directive was
1589         violated would be the referrer of the previously loaded document in the frame.
1590
1591         Currently whenever we send a CSP report we ask the document's loader (Document::loader()) for
1592         the referrer for the last request. Document::loader() returns the loader for the last committed
1593         document in its frame. For a frame-ancestors violation, a CSP report is sent before the document
1594         that had the frame-ancestors directive has been committed and after it has been associate with a
1595         frame. As a result we are in a transient transition state for the frame and hence the last request
1596         for the new document's loader (Document::loader()) is actually the last request of the previously
1597         loaded document in the frame. Instead we need to take care to tell CSP about the referrer for the
1598         request associated with the document the CSP came from.
1599
1600         * loader/DocumentLoader.cpp:
1601         (WebCore::DocumentLoader::responseReceived):
1602
1603 2018-05-07  Brent Fulgham  <bfulgham@apple.com>
1604
1605         Add experimental feature to prompt for Storage Access API use
1606         https://bugs.webkit.org/show_bug.cgi?id=185335
1607         <rdar://problem/39994649>
1608
1609         Reviewed by Alex Christensen and Youenn Fablet.
1610
1611         Create a new experimental feature that gates the ability of WebKit clients to prompt the user when
1612         Storage Access API is invoked.
1613
1614         Currently this feature doesn't have any user-visible impact.
1615
1616         * page/RuntimeEnabledFeatures.h:
1617         (WebCore::RuntimeEnabledFeatures::setStorageAccessPromptsEnabled):
1618         (WebCore::RuntimeEnabledFeatures::storageAccessPromptsEnabled const):
1619         * testing/InternalSettings.cpp:
1620         (WebCore::InternalSettings::Backup::Backup):
1621         (WebCore::InternalSettings::Backup::restoreTo):
1622         (WebCore::InternalSettings::setStorageAccessPromptsEnabled):
1623         * testing/InternalSettings.h:
1624         * testing/InternalSettings.idl:
1625
1626 2018-05-07  Chris Dumez  <cdumez@apple.com>
1627
1628         Stop using an iframe's id as fallback if its name attribute is not set
1629         https://bugs.webkit.org/show_bug.cgi?id=11388
1630
1631         Reviewed by Geoff Garen.
1632
1633         WebKit had logic to use an iframe's id as fallback name when its name
1634         content attribute is not set. This behavior was not standard and did not
1635         match other browsers:
1636         - https://html.spec.whatwg.org/#attr-iframe-name
1637
1638         Gecko / Trident never behaved this way. Blink was aligned with us until
1639         they started to match the specification in:
1640         - https://bugs.chromium.org/p/chromium/issues/detail?id=347169
1641
1642         This WebKit quirk was causing some Web-compatibility issues because it
1643         would affect the behavior of Window's name property getter when trying
1644         to look up an iframe by id. Because of Window's named property getter
1645         behavior [1], we would return the frame's contentWindow instead of the
1646         iframe element itself.
1647
1648         [1] https://html.spec.whatwg.org/multipage/window-object.html#named-access-on-the-window-object
1649
1650         Test: fast/dom/Window/named-getter-frame-id.html
1651
1652         * html/HTMLFrameElementBase.cpp:
1653         (WebCore::HTMLFrameElementBase::openURL):
1654         (WebCore::HTMLFrameElementBase::parseAttribute):
1655         (WebCore::HTMLFrameElementBase::didFinishInsertingNode):
1656         * html/HTMLFrameElementBase.h:
1657
1658 2018-05-07  Chris Dumez  <cdumez@apple.com>
1659
1660         ASSERT(!childItemWithTarget(child->target())) is hit in HistoryItem::addChildItem()
1661         https://bugs.webkit.org/show_bug.cgi?id=185322
1662
1663         Reviewed by Geoff Garen.
1664
1665         We generate unique names for Frame to be used in HistoryItem. Those names not only
1666         need to be unique, they also need to be repeatable to avoid layout tests flakiness
1667         and for things like restoring form state from a HistoryItem.
1668
1669         The previously generated frame names were relying on the Frame's index among a
1670         parent Frame's children. The issue was that we could end up with duplicate names
1671         because one could insert a Frame *before* an existing one. This is because the code
1672         would not take care of updating existing Frames' unique name on frame tree mutation.
1673
1674         Updating frame tree names on mutation would be inefficient and is also not necessary.
1675         The approach chosen in this patch is to stop using the Frame's index and instead rely
1676         on an increasing counter stored on the top-frame's FrameTree. To make the names
1677         repeatable, we reset the counter on page navigation.
1678
1679         * page/Frame.cpp:
1680         (WebCore::Frame::setDocument):
1681         * page/FrameTree.cpp:
1682         (WebCore::FrameTree::uniqueChildName const):
1683         (WebCore::FrameTree::generateUniqueName const):
1684         * page/FrameTree.h:
1685         (WebCore::FrameTree::resetFrameIdentifiers):
1686
1687 2018-05-07  Yacine Bandou  <yacine.bandou_ext@softathome.com>
1688
1689         [EME][GStreamer] Fix wrong subsample parsing on r227067
1690         https://bugs.webkit.org/show_bug.cgi?id=185382
1691
1692         Reviewed by Philippe Normand.
1693
1694         The initialization of sampleIndex should be moved outside of the loop.
1695         Without this patch we will have a bad log and the check of the subsample
1696         count will be useless.
1697
1698         * platform/graphics/gstreamer/eme/WebKitClearKeyDecryptorGStreamer.cpp:
1699         (webKitMediaClearKeyDecryptorDecrypt):
1700
1701 2018-05-07  Daniel Bates  <dabates@apple.com>
1702
1703         CSP should be passed the referrer
1704         https://bugs.webkit.org/show_bug.cgi?id=185367
1705
1706         Reviewed by Per Arne Vollan.
1707
1708         As a step towards formalizing a CSP delegate object and removing the dependencies
1709         on ScriptExecutionContext and Frame, we should pass the document's referrer directly
1710         instead of indirectly obtaining it from the ScriptExecutionContext or Frame used
1711         to instantiate the ContentSecurityPolicy object.
1712
1713         * dom/Document.cpp:
1714         (WebCore::Document::processHttpEquiv): Pass the document's referrer.
1715         (WebCore::Document::initSecurityContext): Ditto.
1716         (WebCore::Document::applyQuickLookSandbox): Ditto.
1717         * loader/DocumentLoader.cpp:
1718         (WebCore::DocumentLoader::responseReceived): Ditto.
1719         * loader/FrameLoader.cpp:
1720         (WebCore::FrameLoader::didBeginDocument): Ditto.
1721         * page/csp/ContentSecurityPolicy.cpp:
1722         (WebCore::ContentSecurityPolicy::copyStateFrom): We pass a null string for the referrer
1723         to didReceiveHeader() as a placeholder since it requires the referrer be given to it. We
1724         fix up the referrer (m_referrer) after copying all the policy headers.
1725         (WebCore::ContentSecurityPolicy::didReceiveHeaders): Ditto.
1726         (WebCore::ContentSecurityPolicy::didReceiveHeader): Modified to take a referrer and WTFMove()s
1727         it into an instance variable (m_referrer).
1728         (WebCore::ContentSecurityPolicy::reportViolation const): Modified to use the stored referrer.
1729         * page/csp/ContentSecurityPolicy.h:
1730         * workers/WorkerGlobalScope.cpp:
1731         (WebCore::WorkerGlobalScope::applyContentSecurityPolicyResponseHeaders): Pass a null string
1732         for the referrer as a worker does not have a referrer.
1733
1734 2018-05-07  Daniel Bates  <dabates@apple.com>
1735
1736         CSP should only notify Inspector to pause the debugger on the first policy to violate a directive
1737         https://bugs.webkit.org/show_bug.cgi?id=185364
1738
1739         Reviewed by Brent Fulgham.
1740
1741         Notify Web Inspector that a script was blocked on the first enforced CSP policy that it
1742         violates.
1743
1744         A page can have more than one enforced Content Security Policy. Currently for inline
1745         scripts, inline event handlers, JavaScript URLs, and eval() that are blocked by CSP
1746         we notify Web Inspector that it was blocked for each CSP policy that blocked it. When
1747         Web Inspector is notified it pauses script execution. It does not seem very meaningful
1748         to pause script execution on the same script for each CSP policy that blocked it.
1749         Therefore, only tell Web Inspector that a script was blocked for the first enforced CSP
1750         policy that blocked it.
1751
1752         * page/csp/ContentSecurityPolicy.cpp:
1753         (WebCore::ContentSecurityPolicy::allowJavaScriptURLs const):
1754         (WebCore::ContentSecurityPolicy::allowInlineEventHandlers const):
1755         (WebCore::ContentSecurityPolicy::allowInlineScript const):
1756         (WebCore::ContentSecurityPolicy::allowEval const):
1757
1758 2018-05-07  Daniel Bates  <dabates@apple.com>
1759
1760         Substitute CrossOriginPreflightResultCache::clear() for CrossOriginPreflightResultCache::empty()
1761         https://bugs.webkit.org/show_bug.cgi?id=185170
1762
1763         Reviewed by Per Arne Vollan.
1764
1765         Rename CrossOriginPreflightResultCache::empty() to CrossOriginPreflightResultCache::clear() make
1766         it consistent with the terminology we use in WebKit to signify a function that clears a collection.
1767         A member function named "empty" is expected to return an instance of a class in its "empty state".
1768         For example, StringImpl::empty() returns a StringImpl instance that represents the empty string.
1769         However CrossOriginPreflightResultCache::empty() clears out the cache in-place. We should rename
1770         this function to better describe its purpose.
1771
1772         * loader/CrossOriginPreflightResultCache.cpp:
1773         (WebCore::CrossOriginPreflightResultCache::clear):
1774         (WebCore::CrossOriginPreflightResultCache::empty): Deleted.
1775         * loader/CrossOriginPreflightResultCache.h:
1776
1777 2018-05-06  Dean Jackson  <dino@apple.com>
1778
1779         WebGL: Reset simulated values after validation fails
1780         https://bugs.webkit.org/show_bug.cgi?id=185363
1781         <rdar://problem/39733417>
1782
1783         Reviewed by Anders Carlsson.
1784
1785         While fixing a previous bug, I forgot to reset some values
1786         when validation fails. This caused a bug where a subsequent
1787         invalid call might use those values and escape detection.
1788
1789         Test: fast/canvas/webgl/index-validation-with-subsequent-draws.html
1790
1791         * html/canvas/WebGLRenderingContextBase.cpp:
1792         (WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): Reset the
1793         sizes when validation fails.
1794         * html/canvas/WebGLRenderingContextBase.h:
1795
1796 2018-05-07  Ms2ger  <Ms2ger@igalia.com>
1797
1798         Support negative sw/sh values in createImageBitmap().
1799         https://bugs.webkit.org/show_bug.cgi?id=184449
1800
1801         Reviewed by Dean Jackson.
1802
1803         Tests: LayoutTests/imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage.html
1804                LayoutTests/http/wpt/2dcontext/imagebitmap/createImageBitmap.html
1805
1806         * html/ImageBitmap.cpp:
1807         (WebCore::ImageBitmap::createPromise): handle negative values per spec.
1808
1809 2018-05-07  Brian Burg  <bburg@apple.com>
1810
1811         Web Inspector: opt out of process swap on navigation if a Web Inspector frontend is connected
1812         https://bugs.webkit.org/show_bug.cgi?id=184861
1813         <rdar://problem/39153768>
1814
1815         Reviewed by Timothy Hatcher.
1816
1817         Notify the client of the current connection count whenever a frontend connects or disconnects.
1818
1819         Covered by new API test.
1820
1821         * inspector/InspectorClient.h:
1822         (WebCore::InspectorClient::frontendCountChanged):
1823         * inspector/InspectorController.cpp:
1824         (WebCore::InspectorController::connectFrontend):
1825         (WebCore::InspectorController::disconnectFrontend):
1826         (WebCore::InspectorController::disconnectAllFrontends):
1827         * inspector/InspectorController.h:
1828
1829 2018-05-07  Eric Carlson  <eric.carlson@apple.com>
1830
1831         Text track cue logging should include cue text
1832         https://bugs.webkit.org/show_bug.cgi?id=185353
1833         <rdar://problem/40003565>
1834
1835         Reviewed by Youenn Fablet.
1836
1837         No new tests, tested manually.
1838
1839         * html/track/VTTCue.cpp:
1840         (WebCore::VTTCue::toJSONString const): Use toJSON.
1841         (WebCore::VTTCue::toJSON const): New.
1842         * html/track/VTTCue.h:
1843
1844         * platform/graphics/InbandTextTrackPrivateClient.h:
1845         (WebCore::GenericCueData::toJSONString const): Log m_content.
1846
1847         * platform/graphics/iso/ISOVTTCue.cpp:
1848         (WebCore::ISOWebVTTCue::toJSONString const): Log m_cueText.
1849
1850 2018-05-06  Zalan Bujtas  <zalan@apple.com>
1851
1852         [LFC] Add assertions for stale Display::Box geometry
1853         https://bugs.webkit.org/show_bug.cgi?id=185357
1854
1855         Reviewed by Antti Koivisto.
1856
1857         Ensure that we don't access stale geometry of other boxes during layout.
1858         For example, in order to layout a block child we need the containing block's content box top/left and width (but not the height)
1859
1860         * layout/displaytree/DisplayBox.h:
1861         (WebCore::Display::Box::invalidateTop):
1862         (WebCore::Display::Box::invalidateLeft):
1863         (WebCore::Display::Box::invalidateWidth):
1864         (WebCore::Display::Box::invalidateHeight):
1865         (WebCore::Display::Box::hasValidPosition const):
1866         (WebCore::Display::Box::hasValidSize const):
1867         (WebCore::Display::Box::hasValidGeometry const):
1868         (WebCore::Display::Box::invalidatePosition):
1869         (WebCore::Display::Box::invalidateSize):
1870         (WebCore::Display::Box::setHasValidPosition):
1871         (WebCore::Display::Box::setHasValidSize):
1872         (WebCore::Display::Box::setHasValidGeometry):
1873         (WebCore::Display::Box::rect const):
1874         (WebCore::Display::Box::top const):
1875         (WebCore::Display::Box::left const):
1876         (WebCore::Display::Box::bottom const):
1877         (WebCore::Display::Box::right const):
1878         (WebCore::Display::Box::topLeft const):
1879         (WebCore::Display::Box::bottomRight const):
1880         (WebCore::Display::Box::size const):
1881         (WebCore::Display::Box::width const):
1882         (WebCore::Display::Box::height const):
1883         (WebCore::Display::Box::setRect):
1884         (WebCore::Display::Box::setTopLeft):
1885         (WebCore::Display::Box::setTop):
1886         (WebCore::Display::Box::setLeft):
1887         (WebCore::Display::Box::setSize):
1888         (WebCore::Display::Box::setWidth):
1889         (WebCore::Display::Box::setHeight):
1890
1891 2018-05-06  Zalan Bujtas  <zalan@apple.com>
1892
1893         [LFC] Add BlockFormattingContext::computeStaticPosition
1894         https://bugs.webkit.org/show_bug.cgi?id=185352
1895
1896         Reviewed by Antti Koivisto.
1897
1898         This is the core logic for positioning inflow boxes in a block formatting context (very naive though).
1899
1900         * layout/blockformatting/BlockFormattingContext.cpp:
1901         (WebCore::Layout::BlockFormattingContext::computeStaticPosition const):
1902         * layout/displaytree/DisplayBox.h:
1903
1904 2018-05-05  Sam Weinig  <sam@webkit.org>
1905
1906         Cleanup XMLHttpRequestUpload a little
1907         https://bugs.webkit.org/show_bug.cgi?id=185344
1908
1909         Reviewed by Yusuke Suzuki.
1910
1911         * bindings/js/JSXMLHttpRequestCustom.cpp:
1912         (WebCore::JSXMLHttpRequest::visitAdditionalChildren):
1913         Use auto to reduce redundancy.
1914
1915         * xml/XMLHttpRequest.cpp:
1916         (WebCore::XMLHttpRequest::upload):
1917         * xml/XMLHttpRequest.h:
1918         Switch upload() to return a reference.
1919         
1920         * xml/XMLHttpRequestUpload.cpp:
1921         (WebCore::XMLHttpRequestUpload::XMLHttpRequestUpload):
1922         (WebCore::XMLHttpRequestUpload::dispatchProgressEvent):
1923         * xml/XMLHttpRequestUpload.h:
1924         Cleanup formatting, modernize and switch XMLHttpRequest member from a pointer
1925         to a reference.
1926
1927 2018-05-05  Dean Jackson  <dino@apple.com>
1928
1929         Draw a drop-shadow behind the system preview badge
1930         https://bugs.webkit.org/show_bug.cgi?id=185356
1931         <rdar://problem/40004936>
1932
1933         Reviewed by Wenson Hsieh.
1934
1935         Draw a very subtle drop-shadow under the system
1936         preview badge so that it is more visible on a pure
1937         white background.
1938
1939         I also moved some code around to make it more clear
1940         and improved comments.
1941
1942         * rendering/RenderThemeIOS.mm:
1943         (WebCore::RenderThemeIOS::paintSystemPreviewBadge):
1944
1945 2018-05-04  Wenson Hsieh  <wenson_hsieh@apple.com>
1946
1947         [iOS] Multiple links in Mail are dropped in a single line, and are difficult to tell apart
1948         https://bugs.webkit.org/show_bug.cgi?id=185289
1949         <rdar://problem/35756912>
1950
1951         Reviewed by Tim Horton and Darin Adler.
1952
1953         When inserting multiple URLs as individual items in a single drop, we currently separate each item with a space
1954         (see r217284). However, it still seems difficult to tell dropped links apart. This patch makes some slight
1955         tweaks to WebContentReader::readURL so that it inserts line breaks before dropped URLs, if the dropped URL isn't
1956         the first item to be inserted in the resulting document fragment.
1957
1958         Augments existing API tests in DataInteractionTests.
1959
1960         * editing/ios/WebContentReaderIOS.mm:
1961
1962         Additionally remove some extraneous header imports from this implementation file.
1963
1964         (WebCore::WebContentReader::readURL):
1965
1966 2018-05-02  Dean Jackson  <dino@apple.com>
1967
1968         Use IOSurfaces for CoreImage operations where possible
1969         https://bugs.webkit.org/show_bug.cgi?id=185230
1970         <rdar://problem/39926929>
1971
1972         Reviewed by Jon Lee.
1973
1974         On iOS hardware, we can use IOSurfaces as a rendering destination
1975         for CoreImage, which means we're keeping data on the GPU
1976         for rendering.
1977
1978         As a drive-by fix, I used a convenience method for Gaussian blurs.
1979
1980         * rendering/RenderThemeIOS.mm:
1981         (WebCore::RenderThemeIOS::paintSystemPreviewBadge):
1982
1983 2018-05-04  Tim Horton  <timothy_horton@apple.com>
1984
1985         Shift to a lower-level framework for simplifying URLs
1986         https://bugs.webkit.org/show_bug.cgi?id=185334
1987
1988         Reviewed by Dan Bernstein.
1989
1990         * Configurations/WebCore.xcconfig:
1991         * platform/mac/DragImageMac.mm:
1992         (WebCore::LinkImageLayout::LinkImageLayout):
1993
1994 2018-05-03  Ryosuke Niwa  <rniwa@webkit.org>
1995
1996         Release assert in ScriptController::canExecuteScripts via HTMLMediaElement::~HTMLMediaElement()
1997         https://bugs.webkit.org/show_bug.cgi?id=185288
1998
1999         Reviewed by Jer Noble.
2000
2001         The crash is caused by HTMLMediaElement::~HTMLMediaElement canceling the resource load via CachedResource
2002         which ends up calling FrameLoader::checkCompleted() and fire load event on the document synchronously.
2003         Speculatively fix the crash by scheduling the check instead.
2004
2005         In long term, ResourceLoader::cancel should never fire load event synchronously: webkit.org/b/185284.
2006
2007         Unfortunately, no new tests since I can't get MediaResource to get destructed at the right time.
2008
2009         * html/HTMLMediaElement.cpp:
2010         (WebCore::HTMLMediaElement::isRunningDestructor): Added to detect this specific case.
2011         (WebCore::HTMLMediaElementDestructorScope): Added.
2012         (WebCore::HTMLMediaElementDestructorScope::HTMLMediaElementDestructorScope): Added.
2013         (WebCore::HTMLMediaElementDestructorScope::~HTMLMediaElementDestructorScope): Added.
2014         (WebCore::HTMLMediaElement::~HTMLMediaElement): Instantiate HTMLMediaElement.
2015         * html/HTMLMediaElement.h:
2016         * loader/FrameLoader.cpp:
2017         (WebCore::FrameLoader::checkCompleted): Call scheduleCheckCompleted instead of synchronously calling
2018         checkCompleted if we're in the middle of destructing a HTMLMediaElement.
2019
2020 2018-05-04  Ryosuke Niwa  <rniwa@webkit.org>
2021
2022         Rename DocumentOrderedMap to TreeScopeOrderedMap
2023         https://bugs.webkit.org/show_bug.cgi?id=185290
2024
2025         Reviewed by Zalan Bujtas.
2026
2027         Renamed the class since it's almost always a mistake to use this class as a member variable of Document.
2028
2029         * Sources.txt:
2030         * WebCore.xcodeproj/project.pbxproj:
2031         * dom/MouseRelatedEvent.cpp: Include the forgotten DOMWindow.h. Unified build files bit us here.
2032         * dom/TreeScope.cpp:
2033         (WebCore::TreeScope::addElementById):
2034         (WebCore::TreeScope::addElementByName):
2035         (WebCore::TreeScope::addImageMap):
2036         (WebCore::TreeScope::addImageElementByUsemap):
2037         (WebCore::TreeScope::labelElementForId):
2038         * dom/TreeScope.h:
2039         * dom/TreeScopeOrderedMap.cpp: Renamed from DocumentOrderedMap.cpp
2040         * dom/TreeScopeOrderedMap.h: Renamed from DocumentOrderedMap.h
2041         * html/HTMLDocument.h:
2042
2043 2018-05-04  Don Olmstead  <don.olmstead@sony.com>
2044
2045         [Win][WebKit] Fix forwarding headers for Windows build
2046         https://bugs.webkit.org/show_bug.cgi?id=184412
2047
2048         Reviewed by Alex Christensen.
2049
2050         No new tests. No change in behavior.
2051
2052         * PlatformWin.cmake:
2053
2054 2018-05-04  Zalan Bujtas  <zalan@apple.com>
2055
2056         [Simple line layout] Add support for line layout box generation with multiple text renderers.
2057         https://bugs.webkit.org/show_bug.cgi?id=185276
2058
2059         Reviewed by Antti Koivisto.
2060
2061         Covered by existing tests.
2062
2063         * rendering/SimpleLineLayoutFunctions.cpp:
2064         (WebCore::SimpleLineLayout::canUseForLineBoxTree):
2065         (WebCore::SimpleLineLayout::generateLineBoxTree):
2066         * rendering/SimpleLineLayoutResolver.cpp:
2067         (WebCore::SimpleLineLayout::RunResolver::Run::renderer const):
2068         (WebCore::SimpleLineLayout::RunResolver::Run::localStart const):
2069         (WebCore::SimpleLineLayout::RunResolver::Run::localEnd const):
2070         * rendering/SimpleLineLayoutResolver.h:
2071
2072 2018-05-04  Timothy Hatcher  <timothy@apple.com>
2073
2074         Deprecate legacy WebView and friends
2075         https://bugs.webkit.org/show_bug.cgi?id=185279
2076         rdar://problem/33268700
2077
2078         Reviewed by Tim Horton.
2079
2080         * Configurations/WebCore.xcconfig:
2081         Added BUILDING_WEBKIT define to disable the deprecation macros.
2082         * bridge/objc/WebScriptObject.h:
2083         Added deprecation macros to WebScriptObject and WebUndefined.
2084         * platform/cocoa/WebKitAvailability.h:
2085         Added more macros and a way to disable deprecation warnings for
2086         WebKit build and in clients like Safari.
2087
2088 2018-05-04  Eric Carlson  <eric.carlson@apple.com>
2089
2090         Log media time range as JSON
2091         https://bugs.webkit.org/show_bug.cgi?id=185321
2092         <rdar://problem/39986746>
2093
2094         Reviewed by Youenn Fablet.
2095
2096         No new tests, tested manually.
2097
2098         * html/HTMLMediaElement.cpp:
2099         (WebCore::HTMLMediaElement::addPlayedRange): Log as time range.
2100         (WebCore::HTMLMediaElement::visibilityStateChanged): Cleanup.
2101
2102         * platform/graphics/MediaPlayer.h:
2103         (WTF::LogArgument<MediaTime>::toString):
2104         (WTF::LogArgument<MediaTimeRange>::toString):
2105
2106         * platform/graphics/avfoundation/InbandTextTrackPrivateAVF.cpp:
2107         (WebCore::InbandTextTrackPrivateAVF::processAttributedStrings): Log error as time range.
2108
2109 2018-05-04  Zalan Bujtas  <zalan@apple.com>
2110
2111         Use the containing block to compute the pagination gap when the container is inline.
2112         https://bugs.webkit.org/show_bug.cgi?id=184724
2113         <rdar://problem/39521800>
2114
2115         Reviewed by Simon Fraser.
2116
2117         Test: fast/overflow/page-overflow-with-inline-body-crash.html
2118
2119         * page/FrameView.cpp:
2120         (WebCore::FrameView::applyPaginationToViewport):
2121
2122 2018-05-04  Tim Horton  <timothy_horton@apple.com>
2123
2124         Don't use GSFont* in minimal simulator mode
2125         https://bugs.webkit.org/show_bug.cgi?id=185320
2126         <rdar://problem/39734478>
2127
2128         Reviewed by Beth Dakin.
2129
2130         * page/cocoa/MemoryReleaseCocoa.mm:
2131         (WebCore::platformReleaseMemory):
2132
2133 2018-05-04  Chris Dumez  <cdumez@apple.com>
2134
2135         Unreviewed, rolling out r231331.
2136
2137         Caused a few tests to assert
2138
2139         Reverted changeset:
2140
2141         "Stop using an iframe's id as fallback if its name attribute
2142         is not set"
2143         https://bugs.webkit.org/show_bug.cgi?id=11388
2144         https://trac.webkit.org/changeset/231331
2145
2146 2018-05-04  Youenn Fablet  <youenn@apple.com>
2147
2148         Use more references in updateTracksOfType
2149         https://bugs.webkit.org/show_bug.cgi?id=185305
2150
2151         Reviewed by Eric Carlson.
2152
2153         No change of behavior.
2154
2155         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
2156         (WebCore::updateTracksOfType):
2157         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):
2158
2159 2018-05-04  Myles C. Maxfield  <mmaxfield@apple.com>
2160
2161         Text shaping in the simple path is flipped in the y direction
2162         https://bugs.webkit.org/show_bug.cgi?id=185062
2163         <rdar://problem/39778678>
2164
2165         Reviewed by Simon Fraser.
2166
2167         Shaping in our simple codepath occurs in an "increasing-y-goes-up" coordinate system, but our painting
2168         code uses an "increasing-y-goes-down" coordinate system. We weren't fixing up the coordinate systems
2169         because we never noticed. This is because the simple codepath is only designed for kerning and ligatures,
2170         neither of which move glyphs vertically in the common case.
2171
2172         Test: fast/text/vertical-displacement-simple-codepath.html
2173
2174         * platform/graphics/Font.cpp:
2175         (WebCore::Font::applyTransforms const):
2176         * platform/graphics/WidthIterator.cpp:
2177         (WebCore::WidthIterator::applyFontTransforms):
2178
2179 2018-05-04  Chris Nardi  <cnardi@chromium.org>
2180
2181         Serialize all URLs with double-quotes per CSSOM spec
2182         https://bugs.webkit.org/show_bug.cgi?id=184935
2183
2184         Reviewed by Antti Koivisto.
2185
2186         According to https://drafts.csswg.org/cssom/#serialize-a-url, all URLs should be serialized as strings,
2187         which means they should have double quotes around the text of the URL. Update our implementation to match
2188         this (and Firefox/Chrome). Also remove isCSSTokenizerURL() as this method is no longer needed.
2189
2190         Tests: Many LayoutTests updated to use double quotes.
2191
2192         * css/CSSMarkup.cpp:
2193         (WebCore::serializeString): Remove FIXME as this was already fixed in a previous patch.
2194         (WebCore::serializeURL): Remove FIXME and update implementation.
2195
2196 2018-05-04  Youenn Fablet  <youenn@apple.com>
2197
2198         LayoutTests/fast/mediastream/change-tracks-media-stream-being-played.html is crashing after r231304
2199         https://bugs.webkit.org/show_bug.cgi?id=185303
2200
2201         Reviewed by Eric Carlson.
2202
2203         We need to stop observing the audio track like we do for video track once we are no longer interested in it.
2204         Covered by test no longer crashing.
2205
2206         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
2207         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::updateTracks):
2208
2209 2018-05-04  Zalan Bujtas  <zalan@apple.com>
2210
2211         [LFC] Set the invalidation root as the result of style change.
2212         https://bugs.webkit.org/show_bug.cgi?id=185301
2213
2214         Reviewed by Antti Koivisto.
2215
2216         Compute/propagate the update type on the ancestor chain and return the invalidation root
2217         so that LayoutContext could use it as the entry point for the next layout frame.
2218
2219         * layout/LayoutContext.cpp:
2220         (WebCore::Layout::LayoutContext::updateLayout):
2221         (WebCore::Layout::LayoutContext::styleChanged):
2222         * layout/LayoutContext.h: order is not important.
2223         * layout/blockformatting/BlockInvalidation.cpp:
2224         (WebCore::Layout::invalidationStopsAtFormattingContextBoundary):
2225         (WebCore::Layout::computeUpdateType):
2226         (WebCore::Layout::computeUpdateTypeForAncestor):
2227         (WebCore::Layout::BlockInvalidation::invalidate):
2228         * layout/blockformatting/BlockInvalidation.h:
2229         * layout/inlineformatting/InlineInvalidation.cpp:
2230         (WebCore::Layout::InlineInvalidation::invalidate):
2231         * layout/inlineformatting/InlineInvalidation.h:
2232
2233 2018-05-04  Youenn Fablet  <youenn@apple.com>
2234
2235         PeerConnection should have its connectionState closed even if doing gathering
2236         https://bugs.webkit.org/show_bug.cgi?id=185267
2237
2238         Reviewed by Darin Adler.
2239
2240         Test: webrtc/addICECandidate-closed.html
2241
2242         In case m_iceConnectionState is closed, m_connectionState should also be set to closed
2243         and RTCPeerConnection should be closed so as to reject any other call.
2244
2245         * Modules/mediastream/RTCPeerConnection.cpp:
2246         (WebCore::RTCPeerConnection::close):
2247         (WebCore::RTCPeerConnection::updateConnectionState):
2248
2249 2018-05-04  Yacine Bandou  <yacine.bandou_ext@softathome.com>
2250
2251         [MSE][GStreamer] Delete properly the stream from the WebKitMediaSource
2252         https://bugs.webkit.org/show_bug.cgi?id=185242
2253
2254         Reviewed by Xabier Rodriguez-Calvar.
2255
2256         When the sourceBuffer is removed from mediasource, the appropriate stream is not
2257         properly deleted from WebKitMediaSource, because the appsrc and parser elements
2258         of the stream are not removed from the WebKitMediaSource bin.
2259
2260         This patch avoids the regression of r231089, see https://bugs.webkit.org/show_bug.cgi?id=185071
2261
2262         * platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:
2263         (webKitMediaSrcFreeStream):
2264
2265 2018-05-04  Carlos Garcia Campos  <cgarcia@igalia.com>
2266
2267         [GTK] Epiphany (GNOME Web) says "Error downloading: Service Unavailable." when trying to download an image from discogs.com
2268         https://bugs.webkit.org/show_bug.cgi?id=174730
2269
2270         Reviewed by Michael Catanzaro.
2271
2272         Export ResourceRequestBase::hasHTTPHeaderField().
2273
2274         * platform/network/ResourceRequestBase.h:
2275
2276 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2277
2278         Use subprocess.call instead of os.system to handle path with spaces
2279         https://bugs.webkit.org/show_bug.cgi?id=185291
2280
2281         Reviewed by Darin Adler.
2282
2283         If gperf path includes spaces, these python scripts fail to execute gperf.
2284         We use subprocess module instead of os.system to invoke gperf.
2285
2286         * css/makeSelectorPseudoClassAndCompatibilityElementMap.py:
2287         * css/makeSelectorPseudoElementsMap.py:
2288         * platform/network/create-http-header-name-table:
2289
2290 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2291
2292         Unreviewed, attempt to fix WinCairo build failure
2293         https://bugs.webkit.org/show_bug.cgi?id=185218
2294
2295         * platform/text/win/LocaleWin.cpp:
2296         (WebCore::LocaleWin::getLocaleInfoString):
2297
2298 2018-05-03  Filip Pizlo  <fpizlo@apple.com>
2299
2300         Strings should not be allocated in a gigacage
2301         https://bugs.webkit.org/show_bug.cgi?id=185218
2302
2303         Reviewed by Saam Barati.
2304
2305         No new tests because no new behavior.
2306
2307         * Modules/indexeddb/server/IDBSerialization.cpp:
2308         (WebCore::decodeKey):
2309         * bindings/js/SerializedScriptValue.cpp:
2310         (WebCore::CloneDeserializer::readString):
2311         * html/canvas/CanvasRenderingContext2D.cpp:
2312         (WebCore::normalizeSpaces):
2313         * html/parser/HTMLTreeBuilder.cpp:
2314         (WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer::takeRemainingWhitespace):
2315         * platform/URLParser.cpp:
2316         (WebCore::percentEncodeByte):
2317         (WebCore::serializeURLEncodedForm):
2318         (WebCore::URLParser::serialize):
2319         * platform/URLParser.h:
2320         * platform/graphics/FourCC.cpp:
2321         (WebCore::FourCC::toString const):
2322         * platform/graphics/ca/GraphicsLayerCA.cpp:
2323         (WebCore::GraphicsLayerCA::ReplicaState::cloneID const):
2324         * platform/text/LocaleICU.cpp:
2325         (WebCore::LocaleICU::decimalSymbol):
2326         (WebCore::LocaleICU::decimalTextAttribute):
2327         (WebCore::getDateFormatPattern):
2328         (WebCore::LocaleICU::createLabelVector):
2329         (WebCore::getFormatForSkeleton):
2330         * platform/win/FileSystemWin.cpp:
2331         (WebCore::FileSystem::getFinalPathName):
2332         (WebCore::FileSystem::pathByAppendingComponent):
2333         (WebCore::FileSystem::storageDirectory):
2334
2335 2018-05-02  Brent Fulgham  <bfulgham@apple.com>
2336
2337         Widgets should hold a WeakPtr to their parents
2338         https://bugs.webkit.org/show_bug.cgi?id=185239
2339         <rdar://problem/39741250>
2340
2341         Reviewed by Zalan Bujtas.
2342
2343         * platform/ScrollView.h:
2344         (WebCore::ScrollView::weakPtrFactory): Added.
2345         * platform/Widget.cpp:
2346         (WebCore::Widget::init): Don't perform an unnecessary assignment.
2347         (WebCore::Widget::setParent): Grab a WeakPtr to the parent ScrollView.
2348         * platform/Widget.h:
2349         (WebCore::Widget::parent const): Change type to a WeakPtr.
2350
2351 2018-05-03  Yusuke Suzuki  <utatane.tea@gmail.com>
2352
2353         Use pointer instead of std::optional<T&>
2354         https://bugs.webkit.org/show_bug.cgi?id=185186
2355
2356         Reviewed by Alex Christensen.
2357
2358         std::optional<T&> is not accepted in C++17 spec.
2359         In this patch, we replace it with T*, which is well-aligned to
2360         WebKit's convention.
2361
2362         * Modules/mediastream/RTCPeerConnection.cpp:
2363         (WebCore::iceServersFromConfiguration):
2364         (WebCore::RTCPeerConnection::initializeConfiguration):
2365         (WebCore::RTCPeerConnection::setConfiguration):
2366         * css/parser/CSSParser.cpp:
2367         (WebCore::CSSParser::parseSystemColor):
2368         * css/parser/CSSParser.h:
2369         * dom/DatasetDOMStringMap.cpp:
2370         (WebCore::DatasetDOMStringMap::item const):
2371         (WebCore::DatasetDOMStringMap::namedItem const):
2372         (WebCore:: const): Deleted.
2373         * dom/DatasetDOMStringMap.h:
2374         * dom/Element.cpp:
2375         (WebCore::Element::insertAdjacentHTML):
2376         * dom/Element.h:
2377         * html/canvas/CanvasStyle.cpp:
2378         (WebCore::parseColor):
2379         * inspector/DOMEditor.cpp:
2380         * platform/network/curl/CurlFormDataStream.cpp:
2381         (WebCore::CurlFormDataStream::getPostData):
2382         (): Deleted.
2383         * platform/network/curl/CurlFormDataStream.h:
2384         * platform/network/curl/CurlRequest.cpp:
2385         (WebCore::CurlRequest::setupPOST):
2386         * testing/MockCDMFactory.cpp:
2387         (WebCore::MockCDMFactory::keysForSessionWithID const):
2388         (WebCore::MockCDMInstance::updateLicense):
2389         (WebCore:: const): Deleted.
2390         * testing/MockCDMFactory.h:
2391
2392 2018-05-03  Chris Dumez  <cdumez@apple.com>
2393
2394         Stop using an iframe's id as fallback if its name attribute is not set
2395         https://bugs.webkit.org/show_bug.cgi?id=11388
2396
2397         Reviewed by Geoff Garen.
2398
2399         WebKit had logic to use an iframe's id as fallback name when its name
2400         content attribute is not set. This behavior was not standard and did not
2401         match other browsers:
2402         - https://html.spec.whatwg.org/#attr-iframe-name
2403
2404         Gecko / Trident never behaved this way. Blink was aligned with us until
2405         they started to match the specification in:
2406         - https://bugs.chromium.org/p/chromium/issues/detail?id=347169
2407
2408         This WebKit quirk was causing some Web-compatibility issues because it
2409         would affect the behavior of Window's name property getter when trying
2410         to look up an iframe by id. Because of Window's named property getter
2411         behavior [1], we would return the frame's contentWindow instead of the
2412         iframe element itself.
2413
2414         [1] https://html.spec.whatwg.org/multipage/window-object.html#named-access-on-the-window-object
2415
2416         Test: fast/dom/Window/named-getter-frame-id.html
2417
2418         * html/HTMLFrameElementBase.cpp:
2419         (WebCore::HTMLFrameElementBase::openURL):
2420         (WebCore::HTMLFrameElementBase::parseAttribute):
2421         (WebCore::HTMLFrameElementBase::didFinishInsertingNode):
2422         * html/HTMLFrameElementBase.h:
2423
2424 2018-05-03  Eric Carlson  <eric.carlson@apple.com>
2425
2426         [iOS] Internal text and audio tracks not in fullscreen menu
2427         https://bugs.webkit.org/show_bug.cgi?id=185268
2428         <rdar://problem/38673440>
2429
2430         Reviewed by Jer Noble.
2431
2432         * platform/cocoa/PlaybackSessionModelMediaElement.mm:
2433         (WebCore::PlaybackSessionModelMediaElement::setMediaElement): 'addtrack' and 'removetrack'
2434         events are fired at the track lists, not the media element.
2435
2436 2018-05-03  Ryosuke Niwa  <rniwa@webkit.org>
2437
2438         Using image map inside a shadow tree results hits a release assert in DocumentOrderedMap::add
2439         https://bugs.webkit.org/show_bug.cgi?id=185238
2440
2441         Reviewed by Antti Koivisto.
2442
2443         The bug was caused by DocumentOrderedMap for the image elements with usemap being stored in Document
2444         even if those image elements were in a shadow tree. Fixed the bug by moving the map to TreeScope.
2445
2446         Test: fast/images/imagemap-in-nested-shadow-tree.html
2447               fast/images/imagemap-in-shadow-tree.html
2448
2449         * dom/Document.cpp:
2450         (WebCore::Document::addImageElementByUsemap): Moved to TreeScope.
2451         (WebCore::Document::removeImageElementByUsemap): Ditto.
2452         (WebCore::Document::imageElementByUsemap const): Ditto.
2453         * dom/Document.h:
2454         * dom/TreeScope.cpp:
2455         (WebCore::TreeScope::destroyTreeScopeData): Clear m_imagesByUsemap as well as m_elementsByName.
2456         (WebCore::TreeScope::getImageMap const): Removed the code to parse usemap. RenderImage::imageMap()
2457         which used to call this function with the raw value of the usemap content attribute now calls it
2458         via HTMLImageElement::associatedMapElement(), which uses the parsed usemap.
2459         (WebCore::TreeScope::addImageElementByUsemap): Moved from Document.
2460         (WebCore::TreeScope::removeImageElementByUsemap): Ditto.
2461         (WebCore::TreeScope::imageElementByUsemap const): Ditto.
2462         * dom/TreeScope.h:
2463         * html/HTMLImageElement.cpp:
2464         (WebCore::HTMLImageElement::parseAttribute):
2465         (WebCore::HTMLImageElement::insertedIntoAncestor): This image element can be associated with a map element
2466         if it's connected to a document.
2467         (WebCore::HTMLImageElement::removedFromAncestor):
2468         (WebCore::HTMLImageElement::associatedMapElement const):
2469         * html/HTMLImageElement.h:
2470         * html/HTMLMapElement.cpp:
2471         (WebCore::HTMLMapElement::imageElement):
2472         * rendering/RenderImage.cpp:
2473         (WebCore::RenderImage::imageMap const):
2474
2475 2018-05-03  Justin Fan  <justin_fan@apple.com>
2476
2477         [WebGL] Add runtime flag for enabling ASTC support in WebGL
2478         https://bugs.webkit.org/show_bug.cgi?id=184840
2479
2480         Reviewed by Myles C. Maxfield.
2481
2482         Added runtime flag for ASTC support in WebGL, to turn on/off when extension is implemented.
2483
2484         * page/RuntimeEnabledFeatures.h:
2485         (WebCore::RuntimeEnabledFeatures::setWebGLCompressedTextureASTCSupportEnabled):
2486         (WebCore::RuntimeEnabledFeatures::webGLCompressedTextureASTCSupportEnabled const):
2487
2488 2018-05-03  Chris Nardi  <cnardi@chromium.org>
2489
2490         Remove [NoInterfaceObject] from DOMRectList
2491         https://bugs.webkit.org/show_bug.cgi?id=185255
2492
2493         Reviewed by Chris Dumez.
2494
2495         In https://github.com/w3c/fxtf-drafts/issues/233, [NoInterfaceObject] was removed
2496         from DOMRectList. Remove it from our implementation to match the spec, as well as
2497         Chrome and Firefox.
2498
2499         Updated web platform tests IDL test for the Geometry spec.
2500
2501         * dom/DOMRectList.idl:
2502
2503 2018-05-03  Chris Dumez  <cdumez@apple.com>
2504
2505         REGRESSION(iOS 11.3): Crashes in TimerBase::~TimerBase() in Tencent x5gamehelper
2506         https://bugs.webkit.org/show_bug.cgi?id=185073
2507         <rdar://problem/39821223>
2508
2509         Reviewed by Alexey Proskuryakov.
2510
2511         The following changes were made:
2512         - Make sure SocketStream callbacks are always scheduled on the right runloop:
2513           WebThreadRunLoop() on WebKitLegacy iOS, loaderRunLoop() on Windows and
2514           main runloop otherwise.
2515         - When the SocketStream callbacks are called, unconditionally call callOnMainThreadAndWait()
2516           before calling methods on the SocketStream client. Previously, this code path
2517           was specific to Windows but there is no reason to have platform-specific code here.
2518           callOnMainThreadAndWait() calls the function right away if we're already on the main
2519           thread, which will be the case on other platform than Windows.
2520
2521         * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
2522         (WebCore::callbacksRunLoop):
2523         (WebCore::callbacksRunLoopMode):
2524         (WebCore::SocketStreamHandleImpl::scheduleStreams):
2525         (WebCore::SocketStreamHandleImpl::pacExecutionCallback):
2526         (WebCore::SocketStreamHandleImpl::executePACFileURL):
2527         (WebCore::SocketStreamHandleImpl::removePACRunLoopSource):
2528         (WebCore::SocketStreamHandleImpl::readStreamCallback):
2529         (WebCore::SocketStreamHandleImpl::writeStreamCallback):
2530         (WebCore::SocketStreamHandleImpl::platformClose):
2531
2532 2018-05-03  Zalan Bujtas  <zalan@apple.com>
2533
2534         [LFC] Enable multiple layout roots for incremental layout.
2535         https://bugs.webkit.org/show_bug.cgi?id=185185
2536
2537         Reviewed by Antti Koivisto.
2538
2539         With certain type of style changes, we can stop the box invalidation at the formatting context boundary.
2540         When multiple boxes need updating in different formatting contexts, instead of marking the parent containing block chain all
2541         the way up to a common ancestor, we could just work with a list of layout entry points per layout frame.
2542
2543         * layout/FormattingState.h:
2544         * layout/LayoutContext.cpp:
2545         (WebCore::Layout::LayoutContext::updateLayout):
2546         (WebCore::Layout::LayoutContext::addLayoutEntryPoint):
2547         * layout/LayoutContext.h:
2548
2549 2018-05-03  Zalan Bujtas  <zalan@apple.com>
2550
2551         [LFC] Box invalidation logic should go to dedicated classes.
2552         https://bugs.webkit.org/show_bug.cgi?id=185249
2553
2554         Reviewed by Antti Koivisto.
2555
2556         Each formatting context can initiate a different type of invalidation when
2557         style attribute changes in a box.
2558
2559         * Sources.txt:
2560         * WebCore.xcodeproj/project.pbxproj:
2561         * layout/FormattingState.cpp:
2562         (WebCore::Layout::FormattingState::FormattingState):
2563         * layout/FormattingState.h:
2564         (WebCore::Layout::FormattingState::isBlockFormattingState const):
2565         (WebCore::Layout::FormattingState::isInlineFormattingState const):
2566         * layout/LayoutContext.cpp:
2567         (WebCore::Layout::LayoutContext::styleChanged):
2568         (WebCore::Layout::LayoutContext::markNeedsUpdate):
2569         * layout/LayoutContext.h:
2570         * layout/blockformatting/BlockFormattingState.cpp:
2571         (WebCore::Layout::BlockFormattingState::BlockFormattingState):
2572         * layout/blockformatting/BlockFormattingState.h:
2573         * layout/blockformatting/BlockInvalidation.cpp: Copied from Source/WebCore/layout/blockformatting/BlockFormattingState.cpp.
2574         (WebCore::Layout::BlockInvalidation::invalidate):
2575         * layout/blockformatting/BlockInvalidation.h: Copied from Source/WebCore/layout/inlineformatting/InlineFormattingState.h.
2576         * layout/inlineformatting/InlineFormattingState.cpp:
2577         (WebCore::Layout::InlineFormattingState::InlineFormattingState):
2578         * layout/inlineformatting/InlineFormattingState.h:
2579         * layout/inlineformatting/InlineInvalidation.cpp: Copied from Source/WebCore/layout/inlineformatting/InlineFormattingState.cpp.
2580         (WebCore::Layout::InlineInvalidation::invalidate):
2581         * layout/inlineformatting/InlineInvalidation.h: Copied from Source/WebCore/layout/blockformatting/BlockFormattingState.h.
2582
2583 2018-05-03  Michael Catanzaro  <mcatanzaro@igalia.com>
2584
2585         WebKit should send fake macOS user agent to docs.google.com
2586         https://bugs.webkit.org/show_bug.cgi?id=185165
2587
2588         Reviewed by Carlos Garcia Campos.
2589
2590         * platform/UserAgentQuirks.cpp:
2591         (WebCore::urlRequiresMacintoshPlatform):
2592         (WebCore::urlRequiresLinuxDesktopPlatform):
2593
2594 2018-05-03  Commit Queue  <commit-queue@webkit.org>
2595
2596         Unreviewed, rolling out r231223 and r231288.
2597         https://bugs.webkit.org/show_bug.cgi?id=185256
2598
2599         The change in r231223 breaks internal builds, and r231288 is a
2600         dependent change. (Requested by ryanhaddad on #webkit).
2601
2602         Reverted changesets:
2603
2604         "Use default std::optional if it is provided"
2605         https://bugs.webkit.org/show_bug.cgi?id=185159
2606         https://trac.webkit.org/changeset/231223
2607
2608         "Use pointer instead of
2609         std::optional<std::reference_wrapper<>>"
2610         https://bugs.webkit.org/show_bug.cgi?id=185186
2611         https://trac.webkit.org/changeset/231288
2612
2613 2018-05-03  Ryan Haddad  <ryanhaddad@apple.com>
2614
2615         Unreviewed, rolling out r231253.
2616
2617         The API test added with this change is crashing on the bots.
2618
2619         Reverted changeset:
2620
2621         "Web Inspector: opt out of process swap on navigation if a Web
2622         Inspector frontend is connected"
2623         https://bugs.webkit.org/show_bug.cgi?id=184861
2624         https://trac.webkit.org/changeset/231253
2625
2626 2018-05-03  Youenn Fablet  <youenn@apple.com>
2627
2628         A MediaStream being played should allow removing some of its tracks
2629         https://bugs.webkit.org/show_bug.cgi?id=185233
2630
2631         Reviewed by Eric Carlson.
2632
2633         Update the tracks out of the for loop.
2634         Test: fast/mediastream/change-tracks-media-stream-being-played.html
2635
2636         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
2637         (WebCore::updateTracksOfType):
2638
2639 2018-05-03  Miguel Gomez  <magomez@igalia.com>
2640
2641         WebCore::TextureMapperLayer object used after freed
2642         https://bugs.webkit.org/show_bug.cgi?id=184729
2643
2644         Reviewed by Michael Catanzaro.
2645
2646         Replace the raw pointers with WeakPtr for effectTarget, maskLayer and replicaLayer
2647         inside TextureMapperLayer.
2648
2649         * platform/graphics/texmap/TextureMapperLayer.cpp:
2650         (WebCore::TextureMapperLayer::~TextureMapperLayer):
2651         (WebCore::TextureMapperLayer::setMaskLayer):
2652         (WebCore::TextureMapperLayer::setReplicaLayer):
2653         * platform/graphics/texmap/TextureMapperLayer.h:
2654
2655 2018-05-03  Basuke Suzuki  <Basuke.Suzuki@sony.com>
2656
2657         [Curl] Add OpenSSL/LibreSSL multi-threading support
2658         https://bugs.webkit.org/show_bug.cgi?id=185138
2659
2660         The older OpenSSL manual says the locking_function and threadid_function should
2661         be set when use it in multi-threading environment. This applies to LibreSSL also.
2662         https://www.openssl.org/docs/man1.0.2/crypto/threads.html
2663
2664         For unix and other similar os, the default threadId_function implementation is
2665         good enough. We'll set custom callback only for Windows OS.
2666
2667         Note it's not required for OpenSSL 1.1.0 and after.
2668         https://www.openssl.org/blog/blog/2017/02/21/threads/
2669
2670         Reviewed by Per Arne Vollan.
2671
2672         * platform/network/curl/CurlSSLHandle.cpp:
2673         (WebCore::CurlSSLHandle::CurlSSLHandle):
2674         (WebCore::CurlSSLHandle::ThreadSupport::ThreadSupport):
2675         (WebCore::CurlSSLHandle::ThreadSupport::lockingCallback):
2676         (WebCore::CurlSSLHandle::ThreadSupport::threadIdCallback):
2677         * platform/network/curl/CurlSSLHandle.h:
2678         (WebCore::CurlSSLHandle::ThreadSupport::setup):
2679         (WebCore::CurlSSLHandle::ThreadSupport::singleton):
2680         (WebCore::CurlSSLHandle::ThreadSupport::lock):
2681         (WebCore::CurlSSLHandle::ThreadSupport::unlock):
2682
2683 2018-05-02  Ryosuke Niwa  <rniwa@webkit.org>
2684
2685         Remove superfluous check for a null attribute value check in Element::removeAttributeInternal
2686         https://bugs.webkit.org/show_bug.cgi?id=185227
2687
2688         Reviewed by Chris Dumez.
2689
2690         Removed the check. The attribute value string can never be null.
2691
2692         * dom/Element.cpp:
2693         (WebCore::Element::removeAttributeInternal):
2694
2695 2018-05-02  Zalan Bujtas  <zalan@apple.com>
2696
2697         [LFC] Implement LayoutContext::createDisplayBox
2698         https://bugs.webkit.org/show_bug.cgi?id=185158
2699
2700         Reviewed by Antti Koivisto.
2701
2702         Now compute*() functions take both the const layout and the corresponding non-const display boxes.
2703         Display boxes are owned by the LayoutContext and they don't form a tree structure (only implicitly through the layout tree).
2704         (This might need to change in the future if we decide to arrange them in some sort of painting order)
2705
2706         * layout/FloatingContext.cpp:
2707         (WebCore::Layout::FloatingContext::computePosition):
2708         * layout/FloatingContext.h:
2709         * layout/FormattingContext.cpp:
2710         (WebCore::Layout::FormattingContext::computeStaticPosition const):
2711         (WebCore::Layout::FormattingContext::computeInFlowPositionedPosition const):
2712         (WebCore::Layout::FormattingContext::computeOutOfFlowPosition const):
2713         (WebCore::Layout::FormattingContext::computeWidth const):
2714         (WebCore::Layout::FormattingContext::computeHeight const):
2715         (WebCore::Layout::FormattingContext::computeOutOfFlowWidth const):
2716         (WebCore::Layout::FormattingContext::computeFloatingWidth const):
2717         (WebCore::Layout::FormattingContext::computeOutOfFlowHeight const):
2718         (WebCore::Layout::FormattingContext::computeFloatingHeight const):
2719         * layout/FormattingContext.h:
2720         * layout/LayoutContext.cpp:
2721         (WebCore::Layout::LayoutContext::createDisplayBox):
2722         * layout/LayoutContext.h:
2723         (WebCore::Layout::LayoutContext::displayBoxForLayoutBox const):
2724         * layout/blockformatting/BlockFormattingContext.cpp:
2725         (WebCore::Layout::BlockFormattingContext::layout const):
2726         (WebCore::Layout::BlockFormattingContext::computeStaticPosition const):
2727         (WebCore::Layout::BlockFormattingContext::computeInFlowWidth const):
2728         (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
2729         * layout/blockformatting/BlockFormattingContext.h:
2730         * layout/displaytree/DisplayBox.h:
2731         (WebCore::Display::Box::parent const): Deleted.
2732         (WebCore::Display::Box::nextSibling const): Deleted.
2733         (WebCore::Display::Box::previousSibling const): Deleted.
2734         (WebCore::Display::Box::firstChild const): Deleted.
2735         (WebCore::Display::Box::lastChild const): Deleted.
2736         (WebCore::Display::Box::setParent): Deleted.
2737         (WebCore::Display::Box::setNextSibling): Deleted.
2738         (WebCore::Display::Box::setPreviousSibling): Deleted.
2739         (WebCore::Display::Box::setFirstChild): Deleted.
2740         (WebCore::Display::Box::setLastChild): Deleted.
2741         (): Deleted.
2742         * layout/inlineformatting/InlineFormattingContext.cpp:
2743         (WebCore::Layout::InlineFormattingContext::computeInFlowWidth const):
2744         (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
2745         * layout/inlineformatting/InlineFormattingContext.h:
2746
2747 2018-05-02  Said Abou-Hallawa  <sabouhallawa@apple.com>
2748
2749         Hiding then showing an <object> of type image makes the underlaying image disappear
2750         https://bugs.webkit.org/show_bug.cgi?id=185216
2751         <rdar://problem/39055630>
2752
2753         Reviewed by Youenn Fablet.
2754
2755         Ensure the HTMLPlugInImageElement updates the RenderImageResource of its
2756         RenderImage with the CachedImage of its ImageLoader when the RenderImage
2757         is recreated.
2758
2759         Test: fast/images/object-image-hide-show.html
2760
2761         * html/HTMLPlugInImageElement.cpp:
2762         (WebCore::HTMLPlugInImageElement::didAttachRenderers):
2763         This is very similar to what we do in HTMLImageElement::didAttachRenderers().
2764
2765
2766 2018-05-02  Brent Fulgham  <bfulgham@apple.com>
2767
2768         Use RetainPtr for form input type
2769         https://bugs.webkit.org/show_bug.cgi?id=185210
2770         <rdar://problem/39734040>
2771
2772         Reviewed by Ryosuke Niwa.
2773
2774         Refactor our HTMLInputElement class to store its InputType member as a RefPtr.
2775
2776         Test: fast/forms/access-key-mutation-2.html.
2777
2778         * html/HTMLInputElement.cpp:
2779         (WebCore::HTMLInputElement::HTMLInputElement):
2780         (WebCore::HTMLInputElement::didAddUserAgentShadowRoot):
2781         (WebCore::HTMLInputElement::accessKeyAction):
2782         (WebCore::HTMLInputElement::parseAttribute):
2783         (WebCore::HTMLInputElement::appendFormData):
2784         * html/HTMLInputElement.h:
2785         * html/InputType.cpp:
2786         (WebCore::createInputType):
2787         (WebCore::InputType::create):
2788         (WebCore::InputType::createText):
2789         * html/InputType.h:
2790
2791 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
2792
2793         Use pointer instead of std::optional<std::reference_wrapper<>>
2794         https://bugs.webkit.org/show_bug.cgi?id=185186
2795
2796         Reviewed by Alex Christensen.
2797
2798         std::optional<T&> is not accepted in C++17 spec. So we replaced it
2799         with std::optional<std::reference_wrapper<T>>.
2800
2801         In this patch, we replace it with T*, which is well-aligned to
2802         WebKit's convention.
2803
2804         * Modules/mediastream/RTCPeerConnection.cpp:
2805         (WebCore::iceServersFromConfiguration):
2806         (WebCore::RTCPeerConnection::initializeConfiguration):
2807         (WebCore::RTCPeerConnection::setConfiguration):
2808         * css/parser/CSSParser.cpp:
2809         (WebCore::CSSParser::parseSystemColor):
2810         * css/parser/CSSParser.h:
2811         * dom/DatasetDOMStringMap.cpp:
2812         (WebCore::DatasetDOMStringMap::item const):
2813         (WebCore::DatasetDOMStringMap::namedItem const):
2814         * dom/DatasetDOMStringMap.h:
2815         * dom/Element.cpp:
2816         (WebCore::Element::insertAdjacentHTML):
2817         * dom/Element.h:
2818         * html/canvas/CanvasStyle.cpp:
2819         (WebCore::parseColor):
2820         * inspector/DOMEditor.cpp:
2821         * platform/network/curl/CurlFormDataStream.cpp:
2822         (WebCore::CurlFormDataStream::getPostData):
2823         * platform/network/curl/CurlFormDataStream.h:
2824         * platform/network/curl/CurlRequest.cpp:
2825         (WebCore::CurlRequest::setupPOST):
2826         * testing/MockCDMFactory.cpp:
2827         (WebCore::MockCDMFactory::keysForSessionWithID const):
2828         (WebCore::MockCDMInstance::updateLicense):
2829         * testing/MockCDMFactory.h:
2830
2831 2018-05-02  Keith Rollin  <krollin@apple.com>
2832
2833         Add facility for tracking times and results of page and resource loading
2834         https://bugs.webkit.org/show_bug.cgi?id=184838
2835         <rdar://problem/36548974>
2836
2837         Reviewed by Brent Fulgham.
2838
2839         Update FrameProgressTracker to send the necessary page load start/stop
2840         signals so that we can track the entire page load at a network level.
2841         Add an empty override of the pure virtual
2842         LoaderStrategy::pageLoadCompleted method.
2843
2844         No new tests. There is no testable effect from these changes. On
2845         Cocoa, measurable changes take place in another (non-WebKit) process.
2846         On non-Cocoa systems, this facility is currently disabled.
2847
2848         * loader/FrameLoader.cpp:
2849         (WebCore::FrameLoader::FrameProgressTracker::progressCompleted):
2850         * loader/LoaderStrategy.h:
2851
2852 2018-05-02  Aditya Keerthi  <akeerthi@apple.com>
2853
2854         Can't copy and paste URLs that have no title into Mail (macOS)
2855         https://bugs.webkit.org/show_bug.cgi?id=185205
2856         <rdar://problem/36352406>
2857
2858         Reviewed by Tim Horton.
2859
2860         The pasteboardURL generated has an empty title for URLs without titles. Currently, the pasteboardURL.title is being saved to the pasteboard.
2861
2862         To fix the error, we check whether the title is empty and instead save the lastPathComponent to the pasteboard. This matches current behavior as the fallback title.
2863
2864         Augmented WebKitLegacy.ContextMenuCanCopyURL test
2865
2866         * platform/mac/PasteboardMac.mm:
2867         (WebCore::writeURLForTypes):
2868
2869 2018-05-01  Ryosuke Niwa  <rniwa@webkit.org>
2870
2871         REGRESSION(r225868): Release assert when removing an SVGUseElement from Document::m_svgUseElements
2872         https://bugs.webkit.org/show_bug.cgi?id=182188
2873         <rdar://problem/36689240>
2874
2875         Reviewed by Antti Koivisto.
2876
2877         Fixed the crash by removing up the release assert.
2878
2879         The crash is likely caused by re-entrancy to Document::resolveStyle during SVGUseElement::updateShadowTree.
2880         Because Document::resolveStyle invokes updateShadowTree on SVG use elements in Document::m_svgUseElements
2881         without clearing the map, the nested call to resolveStyle ends up calling updateShadowTree() for all elements
2882         in m_svgUseElements and removing them all from the map. When the stack frame eventually comes back to the outer
2883         invocation of Document::resolveStyle, updateShadowTree gets invoked for the second time on SVG use elements
2884         whose shadow tree had already been updated within the inner invocation to updateShadowTree, and release-asserts.
2885
2886         There is an alternative fix: avoid calling updateShadowTree on a svg element when shadowTreeNeedsUpdate returns
2887         true on the element in resolveStyle. However, removing the release assert is a sure way to fix the crash so
2888         this patch opts for that fix instead especially since we don't have any reproducible test case for this crash.
2889
2890         This release assertion was added in r225868 as a cautious measure to catch any use-after-frees of SVGUseElement's
2891         since m_svgUseElements stored raw pointes to SVG use elements but this crash is not an indicative of any UAF,
2892         and there is no evidence that r225868 has led to new UAFs even after five months.
2893
2894         No new tests. I couldn't find a way to trigger a nested style update inside SVGUseElement::updateShadowTree.
2895
2896         * dom/Document.cpp:
2897         (WebCore::Document::removeSVGUseElement):
2898
2899 2018-05-02  Dirk Schulze  <dschulze@chromium.org>
2900
2901         getCharNumAtPosition should take DOMPointInit as argument
2902         https://bugs.webkit.org/show_bug.cgi?id=184695
2903
2904         Reviewed by Antti Koivisto.
2905
2906         Extend existing tests for getCharNumAtPosition.
2907
2908         * svg/SVGTextContentElement.cpp:
2909         (WebCore::SVGTextContentElement::getCharNumAtPosition):
2910         * svg/SVGTextContentElement.h:
2911         * svg/SVGTextContentElement.idl: Use DOMPointInit argument.
2912
2913 2018-05-02  Youenn Fablet  <youenn@apple.com>
2914
2915         Use NetworkLoadChecker for navigation loads
2916         https://bugs.webkit.org/show_bug.cgi?id=184892
2917         <rdar://problem/39652686>
2918
2919         Reviewed by Chris Dumez.
2920
2921         Sanitize headers according response tainting.
2922         If tainting is basic, it means same origin load in which case we only filter Cookie related headers.
2923         If tainting is Opaque, we filter all uncommon headers.
2924         If tainting is CORS, we filter all uncommon headers except the one explicitely allowed by CORS headers.
2925         Covered by updated test.
2926
2927         * platform/network/ResourceResponseBase.cpp:
2928         (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFieldsAccordingToTainting):
2929         (WebCore::ResourceResponseBase::sanitizeHTTPHeaderFields):
2930         * platform/network/ResourceResponseBase.h:
2931
2932 2018-05-02  Myles C. Maxfield  <mmaxfield@apple.com>
2933
2934         Collection fragment identifiers don't use PostScript names
2935         https://bugs.webkit.org/show_bug.cgi?id=184624
2936         <rdar://problem/39432089>
2937
2938         Reviewed by Simon Fraser.
2939
2940         In a previous version of the CSS Fonts spec, there was text saying that items in font collections
2941         should be 1-indexed (so the first item would be MyFonts.ttc#1). However, this is unfortunate because
2942         inserting an item into the middle of a collection would throw off all content that uses the file.
2943         Instead, the spec has since changed to use PostScript names (so the content instead would say
2944         MyFonts.ttc#MyFont-Regular).
2945
2946         Test: fast/text/font-collection.html
2947
2948         * css/CSSFontFaceSource.cpp:
2949         (WebCore::CSSFontFaceSource::load):
2950         * loader/cache/CachedFont.cpp:
2951         (WebCore::CachedFont::calculateItemInCollection const):
2952         (WebCore::CachedFont::ensureCustomFontData):
2953         (WebCore::CachedFont::createCustomFontData):
2954         (WebCore::CachedFont::calculateIndex const): Deleted.
2955         * loader/cache/CachedFont.h:
2956         * platform/graphics/mac/FontCustomPlatformData.cpp:
2957         (WebCore::createFontCustomPlatformData):
2958         * platform/graphics/mac/FontCustomPlatformData.h:
2959
2960 2018-05-02  Brian Burg  <bburg@apple.com>
2961
2962         Web Inspector: opt out of process swap on navigation if a Web Inspector frontend is connected
2963         https://bugs.webkit.org/show_bug.cgi?id=184861
2964         <rdar://problem/39153768>
2965
2966         Reviewed by Ryosuke Niwa.
2967
2968         Notify the client of the current connection count whenever a frontend connects or disconnects.
2969
2970         Covered by new API test.
2971
2972         * inspector/InspectorClient.h:
2973         (WebCore::InspectorClient::frontendCountChanged):
2974         * inspector/InspectorController.cpp:
2975         (WebCore::InspectorController::connectFrontend):
2976         (WebCore::InspectorController::disconnectFrontend):
2977         (WebCore::InspectorController::disconnectAllFrontends):
2978         * inspector/InspectorController.h:
2979
2980 2018-05-02  Carlos Alberto Lopez Perez  <clopez@igalia.com>
2981
2982         [GStreamer] Remove unneeded include of gstgldisplay_wayland.h after r228866 and r229022
2983         https://bugs.webkit.org/show_bug.cgi?id=185207
2984
2985         Reviewed by Michael Catanzaro.
2986
2987         Remove unneeded include of gstgldisplay_wayland.h
2988
2989         No new tests, no change in behaviour.
2990
2991         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
2992
2993 2018-05-02  Chris Dumez  <cdumez@apple.com>
2994
2995         document.open() event listener removal is not immediate
2996         https://bugs.webkit.org/show_bug.cgi?id=185191
2997
2998         Reviewed by Darin Adler.
2999
3000         We need to make sure we set the 'wasremoved' flag on RegisteredEventListeners
3001         whenever they get removed from the EventListenerMap. We were doing so correctly
3002         in EventListenerMap:remove() but not EventListenerMap::clear(). This patch
3003         updates clear() accordingly.
3004
3005         The reason we need to set this flag is that RegisteredEventListeners is RefCounted
3006         and EventTarget::fireEventListeners() may be currently running and calling
3007         each listener one by one, holding a reference to all listener of a given event.
3008
3009         Test: fast/dom/Document/document-open-removes-all-listeners.html
3010
3011         * dom/EventListenerMap.cpp:
3012         (WebCore::EventListenerMap::clear):
3013
3014 2018-05-02  Zalan Bujtas <zalan@apple.com>
3015
3016         Use WeakPtr in GridCell
3017         https://bugs.webkit.org/show_bug.cgi?id=185180
3018         <rdar://problem/39432165>
3019
3020         Reviewed by Antti Koivisto.
3021
3022         Since GridCell does not own the renderers, it should
3023         construct weak pointers.
3024
3025         Unable to create a reliably reproducible test case.
3026
3027         * rendering/Grid.cpp:
3028         (WebCore::Grid::insert):
3029         (WebCore::GridIterator::nextGridItem):
3030         * rendering/Grid.h:
3031         * rendering/RenderGrid.cpp:
3032         (WebCore::RenderGrid::firstLineBaseline const):
3033
3034 2018-05-02  Eric Carlson  <eric.carlson@apple.com>
3035
3036         [iOS] Provide audio route information when invoking AirPlay picker
3037         https://bugs.webkit.org/show_bug.cgi?id=185199
3038         <rdar://problem/39853103>
3039
3040         Reviewed by Jer Noble.
3041
3042         No new tests, this requires a specific hardware setup.
3043
3044         * dom/Document.cpp:
3045         (WebCore::Document::showPlaybackTargetPicker): Pass route sharing policy and routing context UID.
3046         * dom/Document.h:
3047
3048         * html/MediaElementSession.cpp:
3049         (WebCore::MediaElementSession::showPlaybackTargetPicker): Ditto.
3050
3051         * loader/EmptyClients.h:
3052         * page/ChromeClient.h:
3053
3054         * page/Page.cpp:
3055         (WebCore::Page::showPlaybackTargetPicker): Ditto.
3056         * page/Page.h:
3057
3058         * platform/audio/AudioSession.cpp:
3059         (WebCore::AudioSession::routeSharingPolicy const): Empty implementation for non-iOS ports.
3060         (WebCore::routingContextUID const): Ditto.
3061         * platform/audio/AudioSession.h:
3062
3063         * platform/audio/ios/AudioSessionIOS.mm:
3064         (WebCore::AudioSession::routeSharingPolicy const): Return the route sharing policy.
3065         (WebCore::AudioSession::routingContextUID const): Return the route context UID.
3066
3067 2018-05-02  Dean Jackson  <dino@apple.com>
3068
3069         Draw SystemPreview badge to specification on iOS
3070         https://bugs.webkit.org/show_bug.cgi?id=185203
3071         <rdar://problem/39908855>
3072
3073         Reviewed by Tim Horton.
3074
3075         Use CoreImage to render a badge with a blurred background,
3076         at particular sizes.
3077
3078         This will be tested internally while we're getting artwork
3079         from WebKitAdditions.
3080
3081         * Configurations/WebCore.xcconfig: Link against CoreImage.
3082         * rendering/RenderThemeIOS.h:
3083         * rendering/RenderThemeIOS.mm:
3084         (WebCore::RenderThemeIOS::paintSystemPreviewBadge): New function
3085         in the iOS platform RenderTheme that draws the system preview.
3086
3087 2018-05-01  Brent Fulgham  <bfulgham@apple.com>
3088
3089         Prevent Debug ASSERT when changing forms
3090         https://bugs.webkit.org/show_bug.cgi?id=185173
3091         <rdar://problem/39738669>
3092
3093         Reviewed by Ryosuke Niwa.
3094
3095         Form submission could trigger a debug assertion during validation when
3096         a form is changed during an input submission. Fix this by cleaning up
3097         the event handling logic and make it more consistent with modern WebKit
3098         coding style.
3099
3100         Test: fast/forms/form-submission-crash-3.html
3101
3102         * html/HTMLButtonElement.cpp:
3103         (WebCore::HTMLButtonElement::defaultEventHandler): Make sure layout runs before
3104         attempting to perform event handling.
3105         * html/HTMLFormElement.cpp:
3106         (WebCore::HTMLFormElement::reportValidity): Ditto.
3107         (WebCore::HTMLFormElement::validateInteractively): Remove call to perform layout here,
3108         since we expect this to happen earlier in the layout pass. Add an assertion that the
3109         tree is not dirty.
3110         * html/ImageInputType.cpp:
3111         (WebCore::ImageInputType::handleDOMActivateEvent): Make sure layout runs before
3112         attempting to perform event handling.
3113         * html/SubmitInputType.cpp:
3114         (WebCore::SubmitInputType::handleDOMActivateEvent): Ditto.
3115
3116 2018-05-02  Jer Noble  <jer.noble@apple.com>
3117
3118         Unreviewed; address review comments made before landing r231231.
3119
3120         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
3121         (VideoFullscreenControllerContext::volume const):
3122
3123 2018-05-02  Jer Noble  <jer.noble@apple.com>
3124
3125         Pipe volume through PlaybackSessionManager/Proxy.
3126         https://bugs.webkit.org/show_bug.cgi?id=185182
3127
3128         Reviewed by Eric Carlson.
3129
3130         Add support for the volume property to PlaybackSessionModel, and all its clients.
3131
3132         * platform/cocoa/PlaybackSessionModel.h:
3133         (WebCore::PlaybackSessionModelClient::volumeChanged):
3134         * platform/cocoa/PlaybackSessionModelMediaElement.h:
3135         * platform/cocoa/PlaybackSessionModelMediaElement.mm:
3136         (WebCore::PlaybackSessionModelMediaElement::updateForEventName):
3137         (WebCore::PlaybackSessionModelMediaElement::setVolume):
3138         (WebCore::PlaybackSessionModelMediaElement::volume const):
3139         * platform/ios/PlaybackSessionInterfaceAVKit.h:
3140         * platform/ios/PlaybackSessionInterfaceAVKit.mm:
3141         (WebCore::PlaybackSessionInterfaceAVKit::volumeChanged):
3142         * platform/ios/WebAVPlayerController.h:
3143         * platform/ios/WebAVPlayerController.mm:
3144         (-[WebAVPlayerController volume]):
3145         (-[WebAVPlayerController setVolume:]):
3146         (-[WebAVPlayerController volumeChanged:]):
3147         (-[WebAVPlayerController resetMediaState]):
3148         * platform/ios/WebVideoFullscreenControllerAVKit.mm:
3149         (VideoFullscreenControllerContext::volumeChanged):
3150         (VideoFullscreenControllerContext::volume const):
3151         (VideoFullscreenControllerContext::setVolume):
3152
3153 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
3154
3155         Unreviewed, fix build in WinCairo
3156         https://bugs.webkit.org/show_bug.cgi?id=185169
3157
3158         * bindings/js/JSDOMWindowBase.cpp:
3159         (WebCore::JSDOMWindowBase::instantiateStreaming):
3160         * bindings/js/JSDOMWindowBase.h:
3161
3162 2018-05-01  Yusuke Suzuki  <utatane.tea@gmail.com>
3163
3164         Use default std::optional if it is provided
3165         https://bugs.webkit.org/show_bug.cgi?id=185159
3166
3167         Reviewed by JF Bastien.
3168
3169         * Modules/mediastream/RTCPeerConnection.cpp:
3170         (WebCore::iceServersFromConfiguration):
3171         (WebCore::RTCPeerConnection::setConfiguration):
3172         * css/parser/CSSParser.cpp:
3173         (WebCore::CSSParser::parseSystemColor):
3174         * css/parser/CSSParser.h:
3175         * dom/DatasetDOMStringMap.cpp:
3176         (WebCore::DatasetDOMStringMap::item const):
3177         (WebCore::DatasetDOMStringMap::namedItem const):
3178         (WebCore:: const): Deleted.
3179         * dom/DatasetDOMStringMap.h:
3180         * dom/Element.cpp:
3181         (WebCore::Element::insertAdjacentHTML):
3182         * dom/Element.h:
3183         * inspector/DOMEditor.cpp:
3184         * platform/network/curl/CurlFormDataStream.cpp:
3185         (WebCore::CurlFormDataStream::getPostData):
3186         (): Deleted.
3187         * platform/network/curl/CurlFormDataStream.h:
3188         * testing/MockCDMFactory.cpp:
3189         (WebCore::MockCDMFactory::keysForSessionWithID const):
3190         (WebCore::MockCDMInstance::updateLicense):
3191         (WebCore:: const): Deleted.
3192         * testing/MockCDMFactory.h:
3193
3194 2018-05-01  Chris Dumez  <cdumez@apple.com>
3195
3196         Add release assertions in CFNetwork's SocketStreamHandleImpl to help debug a threading issue
3197         https://bugs.webkit.org/show_bug.cgi?id=185181
3198
3199         Reviewed by Geoffrey Garen.
3200
3201         Add release assertions in CFNetwork's SocketStreamHandleImpl to help debug a threading issue
3202         on iOS WebKitLegacy (Bug 185073). It appears readStreamCallback() can get called on the UIThread,
3203         which should not be possible if scheduleStreams() was called on the WebThread, as it is supposed
3204         to. The new release assertion in scheduleStreams() should tell us if somebody is calling it from
3205         the UIthread instead of the WebThread on iOS WebKitLegacy.
3206
3207         * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
3208         (WebCore::SocketStreamHandleImpl::scheduleStreams):
3209         (WebCore::SocketStreamHandleImpl::readStreamCallback):
3210
3211 2018-05-01  Wenson Hsieh  <wenson_hsieh@apple.com>
3212
3213         Unreviewed, remove an unused variable in RuntimeEnabledFeatures.h
3214
3215         * page/RuntimeEnabledFeatures.h:
3216
3217 2018-05-01  Oleksandr Skachkov  <gskachkov@gmail.com>
3218
3219         Fix build error after r231194
3220         https://bugs.webkit.org/show_bug.cgi?id=185169
3221
3222         Reviewed by JF Bastien.
3223
3224         Prevent compile error in iOS Simulator debug build
3225         by tagging function
3226
3227         * bindings/js/JSDOMWindowBase.cpp:
3228         (WebCore::JSDOMWindowBase::compileStreaming):
3229         (WebCore::JSDOMWindowBase::instantiateStreaming):
3230
3231 2018-05-01  Oleksandr Skachkov  <gskachkov@gmail.com>
3232
3233         WebAssembly: add support for stream APIs - JavaScript API
3234         https://bugs.webkit.org/show_bug.cgi?id=183442
3235
3236         Reviewed by Yusuke Suzuki and JF Bastien.
3237
3238         Add WebAssembly streaming API to WebCore.
3239
3240         * Configurations/FeatureDefines.xcconfig:
3241         * bindings/js/JSDOMWindowBase.cpp:
3242         (WebCore::tryAllocate):
3243         (WebCore::isResponseCorrect):
3244         (WebCore::handleResponseOnStreamingAction):
3245         (WebCore::JSDOMWindowBase::compileStreaming):
3246         (WebCore::JSDOMWindowBase::instantiateStreaming):
3247         * bindings/js/JSDOMWindowBase.h:
3248         * bindings/js/JSRemoteDOMWindowBase.cpp:
3249         * bindings/js/JSWorkerGlobalScopeBase.cpp:
3250
3251 2018-04-30  Myles C. Maxfield  <mmaxfield@apple.com>
3252
3253         Improve the performance of FontCascadeDescription's effectiveFamilies
3254         https://bugs.webkit.org/show_bug.cgi?id=184720
3255         <rdar://problem/38970927>
3256
3257         Reviewed by Simon Fraser.
3258
3259         The page that had the performance problem renders many different Chinese characters in system-ui
3260         with only a small number of individual fonts. It turns out we were calling into the system-ui
3261         machinery for each character in order to opportunistically start loading data URLs (see also:
3262         https://bugs.webkit.org/show_bug.cgi?id=175845). These data URLS will never represent the system
3263         font, so we don't need to invoke the system-ui machinery at all.
3264
3265         This patch makes a 92x performance improvement on the associated performance test. This test is
3266         designed to test Chinese text rendered with system-ui.
3267
3268         Performance test: Layout/system-ui.html
3269
3270         * platform/graphics/FontCascadeFonts.cpp:
3271         (WebCore::opportunisticallyStartFontDataURLLoading):
3272
3273 2018-04-30  Jer Noble  <jer.noble@apple.com>
3274
3275         <img src=mp4> does not display on ios despite Accept: video/* advertisement
3276         https://bugs.webkit.org/show_bug.cgi?id=185029
3277         <rdar://problem/39771989>
3278
3279         Reviewed by Eric Carlson.
3280
3281         Returning "NO" from resourceLoader:shouldWaitForLoadingOfResource: signals that the load failed,
3282         even if the resource request is successfully fulfilled prior to the return. Always return YES in
3283         the case that loading succeeded.
3284
3285         * platform/graphics/avfoundation/objc/ImageDecoderAVFObjC.mm:
3286         (-[WebCoreSharedBufferResourceLoaderDelegate resourceLoader:shouldWaitForLoadingOfRequestedResource:]):
3287
3288 2018-04-30  Zalan Bujtas  <zalan@apple.com>
3289
3290         REGRESSION(r230914) Selecting text on this apple.com page makes it vanish
3291         https://bugs.webkit.org/show_bug.cgi?id=185142
3292         <rdar://problem/39821446>
3293
3294         Reviewed by Simon Fraser.
3295
3296         Set the overflow rect on the inline textbox when needed.
3297
3298         Test: fast/text/simple-line-layout-selection-with-overflow.html
3299
3300         * rendering/SimpleLineLayoutFunctions.cpp:
3301         (WebCore::SimpleLineLayout::initializeInlineTextBox):
3302         (WebCore::SimpleLineLayout::generateLineBoxTree):
3303         (WebCore::SimpleLineLayout::initializeInlineBox): Deleted.
3304
3305 2018-04-30  JF Bastien  <jfbastien@apple.com>
3306
3307         Use some C++17 features
3308         https://bugs.webkit.org/show_bug.cgi?id=185135
3309
3310         Reviewed by Alex Christensen.
3311
3312         As discussed here [0] let's move WebKit to a subset of C++17. We
3313         now require GCC 6 [1] which means that, according to [2] we can
3314         use the following C++17 language features (I removed some
3315         uninteresting ones):
3316
3317          - New auto rules for direct-list-initialization
3318          - static_assert with no message
3319          - typename in a template template parameter
3320          - Nested namespace definition
3321          - Attributes for namespaces and enumerators
3322          - u8 character literals
3323          - Allow constant evaluation for all non-type template arguments
3324          - Fold Expressions
3325          - Unary fold expressions and empty parameter packs
3326          - __has_include in preprocessor conditional
3327          - Differing begin and end types in range-based for
3328          - Improving std::pair and std::tuple
3329
3330         Consult the Tony Tables [3] to see before / after examples.
3331
3332         Of course we can use any library feature if we're willing to
3333         import them to WTF (and they don't require language support).
3334
3335
3336           [0]: https://lists.webkit.org/pipermail/webkit-dev/2018-March/029922.html
3337           [1]: https://trac.webkit.org/changeset/231152/webkit
3338           [2]: https://en.cppreference.com/w/cpp/compiler_support
3339           [3]: https://github.com/tvaneerd/cpp17_in_TTs/blob/master/ALL_IN_ONE.md
3340
3341         * DerivedSources.make:
3342         * platform/URLParser.cpp: work around an odd GCC 6 bug with class
3343           static value as a template parameter.
3344         (WebCore::URLParser::percentDecode):
3345         (WebCore::URLParser::domainToASCII):
3346         (WebCore::URLParser::hasForbiddenHostCodePoint):
3347         (WebCore::URLParser::parseHostAndPort):
3348         * platform/URLParser.h:
3349
3350 2018-04-30  Wenson Hsieh  <wenson_hsieh@apple.com>
3351
3352         [Extra zoom mode] Respect the existing shrink-to-fit attribute instead of using min-device-width
3353         https://bugs.webkit.org/show_bug.cgi?id=185132
3354         <rdar://problem/39834562>
3355
3356         Reviewed by Tim Horton.
3357
3358         Removes the `min-device-width` attribute added in r231095. Instead, we key this behavior off of the
3359         `shrink-to-fit` attribute introduced for multitasking on iPad, such that `shrink-to-fit=no` achieves the same
3360         behavior as `min-device-width=0` in extra zoom mode. See comments below for more detail.
3361
3362         Adjusted an existing layout test: fast/viewport/extrazoom/viewport-change-min-device-width.html.
3363
3364         * dom/ViewportArguments.cpp:
3365         (WebCore::setViewportFeature):
3366         (WebCore::operator<<):
3367         * dom/ViewportArguments.h:
3368
3369         Removes the `minDeviceWidth` viewport argument.
3370
3371         * page/RuntimeEnabledFeatures.h:
3372         (WebCore::RuntimeEnabledFeatures::setMinDeviceWidthEnabled): Deleted.
3373         (WebCore::RuntimeEnabledFeatures::minDeviceWidthEnabled const): Deleted.
3374
3375         Removes the runtime switch for `min-device-width`.
3376
3377         * page/ViewportConfiguration.cpp:
3378         (WebCore::platformDeviceWidthOverride):
3379
3380         Hard-code the override device width in extra zoom mode.
3381
3382         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthAndShrinkToFit const):
3383
3384         In extra zoom mode, override the device width only if shrink-to-fit has not been expliticly disabled, and the
3385         device width is less than the override device width.
3386
3387         (WebCore::ViewportConfiguration::shouldIgnoreHorizontalScalingConstraints const):
3388         (WebCore::ViewportConfiguration::shouldIgnoreScalingConstraintsRegardlessOfContentSize const):
3389         (WebCore::ViewportConfiguration::updateConfiguration):
3390         (WebCore::ViewportConfiguration::updateMinimumLayoutSize):
3391
3392         Do not override the minimum layout size if `shrink-to-fit` has been explicitly explicitly disabled, or if the
3393         device width is greater than the override device width.
3394
3395         (WebCore::computedMinDeviceWidth): Deleted.
3396         (WebCore::ViewportConfiguration::shouldOverrideDeviceWidthWithMinDeviceWidth const): Deleted.
3397         * page/ViewportConfiguration.h:
3398
3399 2018-04-30  Chris Nardi  <cnardi@chromium.org>
3400
3401         Serialize font-variation-settings with double-quotes per spec
3402         https://bugs.webkit.org/show_bug.cgi?id=182542
3403
3404         Reviewed by Myles C. Maxfield.
3405
3406         According to the CSSOM spec [1], all strings should be serialized with double-quotes.
3407         The axis name in font-variation-settings was previously serialized with single-quotes;
3408         change this to double-quotes to match the spec and non-WebKit browsers.
3409
3410         [1]: https://drafts.csswg.org/cssom/#common-serializing-idioms
3411
3412         Updated fast/text/variations/getComputedStyle.html to test the change.
3413
3414         * css/CSSFontVariationValue.cpp:
3415         (WebCore::CSSFontVariationValue::customCSSText const):
3416
3417 2018-04-30  Chris Dumez  <cdumez@apple.com>
3418
3419         Fix bad use of RunLoop::main().dispatch() in MessagePort::dispatchMessages()
3420         https://bugs.webkit.org/show_bug.cgi?id=185134
3421
3422         Reviewed by Geoffrey Garen.
3423
3424         Fix bad use of RunLoop::main().dispatch() in MessagePort::dispatchMessages(). This code runs on iOS WebKitLegacy
3425         and it is therefore unsafe to use RunLoop::main() here. We want to use callOnMainThread() instead to run code on
3426         the WebThread.
3427
3428         * dom/MessagePort.cpp:
3429         (WebCore::MessagePort::dispatchMessages):
3430
3431 2018-04-30  Simon Fraser  <simon.fraser@apple.com>
3432
3433         Make color-filter affect caret-color
3434         https://bugs.webkit.org/show_bug.cgi?id=185129
3435         rdar://problem/39829066
3436
3437         Reviewed by Tim Horton.
3438         
3439         Transform the colors used to compare the caret color with the background through
3440         color-filter (since we want contrasting colors after filters are applied), and
3441         transform caret-color itself.
3442
3443         Test: css3/color-filters/color-filter-caret-color.html
3444
3445         * editing/FrameSelection.cpp:
3446         (WebCore::CaretBase::paintCaret const):
3447
3448 2018-04-30  Michael Catanzaro  <mcatanzaro@igalia.com>
3449
3450         [GTK] Webkit should spoof as Safari on a Mac when on Chase.com
3451         https://bugs.webkit.org/show_bug.cgi?id=185103
3452
3453         Reviewed by Carlos Garcia Campos.
3454
3455         Send a fake user agent to chase.com to make it work.
3456
3457         * platform/UserAgentQuirks.cpp:
3458         (WebCore::urlRequiresMacintoshPlatform):
3459         (WebCore::UserAgentQuirks::stringForQuirk): Also, remove this stale comment.
3460
3461 2018-04-29  Simon Fraser  <simon.fraser@apple.com>
3462
3463         Make color-filter affect <attachment>
3464         https://bugs.webkit.org/show_bug.cgi?id=185122
3465         rdar://problem/39818763
3466
3467         Reviewed by Tim Horton.
3468         
3469         Convert the colors used to render <attachment> through color-filter, except
3470         for those parts that render over the icon (like the progress bar).
3471
3472         Not easily testable.
3473
3474         * rendering/RenderThemeMac.mm:
3475         (WebCore::titleTextColorForAttachment):
3476         (WebCore::AttachmentLayout::layOutTitle):
3477         (WebCore::AttachmentLayout::layOutSubtitle):
3478         (WebCore::paintAttachmentIconBackground):
3479         (WebCore::paintAttachmentTitleBackground):
3480         (WebCore::paintAttachmentPlaceholderBorder):
3481
3482 2018-04-28  Simon Fraser  <simon.fraser@apple.com>
3483
3484         Fix color-filter to apply to SVG colors
3485         https://bugs.webkit.org/show_bug.cgi?id=185113
3486         rdar://problem/39665082
3487
3488         Reviewed by Dean Jackson.
3489         
3490         Convert SVG colors through color-filter operations for the places in SVG
3491         that use color, namely fill and stroke, gradients, lighting colors and
3492         drop-shadow.
3493
3494         Test: css3/color-filters/svg/color-filter-inline-svg.html
3495
3496         * rendering/svg/RenderSVGResourceGradient.cpp:
3497         (WebCore::RenderSVGResourceGradient::applyResource):
3498         * rendering/svg/RenderSVGResourceGradient.h:
3499         * rendering/svg/RenderSVGResourceLinearGradient.cpp:
3500         (WebCore::RenderSVGResourceLinearGradient::buildGradient const):
3501         * rendering/svg/RenderSVGResourceLinearGradient.h:
3502         * rendering/svg/RenderSVGResourceRadialGradient.cpp:
3503         (WebCore::RenderSVGResourceRadialGradient::buildGradient const):
3504         * rendering/svg/RenderSVGResourceRadialGradient.h:
3505         * rendering/svg/RenderSVGResourceSolidColor.cpp:
3506         (WebCore::RenderSVGResourceSolidColor::applyResource):
3507         * svg/SVGFEDiffuseLightingElement.cpp:
3508         (WebCore::SVGFEDiffuseLightingElement::setFilterEffectAttribute):
3509         (WebCore::SVGFEDiffuseLightingElement::build):
3510         * svg/SVGFEDropShadowElement.cpp:
3511         (WebCore::SVGFEDropShadowElement::build):
3512         * svg/SVGFEFloodElement.cpp:
3513         (WebCore::SVGFEFloodElement::build):
3514         * svg/SVGFESpecularLightingElement.cpp:
3515         (WebCore::SVGFESpecularLightingElement::setFilterEffectAttribute):
3516         (WebCore::SVGFESpecularLightingElement::build):
3517
3518 2018-04-29  Michael Catanzaro  <mcatanzaro@igalia.com>
3519
3520         [CMake] Require GCC 6
3521         https://bugs.webkit.org/show_bug.cgi?id=184985
3522
3523         Reviewed by Alex Christensen.
3524
3525         Remove a GCC 5 fallback path. This seems to be the only such fallback path in WebKit.
3526
3527         * platform/graphics/FourCC.h:
3528         (WebCore::FourCC::FourCC):
3529
3530 2018-04-29  Zalan Bujtas  <zalan@apple.com>
3531
3532         [LFC] Implement Display::Box functions
3533         https://bugs.webkit.org/show_bug.cgi?id=185116
3534
3535         Reviewed by Antti Koivisto.
3536
3537         * layout/displaytree/DisplayBox.cpp:
3538         (WebCore::Display::Box::Box):
3539         (WebCore::Display::Box::~Box):
3540         (WebCore::Display::Box::marginBox const):
3541         (WebCore::Display::Box::borderBox const):
3542         (WebCore::Display::Box::paddingBox const):
3543         (WebCore::Display::Box::contentBox const):
3544         * layout/displaytree/DisplayBox.h:
3545         (WebCore::Display::Box::rect const):
3546         (WebCore::Display::Box::top const):
3547         (WebCore::Display::Box::left const):
3548         (WebCore::Display::Box::bottom const):
3549         (WebCore::Display::Box::right const):
3550         (WebCore::Display::Box::topLeft const):
3551         (WebCore::Display::Box::bottomRight const):
3552         (WebCore::Display::Box::size const):
3553         (WebCore::Display::Box::width const):
3554         (WebCore::Display::Box::height const):
3555         (WebCore::Display::Box::marginTop const):
3556         (WebCore::Display::Box::marginLeft const):
3557         (WebCore::Display::Box::marginBottom const):
3558         (WebCore::Display::Box::marginRight const):
3559         (WebCore::Display::Box::parent const):
3560         (WebCore::Display::Box::nextSibling const):
3561         (WebCore::Display::Box::previousSibling const):
3562         (WebCore::Display::Box::firstChild const):
3563         (WebCore::Display::Box::lastChild const):
3564         (WebCore::Display::Box::setRect):
3565         (WebCore::Display::Box::setTopLeft):
3566         (WebCore::Display::Box::setTop):
3567         (WebCore::Display::Box::setLeft):
3568         (WebCore::Display::Box::setSize):
3569         (WebCore::Display::Box::setWidth):
3570         (WebCore::Display::Box::setHeight):
3571         (WebCore::Display::Box::setMarginTop):
3572         (WebCore::Display::Box::setMarginLeft):
3573         (WebCore::Display::Box::setMarginBottom):
3574         (WebCore::Display::Box::setMarginRight):
3575         (WebCore::Display::Box::setBorderTop):
3576         (WebCore::Display::Box::setBorderLeft):
3577         (WebCore::Display::Box::setBorderBottom):
3578         (WebCore::Display::Box::setBorderRight):
3579         (WebCore::Display::Box::setPaddingTop):
3580         (WebCore::Display::Box::setPaddingLeft):
3581         (WebCore::Display::Box::setPaddingBottom):
3582         (WebCore::Display::Box::setPaddingRight):
3583         (WebCore::Display::Box::setParent):
3584         (WebCore::Display::Box::setNextSibling):
3585         (WebCore::Display::Box::setPreviousSibling):
3586         (WebCore::Display::Box::setFirstChild):
3587         (WebCore::Display::Box::setLastChild):
3588
3589 2018-04-29  Youenn Fablet  <youenn@apple.com>
3590
3591         Make RestrictedHTTPResponseAccess flag true by default
3592         https://bugs.webkit.org/show_bug.cgi?id=185089
3593
3594         Reviewed by Geoffrey Garen.
3595
3596         * page/RuntimeEnabledFeatures.h:
3597
3598 2018-04-28  Sihui Liu  <sihui_liu@apple.com>
3599
3600         [Cocoa] Set HTTPOnly flag when converting Cookie to NSHTTPCookie
3601         https://bugs.webkit.org/show_bug.cgi?id=185052
3602
3603         Reviewed by Geoffrey Garen.
3604
3605         Set HTTPOnly for NSHTTPCookie when it's converted from Cookie, so the WebKit APIs could 
3606         create NSHTTPCookie with correct HTTPOnly flag. Also, reverted the change made to operator
3607         function because we want the Cookie class to act as a wrapper for NSHTTPCookie and leverage
3608         its equal function. 
3609
3610         Modified API test: WebKit.WKHTTPCookieStoreHttpOnly
3611
3612         * platform/network/cocoa/CookieCocoa.mm:
3613         (WebCore::Cookie::operator NSHTTPCookie * const):
3614         (WebCore::Cookie::operator== const):
3615         * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
3616         (WebCore::NetworkStorageSession::deleteCookie):
3617
3618 2018-04-28  Zalan Bujtas  <zalan@apple.com>
3619
3620         [LFC] Add LayoutTreeBuilder class to generate the layout tree
3621         https://bugs.webkit.org/show_bug.cgi?id=185108
3622
3623         Reviewed by Antti Koivisto.
3624
3625         This is for testing purposes.
3626
3627         * WebCore.xcodeproj/project.pbxproj:
3628         * layout/FormattingState.cpp:
3629         (WebCore::Layout::FormattingState::~FormattingState):
3630         * layout/FormattingState.h:
3631         * layout/LayoutContext.h:
3632         * layout/blockformatting/BlockFormattingState.cpp:
3633         (WebCore::Layout::BlockFormattingState::~BlockFormattingState):
3634         * layout/blockformatting/BlockFormattingState.h:
3635         * layout/inlineformatting/InlineFormattingState.cpp:
3636         (WebCore::Layout::InlineFormattingState::~InlineFormattingState):
3637         * layout/inlineformatting/InlineFormattingState.h:
3638         * layout/layouttree/LayoutBlockContainer.h:
3639         * layout/layouttree/LayoutBox.h:
3640         * layout/layouttree/LayoutContainer.h:
3641         * layout/layouttree/LayoutInlineContainer.h:
3642         * layout/layouttree/LayoutTreeBuilder.cpp: Added.
3643         (WebCore::Layout::TreeBuilder::createLayoutTree):
3644         (WebCore::Layout::TreeBuilder::createSubTree):
3645         (WebCore::Layout::outputLayoutBox):
3646         (WebCore::Layout::outputLayoutTree):
3647         (WebCore::Layout::TreeBuilder::showLayoutTree):
3648         (WebCore::Layout::printLayoutTreeForLiveDocuments):
3649         * layout/layouttree/LayoutTreeBuilder.h: Copied from Source/WebCore/layout/layouttree/LayoutBlockContainer.h.
3650         * page/mac/PageMac.mm:
3651         (WebCore::Page::platformInitialize):
3652
3653 2018-04-28  Zalan Bujtas  <zalan@apple.com>
3654
3655         [LFC] Implement BlockMarginCollapse functions.
3656         https://bugs.webkit.org/show_bug.cgi?id=185036
3657
3658         Reviewed by Antti Koivisto.
3659
3660         * layout/blockformatting/BlockMarginCollapse.cpp:
3661         (WebCore::Layout::marginValue):
3662         (WebCore::Layout::BlockMarginCollapse::BlockMarginCollapse):
3663         (WebCore::Layout::BlockMarginCollapse::marginTop const):
3664         (WebCore::Layout::BlockMarginCollapse::marginBottom const):
3665         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithSibling const):
3666         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithSibling const):
3667         (WebCore::Layout::BlockMarginCollapse::isMarginTopCollapsedWithParent const):
3668         (WebCore::Layout::BlockMarginCollapse::isMarginBottomCollapsedWithParent const):
3669         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginTop const):
3670         (WebCore::Layout::BlockMarginCollapse::nonCollapsedMarginBottom const):
3671         (WebCore::Layout::BlockMarginCollapse::collapsedMarginTopFromFirstChild const):
3672         (WebCore::Layout::BlockMarginCollapse::collapsedMarginBottomFromLastChild const):
3673         (WebCore::Layout::BlockMarginCollapse::hasAdjoiningMarginTopAndBottom const):
3674         * layout/blockformatting/BlockMarginCollapse.h:
3675         * layout/layouttree/LayoutBox.h:
3676         (WebCore::Layout::Box::style const):
3677
3678 2018-04-27  David Kilzer  <ddkilzer@apple.com>
3679
3680         Add logging when SpringBoard enables WebThread
3681         <https://webkit.org/b/185100>
3682         <rdar://problem/39746542>
3683
3684         Reviewed by Daniel Bates.
3685
3686         * platform/RuntimeApplicationChecks.h:
3687         (WebCore::IOSApplication::isSpringBoard): Add declaration.
3688         * platform/cocoa/RuntimeApplicationChecksCocoa.mm:
3689         (WebCore::IOSApplication::isSpringBoard): Add implementation.
3690         * platform/ios/wak/WebCoreThread.mm:
3691         (WebThreadEnable): Call RELEASE_LOG_FAULT() if this is called by
3692         SpringBoard.
3693
3694 2018-04-27  Keith Rollin  <krollin@apple.com>
3695
3696         Fix crash in DocumentLoader::startLoadingMainResource
3697         https://bugs.webkit.org/show_bug.cgi?id=185088
3698         rdar://problem/39689263
3699
3700         Reviewed by Chris Dumez.
3701
3702         Add a "protectedThis" to address a case where a deleted "this" was
3703         accessed in a RELEASE_LOG statement.
3704
3705         No new tests -- covered by existing tests, which now pass.
3706
3707         * loader/DocumentLoader.cpp:
3708         (WebCore::DocumentLoader::startLoadingMainResource):
3709
3710 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
3711
3712         Implement color-filter for text stroke
3713         https://bugs.webkit.org/show_bug.cgi?id=185098
3714
3715         Reviewed by Alan Bujtas.
3716         
3717         Transform the text stroke color through color-filter.
3718
3719         Test: css3/color-filters/color-filter-text-stroke.html
3720
3721         * rendering/TextPaintStyle.cpp:
3722         (WebCore::computeTextPaintStyle):
3723
3724 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
3725
3726         Implement animation for color-filter
3727         https://bugs.webkit.org/show_bug.cgi?id=185092
3728         rdar://problem/39773810
3729
3730         Reviewed by Tim Horton.
3731         
3732         Implement animation of color-filter.
3733         
3734         This requires tracking whether the color-filter function lists match for both old and new
3735         animation code paths.
3736         
3737         The filter-related ProperyWappers in CSSPropertyAnimation are cleaned up to use a single wrapper,
3738         which has to pass the propertyID to the blend function so we know which "lists match" to check.
3739         This wrapper reports that its accelerated for filter and backdrop-filter, but not color-filter.
3740
3741         Test: css3/color-filters/color-filter-animation.html
3742
3743         * animation/CSSPropertyBlendingClient.h:
3744         * animation/KeyframeEffectReadOnly.cpp:
3745         (WebCore::KeyframeEffectReadOnly::setBlendingKeyframes):
3746         (WebCore::KeyframeEffectReadOnly::checkForMatchingColorFilterFunctionLists):
3747         * animation/KeyframeEffectReadOnly.h:
3748         * page/animation/AnimationBase.h:
3749         * page/animation/CSSPropertyAnimation.cpp:
3750         (WebCore::blendFunc):
3751         (WebCore::PropertyWrapperFilter::PropertyWrapperFilter):
3752         (WebCore::CSSPropertyAnimationWrapperMap::CSSPropertyAnimationWrapperMap):
3753         (WebCore::PropertyWrapperAcceleratedFilter::PropertyWrapperAcceleratedFilter): Deleted.
3754         (WebCore::PropertyWrapperAcceleratedBackdropFilter::PropertyWrapperAcceleratedBackdropFilter): Deleted.
3755         (WebCore::PropertyWrapperAcceleratedBackdropFilter::animationIsAccelerated const): Deleted.
3756         (WebCore::PropertyWrapperAcceleratedBackdropFilter::blend const): Deleted.
3757         * page/animation/ImplicitAnimation.cpp:
3758         (WebCore::ImplicitAnimation::reset):
3759         (WebCore::ImplicitAnimation::checkForMatchingColorFilterFunctionLists):
3760         * page/animation/ImplicitAnimation.h:
3761         * page/animation/KeyframeAnimation.cpp:
3762         (WebCore::KeyframeAnimation::KeyframeAnimation):
3763         (WebCore::KeyframeAnimation::checkForMatchingColorFilterFunctionLists):
3764         * page/animation/KeyframeAnimation.h:
3765
3766 2018-04-27  Zalan Bujtas  <zalan@apple.com>
3767
3768         [LFC] Add FormattingContext::computeWidth/computeHeight logic.
3769         https://bugs.webkit.org/show_bug.cgi?id=185091
3770
3771         Reviewed by Antti Koivisto.
3772
3773         Inflow width and height can't really be computed without knowing the exact context. 
3774
3775         * layout/FormattingContext.cpp:
3776         (WebCore::Layout::FormattingContext::computeWidth const):
3777         (WebCore::Layout::FormattingContext::computeHeight const):
3778         (WebCore::Layout::FormattingContext::computeOutOfFlowWidth const):
3779         (WebCore::Layout::FormattingContext::computeFloatingWidth const):
3780         (WebCore::Layout::FormattingContext::computeOutOfFlowHeight const):
3781         (WebCore::Layout::FormattingContext::computeFloatingHeight const):
3782         * layout/FormattingContext.h:
3783         * layout/blockformatting/BlockFormattingContext.cpp:
3784         (WebCore::Layout::BlockFormattingContext::computeInFlowWidth const):
3785         (WebCore::Layout::BlockFormattingContext::computeInFlowHeight const):
3786         (WebCore::Layout::BlockFormattingContext::computeWidth const): Deleted.
3787         (WebCore::Layout::BlockFormattingContext::computeHeight const): Deleted.
3788         * layout/blockformatting/BlockFormattingContext.h:
3789         * layout/inlineformatting/InlineFormattingContext.cpp:
3790         (WebCore::Layout::InlineFormattingContext::computeInFlowWidth const):
3791         (WebCore::Layout::InlineFormattingContext::computeInFlowHeight const):
3792         * layout/inlineformatting/InlineFormattingContext.h:
3793
3794 2018-04-27  Chris Dumez  <cdumez@apple.com>
3795
3796         Use WindowProxy instead of DOMWindow in our IDL
3797         https://bugs.webkit.org/show_bug.cgi?id=185022
3798
3799         Reviewed by Sam Weinig.
3800
3801         Stop using DOMWindow in all of our IDL files and use WindowProxy as
3802         per their respective specifications. As a result, the implementation
3803         as also updated to use WindowProxy type instead of DOMWindow.
3804
3805         * WebCore.xcodeproj/project.pbxproj:
3806         * bindings/js/JSDOMConvertWindowProxy.h: Removed.
3807         * bindings/js/JSWindowProxy.cpp:
3808         (WebCore::JSWindowProxy::windowProxy const):
3809         (WebCore::JSWindowProxy::toWrapped):
3810         * bindings/js/JSWindowProxy.h:
3811         (WebCore::window):
3812         Use static_cast<>() instead of jsCast<>() because jsCast<>()
3813         relies on classInfo() which is not allowed to be called during
3814         JS sweep due to an assertion inside classInfo(). The JSWindowProxy
3815         objects are held strongly by the WindowProxy so we know the JSWindowProxy
3816         object is not getting destroyed here.
3817
3818         (WebCore::toJS):
3819         * bindings/js/WindowProxy.cpp:
3820         (WebCore::WindowProxy::globalObject):
3821         * bindings/js/WindowProxy.h:
3822         (WebCore::WindowProxy::frame const):
3823         * bindings/scripts/CodeGenerator.pm:
3824         (IsBuiltinType):
3825         (ComputeIsCallbackInterface):
3826         (ComputeIsCallbackFunction):
3827         * bindings/scripts/CodeGeneratorJS.pm:
3828         (AddToIncludesForIDLType):
3829         (GetBaseIDLType):
3830         (NativeToJSValueDOMConvertNeedsState):
3831         * bindings/scripts/test/JS/JSTestObj.cpp:
3832         (WebCore::jsTestObjPrototypeFunctionOverloadedMethod9Body):
3833         (WebCore::jsTestObjPrototypeFunctionOverloadedMethodOverloadDispatcher):
3834         * bindings/scripts/test/TestObj.idl:
3835         * dom/CompositionEvent.cpp:
3836         (WebCore::CompositionEvent::CompositionEvent):
3837         (WebCore::CompositionEvent::initCompositionEvent):
3838         * dom/CompositionEvent.h:
3839         * dom/CompositionEvent.idl:
3840         * dom/Document.cpp:
3841         (WebCore::Document::defaultView const):
3842         * dom/Document.h:
3843         * dom/Document.idl:
3844         * dom/DocumentTouch.cpp:
3845         (WebCore::DocumentTouch::createTouch):
3846         * dom/DocumentTouch.h:
3847         * dom/DocumentTouch.idl:
3848         * dom/FocusEvent.cpp:
3849         (WebCore::FocusEvent::FocusEvent):
3850         * dom/FocusEvent.h:
3851         * dom/InputEvent.cpp:
3852         (WebCore::InputEvent::create):
3853         (WebCore::InputEvent::InputEvent):
3854         * dom/InputEvent.h:
3855         * dom/KeyboardEvent.cpp:
3856         (WebCore::KeyboardEvent::KeyboardEvent):
3857         (WebCore::KeyboardEvent::create):
3858         (WebCore::KeyboardEvent::initKeyboardEvent):
3859         (WebCore::KeyboardEvent::charCode const):
3860         * dom/KeyboardEvent.h:
3861         * dom/KeyboardEvent.idl:
3862         * dom/MessageEvent.h:
3863         * dom/MessageEvent.idl:
3864         * dom/MouseEvent.cpp:
3865         (WebCore::MouseEvent::create):
3866         (WebCore::MouseEvent::MouseEvent):
3867         (WebCore::MouseEvent::initMouseEvent):
3868         (WebCore::MouseEvent::initMouseEventQuirk):
3869         * dom/MouseEvent.h:
3870         * dom/MouseEvent.idl:
3871         * dom/MouseRelatedEvent.cpp:
3872         (WebCore::MouseRelatedEvent::MouseRelatedEvent):
3873         (WebCore::MouseRelatedEvent::init):
3874         (WebCore::MouseRelatedEvent::frameViewFromWindowProxy):
3875         (WebCore::MouseRelatedEvent::initCoordinates):
3876         (WebCore::MouseRelatedEvent::documentToAbsoluteScaleFactor const):
3877         (WebCore::MouseRelatedEvent::computePageLocation):
3878         (WebCore::MouseRelatedEvent::locationInRootViewCoordinates const):
3879         * dom/MouseRelatedEvent.h:
3880         * dom/Node.cpp:
3881         * dom/SimulatedClick.cpp:
3882         * dom/TextEvent.cpp:
3883         (WebCore::TextEvent::create):
3884         (WebCore::TextEvent::createForPlainTextPaste):
3885         (WebCore::TextEvent::createForFragmentPaste):
3886         (WebCore::TextEvent::createForDrop):
3887         (WebCore::TextEvent::createForDictation):
3888         (WebCore::TextEvent::TextEvent):
3889         (WebCore::TextEvent::initTextEvent):
3890         * dom/TextEvent.h:
3891         * dom/TextEvent.idl:
3892         * dom/TouchEvent.idl:
3893         * dom/UIEvent.cpp:
3894         (WebCore::UIEvent::UIEvent):
3895         (WebCore::UIEvent::initUIEvent):
3896         * dom/UIEvent.h:
3897         (WebCore::UIEvent::create):
3898         (WebCore::UIEvent::view const):
3899         * dom/UIEvent.idl:
3900         * dom/UIEventInit.h:
3901         * dom/UIEventInit.idl:
3902         * dom/UIEventWithKeyState.h:
3903         (WebCore::UIEventWithKeyState::UIEventWithKeyState):
3904         * dom/WheelEvent.cpp:
3905         (WebCore::WheelEvent::WheelEvent):
3906         (WebCore::WheelEvent::create):
3907         (WebCore::WheelEvent::initWebKitWheelEvent):
3908         * dom/WheelEvent.h:
3909         * dom/WheelEvent.idl:
3910         * editing/AlternativeTextController.cpp:
3911         (WebCore::AlternativeTextController::insertDictatedText):
3912         * editing/Editor.cpp:
3913         (WebCore::Editor::pasteAsPlainText):
3914         (WebCore::Editor::pasteAsFragment):
3915         (WebCore::Editor::setComposition):
3916         * html/HTMLDocument.cpp:
3917         (WebCore::HTMLDocument::namedItem):
3918         * html/HTMLDocument.h:
3919         * html/HTMLDocument.idl:
3920         * html/HTMLFrameElement.idl:
3921         * html/HTMLFrameOwnerElement.cpp:
3922         (WebCore::HTMLFrameOwnerElement::contentWindow const):
3923         * html/HTMLFrameOwnerElement.h:
3924         * html/HTMLFrameSetElement.cpp:
3925         (WebCore::HTMLFrameSetElement::namedItem):
3926         * html/HTMLFrameSetElement.h:
3927         * html/HTMLFrameSetElement.idl:
3928         * html/HTMLIFrameElement.idl:
3929         * html/ImageDocument.cpp:
3930         * page/DOMWindow.cpp:
3931         (WebCore::PostMessageTimer::PostMessageTimer):
3932         (WebCore::PostMessageTimer::event):
3933         (WebCore::DOMWindow::postMessage):
3934         * page/DragController.cpp:
3935         (WebCore::DragController::dispatchTextInputEventFor):
3936         * page/EventHandler.cpp:
3937         (WebCore::EventHandler::handleTextInputEvent):
3938
3939 2018-04-27  Nan Wang  <n_wang@apple.com>
3940
3941         AX: Accessibility needs to know which part of the content view is visible on iOS
3942         https://bugs.webkit.org/show_bug.cgi?id=185085
3943         <rdar://problem/39801363>
3944
3945         Reviewed by Chris Fleizach.
3946
3947         Exposed unobscuredContentRect() to iOS accessibility object wrapper.
3948
3949         Test: accessibility/ios-simulator/unobscured-content-rect.html
3950
3951         * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
3952         (-[WebAccessibilityObjectWrapper accessibilityVisibleContentRect]):
3953
3954 2018-04-27  Simon Fraser  <simon.fraser@apple.com>
3955
3956         Refactor filter list checking code
3957         https://bugs.webkit.org/show_bug.cgi?id=185087
3958
3959         Reviewed by Alan Bujtas.
3960
3961         Deduplicate code between filter and backdrop-filter for checking whether function lists
3962         match, by making a shared function that takes a std::function.
3963         
3964         The call sites have to declare the return type (-> const FilterOperations&) to avoid std::function
3965         converting the return type into a value.
3966
3967         * animation/KeyframeEffectReadOnly.cpp:
3968         (WebCore::KeyframeEffectReadOnly::checkForMatchingFilterFunctionLists const):
3969         (WebCore::KeyframeEffectReadOnly::checkForMatchingFilterFunctionLists):
3970         (WebCore::KeyframeEffectReadOnly::checkForMatchingBackdropFilterFunctionLists):
3971         * animation/KeyframeEffectReadOnly.h:
3972         * page/animation/KeyframeAnimation.cpp:
3973         (WebCore::KeyframeAnimation::checkForMatchingFilterFunctionLists const):
3974         (WebCore::KeyframeAnimation::checkForMatchingFilterFunctionLists):
3975         (WebCore::KeyframeAnimation::checkForMatchingBackdropFilterFunctionLists):
3976         * page/animation/KeyframeAnimation.h:
3977
3978 2018-04-27  Chris Dumez  <cdumez@apple.com>
3979
3980         Regression(r222392?): Events can have a negative timestamp which causes app breakage
3981         https://bugs.webkit.org/show_bug.cgi?id=185040
3982         <rdar://problem/39638051>
3983
3984         Reviewed by Wenson Hsieh.
3985
3986         The real fix is in UIKit when generating the touch timestamps. However, this patch
3987         does some hardening to make sure that Event.timestamp can never return a negative
3988         value even if something goes wrong.
3989
3990         * dom/Event.cpp:
3991         (WebCore::Event::timeStampForBindings const):
3992
3993 2018-04-27  Christopher Reid  <chris.reid@sony.com>
3994
3995         URL::appendEncodedHostName is using the deprecated uidna_IDNToASCII function
3996         https://bugs.webkit.org/show_bug.cgi?id=184836
3997
3998         Reviewed by Alex Christensen.
3999
4000         Update URL::appendEncodedHostName to use uidna_nameToASCII as done in r208902.
4001
4002         Test: LayoutTests\fast\url\url-hostname-encoding.html
4003
4004         * platform/URL.cpp:
4005
4006 2018-04-27  Youenn Fablet  <youenn@apple.com>
4007
4008         CachedRawResource is not handling incremental data computation correctly
4009         https://bugs.webkit.org/show_bug.cgi?id=184936
4010         <rdar://problem/38798141>
4011
4012         Reviewed by Darin Adler.
4013
4014         * loader/cache/CachedRawResource.cpp:
4015         (WebCore::CachedRawResource::updateBuffer): Fixing style.
4016
4017 2018-04-27  Zalan Bujtas  <zalan@apple.com>
4018
4019         [LFC] Implement BlockFormattingContext::layout logic and its dependencies
4020         https://bugs.webkit.org/show_bug.cgi?id=185024
4021
4022         Reviewed by Antti Koivisto.
4023
4024         This patch implements the logic for block formatting context according to
4025         https://www.w3.org/TR/CSS22/visuren.html#block-formatting
4026
4027         1. Traverse the tree iteratively (in post-order fashion) and compute the width/static position for the containers as
4028         we visit the descendant nodes until we hit a leaf node.
4029         2. Compute the position/geometry of the leaf node and move over to its sibling(s).
4030         3. Finalize the container's height/final position as we climb back on the tree.
4031         4. Run layout on the out