[WebKit-https.git] / Source / WebCore / ChangeLog

2018-01-11  Zalan Bujtas  <zalan@apple.com>

        RenderTreeUpdater::current() returns null_ptr when mutation is done through Document::resolveStyle.
        https://bugs.webkit.org/show_bug.cgi?id=181513
        <rdar://problem/36367085>

        Reviewed by Antti Koivisto.

        This patch ensures that we use a valid RenderTreeBuilder even when
        Document::resolveStyle (incorrectly) triggers tree mutation.
        It can be reverted soon after the incorrect mutations are taken care of.

        Test: fast/forms/button-set-text-crash.html

        * rendering/RenderButton.cpp:
        (WebCore::RenderButton::setText):
        * rendering/RenderMenuList.cpp:
        (RenderMenuList::setText):

2018-01-11  Antoine Quint  <graouts@apple.com>

        Only listen to webkitplaybacktargetavailabilitychanged when media controls are visible to the user
        https://bugs.webkit.org/show_bug.cgi?id=181547
        <rdar://problem/35947650>

        Reviewed by Eric Carlson.

        Because listening to "webkitplaybacktargetavailabilitychanged" events incurs some higher power usage on iOS,
        we only listen to such events when controls are visible to the user. In other words, the MediaControls need to
        have both "visible" set to "true" and "faded" set to "false". To support this, we add a delegate method on
        MediaControls such that it can tell the MediaController that the "visible" property changed. With this message,
        MediaController can inform its MediaControllerSupport objects that user visibility of the controls changed, which
        lets AirplaySupport disable itself when controls are no longer visible.

        Test: media/modern-media-controls/airplay-support/airplay-support-disable-event-listeners-with-hidden-controls.html

        * Modules/modern-media-controls/controls/media-controls.js:
        (MediaControls.prototype.set visible):
        * Modules/modern-media-controls/media/airplay-support.js:
        (AirplaySupport.prototype.controlsUserVisibilityDidChange):
        * Modules/modern-media-controls/media/media-controller-support.js:
        (MediaControllerSupport.prototype.controlsUserVisibilityDidChange):
        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype.mediaControlsVisibilityDidChange):
        (MediaController.prototype.mediaControlsFadedStateDidChange):
        (MediaController.prototype._controlsUserVisibilityDidChange):

2018-01-11  Antoine Quint  <graouts@apple.com>

        [iOS] There should be no controls markup generated in fullscreen
        https://bugs.webkit.org/show_bug.cgi?id=181540
        <rdar://problem/35060379>

        Reviewed by Eric Carlson.

        We completely forgo the display of any content when fullscreen on iOS by setting the
        "visible" flag to "false" on the MediaControls, which will prevent any DOM content from
        being added.

        * Modules/modern-media-controls/media/media-controller.js:
        (MediaController.prototype.handleEvent):
        (MediaController.prototype._updateiOSFullscreenProperties):
        (MediaController):
        (MediaController.prototype._updateSupportingObjectsEnabledState): Deleted.

2018-01-11  Alex Christensen  <achristensen@webkit.org>

        Revert changes accidentally committed with r226789.
        https://bugs.webkit.org/show_bug.cgi?id=181423

        I had some local changes I did not mean to commit.

        * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
        (scheduledWithCustomRunLoopMode):
        (-[WebCoreResourceHandleAsOperationQueueDelegate callFunctionOnMainThread:]):
        (WebCore::if): Deleted.
        (WebCore::>::fromCallable): Deleted.

2018-01-10  Simon Fraser  <simon.fraser@apple.com>

        On macOS, getBoundingClientRect gives incorrect values when pinch-zoomed
        https://bugs.webkit.org/show_bug.cgi?id=181511
        rdar://problem/33741427

        Reviewed by Zalan Bujtas.
        
        When reverting "client coordinates are relative to layout viewport" in r219829
        I broke documentToClientOffset() on macOS by failing to take pinch zoom scale into
        account (frameScaleFactor() is always 1 on iOs, so this bug doesn't manifest there).

        Covered by existing tests.

        * page/FrameView.cpp:
        (WebCore::FrameView::documentToClientOffset const):

2018-01-11  Youenn Fablet  <youenn@apple.com>

        Replace WebRTCLegacyAPIDisabled by WebRTCLegacyAPIEnabled and switch off WebRTC legacy flag by default
        https://bugs.webkit.org/show_bug.cgi?id=181480

        Reviewed by Eric Carlson.

        No change of behavior.

        * page/RuntimeEnabledFeatures.h: Set default value to false.

2018-01-11  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Support moving attachment elements in editable areas using drag and drop
        https://bugs.webkit.org/show_bug.cgi?id=181337
        <rdar://problem/36324813>

        Reviewed by Tim Horton.

        Makes slight adjustments to attachment-specific drag and drop logic to ensure that moving attachments via drag
        and drop behaves correctly. See per-change comments for more detail.

        Tests:  WKAttachmentTests.DragInPlaceVideoAttachmentElement
                WKAttachmentTests.MoveAttachmentElementAsIconByDragging
                WKAttachmentTests.MoveInPlaceAttachmentElementByDragging

        * editing/cocoa/EditorCocoa.mm:
        (WebCore::Editor::getPasteboardTypesAndDataForAttachment):

        Stop vending the private web archive pasteboard type for attachments, for now. This works around issues where an
        attachment element that is dragged and dropped within the same page may lose its blob backing data if we try to
        remove and insert it as a fragment from the archive. Providing a web archive would allow us to avoid destroying
        and recreating an attachment element when dragging within the same page, but this is a nice-to-have optimization
        we can re-enable after investigation in a subsequent patch.

        * html/HTMLAttachmentElement.cpp:
        (WebCore::HTMLAttachmentElement::populateShadowRootIfNecessary):

        Add `draggable=false` to the image element of an in-place attachment element.

        * page/DragController.cpp:
        (WebCore::enclosingAttachmentElement):
        (WebCore::DragController::draggableElement const):

        Tweak single-selected-attachment handling to account for in-place attachments. Since the hit-tested node is
        inside the shadow subtree of the attachment element, the condition needs to check for the startElement as well
        as the startElement's shadow host.

        (WebCore::DragController::startDrag):

        Make two tweaks here. First, don't require a RenderAttachment to drag an attachment element (this is required
        for dragging in-place attachments). This was added in r217083 to address <rdar://problem/32282831>, but is no
        longer correct, since attachments may now be displayed in-place.

        Secondly, only restore the previous selection if the attachment is in a richly contenteditable area. This was
        added to prevent the selection highlight from appearing in when dragging non-editable attachment elements in the
        Mail viewer. However, to allow drag moves to occur, we need the selection to persist after drag start.

2018-01-04  Filip Pizlo  <fpizlo@apple.com>

        CodeBlocks should be in IsoSubspaces
        https://bugs.webkit.org/show_bug.cgi?id=180884

        Reviewed by Saam Barati.

        No new tests because no new behavior.
        
        Adopting new parallel constraint API, so that more of the logic of doing parallel
        constraint solving is shared between the DOM's output constraints and JSC's output
        constraints.

        * bindings/js/DOMGCOutputConstraint.cpp:
        (WebCore::DOMGCOutputConstraint::executeImpl):
        (WebCore::DOMGCOutputConstraint::doParallelWorkImpl): Deleted.
        (WebCore::DOMGCOutputConstraint::finishParallelWorkImpl): Deleted.
        * bindings/js/DOMGCOutputConstraint.h:

2018-01-11  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Support dragging attachment elements out as files on iOS
        https://bugs.webkit.org/show_bug.cgi?id=181199
        <rdar://problem/36299316>

        Reviewed by Tim Horton, Andy Estes and Joseph Pecoraro.

        Adds support for dragging "files" (i.e. creating item providers with preferred attachment presentation styles)
        from attachment elements on iOS for Mail. See below for more detail.

        Tests:  WKAttachmentTestsIOS.DragAttachmentInsertedAsData
                WKAttachmentTestsIOS.DragAttachmentInsertedAsFile

        * page/DragController.cpp:
        (WebCore::DragController::platformContentTypeForBlobType const):
        (WebCore::DragController::dragAttachmentElement):
        * page/DragController.h:
        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::platformContentTypeForBlobType const):

        Add a private method to convert the type of a promised blob to a platform type. For Cocoa platforms, this
        converts the blob type (either a UTI or a MIME type) to a UTI for the platform to consume.

        * platform/ios/WebItemProviderPasteboard.h:
        * platform/ios/WebItemProviderPasteboard.mm:

        Refactor WebItemProviderRegistrationInfo. WebItemProviderRegistrationInfo currently encapsulates a single item
        provider registration call, and contains either a type identifier and data buffer, or an NSItemProviderWriting-
        conformant object. To register an item provider using a WebItemProviderRegistrationInfo, the item provider
        pasteboard currently checks to see whether the info contains an object or a type and data.

        This patch removes WebItemProviderRegistrationInfo and replaces it with WebItemProviderDataRegistrar. Objects
        that implement this protocol know how to take an NSItemProvider and register data to it. So far, there are
        three implementations below.

        (-[WebItemProviderDataRegistrar initWithData:type:]):
        (-[WebItemProviderDataRegistrar typeIdentifier]):
        (-[WebItemProviderDataRegistrar data]):
        (-[WebItemProviderDataRegistrar typeIdentifierForClient]):
        (-[WebItemProviderDataRegistrar dataForClient]):
        (-[WebItemProviderDataRegistrar registerItemProvider:]):
        (-[WebItemProviderDataRegistrar description]):

        A data registrar takes a UTI and data buffer, and registers the UTI to the data. This replaces a
        WebItemProviderRegistrationInfo with both a type and data, but no representing object.

        (-[WebItemProviderWritableObjectRegistrar initWithObject:]):
        (-[WebItemProviderWritableObjectRegistrar representingObjectForClient]):
        (-[WebItemProviderWritableObjectRegistrar registerItemProvider:]):
        (-[WebItemProviderWritableObjectRegistrar description]):

        The writable object registrar writes an NSItemProviderWriting-conformant object to an item provider. This
        replaces a WebItemProviderRegistrationInfo with only a representing object.

        (-[WebItemProviderPromisedFileRegistrar initWithType:callback:]):
        (-[WebItemProviderPromisedFileRegistrar registerItemProvider:]):
        (-[WebItemProviderPromisedFileRegistrar description]):
        (-[WebItemProviderRegistrationInfoList addData:forType:]):
        (-[WebItemProviderRegistrationInfoList addRepresentingObject:]):
        (-[WebItemProviderRegistrationInfoList addPromisedType:fileCallback:]):

        Helper methods to add new registrars to a registration info list.

        (-[WebItemProviderRegistrationInfoList itemAtIndex:]):
        (-[WebItemProviderRegistrationInfoList enumerateItems:]):
        (-[WebItemProviderRegistrationInfoList itemProvider]):
        (-[WebItemProviderRegistrationInfoList description]):
        (-[WebItemProviderRegistrationInfo initWithRepresentingObject:typeIdentifier:data:]): Deleted.
        (-[WebItemProviderRegistrationInfo representingObject]): Deleted.
        (-[WebItemProviderRegistrationInfo typeIdentifier]): Deleted.

2018-01-11  Michael Saboff  <msaboff@apple.com>

        Add a DOM gadget for Spectre testing
        https://bugs.webkit.org/show_bug.cgi?id=181351

        Reviewed by Ryosuke Niwa.

        This change is used to test Spectre mitigations.

        Added a new DOM class to test for Spectre issues in the DOM layer.
        This additional functionality is disabled by default and must be enabled
        through the JSC option "enableSpectreGadgets".

        * CMakeLists.txt:
        * DerivedSources.make:
        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WebCoreBuiltinNames.h:
        * dom/SpectreGadget.cpp: Added.
        (WebCore::SpectreGadget::SpectreGadget):
        (WebCore::SpectreGadget::create):
        (WebCore::SpectreGadget::setReadLength):
        (WebCore::SpectreGadget::charCodeAt):
        (WebCore::SpectreGadget::clflushReadLength):
        * dom/SpectreGadget.h: Added.
        * dom/SpectreGadget.idl: Added.
        * page/RuntimeEnabledFeatures.cpp:
        (WebCore::RuntimeEnabledFeatures::spectreGadgetsEnabled const):
        * page/RuntimeEnabledFeatures.h:

2018-01-11  Philippe Normand  <pnormand@igalia.com>

        [GTK] media/muted-video-is-playing-audio.html is timing out
        https://bugs.webkit.org/show_bug.cgi?id=163781

        Reviewed by Carlos Garcia Campos.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::notifyPlayerOfVideo): Sprinkle some debugging.
        (WebCore::MediaPlayerPrivateGStreamer::notifyPlayerOfAudio): Ditto.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
        (WebCore::MediaPlayerPrivateGStreamerBase::setMuted): Ditto.

2018-01-10  Andy Estes  <aestes@apple.com>

        [Payment Request] Rename ApplePayMerchantValidationEvent to MerchantValidationEvent
        https://bugs.webkit.org/show_bug.cgi?id=181437
        <rdar://problem/36376481>

        Reviewed by Tim Horton.
        
        Renamed ApplePayMerchantValidationEvent to MerchantValidationEvent and changed complete() to accept a Promise.

        Test: http/tests/paymentrequest/payment-request-merchant-validation.https.html

        * DerivedSources.make:
        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp:
        (WebCore::ApplePayPaymentHandler::merchantValidationCompleted):
        (WebCore::ApplePayPaymentHandler::validateMerchant):
        * Modules/applepay/paymentrequest/ApplePayPaymentHandler.h:
        * Modules/paymentrequest/MerchantValidationEvent.cpp: Renamed from Source/WebCore/Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.cpp.
        (WebCore::MerchantValidationEvent::create):
        (WebCore::MerchantValidationEvent::MerchantValidationEvent):
        (WebCore::MerchantValidationEvent::eventInterface const):
        (WebCore::MerchantValidationEvent::complete):
        * Modules/paymentrequest/MerchantValidationEvent.h: Renamed from Source/WebCore/Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.h.
        * Modules/paymentrequest/MerchantValidationEvent.idl: Renamed from Source/WebCore/Modules/applepay/paymentrequest/ApplePayMerchantValidationEvent.idl.
        * Modules/paymentrequest/PaymentHandler.h:
        * Modules/paymentrequest/PaymentRequest.cpp:
        (WebCore::PaymentRequest::completeMerchantValidation):
        * Modules/paymentrequest/PaymentRequest.h:
        * Modules/paymentrequest/PaymentRequest.idl:
        * WebCore.xcodeproj/project.pbxproj:
        * dom/EventNames.h:
        * dom/EventNames.in:

2018-01-10  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Cross-protocol, cross-site scripting (XPXSS) using HTML forms
        Nhttps://bugs.webkit.org/show_bug.cgi?id=153088

        Reviewed by Alex Christensen.

        No new tests because it's covered by existing tests.

        * platform/network/curl/CurlContext.cpp:
        (WebCore::CurlHandle::getHttpVersion):
        * platform/network/curl/CurlContext.h:
        * platform/network/curl/CurlRequest.cpp:
        (WebCore::CurlRequest::didReceiveHeader):
        * platform/network/curl/CurlResponse.h:
        (WebCore::CurlResponse::isolatedCopy const):
        * platform/network/curl/ResourceResponseCurl.cpp:
        (WebCore::ResourceResponse::ResourceResponse):
        (WebCore::ResourceResponse::setStatusLine):

2018-01-10  Wenson Hsieh  <wenson_hsieh@apple.com>

        REGRESSION(r222507): Composition highlight doesn't render when using IME
        https://bugs.webkit.org/show_bug.cgi?id=181485
        <rdar://problem/35896516>

        Reviewed by Ryosuke Niwa.

        Fixes the order of arguments passed to paintTextSubrangeBackground from paintCompositionBackground.

        Test: editing/marked-text-appearance.html

        * rendering/InlineTextBox.cpp:
        (WebCore::InlineTextBox::paintCompositionBackground):

2018-01-10  Youenn Fablet  <youenn@apple.com>

        Use no-cache fetch mode when loading main documents with location.reload()
        https://bugs.webkit.org/show_bug.cgi?id=181285

        Reviewed by Alex Christensen.

        Covered by rebased tests.

        Start to translate cache policy used for navigation as FetchOptions::Cache.
        This allows ensuring service workers receive the right cache mode when intercepting navigation loads.
        To not change current navigation behavior, ReturnCacheDataElseLoad and ReturnCacheDataDontLoad still trigger default fetch cache mode.

        For Reload and ReloadExpiredOnly frame load types, using no-cache mode is more efficient than reload mode,
        as a conditional request will be sent if possible. This applies to location.reload which is consistent with other browsers.
        Keep reload mode for ReloadFromOrigin.

        * loader/DocumentLoader.cpp:
        (WebCore::toFetchOptionsCache):
        (WebCore::DocumentLoader::loadMainResource):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadFrameRequest):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::reload):
        (WebCore::FrameLoader::defaultRequestCachingPolicy):
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        * loader/NavigationScheduler.cpp:

2018-01-10  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r226667 and r226673.
        https://bugs.webkit.org/show_bug.cgi?id=181488

        This caused a flaky crash. (Requested by mlewis13 on #webkit).

        Reverted changesets:

        "CodeBlocks should be in IsoSubspaces"
        https://bugs.webkit.org/show_bug.cgi?id=180884
        https://trac.webkit.org/changeset/226667

        "REGRESSION (r226667): CodeBlocks should be in IsoSubspaces"
        https://bugs.webkit.org/show_bug.cgi?id=180884
        https://trac.webkit.org/changeset/226673

2018-01-10  Antti Koivisto  <antti@apple.com>

        REGRESSION(r225650): The scores of MotionMark tests Multiply and Leaves dropped by 8%
        https://bugs.webkit.org/show_bug.cgi?id=181460
        <rdar://problem/36379776>

        Reviewed by Ryosuke Niwa.

        * css/parser/CSSParser.cpp:
        (WebCore::CSSParserContext::CSSParserContext):

        Don't do the expensive security origin test if the sheet base URL and document URL are identical.
        This is true for inline style and inline stylesheets.

2018-01-10  Antti Koivisto  <antti@apple.com>

        Try to fix windows build.

        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::computeNextMatchElement):

2018-01-10  Zalan Bujtas  <zalan@apple.com>

        [RenderTreeBuilder] Move RenderRuby's moveChildren logic to RenderTreeBuilder
        https://bugs.webkit.org/show_bug.cgi?id=181470
        <rdar://problem/36397683>

        Reviewed by Antti Koivisto.

        This is about moving code, no cleanup and/or normalization (unfortunately it also means
        some temporary changes).  

        No change in functionality.

        * rendering/RenderBlockFlow.h:
        * rendering/RenderRubyBase.cpp:
        (WebCore::RenderRubyBase::moveChildren): Deleted.
        (WebCore::RenderRubyBase::mergeChildrenWithBase): Deleted.
        (WebCore::RenderRubyBase::moveInlineChildren): Deleted.
        (WebCore::RenderRubyBase::moveBlockChildren): Deleted.
        * rendering/RenderRubyBase.h:
        * rendering/RenderRubyRun.cpp:
        (WebCore::RenderRubyRun::takeChild):
        * rendering/updating/RenderTreeBuilder.cpp:
        (WebCore::RenderTreeBuilder::moveRubyChildren):
        * rendering/updating/RenderTreeBuilder.h:
        * rendering/updating/RenderTreeBuilderRuby.cpp:
        (WebCore::RenderTreeBuilder::Ruby::moveInlineChildren):
        (WebCore::RenderTreeBuilder::Ruby::moveBlockChildren):
        (WebCore::RenderTreeBuilder::Ruby::moveChildren):
        (WebCore::RenderTreeBuilder::Ruby::moveChildrenInternal):
        (WebCore::RenderTreeBuilder::Ruby::insertChild):
        * rendering/updating/RenderTreeBuilderRuby.h:

2018-01-10  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] fix critical GObject warning

        Rubber-stamped by Carlos Garcia Campos.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): No need to
        resort to complicated things to get the element name...

2018-01-10  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] REGRESSION(r226629): broke media/video-interruption-with-resume-allowing-play.html
        https://bugs.webkit.org/show_bug.cgi?id=181471
        <rdar://problem/36402323>

        Reviewed by Carlos Garcia Campos.

        This patch mainly reduces the amount of playback state changes
        emitted by the GStreamer player to its client. Emitting those
        notifications too often has bad side effects.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::paused const): Add debug messages.
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): This debug message appears too much. Demote.
        (WebCore::MediaPlayerPrivateGStreamer::maxTimeLoaded const): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::didLoadingProgress const): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::updateStates): Try to emit
        playback state change notification only when going to PLAYING.
        (WebCore::MediaPlayerPrivateGStreamer::loadingFailed): Add warning message.

2018-01-10  Youenn Fablet  <youenn@apple.com>

        Add Service Worker CSP persistency
        https://bugs.webkit.org/show_bug.cgi?id=181434

        Reviewed by Alex Christensen.

        Covered by manual testing.
        Future work on service worker test infrastructure should allow automating such tests.

        Add support for service worker CSP data persistency.
        Add a version parameter to increment each time the schema is changing.
        This allows the same store to be used by multiple WebKits.

        * workers/service/server/RegistrationDatabase.cpp:
        (WebCore::v1RecordsTableSchema):
        (WebCore::RegistrationDatabase::openSQLiteDatabase):
        (WebCore::RegistrationDatabase::doPushChanges):
        (WebCore::RegistrationDatabase::importRecords):

2018-01-10  Antti Koivisto  <antti@apple.com>

        Invalidate current element style on class change accurately
        https://bugs.webkit.org/show_bug.cgi?id=181210

        Reviewed by Zalan Bujtas.

        * css/DocumentRuleSets.cpp:
        (WebCore::DocumentRuleSets::collectFeatures const):
        (WebCore::DocumentRuleSets::subjectClassRules const):

            New rule set containing class rules affecting the subject element.

        (WebCore::DocumentRuleSets::ancestorClassRules const):
        * css/DocumentRuleSets.h:
        * css/RuleFeature.cpp:
        (WebCore::RuleFeatureSet::recursivelyCollectFeaturesFromSelector):

            Classify selector components into various buckets based on the elements they match relative to
            the subject element. There are more categories than this patch strictly needs, for future use.

        (WebCore::RuleFeatureSet::collectFeatures):
        (WebCore::RuleFeatureSet::add):
        (WebCore::RuleFeatureSet::clear):
        (WebCore::RuleFeatureSet::shrinkToFit):
        * css/RuleFeature.h:
        * css/StyleResolver.h:
        (WebCore::StyleResolver::hasSelectorForClass const): Deleted.
        * style/ClassChangeInvalidation.cpp:
        (WebCore::Style::elementNeedsInvalidation):
        (WebCore::Style::ClassChangeInvalidation::computeInvalidation):

            Don't invalidate current element unconditionally on class change. Instead find the subject rulesets
            that might affect it use them to perform invalidation.

        (WebCore::Style::ClassChangeInvalidation::invalidateStyleWithRuleSets):
        (WebCore::Style::ClassChangeInvalidation::invalidateStyle): Deleted.
        (WebCore::Style::ClassChangeInvalidation::invalidateDescendantStyle): Deleted.
        * style/ClassChangeInvalidation.h:
        (WebCore::Style::ClassChangeInvalidation::ClassChangeInvalidation):
        (WebCore::Style::ClassChangeInvalidation::~ClassChangeInvalidation):
        * style/StyleSharingResolver.cpp:
        (WebCore::Style::SharingResolver::classNamesAffectedByRules const):

2018-01-09  Antoine Quint  <graouts@apple.com>

        [Web Animations] Expose the id property on Animation
        https://bugs.webkit.org/show_bug.cgi?id=181450
        <rdar://problem/36383600>

        Reviewed by Dean Jackson.

        Expose the "id" property on Animation and handle the "id" property on the optional KeyframeAnimationOptions object
        passed to Element.animate(). All of the WPT tests related to this property are now passing.

        * animation/WebAnimation.h:
        * animation/WebAnimation.idl:
        * dom/Element.cpp:
        (WebCore::Element::animate):

2018-01-09  Chris Dumez  <cdumez@apple.com>

        Make service workers behave correctly with regards to Page Cache
        https://bugs.webkit.org/show_bug.cgi?id=181446
        <rdar://problem/36164291>

        Reviewed by Youenn Fablet.

        Make service workers behave correctly with regards to Page Cache:
        1. If a document has an active service worker, do not let it go into PageCache
        2. When a document goes into page cache, unregister it from the list of service worker clients
        3. When a document is restored from page cache, add it nack to the list of service worker clients

        Tests: http/tests/workers/service/client-added-to-clients-when-restored-from-page-cache.html
               http/tests/workers/service/client-removed-from-clients-while-in-page-cache.html
               http/tests/workers/service/no-page-cache-when-controlled.html
               http/tests/workers/service/other_resources/test.html

        * dom/Document.cpp:
        (WebCore::Document::suspend):
        (WebCore::Document::resume):
        * history/PageCache.cpp:
        (WebCore::canCacheFrame):
        * page/DiagnosticLoggingKeys.cpp:
        (WebCore::DiagnosticLoggingKeys::serviceWorkerKey):
        * page/DiagnosticLoggingKeys.h:

2018-01-09  Chris Dumez  <cdumez@apple.com>

        We should not return undefined for most properties of a detached Window
        https://bugs.webkit.org/show_bug.cgi?id=181416
        <rdar://problem/36162489>

        Reviewed by Ryosuke Niwa.

        We should not return undefined for most properties on a detached Window. WebKit previously only exposed "closed"
        and "close" properties on detached / frameless windows. However, this does not match the HTML specification [1]
        or the behavior of Firefox and Chrome.

        Note that Chrome does not seem to fully follow the HTML specification either, it seems to treat detached windows
        the same way as cross-origin ones. As a result, it only exposed properties that are visible cross-origin when
        a window is detached / frameless.

        [1] https://html.spec.whatwg.org/#windowproxy-get

        No new tests, updated existingt tests.

        * bindings/js/JSDOMWindowCustom.cpp:
        (WebCore::jsDOMWindowGetOwnPropertySlotRestrictedAccess):
        (WebCore::JSDOMWindow::getOwnPropertySlot):
        (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):

2018-01-09  Darin Adler  <darin@apple.com>

        Further refinement to list item and counter code after "list-item" counter fix
        https://bugs.webkit.org/show_bug.cgi?id=181426

        Reviewed by Zalan Bujtas.

        * css/StyleBuilderCustom.h:
        (WebCore::StyleBuilderCustom::applyInheritCounter): Use auto.
        (WebCore::StyleBuilderCustom::applyValueCounter): Use auto, removed unneeded
        null checks for things that can never be null, moved the saturated addition
        here and got rid of the addIncrementValue function from CounterDirectives.
        Use the saturatedAddition function from SaturatedArithmetic.h instead of the
        much less efficient one that did the same thing, CounterDirectives::addClamped.

        * rendering/RenderCounter.cpp:
        (WebCore::listItemCounterDirectives): Use aggregate syntax for the return
        statements.
        (WebCore::planCounter): Changed to use a struct return value instead of two
        out arguments. Use the saturatedAddition function from SaturatedArithmetic.h
        instead of the much less efficient one that did the same thing,
        CounterDirectives::addClamped.
        (WebCore::findPlaceForCounter): Changed to use a struct return value instead
        of two out arguments.
        (WebCore::makeCounterNode): Updated for the above changes. Changed code to
        use add instead of both get and set. Updated to keep the counter maps inside
        the values of the "map of maps" instead of using a unique_ptr and allocating
        each one on the heap.
        (WebCore::destroyCounterNodeWithoutMapRemoval): Changed argument to a reference
        instead of a pointer. Updated for changes to the map. Use RefPtr more
        consistently.
        (WebCore::RenderCounter::destroyCounterNodes): Use iterators less.
        (WebCore::RenderCounter::destroyCounterNode): Ditto.
        (WebCore::RenderCounter::rendererRemovedFromTree): Add a check of
        hasCounterNodeMap here before calling destroyCounterNodes, so that function
        can assume the flag is true (both other callers already check it).
        (WebCore::updateCounters): Use auto and update for changes above.
        (WebCore::RenderCounter::rendererStyleChanged): Use modern for loops instead
        of iterators.
        (showCounterRendererTree): Use auto and udpate for changes above.

        * rendering/RenderListItem.cpp:
        (WebCore::enclosingList): Stop referring to elements as "nodes". Changed
        the local variable names for clarity.
        (WebCore::nextListItemHelper): Renamed from nextListItem since it's not
        intended to be called directly and we want to use a function pointer to
        nextListItem. Fixed the algorithm to correctly handle ad hoc "lists" that
        are not actually HTML list elements, using the definition in the enclosingList
        function as the previousListItem function already did.
        (WebCore::nextListItem): Updated for name changes.
        (WebCore::firstListItem): Renamed from nextListItem for clarity.
        (WebCore::previousListItem): Rewrote loop so it doesn't have to do things
        so strangely when we find another list.
        (WebCore::RenderListItem::updateItemValuesForOrderedList): Use auto and
        update local variable names.
        (WebCore::RenderListItem::itemCountForOrderedList): Ditto.
        (WebCore::RenderListItem::updateValueNow const): Rewrote to use an iterative
        algorithm instead of a recursive one. Fixes the FIXME here.
        (WebCore::RenderListItem::updateValue): Use m_valueWasSetExplicitly
        instead of m_explicitValue.
        (WebCore::RenderListItem::explicitValueChanged): Use auto and simplified
        the loop a bit.
        (WebCore::RenderListItem::setExplicitValue): Set m_valueWasSetExplicitly
        instead of m_explicitValue.
        (WebCore::previousOrNextItem): Deleted.
        (WebCore::RenderListItem::updateListMarkerNumbers): Streamlined the loop
        a bit and used a fucntion pointer to handle the two different directions.
        (WebCore::RenderListItem::isInReversedOrderedList const): Simplified by
        getting rid of an unneeded use of pointers and local variables.

        * rendering/RenderListItem.h: Use a boolean, m_valueWasSetExplicitly,
        instead of a separate optional m_explicitValue.

        * rendering/style/CounterDirectives.h: Since all the code in this file was
        rewritten, removed old copyrights. Deleted the addIncrementValue function,
        since it is clear enough in the one call site in the style builder.
        Deleted the addClamped function because it was just a much slower
        version of the saturatedAddition function. Made == and != into constexpr
        functions since they are simple enough to be.

        * rendering/style/RenderStyle.cpp:
        (WebCore::RenderStyle::getCounterDirectives const): Deleted. Caller can
        handle this just fine without a helper function.
        * rendering/style/RenderStyle.h: Ditto.

2018-01-09  Myles C. Maxfield  <mmaxfield@apple.com>

        font-display:fallback can cause a visual flash (which is supposed to be impossible)
        https://bugs.webkit.org/show_bug.cgi?id=181374

        Reviewed by Simon Fraser.

        A FontCascade represents an entire font-family fallback list, but sometimes we need to pull out a single
        representative font from the list to calculate things like line height. Previously, if the first item in
        the font-family list was in the middle of being downloaded, this representative font was hardcoded to be
        Times. However, when actually laying out and drawing the glyphs, we have logic to skip the interstitial
        Times if there are any installed fonts present in the font-family list (so you wouldn't ever actually
        see Times). This means that line height (among other things) was being calculated as if Times was used,
        but in reality, some other font from the font-family list was being used.

        Alone, this isn't a huge problem, but font-display:fallback makes a font transition between "timed out"
        and "failed," and when the font hits the failed state, the representative font skips over the cancelled
        item and hits the next item in the fallback list. This means that line heights will change, which causes
        a visual flash, even when font-display:fallback is specified.

        The solution is simply to educate the logic which identifies this representative font so that it
        understands what to do for currently-loading fonts.

        Tests: fast/text/font-display/swap-flash.html

        * platform/graphics/FontCascadeFonts.h:
        (WebCore::FontCascadeFonts::primaryFont):
        * rendering/line/BreakingContext.h:
        (WebCore::textWidth):

2018-01-04  Filip Pizlo  <fpizlo@apple.com>

        CodeBlocks should be in IsoSubspaces
        https://bugs.webkit.org/show_bug.cgi?id=180884

        Reviewed by Saam Barati.

        No new tests because no new behavior.
        
        Adopting new parallel constraint API, so that more of the logic of doing parallel
        constraint solving is shared between the DOM's output constraints and JSC's output
        constraints.

        * bindings/js/DOMGCOutputConstraint.cpp:
        (WebCore::DOMGCOutputConstraint::executeImpl):
        (WebCore::DOMGCOutputConstraint::doParallelWorkImpl): Deleted.
        (WebCore::DOMGCOutputConstraint::finishParallelWorkImpl): Deleted.
        * bindings/js/DOMGCOutputConstraint.h:

2018-01-08  Simon Fraser  <simon.fraser@apple.com>

        Clean up Marquee-related enums
        https://bugs.webkit.org/show_bug.cgi?id=181347

        Reviewed by Anders Carlsson.

        Modernize EMarqueeBehavior and EMarqueeDirection enums. Stop using the weird negative
        values in the MarqueeDirection and do manual reverse direction mapping.

        Make some member functions of RenderMarquee private.

        Stop using bitfields in RenderMarquee because the memory saving is not worth it, and doing so
        allows us to use modern initialization.

        No behavior change.

        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator MarqueeBehavior const):
        (WebCore::CSSPrimitiveValue::operator MarqueeDirection const):
        (WebCore::CSSPrimitiveValue::operator EMarqueeBehavior const): Deleted.
        (WebCore::CSSPrimitiveValue::operator EMarqueeDirection const): Deleted.
        * css/StyleResolver.cpp:
        (WebCore::StyleResolver::adjustRenderStyle):
        * rendering/RenderBox.cpp:
        (WebCore::RenderBox::sizesLogicalWidthToFitContent const):
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::calculateClipRects const):
        * rendering/RenderMarquee.cpp:
        (WebCore::RenderMarquee::RenderMarquee):
        (WebCore::reverseDirection):
        (WebCore::RenderMarquee::direction const):
        (WebCore::RenderMarquee::isHorizontal const):
        (WebCore::RenderMarquee::computePosition):
        (WebCore::RenderMarquee::start):
        (WebCore::RenderMarquee::updateMarqueePosition):
        (WebCore::RenderMarquee::updateMarqueeStyle):
        (WebCore::RenderMarquee::timerFired):
        * rendering/RenderMarquee.h:
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::marqueeBehavior const):
        (WebCore::RenderStyle::marqueeDirection const):
        (WebCore::RenderStyle::setMarqueeDirection):
        (WebCore::RenderStyle::setMarqueeBehavior):
        (WebCore::RenderStyle::initialMarqueeBehavior):
        (WebCore::RenderStyle::initialMarqueeDirection):
        * rendering/style/RenderStyleConstants.h:
        * rendering/style/StyleMarqueeData.cpp:
        (WebCore::StyleMarqueeData::StyleMarqueeData):
        * rendering/style/StyleMarqueeData.h:

2018-01-09  Jer Noble  <jer.noble@apple.com>

        Many CVDisplayLink threads created and destroyed while watching a YouTube video
        https://bugs.webkit.org/show_bug.cgi?id=181396

        Reviewed by Simon Fraser.

        When watching some YouTube videos (or any video with default controls), event handlers for
        the "timeupdate" event which use rAF will cause the underlying platform objects to be
        destroyed in between "timeupdate" events being fired, since they occur every 250ms, and rAF
        objects are destroyed every 166ms (or 10/60hz). Update this constant to destroy the
        underlying objects every 333ms (or 20/60hz) so that this common pattern doesn't lead to
        excessive rAF platform object turnover.

        * platform/Logging.h:
        * platform/graphics/DisplayRefreshMonitor.h:
        (WebCore::DisplayRefreshMonitor::shouldBeTerminated const):
        * platform/graphics/DisplayRefreshMonitor.cpp:
        (WebCore::DisplayRefreshMonitor::displayDidRefresh):
        * platform/graphics/DisplayRefreshMonitorManager.cpp:
        (WebCore::DisplayRefreshMonitorManager::createMonitorForClient):
        (WebCore::DisplayRefreshMonitorManager::displayDidRefresh):

2018-01-09  Zalan Bujtas  <zalan@apple.com>

        [RenderTreeBuilder] Move RenderElement addChild mutation logic to RenderTreeBuilder
        https://bugs.webkit.org/show_bug.cgi?id=181451
        <rdar://problem/36385562>

        Reviewed by Antti Koivisto.

        This is about moving code, no cleanup and/or normalization (unfortunately it also means
        some temporary changes).  

        No change in functionality.

        * rendering/RenderElement.cpp:
        (WebCore::RenderElement::addChild):
        (WebCore::RenderElement::childRequiresTable const): Deleted.
        * rendering/RenderElement.h:
        * rendering/updating/RenderTreeBuilder.cpp:
        (WebCore::RenderTreeBuilder::insertChildToRenderElement):
        (WebCore::RenderTreeBuilder::childRequiresTable):
        * rendering/updating/RenderTreeBuilder.h:
        * rendering/updating/RenderTreeBuilderInline.cpp:
        (WebCore::RenderTreeBuilder::Inline::insertChildToContinuation):
        (WebCore::RenderTreeBuilder::Inline::insertChildIgnoringContinuation):
        (WebCore::RenderTreeBuilder::Inline::newChildIsInline):
        (WebCore::newChildIsInline): Deleted.
        * rendering/updating/RenderTreeBuilderInline.h:

2018-01-09  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r226531.

        This caused test failures on macOS WK2.

        Reverted changeset:

        "Use no-cache fetch mode when loading main documents with
        location.reload()"
        https://bugs.webkit.org/show_bug.cgi?id=181285
        https://trac.webkit.org/changeset/226531

2018-01-09  Michael Saboff  <msaboff@apple.com>

        Unreviewed, rolling out r226600 and r226603
        https://bugs.webkit.org/show_bug.cgi?id=181351

        Add a DOM gadget for Spectre testing

        * dom/Comment.cpp:
        (WebCore::Comment::Comment):
        (WebCore::Comment::setReadLength): Deleted.
        (WebCore::Comment::charCodeAt): Deleted.
        (WebCore::Comment::clflushReadLength): Deleted.
        * dom/Comment.h:
        * dom/Comment.idl:
        * page/RuntimeEnabledFeatures.cpp:
        (WebCore::RuntimeEnabledFeatures::spectreGadgetsEnabled const): Deleted.
        * page/RuntimeEnabledFeatures.h:

2018-01-09  Don Olmstead  <don.olmstead@sony.com>

        Add additional WEBCORE_EXPORTs
        https://bugs.webkit.org/show_bug.cgi?id=181414

        Reviewed by Alex Christensen.

        No new tests. No change in behavior.

        * dom/Document.h:
        * dom/ViewportArguments.h:
        * page/DOMWindow.h:
        * page/FrameView.h:
        * page/PageOverlayController.h:
        * platform/ContextMenuItem.h:
        * platform/Pasteboard.h:
        * platform/SharedBuffer.h:
        * platform/UserAgent.h:
        * platform/graphics/GLContext.h:
        * platform/graphics/GraphicsContext.h:
        * platform/graphics/GraphicsLayerTransform.h:
        * platform/graphics/PlatformDisplay.h:
        * platform/graphics/cairo/BackingStoreBackendCairoImpl.h:
        * platform/graphics/cairo/PlatformContextCairo.h:
        * platform/graphics/cairo/RefPtrCairo.h:
        * platform/graphics/nicosia/NicosiaBuffer.h:
        * platform/graphics/nicosia/NicosiaPaintingEngine.h:
        * platform/graphics/texmap/TextureMapper.h:
        * platform/graphics/texmap/TextureMapperAnimation.h:
        * platform/graphics/texmap/TextureMapperBackingStore.h:
        * platform/graphics/texmap/TextureMapperFPSCounter.h:
        * platform/graphics/texmap/TextureMapperLayer.h:
        (WebCore::TextureMapperLayer::TextureMapperLayer): Deleted.
        (WebCore::TextureMapperLayer::setID): Deleted.
        (WebCore::TextureMapperLayer::id): Deleted.
        (WebCore::TextureMapperLayer:: const): Deleted.
        (WebCore::TextureMapperLayer::setScrollClient): Deleted.
        (WebCore::TextureMapperLayer::setIsScrollable): Deleted.
        (WebCore::TextureMapperLayer::isScrollable const): Deleted.
        (WebCore::TextureMapperLayer::textureMapper const): Deleted.
        (WebCore::TextureMapperLayer::setTextureMapper): Deleted.
        (WebCore::TextureMapperLayer::drawsContent const): Deleted.
        (WebCore::TextureMapperLayer::contentsAreVisible const): Deleted.
        (WebCore::TextureMapperLayer::size const): Deleted.
        (WebCore::TextureMapperLayer::opacity const): Deleted.
        (WebCore::TextureMapperLayer::transform const): Deleted.
        (WebCore::TextureMapperLayer::hasFilters const): Deleted.
        (WebCore::TextureMapperLayer::isShowingRepaintCounter const): Deleted.
        (WebCore::TextureMapperLayer::fixedToViewport const): Deleted.
        (WebCore::TextureMapperLayer::rootLayer const): Deleted.
        (WebCore::TextureMapperLayer::texture): Deleted.
        (WebCore::TextureMapperLayer::adjustedPosition const): Deleted.
        (WebCore::TextureMapperLayer::layerRect const): Deleted.
        (WebCore::TextureMapperLayer::State::State): Deleted.
        * platform/graphics/texmap/TextureMapperPlatformLayerProxy.h:
        * platform/graphics/texmap/TextureMapperTile.h:
        * platform/graphics/texmap/coordinated/CoordinatedGraphicsLayer.h:
        (WebCore::CoordinatedGraphicsLayer::isScrollable const): Deleted.
        (WebCore::CoordinatedGraphicsLayer::id const): Deleted.
        (WebCore::CoordinatedGraphicsLayer::coverRect const): Deleted.
        (WebCore::CoordinatedGraphicsLayer::fixedToViewport const): Deleted.
        * platform/graphics/texmap/coordinated/CoordinatedImageBacking.h:
        (WebCore::CoordinatedImageBacking::id const): Deleted.
        * platform/graphics/texmap/coordinated/TiledBackingStore.h:
        * platform/graphics/texmap/coordinated/UpdateAtlas.h:
        * platform/network/AuthenticationChallengeBase.h:
        * platform/network/CredentialBase.h:
        * platform/network/ProtectionSpaceBase.h:
        * platform/network/curl/SocketStreamHandleImpl.h:
        * replay/UserInputBridge.h:

2018-01-09  Basuke Suzuki  <Basuke.Suzuki@sony.com>

        [Curl] Move FormData related tasks into new CurlFormDataStream class.
        https://bugs.webkit.org/show_bug.cgi?id=181106

        Reviewed by Alex Christensen.

        No new tests because no behavior change.

        * platform/Curl.cmake:
        * platform/network/curl/CurlFormDataStream.cpp: Added.
        (WebCore::CurlFormDataStream::CurlFormDataStream):
        (WebCore::CurlFormDataStream::~CurlFormDataStream):
        (WebCore::CurlFormDataStream::clean):
        (WebCore::CurlFormDataStream::shouldUseChunkTransfer):
        (WebCore::CurlFormDataStream::totalSize):
        (WebCore::CurlFormDataStream::computeContentLength):
        (WebCore::CurlFormDataStream::read):
        (WebCore::CurlFormDataStream::readFromFile):
        (WebCore::CurlFormDataStream::readFromData):
        * platform/network/curl/CurlFormDataStream.h: Renamed from Source/WebCore/platform/network/curl/FormDataStreamCurl.h.
        (WebCore::CurlFormDataStream::elementSize):
        (WebCore::CurlFormDataStream::totalReadSize):
        * platform/network/curl/CurlRequest.cpp:
        (WebCore::CurlRequest::CurlRequest):
        (WebCore::CurlRequest::willSendData):
        (WebCore::CurlRequest::finalizeTransfer):
        (WebCore::CurlRequest::setupPUT):
        (WebCore::CurlRequest::setupPOST):
        (WebCore::CurlRequest::setupSendData):
        (WebCore::CurlRequest::resolveBlobReferences): Deleted.
        (WebCore::CurlRequest::setupFormData): Deleted.
        * platform/network/curl/CurlRequest.h:
        * platform/network/curl/FormDataStreamCurl.cpp: Removed.

2018-01-09  Zalan Bujtas  <zalan@apple.com>

        [RenderTreeBuilder] Move MathML addChild logic to RenderTreeBuilder
        https://bugs.webkit.org/show_bug.cgi?id=181443
        <rdar://problem/36380228>

        Reviewed by Antti Koivisto.

        This is about moving code, no cleanup and/or normalization (unfortunately it also means
        some temporary changes).  

        No change in functionality.

        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/mathml/RenderMathMLFenced.cpp:
        (WebCore::RenderMathMLFenced::addChild):
        (WebCore::RenderMathMLFenced::createMathMLOperator): Deleted.
        (WebCore::RenderMathMLFenced::makeFences): Deleted.
        * rendering/mathml/RenderMathMLFenced.h:
        * rendering/updating/RenderTreeBuilder.cpp:
        (WebCore::RenderTreeBuilder::RenderTreeBuilder):
        (WebCore::RenderTreeBuilder::insertChildToRenderMathMLFenced):
        * rendering/updating/RenderTreeBuilder.h:
        (WebCore::RenderTreeBuilder::mathMLBuilder):

2018-01-09  Antti Koivisto  <antti@apple.com>

        Blank page except for inner iframes because pending stylesheets cause style.isNotFinal() to be true
        https://bugs.webkit.org/show_bug.cgi?id=180940
        <rdar://problem/36116507>

        Reviewed by Darin Adler.

        Test: http/tests/local/loading-stylesheet-import-remove.html

        If a <link> referencing a stylesheet containing an @import that was still loading was removed
        from the document, the loading state was never cleared. For head stylesheets this blocked
        rendering permanently.

        Test reduction by Justin Ridgewell.

        * html/HTMLLinkElement.cpp:
        (WebCore::HTMLLinkElement::removedFromAncestor):

        Test if the stylesheet it loading before clearing the pointer.

2018-01-09  Dan Bernstein  <mitz@apple.com>

        Removed some empty directories that were left behind

        * Modules/indieui: Removed.
        * Modules/vibration: Removed.
        * platform/graphics/ca/mac: Removed.
        * platform/mediastream/gstreamer: Removed.

2018-01-09  Antoine Quint  <graouts@apple.com>

        Refactor timing function solving code
        https://bugs.webkit.org/show_bug.cgi?id=181428

        Reviewed by Dean Jackson.

        We have duplicated code to solve "cubic" and "steps" timing functions in AnimationBase and TextureMapperAnimation,
        and we will soon need similar code to deal with timing functions in Web Animations. We move this code into TimingFunction
        with a single transformTime() function that can be called directly on the timing function rather than having callers
        figure out what type timing functions are to solve them.

        No test as there shouldn't be any behavior change.

        * page/animation/AnimationBase.cpp:
        (WebCore::AnimationBase::progress const):
        (WebCore::solveEpsilon): Deleted.
        (WebCore::solveCubicBezierFunction): Deleted.
        (WebCore::solveStepsFunction): Deleted.
        (WebCore::solveSpringFunction): Deleted.
        * platform/animation/TimingFunction.cpp:
        (WebCore::TimingFunction::transformTime const):
        * platform/animation/TimingFunction.h:
        * platform/graphics/texmap/TextureMapperAnimation.cpp:
        (WebCore::TextureMapperAnimation::apply):
        (WebCore::solveEpsilon): Deleted.
        (WebCore::solveCubicBezierFunction): Deleted.
        (WebCore::solveStepsFunction): Deleted.
        (WebCore::applyTimingFunction): Deleted.

2018-01-09  Michael Catanzaro  <mcatanzaro@igalia.com>

        Unreviewed, silence -Wunused-parameter warning

        * testing/js/WebCoreTestSupport.cpp:
        (WebCoreTestSupport::setupNewlyCreatedServiceWorker):

2018-01-09  Said Abou-Hallawa  <sabouhallawa@apple.com>

        Check Image::m_image is not null in ImageLoader::decode()
        https://bugs.webkit.org/show_bug.cgi?id=180386
        <rdar://problem/34634483>

        Reviewed by Tim Horton.

        Ensure ImageLoader::m_image is not null before referencing it.

        * loader/ImageLoader.cpp:
        (WebCore::ImageLoader::decode):

2018-01-09  Yusuke Suzuki  <utatane.tea@gmail.com>

        [FreeType] Use FastMalloc for FreeType
        https://bugs.webkit.org/show_bug.cgi?id=181387

        Reviewed by Michael Catanzaro.

        Add custom memory allocator for FreeType to use FastMalloc.

        * platform/graphics/freetype/FontCustomPlatformDataFreeType.cpp:
        (WebCore::initializeFreeTypeLibrary):
        (WebCore::createFontCustomPlatformData):

2018-01-09  Zalan Bujtas  <zalan@apple.com>

        [RenderTreeBuilder] Move RenderTable* addChild mutation logic to RenderTreeBuilder
        https://bugs.webkit.org/show_bug.cgi?id=181424
        <rdar://problem/36368628>

        Reviewed by Antti Koivisto.

        This is about moving code, no cleanup and/or normalization (unfortunately it also means
        some temporary changes).  

        Covered by existing tests.

        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::addChild):
        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::addChild):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::addChild):
        * rendering/updating/RenderTreeBuilder.cpp:
        (WebCore::RenderTreeBuilder::insertChildToRenderTable):
        (WebCore::RenderTreeBuilder::insertChildToRenderTableSection):
        (WebCore::RenderTreeBuilder::insertChildToRenderTableRow):
        * rendering/updating/RenderTreeBuilder.h:
        * rendering/updating/RenderTreeBuilderTable.cpp:
        (WebCore::RenderTreeBuilder::Table::insertChild):
        * rendering/updating/RenderTreeBuilderTable.h:

2018-01-09  Zalan Bujtas  <zalan@apple.com>

        [RenderTreeBuilder] Transition Render*::addChild() calls to RenderTreeBuilder::insertChildToRender*()
        https://bugs.webkit.org/show_bug.cgi?id=181407
        <rdar://problem/36361176>

        Reviewed by Antti Koivisto.

        Eventually all mutation will be going through the RenderTreeBuilder.

        No change in functionality.

        * rendering/RenderGrid.cpp:
        (WebCore::RenderGrid::addChild):
        * rendering/RenderMultiColumnFlow.cpp:
        (WebCore::RenderMultiColumnFlow::processPossibleSpannerDescendant):
        * rendering/RenderRubyRun.cpp:
        (WebCore::RenderRubyRun::rubyBaseSafe):
        * rendering/updating/RenderTreeBuilderBlockFlow.cpp:
        (WebCore::RenderTreeBuilder::BlockFlow::insertChild):
        * rendering/updating/RenderTreeBuilderMultiColumn.cpp:
        (WebCore::RenderTreeBuilder::MultiColumn::createFragmentedFlow):
        * rendering/updating/RenderTreeBuilderRuby.cpp:
        (WebCore::RenderTreeBuilder::Ruby::findOrCreateParentForChild):

2018-01-09  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] Ensure SleepDisabler is not held by pages in page cache
        https://bugs.webkit.org/show_bug.cgi?id=180197

        Reviewed by Eric Carlson.

        The sleep disabler is now checked again whenever the media player
        playback state or other characteristic has changed in the media
        engine.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::mediaPlayerPlaybackStateChanged):
        Check if the sleep disabler state needs to be updated or not.
        (WebCore::HTMLMediaElement::mediaPlayerCharacteristicChanged): Ditto.
        (WebCore::HTMLMediaElement::shouldDisableSleep const): Enable
        sleep disabler for GTK and WPE ports.

2018-01-09  Philippe Normand  <pnormand@igalia.com>

        [GStreamer] Missing notifications to player client
        https://bugs.webkit.org/show_bug.cgi?id=181432

        Reviewed by Carlos Garcia Campos.

        We now properly emit playback state changes and characteristic
        updates to the client when the pipeline state changes and when
        audio/video tracks changes are detected.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::playbackPosition const):
        This debug message appears too often in logs. Demote.
        (WebCore::MediaPlayerPrivateGStreamer::durationMediaTime const): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::notifyPlayerOfVideo): Emit
        charasteristicChanged notification.
        (WebCore::MediaPlayerPrivateGStreamer::notifyPlayerOfAudio): Ditto.
        (WebCore::MediaPlayerPrivateGStreamer::updateStates): Keep track
        of old and current pipeline state.
        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.h:


2018-01-09  Youenn Fablet  <youenn@apple.com>

        Add CSP support to service workers
        https://bugs.webkit.org/show_bug.cgi?id=181385

        Reviewed by Chris Dumez.

        Covered by rebased tests.

        Added recovery of CSP information from WorkerScriptLoader.
        Added plumbing to pass the CSP information to Service Workers.
        Did not add persistency support for the CSP information as this requires changing the SQL database schema.
        This will be done in a follow-up.

        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::loadAsynchronously):
        (WebCore::WorkerScriptLoader::didReceiveResponse):
        * workers/WorkerScriptLoader.h:
        (WebCore::WorkerScriptLoader::contentSecurityPolicy const):
        * workers/service/SWClientConnection.cpp:
        (WebCore::SWClientConnection::finishedFetchingScript):
        (WebCore::SWClientConnection::failedFetchingScript):
        * workers/service/SWClientConnection.h:
        * workers/service/ServiceWorkerContainer.cpp:
        (WebCore::ServiceWorkerContainer::addRegistration):
        (WebCore::ServiceWorkerContainer::jobFailedWithException):
        (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
        (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
        * workers/service/ServiceWorkerContainer.h:
        * workers/service/ServiceWorkerContextData.cpp:
        (WebCore::ServiceWorkerContextData::isolatedCopy const):
        * workers/service/ServiceWorkerContextData.h:
        (WebCore::ServiceWorkerContextData::encode const):
        (WebCore::ServiceWorkerContextData::decode):
        * workers/service/ServiceWorkerFetchResult.h:
        (WebCore::ServiceWorkerFetchResult::encode const):
        (WebCore::ServiceWorkerFetchResult::decode):
        * workers/service/ServiceWorkerGlobalScope.cpp:
        (WebCore::ServiceWorkerGlobalScope::create):
        * workers/service/ServiceWorkerGlobalScope.h:
        * workers/service/ServiceWorkerJob.cpp:
        (WebCore::ServiceWorkerJob::notifyFinished):
        * workers/service/ServiceWorkerJobClient.h:
        * workers/service/context/ServiceWorkerThread.cpp:
        (WebCore::ServiceWorkerThread::ServiceWorkerThread):
        (WebCore::ServiceWorkerThread::createWorkerGlobalScope):
        * workers/service/server/RegistrationDatabase.cpp:
        (WebCore::v1RecordsTableSchema):
        (WebCore::RegistrationDatabase::importRecords):
        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::updateWorker):
        (WebCore::SWServer::installContextData):
        * workers/service/server/SWServer.h:
        * workers/service/server/SWServerJobQueue.cpp:
        (WebCore::SWServerJobQueue::scriptFetchFinished):
        * workers/service/server/SWServerWorker.cpp:
        (WebCore::SWServerWorker::SWServerWorker):
        (WebCore::m_contentSecurityPolicy):
        (WebCore::SWServerWorker::contextData const):
        * workers/service/server/SWServerWorker.h:

2018-01-09  Antoine Quint  <graouts@apple.com>

        Provide a method to obtain a CSS value from a RenderStyle by CSSPropertyID
        https://bugs.webkit.org/show_bug.cgi?id=181429

        Reviewed by Antti Koivisto.

        The KeyframeEffect.getKeyframes() method from Web Animations requires that we return all styles applied at a given
        animation effect keyframe. When we parse keyframes, we create RenderStyle objects that are stored in a KeyframeList,
        as well as a list of CSSPropertyIDs that are animated. In order to provide the list of animated properties and their
        values when calling getKeyframes(), we need to be able to read back from the RenderStyle we create. As a first step
        towards this goal, we factor some code in ComputedStyleExtractor::propertyValue() out into a new method
        ComputedStyleExtractor::valueForPropertyinStyle() which takes in an explicit RenderStyle.

        No test as this is simply refactoring that doesn't change or add behavior.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::ComputedStyleExtractor::propertyValue):
        (WebCore::ComputedStyleExtractor::valueForPropertyinStyle):
        * css/CSSComputedStyleDeclaration.h:

2018-01-09  Youenn Fablet  <youenn@apple.com>

        SWClientConnection should not keep references to service worker jobs
        https://bugs.webkit.org/show_bug.cgi?id=181381

        Reviewed by Chris Dumez.

        Difficult to test determiniscally but corresponding crash log should no longer happen in debug builds.

        Stopped passing ServiceWorkerJob references from ServiceWorkerContainer (potentially in service worker thread) to SWClientConnection (main thread).
        Instead pass job identifiers and related data to the main thread.

        Minor refactoring to use ServiceWorkerJobIdentifier instead of ServiceWorkerJobDataIdentifier which contains more data than needed.

        * workers/service/SWClientConnection.cpp:
        (WebCore::SWClientConnection::scheduleJob):
        (WebCore::SWClientConnection::failedFetchingScript):
        (WebCore::SWClientConnection::postTaskForJob):
        (WebCore::SWClientConnection::jobRejectedInServer):
        (WebCore::SWClientConnection::registrationJobResolvedInServer):
        (WebCore::SWClientConnection::unregistrationJobResolvedInServer):
        (WebCore::SWClientConnection::startScriptFetchForServer):
        (WebCore::SWClientConnection::clearPendingJobs):
        (WebCore::SWClientConnection::finishedFetchingScript): Deleted.
        * workers/service/SWClientConnection.h:
        * workers/service/ServiceWorkerContainer.cpp:
        (WebCore::ServiceWorkerContainer::scheduleJob):
        (WebCore::ServiceWorkerContainer::startScriptFetchForJob):
        (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
        (WebCore::ServiceWorkerContainer::jobFailedLoadingScript):
        * workers/service/ServiceWorkerContainer.h:
        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::rejectJob):
        (WebCore::SWServer::resolveRegistrationJob):
        (WebCore::SWServer::resolveUnregistrationJob):
        (WebCore::SWServer::startScriptFetch):
        * workers/service/server/SWServer.h:

2018-01-09  Carlos Garcia Campos  <cgarcia@igalia.com>

        REGRESSION(r224460): Text fields sometimes get "messed up"
        https://bugs.webkit.org/show_bug.cgi?id=181115

        Reviewed by Zalan Bujtas.

        Add the scroll position to paint offset before computing the clip rectangle. Before r224460, scroll position was
        substracted after the clip rectangle was computed.

        * rendering/LayoutState.cpp:
        (WebCore::LayoutState::computeClipRect):

2018-01-09  Ali Juma  <ajuma@chromium.org>

        Implement VisualViewport API events
        https://bugs.webkit.org/show_bug.cgi?id=179386

        Reviewed by Frédéric Wang.

        Implement the events (resize and scroll) defined by the Visual Viewport API
        (https://wicg.github.io/visual-viewport/#events).

        This is behind the VisualViewportAPI experimental feature flag.

        In order to detect when events need to be fired, change the computation of
        Visual Viewport attributes to happen whenever the layout viewport is updated
        rather than only on-demand.

        Tests: fast/visual-viewport/resize-event-fired-window-resized.html
               fast/visual-viewport/resize-event-fired.html
               fast/visual-viewport/scroll-event-fired.html

        * dom/Document.cpp:
        (WebCore::Document::addListenerTypeIfNeeded):
        Add support for tracking resize event listeners.
        * dom/Document.h:
        * dom/DocumentEventQueue.cpp:
        (WebCore::DocumentEventQueue::enqueueOrDispatchScrollEvent):
        (WebCore::DocumentEventQueue::enqueueScrollEvent):
        Factored out of enqueueOrDispatchScrollEvent so that this logic can be reused
        for Visual Viewport scroll events.
        (WebCore::DocumentEventQueue::enqueueResizeEvent):
        (WebCore::DocumentEventQueue::pendingEventTimerFired):
        * dom/DocumentEventQueue.h:
        * page/FrameView.cpp:
        (WebCore::FrameView::updateLayoutViewport):
        * page/VisualViewport.cpp:
        (WebCore::VisualViewport::addEventListener):
        (WebCore::layoutIfNonNull):
        (WebCore::VisualViewport::offsetLeft const):
        Remove attribute computation logic since this now happens during update().
        (WebCore::VisualViewport::offsetTop const): Ditto.
        (WebCore::VisualViewport::pageLeft const): Ditto.
        (WebCore::VisualViewport::pageTop const): Ditto.
        (WebCore::VisualViewport::width const): Ditto.
        (WebCore::VisualViewport::height const): Ditto.
        (WebCore::VisualViewport::scale const):
        (WebCore::VisualViewport::update):
        Added. Computes all of the Visual Viewport attributes and determines
        whether events need to be fired.
        (WebCore::VisualViewport::enqueueResizeEvent):
        (WebCore::VisualViewport::enqueueScrollEvent):
        (WebCore::getFrameViewAndLayoutIfNonNull): Deleted.
        * page/VisualViewport.h:

2018-01-09  Yacine Bandou  <yacine.bandou_ext@softathome.com>

        [EME] Add the CENC initData support in ClearKey CDM
        https://bugs.webkit.org/show_bug.cgi?id=180081

        Reviewed by Xabier Rodriguez-Calvar.

        Add the "cenc" initDataType support in ClearKey CDM.
        Parse the CENC initData and extract the KIDs by following the W3C spec
        https://www.w3.org/TR/eme-initdata-cenc/#common-system

        Tests: media/encrypted-media/clearKey/clearKey-message-cenc-event.html
               media/encrypted-media/clearKey/clearKey-message-cenc-event-mse.html

        * platform/encryptedmedia/clearkey/CDMClearKey.cpp:
        (WebCore::extractKeyidsLocationFromCencInitData):
        (WebCore::isCencInitData):
        (WebCore::extractKeyidsFromCencInitData):
        (WebCore::CDMPrivateClearKey::supportsInitDataType const):
        (WebCore::CDMPrivateClearKey::supportsInitData const):
        (WebCore::CDMInstanceClearKey::requestLicense):

2018-01-09  Zan Dobersek  <zdobersek@igalia.com>

        [Cairo] Pass state values directly to Cairo operations
        https://bugs.webkit.org/show_bug.cgi?id=181389

        Reviewed by Carlos Garcia Campos.

        Instead of passing reference to the GraphicsContextState object to
        various Cairo operations, only pass the required state values. This
        makes it explicit what state values are used in these operations, at the
        expense of some long parameter lists, but this will be better addressed
        by future refactoring of this code into more concise functions.

        No new tests -- no change in functionality.

        * platform/graphics/cairo/CairoOperations.cpp:
        (WebCore::Cairo::drawGlyphsShadow):
        (WebCore::Cairo::dashedLineCornerWidthForStrokeWidth):
        (WebCore::Cairo::dashedLinePatternWidthForStrokeWidth):
        (WebCore::Cairo::drawGlyphs):
        (WebCore::Cairo::drawRect):
        (WebCore::Cairo::drawLine):
        (WebCore::Cairo::drawEllipse):
        * platform/graphics/cairo/CairoOperations.h:
        * platform/graphics/cairo/FontCairo.cpp:
        (WebCore::FontCascade::drawGlyphs):
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::drawRect):
        (WebCore::GraphicsContext::drawLine):
        (WebCore::GraphicsContext::drawEllipse):

2018-01-09  Ryosuke Niwa  <rniwa@webkit.org>

        Release assert in addResourceTiming when a cache resource is requested during style recalc
        https://bugs.webkit.org/show_bug.cgi?id=181137
        <rdar://problem/35666574>

        Reviewed by Simon Fraser.

        Make the dispatching of resourcetimingbufferfull event asynchronous to avoid dispatching it
        synchronously during a style resolution when CachedResourceLoader::requestImage requests
        a previously loaded image.

        We now schedule a timer when the resource timing buffer becomes full, and dispatch the event
        when the timer fires. Meanwhile, we have a backup buffer to which additional resource timing
        entries would be added. Once the event is dispatched, we refill the buffer exposed to author
        scripts. When refilling the buffer results in it becoming full again, we keep repeating the
        process of firing resourcetimingbufferfull and re-filling the buffer until either we stop
        making progress (i.e. the script didn't increase the number of empty entires in the buffer)
        or the backup buffer (at the time we started this process) becomes empty.

        Also fixed a bug that we were firing resourcetimingbufferfull event when the last entry that
        fits within the buffer size was added instead of when an entry is being added to an already
        full buffer. To make this work, the patch introduces m_resourceTimingBufferFullFlag,
        representing the concept "resource timing buffer full" flag in the resource timing specification.

        Test: http/tests/performance/performance-resource-timing-resourcetimingbufferfull-crash.html

        * page/Performance.cpp:
        (WebCore::Performance::Performance):
        (WebCore::Performance::clearResourceTimings):
        (WebCore::Performance::setResourceTimingBufferSize):
        (WebCore::Performance::addResourceTiming):
        (WebCore::Performance::resourceTimingBufferFullTimerFired):
        * page/Performance.h:

2018-01-08  Chris Nardi  <csnardi1@gmail.com>

        ::first-letter incorrectly selects grapheme pairs
        https://bugs.webkit.org/show_bug.cgi?id=181315

        Reviewed by Darin Adler.

        Grapheme pairs were incorrectly selected by ::first-letter. This
        change fixes their selection.

        Tests: Updated fast/css/first-letter-punctuation.html and imported
        LayoutTests/imported/w3c/web-platform-tests/css/css-pseudo-4/first-letter-004.html

        * rendering/updating/RenderTreeBuilderFirstLetter.cpp:
        (WebCore::isPunctuationForFirstLetter):
        (WebCore::shouldSkipForFirstLetter):
        (WebCore::RenderTreeBuilder::FirstLetter::createRenderers):

2018-01-08  Darin Adler  <darin@apple.com>

        Special list-item counter starts from an incorrect number for ::before and ::after
        https://bugs.webkit.org/show_bug.cgi?id=181084

        Reviewed by Zalan Bujtas.

        Test: fast/css/counters/counter-list-item.html

        * Sources.txt: Removed CounterDirectives.cpp.
        * WebCore.xcodeproj/project.pbxproj: Ditto.

        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::counterToCSSValue): Updated for changes to the CounterDirectives struct.
        * css/StyleBuilderCustom.h:
        (WebCore::StyleBuilderCustom::applyInheritCounter): Ditto.
        (WebCore::StyleBuilderCustom::applyValueCounter): Ditto.

        * html/HTMLLIElement.cpp:
        (WebCore::HTMLLIElement::parseValue): Call setExplicitValue(std::nullopt) instead
        of clearExplicitValue since we are using std::optional now.

        * rendering/RenderCounter.cpp:
        (WebCore::listItemCounterDirectives): Added. Computes the counter directives that
        express the effects on the list-item counter from list item and list elements.
        Used something as close to what the CSS 3 draft says as possible. This uses a
        negative increment when creating a list to counteract the positive increment done
        by a list element, except in the case of an unordered list. This is where the bug
        fix actually lies. Also fixed handling of reversed ordered lists at the same time.
        (WebCore::planCounter): Refactored to use the function above. Also changed the
        code to pay attention to both the counter directives and the implicit ones from
        list item and list elements, getting as close as possible to what the specification
        seems to call for.

        * rendering/RenderListItem.cpp:
        (WebCore::RenderListItem::RenderListItem): Since we are using std::optional and no
        longer using bit fields, simplified the constructor for each list item.
        (WebCore::RenderListItem::calcValue const): Deleted.
        (WebCore::RenderListItem::updateValueNow const): Merged in all the code from the
        old calcValue function, but it is also simpler now since m_value is std::optional.
        (WebCore::RenderListItem::updateValue): Updated to use std::optional.
        (WebCore::RenderListItem::setExplicitValue): Ditto.
        (WebCore::RenderListItem::clearExplicitValue): Deleted.
        (WebCore::RenderListItem::updateListMarkerNumbers): Updated to use std::optional.
        (WebCore::RenderListItem::isInReversedOrderedList const): Added. This is used by
        the counter code so it can decrement instead of incrementing.

        * rendering/RenderListItem.h: Updated to use std::optional. Also marked functions
        final instead of override and initialized m_notInList after making it not be a
        bitfield any more.

        * rendering/style/CounterDirectives.cpp: Removed.
        * rendering/style/CounterDirectives.h: Removed most of the CounterDirectives
        class and replaced it with a struct with two std::optional. Added an addClamped
        function so the counter code can share it with the addIncrementValue function.
        If we want to make a faster version that doesn't use double, we can come back
        and do that. Also moved the == function to the header since the implementation
        is so trivial.

        * rendering/style/StyleAllInOne.cpp: Removed CounterDirectives.cpp.

        * rendering/style/StyleRareNonInheritedData.cpp:
        (WebCore::StyleRareNonInheritedData::StyleRareNonInheritedData): Updated to
        use std::make_unique directly instead of using a clone function.

2018-01-08  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Expose HTMLAttachmentElement.uniqueIdentifier to bindings
        https://bugs.webkit.org/show_bug.cgi?id=181420
        <rdar://problem/36365827>

        Reviewed by Alex Christensen.

        Add a new IDL definition for uniqueIdentifier on HTMLAttachmentElement. This allows clients to relate attachment
        elements in the DOM to _WKAttachments delivered via Objective-C SPI.

        Adjusted existing tests in WKAttachmentTests.

        * html/HTMLAttachmentElement.idl:

2018-01-08  Don Olmstead  <don.olmstead@sony.com>

        AccessibilityARIAGrid does not compile when accessibility is disabled
        https://bugs.webkit.org/show_bug.cgi?id=181418
        <rdar://problem/36365398>

        Reviewed by Chris Fleizach.

        No new tests. No change in behavior.

        * accessibility/AccessibilityARIAGrid.cpp:

2018-01-08  Commit Queue  <commit-queue@webkit.org>

        Unreviewed, rolling out r226532 and r226540.
        https://bugs.webkit.org/show_bug.cgi?id=181422

        jessie says basic browsing does not seem to work (Requested by
        alexchristensen on #webkit).

        Reverted changesets:

        "Add CSP support to service workers"
        https://bugs.webkit.org/show_bug.cgi?id=181385
        https://trac.webkit.org/changeset/226532

        "SWClientConnection should not keep references to service
        worker jobs"
        https://bugs.webkit.org/show_bug.cgi?id=181381
        https://trac.webkit.org/changeset/226540

2018-01-08  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Expose file name and content type of WKAttachment
        https://bugs.webkit.org/show_bug.cgi?id=181390
        <rdar://problem/36336837>

        Reviewed by Tim Horton.

        Add new structs in AttachmentTypes.h and refactor HTMLAttachmentElement::requestData to requestInfo. See below
        for more details. Augmented existing API tests in WKAttachmentTests.

        * html/AttachmentTypes.h:

        Add a struct to represent a snapshot of information about an attachment element.

        * html/HTMLAttachmentElement.cpp:
        (WebCore::HTMLAttachmentElement::requestInfo):
        (WebCore::HTMLAttachmentElement::requestData): Deleted.
        * html/HTMLAttachmentElement.h:

        Change requestData to requestInfo. Instead of fetching and delivering data via callback, requestInfo returns an
        AttachmentInfo.

        * rendering/RenderThemeIOS.mm:
        (WebCore::RenderAttachmentInfo::addLine):
        (WebCore::RenderAttachmentInfo::buildWrappedLines):
        (WebCore::RenderAttachmentInfo::buildSingleLine):
        (WebCore::RenderAttachmentInfo::RenderAttachmentInfo):
        (WebCore::RenderThemeIOS::attachmentBaseline const):
        (WebCore::paintAttachmentIcon):
        (WebCore::paintAttachmentText):
        (WebCore::paintAttachmentProgress):
        (WebCore::attachmentBorderPath):
        (WebCore::RenderThemeIOS::paintAttachment):
        (WebCore::AttachmentInfo::addLine): Deleted.
        (WebCore::AttachmentInfo::buildWrappedLines): Deleted.
        (WebCore::AttachmentInfo::buildSingleLine): Deleted.
        (WebCore::AttachmentInfo::AttachmentInfo): Deleted.

        Rename AttachmentInfo to RenderAttachmentInfo to resolve a name conflict with the new AttachmentInfo struct.

2018-01-08  Saam Barati  <sbarati@apple.com>

        Speculative build fix after r226600. We only use clflush on x86 and the `asm volatile` syntax is not available in the Windows build.

        No new tests because this is a build fix.

        * dom/Comment.cpp:
        (WebCore::Comment::clflushReadLength):

2018-01-08  Michael Saboff  <msaboff@apple.com>

        Add a DOM gadget for Spectre testing
        https://bugs.webkit.org/show_bug.cgi?id=181351

        Reviewed by Saam Barati.

        This change is used to test Spectre mitigations.

        Added a side data array to the Comment DOM node to test for Spectre issues in
        the DOM layer.  This additional functionality is disabled by default and must
        be enabled through the JSC option "enableSpectreGadgets".

        * dom/Comment.cpp:
        (WebCore::Comment::Comment):
        (WebCore::Comment::setReadLength):
        (WebCore::Comment::charCodeAt):
        (WebCore::Comment::clflushReadLength):
        * dom/Comment.h:
        * dom/Comment.idl:
        * page/RuntimeEnabledFeatures.cpp:
        (WebCore::RuntimeEnabledFeatures::spectreGadgetsEnabled const):
        * page/RuntimeEnabledFeatures.h:

2018-01-08  Said Abou-Hallawa  <sabouhallawa@apple.com>

        A canvas should not be tainted if it draws a data URL SVGImage with a <foreignObject>
        https://bugs.webkit.org/show_bug.cgi?id=180301

        Reviewed by Dean Jackson.

        Don't taint the canvas if it draws a data URL SVGImage with a <foreignObject>.
        There should not be a cross-origin data leak in this case.

        Tests: svg/as-image/svg-canvas-data-url-svg-with-feimage-not-tainted.html
               svg/as-image/svg-canvas-data-url-svg-with-foreign-object-not-tainted.html
               svg/as-image/svg-canvas-data-url-svg-with-image-not-tainted.html

        * html/ImageBitmap.cpp:
        (WebCore::taintsOrigin):
        * html/canvas/CanvasRenderingContext.cpp:
        (WebCore::CanvasRenderingContext::wouldTaintOrigin):

2018-01-08  Don Olmstead  <don.olmstead@sony.com>

        Simplify platform checks in Graphics Context
        https://bugs.webkit.org/show_bug.cgi?id=181344

        Reviewed by Alex Christensen.

        No new tests. No change in behavior.

        * platform/graphics/ANGLEWebKitBridge.h:
        * platform/graphics/GLContext.h:
        * platform/graphics/GraphicsContext3D.h:
        * platform/graphics/OpenGLESShims.h:
        * platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp:
        (WebCore::GraphicsContext3D::checkVaryingsPacking const):

2018-01-08  Zalan Bujtas  <zalan@apple.com>

        [RenderTreeBuilder] Move SVG addChild logic to RenderTreeBuilder
        https://bugs.webkit.org/show_bug.cgi?id=181405
        <rdar://problem/36360476>

        Reviewed by Antti Koivisto.

        This is about moving the code, no cleanup and/or normalization (unfortunately it also means
        some temporary changes).  

        No change in functionality.

        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/svg/RenderSVGContainer.cpp:
        (WebCore::RenderSVGContainer::addChild):
        * rendering/svg/RenderSVGInline.cpp:
        (WebCore::RenderSVGInline::addChild):
        * rendering/svg/RenderSVGRoot.cpp:
        (WebCore::RenderSVGRoot::addChild):
        * rendering/svg/RenderSVGText.cpp:
        (WebCore::RenderSVGText::addChild):
        * rendering/updating/RenderTreeBuilder.cpp:
        (WebCore::RenderTreeBuilder::RenderTreeBuilder):
        (WebCore::RenderTreeBuilder::insertChildToSVGContainer):
        (WebCore::RenderTreeBuilder::insertChildToSVGInline):
        (WebCore::RenderTreeBuilder::insertChildToSVGRoot):
        (WebCore::RenderTreeBuilder::insertChildToSVGText):
        * rendering/updating/RenderTreeBuilder.h:
        (WebCore::RenderTreeBuilder::SVGBuilder):
        * rendering/updating/RenderTreeBuilderSVG.cpp: Added.
        (WebCore::RenderTreeBuilder::SVG::SVG):
        (WebCore::RenderTreeBuilder::SVG::insertChild):
        * rendering/updating/RenderTreeBuilderSVG.h: Added.

2018-01-08  John Wilander  <wilander@apple.com>

        Storage Access API: Remove access for all frames under a page when the page is closed
        https://bugs.webkit.org/show_bug.cgi?id=181398
        <rdar://problem/36357879>

        Reviewed by Alex Christensen.

        No new tests. Discussed with Alex Christensen and we concluded that
        both a layout test and an API test would require a lot of work and
        we have existing tests for clearing out storage access for frames.

        * platform/network/NetworkStorageSession.h:
        * platform/network/cf/NetworkStorageSessionCFNet.cpp:
        (WebCore::NetworkStorageSession::removeStorageAccessForAllFramesOnPage):

2018-01-08  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r226385.

        The test introduced with this was a flaky since being added.

        Reverted changeset:

        "AX: when invert colors is on, double-invert certain media
        elements in UserAgentStyleSheet"
        https://bugs.webkit.org/show_bug.cgi?id=168447
        https://trac.webkit.org/changeset/226385

2018-01-08  Youenn Fablet  <youenn@apple.com>

        SWClientConnection should not keep references to service worker jobs
        https://bugs.webkit.org/show_bug.cgi?id=181381

        Reviewed by Chris Dumez.

        Difficult to test determiniscally but corresponding crash log should no longer happen in debug builds.

        Stopped passing ServiceWorkerJob references from ServiceWorkerContainer (potentially in service worker thread) to SWClientConnection (main thread).
        Instead pass job identifiers and related data to the main thread.

        Minor refactoring to use ServiceWorkerJobIdentifier instead of ServiceWorkerJobDataIdentifier which contains more data than needed.

        * workers/service/SWClientConnection.cpp:
        (WebCore::SWClientConnection::scheduleJob):
        (WebCore::SWClientConnection::failedFetchingScript):
        (WebCore::SWClientConnection::postTaskForJob):
        (WebCore::SWClientConnection::jobRejectedInServer):
        (WebCore::SWClientConnection::registrationJobResolvedInServer):
        (WebCore::SWClientConnection::unregistrationJobResolvedInServer):
        (WebCore::SWClientConnection::startScriptFetchForServer):
        (WebCore::SWClientConnection::clearPendingJobs):
        (WebCore::SWClientConnection::finishedFetchingScript): Deleted.
        * workers/service/SWClientConnection.h:
        * workers/service/ServiceWorkerContainer.cpp:
        (WebCore::ServiceWorkerContainer::scheduleJob):
        (WebCore::ServiceWorkerContainer::startScriptFetchForJob):
        (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
        (WebCore::ServiceWorkerContainer::jobFailedLoadingScript):
        * workers/service/ServiceWorkerContainer.h:
        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::rejectJob):
        (WebCore::SWServer::resolveRegistrationJob):
        (WebCore::SWServer::resolveUnregistrationJob):
        (WebCore::SWServer::startScriptFetch):
        * workers/service/server/SWServer.h:

2018-01-08  Wenson Hsieh  <wenson_hsieh@apple.com>

        Copying, pasting, and then deleting an attachment element breaks attachment data requests
        https://bugs.webkit.org/show_bug.cgi?id=181365
        <rdar://problem/36340647>

        Reviewed by Tim Horton.

        Currently, copying and pasting an attachment element within the same document and then deleting backwards to
        remove the pasted attachment element causes the original attachment element to be inaccessible via SPI. This is
        because there are now two different attachment elements with the same unique identifier, such that Document,
        which keeps a map of all unique attachment identifiers to attachment elements, will lose track of the original
        attachment element.

        To fix this, we ensure that attachment elements should always have unique identifiers when they are inserted
        into the document. We make several small adjustments to accomplish this:

        1.  First, refactor HTMLAttachmentElement's unique identifier so that it no longer depends on the value of the
            "webkitattachmentid" attribute, and is instead just a member of HTMLAttachmentElement that is not exposed to
            DOM bindings. This means setting and querying an attachment element's uniqueIdentifier can be done without
            triggering any side effects, such as layout or mutation events.

        2.  Next, make "webkitattachmentid" a temporary attribute similar to "webkitattachmentpath" and
            "webkitattachmentbloburl", so that it is added only when generating a markup fragment for editing, and
            removed upon deserialization.

        3.  Lastly, shift the responsibility of assigning a unique identifier to an attachment away from places where we
            create attachment elements, and instead have Document enforce this when an attachment element is inserted.

        Tests:  WKAttachmentTests.InsertAndRemoveDuplicateAttachment
                WKAttachmentTests.InsertDuplicateAttachmentAndUpdateData

        * dom/Document.cpp:
        (WebCore::Document::didInsertAttachmentElement):

        Assign the unique identifier of an attachment element that has been inserted. If the identifier already tracks
        an existing attachment element in the document or is missing, reassign the identifier to a new value.

        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::createFragmentForImageAttachment):
        (WebCore::replaceRichContentWithAttachments):
        (WebCore::WebContentReader::readFilePaths):

        Remove calls to setUniqueIdentifier here, since Document will assign a unique identifier upon insertion.

        * editing/markup.cpp:
        (WebCore::StyledMarkupAccumulator::appendCustomAttributes):
        (WebCore::createFragmentFromMarkup):

        Set the attachment's unique identifier to the value of the "webkitattachmentid" attribute. When moving existing
        attachments around in the DOM without duplication, this ensures that the attachment will be removed and
        reinserted in the document without triggering removal and insertion client delegate methods.

        When pasting an attachment element that has the same identifier as an existing attachment, we let Document
        realize that the attachment identifier already exists, and reassign it to a unique value.

        * html/HTMLAttachmentElement.cpp:
        (WebCore::HTMLAttachmentElement::uniqueIdentifier const): Deleted.
        (WebCore::HTMLAttachmentElement::setUniqueIdentifier): Deleted.
        * html/HTMLAttachmentElement.h:

2018-01-08  Zalan Bujtas  <zalan@apple.com>

        [RenderTreeBuilder] Move RenderBlockFlow addChild logic to RenderTreeBuilder
        https://bugs.webkit.org/show_bug.cgi?id=181348
        <rdar://problem/36328117>

        Reviewed by Antti Koivisto.

        This is about moving the code, no cleanup and/or normalization (unfortunately it also means
        some temporary changes).  

        No change in functionality.

        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/RenderBlockFlow.cpp:
        (WebCore::RenderBlockFlow::addChild):
        * rendering/updating/RenderTreeBuilder.cpp:
        (WebCore::RenderTreeBuilder::RenderTreeBuilder):
        (WebCore::RenderTreeBuilder::insertChildToRenderBlockFlow):
        * rendering/updating/RenderTreeBuilder.h:
        (WebCore::RenderTreeBuilder::blockFlowBuilder):
        * rendering/updating/RenderTreeBuilderBlockFlow.cpp: Added.
        (WebCore::RenderTreeBuilder::BlockFlow::BlockFlow):
        (WebCore::RenderTreeBuilder::BlockFlow::insertChild):
        * rendering/updating/RenderTreeBuilderBlockFlow.h: Added.

2018-01-08  Youenn Fablet  <youenn@apple.com>

        Add CSP support to service workers
        https://bugs.webkit.org/show_bug.cgi?id=181385

        Reviewed by Chris Dumez.

        Covered by rebased tests.

        Added recovery of CSP information from WorkerScriptLoader.
        Added plumbing to pass the CSP information to Service Workers.
        Added persistency support for the CSP information.

        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::loadAsynchronously):
        (WebCore::WorkerScriptLoader::didReceiveResponse):
        * workers/WorkerScriptLoader.h:
        (WebCore::WorkerScriptLoader::contentSecurityPolicy const):
        * workers/service/SWClientConnection.cpp:
        (WebCore::SWClientConnection::finishedFetchingScript):
        (WebCore::SWClientConnection::failedFetchingScript):
        * workers/service/SWClientConnection.h:
        * workers/service/ServiceWorkerContainer.cpp:
        (WebCore::ServiceWorkerContainer::addRegistration):
        (WebCore::ServiceWorkerContainer::jobFailedWithException):
        (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
        (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
        * workers/service/ServiceWorkerContainer.h:
        * workers/service/ServiceWorkerContextData.cpp:
        (WebCore::ServiceWorkerContextData::isolatedCopy const):
        * workers/service/ServiceWorkerContextData.h:
        (WebCore::ServiceWorkerContextData::encode const):
        (WebCore::ServiceWorkerContextData::decode):
        * workers/service/ServiceWorkerFetchResult.h:
        (WebCore::ServiceWorkerFetchResult::encode const):
        (WebCore::ServiceWorkerFetchResult::decode):
        * workers/service/ServiceWorkerGlobalScope.cpp:
        (WebCore::ServiceWorkerGlobalScope::create):
        * workers/service/ServiceWorkerGlobalScope.h:
        * workers/service/ServiceWorkerJob.cpp:
        (WebCore::ServiceWorkerJob::notifyFinished):
        * workers/service/ServiceWorkerJobClient.h:
        * workers/service/context/ServiceWorkerThread.cpp:
        (WebCore::ServiceWorkerThread::ServiceWorkerThread):
        (WebCore::ServiceWorkerThread::createWorkerGlobalScope):
        * workers/service/server/RegistrationDatabase.cpp:
        (WebCore::v1RecordsTableSchema):
        (WebCore::RegistrationDatabase::openSQLiteDatabase):
        (WebCore::RegistrationDatabase::doPushChanges):
        (WebCore::RegistrationDatabase::importRecords):
        * workers/service/server/SWServer.cpp:
        (WebCore::SWServer::updateWorker):
        (WebCore::SWServer::installContextData):
        * workers/service/server/SWServer.h:
        * workers/service/server/SWServerJobQueue.cpp:
        (WebCore::SWServerJobQueue::scriptFetchFinished):
        * workers/service/server/SWServerWorker.cpp:
        (WebCore::SWServerWorker::SWServerWorker):
        (WebCore::m_contentSecurityPolicy):
        (WebCore::SWServerWorker::contextData const):
        * workers/service/server/SWServerWorker.h:

2018-01-08  Youenn Fablet  <youenn@apple.com>

        Use no-cache fetch mode when loading main documents with location.reload()
        https://bugs.webkit.org/show_bug.cgi?id=181285

        Reviewed by Alex Christensen.

        Covered by rebased tests.

        Start to translate cache policy used for navigation as FetchOptions::Cache.
        This allows ensuring service workers receive the right cache mode when intercepting navigation loads.
        To not change current navigation behavior, ReturnCacheDataElseLoad and ReturnCacheDataDontLoad still trigger default fetch cache mode.

        For Reload and ReloadExpiredOnly frame load types, using no-cache mode is more efficient than reload mode,
        as a conditional request will be sent if possible. This applies to location.reload which is consistent with other browsers.
        Keep reload mode for ReloadFromOrigin.

        * loader/DocumentLoader.cpp:
        (WebCore::toFetchOptionsCache):
        (WebCore::DocumentLoader::loadMainResource):
        * loader/FrameLoader.cpp:
        (WebCore::FrameLoader::loadFrameRequest):
        (WebCore::FrameLoader::loadURL):
        (WebCore::FrameLoader::load):
        (WebCore::FrameLoader::reload):
        (WebCore::FrameLoader::defaultRequestCachingPolicy):
        (WebCore::FrameLoader::loadDifferentDocumentItem):
        * loader/NavigationScheduler.cpp:

2018-01-08  Youenn Fablet  <youenn@apple.com>

        Stop exposing fetch and extendable events to window
        https://bugs.webkit.org/show_bug.cgi?id=181325

        Reviewed by Chris Dumez.

        Covered by updated tests.

        Marked FetchEvent and ExtendableEvent as visible in ServiceWorker environments only.
        Moved related Internals testing routines to ServiceWorkerInternals.

        * testing/Internals.cpp:
        (WebCore::Internals::waitForFetchEventToFinish): Deleted.
        (WebCore::Internals::createBeingDispatchedFetchEvent): Deleted.
        * testing/Internals.h:
        * testing/Internals.idl:
        * testing/ServiceWorkerInternals.cpp:
        (WebCore::ServiceWorkerInternals::waitForFetchEventToFinish):
        (WebCore::ServiceWorkerInternals::createBeingDispatchedFetchEvent):
        * testing/ServiceWorkerInternals.h:
        * testing/ServiceWorkerInternals.idl:
        * workers/service/ExtendableEvent.idl:
        * workers/service/FetchEvent.idl:

2018-01-08  Antti Koivisto  <antti@apple.com>

        REGRESSION (r219145): Toggling layer borders on a static document no longer works immediately
        https://bugs.webkit.org/show_bug.cgi?id=176260
        <rdar://problem/34219966>

        Reviewed by Simon Fraser.

        Optimization reveled bugs in debug indicator painting.

        Test: compositing/debug-borders-dynamic.html

        * platform/graphics/ca/GraphicsLayerCA.cpp:
        (WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers):
        (WebCore::GraphicsLayerCA::updateDebugIndicators):
        (WebCore::GraphicsLayerCA::updateDebugBorder): Deleted.

        - Rename to indicate this is not just about debug borders.
        - Trigger display so repaint counters get painted. This helper is only called when the indicators change.

        * platform/graphics/ca/GraphicsLayerCA.h:
        * rendering/RenderLayerCompositor.cpp:
        (WebCore::RenderLayerCompositor::cacheAcceleratedCompositingFlags):

        Ensure we do compositing update on debug border change even when there is no layout.

2018-01-08  Zalan Bujtas <zalan@apple.com>

        [RenderTreeBuilder] Move RenderInline addChild logic to RenderTreeBuilder
        https://bugs.webkit.org/show_bug.cgi?id=181336
        <rdar://problem/36324693>

        Reviewed by Antti Koivisto.

        This is about moving the code, no cleanup and/or normalization (unfortunately it also means
        some temporary changes).  

        No change in functionality.

        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/RenderInline.cpp:
        (WebCore::RenderInline::addChild):
        (WebCore::RenderInline::addChildIgnoringContinuation):
        (WebCore::RenderInline::childBecameNonInline):
        (WebCore::nextContinuation): Deleted.
        (WebCore::RenderInline::continuationBefore): Deleted.
        (WebCore::newChildIsInline): Deleted.
        (WebCore::RenderInline::cloneAsContinuation const): Deleted.
        (WebCore::RenderInline::splitInlines): Deleted.
        (WebCore::RenderInline::splitFlow): Deleted.
        (WebCore::canUseAsParentForContinuation): Deleted.
        (WebCore::RenderInline::addChildToContinuation): Deleted.
        * rendering/RenderInline.h:
        * rendering/updating/RenderTreeBuilder.cpp:
        (WebCore::RenderTreeBuilder::RenderTreeBuilder):
        (WebCore::RenderTreeBuilder::insertChildToRenderInline):
        (WebCore::RenderTreeBuilder::insertChildToRenderInlineIgnoringContinuation):
        (WebCore::RenderTreeBuilder::splitFlow):
        * rendering/updating/RenderTreeBuilder.h:
        (WebCore::RenderTreeBuilder::inlineBuilder):
        * rendering/updating/RenderTreeBuilderInline.cpp: Added.
        (WebCore::canUseAsParentForContinuation):
        (WebCore::nextContinuation):
        (WebCore::continuationBefore):
        (WebCore::cloneAsContinuation):
        (WebCore::newChildIsInline):
        (WebCore::inFlowPositionedInlineAncestor):
        (WebCore::RenderTreeBuilder::Inline::Inline):
        (WebCore::RenderTreeBuilder::Inline::insertChild):
        (WebCore::RenderTreeBuilder::Inline::insertChildToContinuation):
        (WebCore::RenderTreeBuilder::Inline::insertChildIgnoringContinuation):
        (WebCore::RenderTreeBuilder::Inline::splitFlow):
        (WebCore::RenderTreeBuilder::Inline::splitInlines):
        * rendering/updating/RenderTreeBuilderInline.h: Added.

2018-01-08  Zalan Bujtas  <zalan@apple.com>

        [RenderTreeBuilder] Move RenderBlock addChild logic to RenderTreeBuilder
        https://bugs.webkit.org/show_bug.cgi?id=181319
        <rdar://problem/36313464>

        Reviewed by Antti Koivisto.

        This is about moving the code, no cleanup and/or normalization (unfortunately it also means
        some temporary changes).  

        No change in functionality.

        * Sources.txt:
        * WebCore.xcodeproj/project.pbxproj:
        * rendering/RenderBlock.cpp:
        (WebCore::RenderBlock::addChild):
        (WebCore::RenderBlock::addChildIgnoringContinuation):
        (WebCore::RenderBlock::childBecameNonInline):
        (WebCore::RenderBlock::continuationBefore): Deleted.
        (WebCore::RenderBlock::addChildToContinuation): Deleted.
        (WebCore::getInlineRun): Deleted.
        (WebCore::RenderBlock::makeChildrenNonInline): Deleted.
        * rendering/RenderBlock.h:
        * rendering/RenderBox.cpp:
        (WebCore::markBoxForRelayoutAfterSplit): Deleted.
        (WebCore::RenderBox::splitAnonymousBoxesAroundChild): Deleted.
        * rendering/RenderBox.h:
        * rendering/RenderRubyBase.cpp:
        (WebCore::RenderRubyBase::moveChildren):
        (WebCore::RenderRubyBase::moveBlockChildren):
        * rendering/RenderTable.cpp:
        (WebCore::RenderTable::addChild):
        * rendering/RenderTableRow.cpp:
        (WebCore::RenderTableRow::addChild):
        * rendering/RenderTableSection.cpp:
        (WebCore::RenderTableSection::addChild):
        * rendering/updating/RenderTreeBuilder.cpp:
        (WebCore::markBoxForRelayoutAfterSplit):
        (WebCore::getInlineRun):
        (WebCore::RenderTreeBuilder::RenderTreeBuilder):
        (WebCore::RenderTreeBuilder::insertChildToRenderBlock):
        (WebCore::RenderTreeBuilder::insertChildToRenderBlockIgnoringContinuation):
        (WebCore::RenderTreeBuilder::makeChildrenNonInline):
        (WebCore::RenderTreeBuilder::splitAnonymousBoxesAroundChild):
        * rendering/updating/RenderTreeBuilder.h:
        (WebCore::RenderTreeBuilder::blockBuilder):
        * rendering/updating/RenderTreeBuilderBlock.cpp: Added.
        (WebCore::continuationBefore):
        (WebCore::RenderTreeBuilder::Block::Block):
        (WebCore::RenderTreeBuilder::Block::insertChild):
        (WebCore::RenderTreeBuilder::Block::insertChildToContinuation):
        (WebCore::RenderTreeBuilder::Block::insertChildIgnoringContinuation):
        * rendering/updating/RenderTreeBuilderBlock.h: Added.
        
2018-01-08  Jeremy Jones  <jeremyj@apple.com>

        Standard controls sometimes say video is in pip when it isnt.
        https://bugs.webkit.org/show_bug.cgi?id=181095
        rdar://problem/36182687

        Reviewed by Eric Carlson.

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::exitFullscreen):

2018-01-08  Jer Noble  <jer.noble@apple.com>

        REGRESSION: [iOS] ASSERTION FAILED: !node.isConnected() in WebCore::notifyNodeInsertedIntoDocument
        https://bugs.webkit.org/show_bug.cgi?id=181091

        Reviewed by Darin Adler.

        Move the work previously performed in insertedIntoAncestor() into didFinishInsertingNode().

        * html/HTMLMediaElement.cpp:
        (WebCore::HTMLMediaElement::prepareForLoad):

2018-01-08  Zan Dobersek  <zdobersek@igalia.com>

        [Cairo] Use isolated fill and stroke source containers
        https://bugs.webkit.org/show_bug.cgi?id=181386

        Reviewed by Carlos Garcia Campos.

        Generate fill and stroke source objects upon invocation of various Cairo
        operations, initializing necessary data from the GraphicsContextState
        object.

        Cairo::FillSource and Cairo::StrokeSource structs are introduced, both
        being default-constructible as well as providing a constructor that
        accepts a GraphicsContextState object from which the appropriate
        resources are created.

        The FillSource and StrokeSource objects are then passed to
        PlatformContextCairo's prepareForFilling() and prepareForStroking()
        methods. Here the helper prepareCairoContextSource() function is now
        invoked with cairo_pattern_t objects as pattern or gradient sources, or
        the source color if neither cairo_pattern_t object is specified.

        The FillSource and StrokeSource constructors mimic the previous behavior
        of prepareCairoContextSource(). In case the source is a Pattern object,
        a cairo_pattern_t object is created from that. In case of FillSource,
        we also retrieve pattern size, transform and repetition information. In
        case the source os a Gradient object, we create a 'base' cairo_pattern_t
        object for a completely opaque alpha channel. Additionally, if the alpha
        value on the state is not 1, we create an alpha-adjusted cairo_pattern_t
        that is potentially used for any filling or stroking operation that has
        to preserve transparency. If neither Pattern or Gradient objects are set
        on the GraphicsContextState, we default to the current fill or stroke
        color.

        Overall, there's no change in behavior, this is simply a refactoring
        that enables us to construct Cairo objects for filling and stroking
        sources at the time of Cairo operation dispatch, instead of pulling down
        GraphicsContextState deeper into the Cairo-specific code.

        No new tests -- no change in functionality.

        * platform/graphics/cairo/CairoOperations.cpp:
        (WebCore::Cairo::drawPathShadow):
        (WebCore::Cairo::fillCurrentCairoPath):
        (WebCore::Cairo::FillSource::FillSource):
        (WebCore::Cairo::StrokeSource::StrokeSource):
        (WebCore::Cairo::fillRect):
        (WebCore::Cairo::fillRectWithRoundedHole):
        (WebCore::Cairo::fillPath):
        (WebCore::Cairo::strokeRect):
        (WebCore::Cairo::strokePath):
        (WebCore::Cairo::drawGlyphs):
        * platform/graphics/cairo/CairoOperations.h:
        * platform/graphics/cairo/FontCairo.cpp:
        (WebCore::FontCascade::drawGlyphs):
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::fillPath):
        (WebCore::GraphicsContext::strokePath):
        (WebCore::GraphicsContext::fillRect):
        (WebCore::GraphicsContext::strokeRect):
        (WebCore::GraphicsContext::fillRectWithRoundedHole):
        * platform/graphics/cairo/PlatformContextCairo.cpp:
        (WebCore::prepareCairoContextSource):
        (WebCore::PlatformContextCairo::prepareForFilling):
        (WebCore::PlatformContextCairo::prepareForStroking):
        (WebCore::PlatformContextCairo::clipForPatternFilling):
        * platform/graphics/cairo/PlatformContextCairo.h:

2018-01-08  Youenn Fablet  <youenn@apple.com>

        navigator.onLine does not work inside service workers
        https://bugs.webkit.org/show_bug.cgi?id=181079
        <rdar://problem/36178606>

        Reviewed by Darin Adler.

        Test: http/wpt/service-workers/online.https.html

        Added support for onLine by reusing a similar implementation as regular workers.
        Added ServiceWorkerInternals as an interface for an object exposed as self.internals in WTR.
        This object has currently one method to trigger change in the online/offline status.
        This allows writing a test for the onLine feature.

        Note that self.internals is inserted asynchronously after the script was evaluated.
        When writing a worker script using self.internals, one must make sure to use self.internals when initialized.
        online-worker.js for instance makes use of self.internals in a postMessage callback.

        * CMakeLists.txt:
        * DerivedSources.make:
        * WebCore.xcodeproj/project.pbxproj:
        * bindings/js/WorkerScriptController.h:
        * dom/ScriptExecutionContext.h:
        * testing/ServiceWorkerInternals.cpp: Added.
        (WebCore::ServiceWorkerInternals::ServiceWorkerInternals):
        (WebCore::ServiceWorkerInternals::setOnline):
        * testing/ServiceWorkerInternals.h: Added.
        * testing/ServiceWorkerInternals.idl: Added.
        * testing/js/WebCoreTestSupport.cpp:
        (WebCoreTestSupport::setupNewlyCreateServiceWorker):
        * testing/js/WebCoreTestSupport.h:
        * workers/service/context/SWContextManager.cpp:
        (WebCore::SWContextManager::registerServiceWorkerThreadForInstall):
        (WebCore::SWContextManager::startedServiceWorker):
        * workers/service/context/SWContextManager.h:
        (WebCore::SWContextManager::setServiceWorkerCreationCallback):
        (WebCore::SWContextManager::workerByID):
        * workers/service/context/ServiceWorkerThread.cpp:
        (WebCore::ServiceWorkerThread::ServiceWorkerThread):
        * workers/service/context/ServiceWorkerThreadProxy.cpp:
        (WebCore::ServiceWorkerThreadProxy::ServiceWorkerThreadProxy):
        (WebCore::ServiceWorkerThreadProxy::~ServiceWorkerThreadProxy):
        (WebCore::ServiceWorkerThreadProxy::networkStateChanged):
        (WebCore::ServiceWorkerThreadProxy::notifyNetworkStateChange):
        * workers/service/context/ServiceWorkerThreadProxy.h:

2018-01-08  Zan Dobersek  <zdobersek@igalia.com>

        [Cairo] Contain shadow blur requirement state in a separate object
        https://bugs.webkit.org/show_bug.cgi?id=181380

        Reviewed by Carlos Garcia Campos.

        Instead of picking up the necessary state parameters from a
        GraphicsContextState object, store the necessary parameters in a helper
        ShadowBlurUsage struct. Mimicking the mustUseShadowBlur() function that
        is being removed, values of the shadow color, shadow blur, and shadow
        transform ignorance are stored there. Additionally, the required()
        method accepts a PlatformContextCairo object through which it can
        retrieve the current CTM and determine whether it's an identity, finally
        deciding whether shadow blur can or cannot be ignored.

        Goal of this change is to limit usage of GraphicsContextState directly
        in operations implemented inside the Cairo namespace. Instead, the
        state parameters should be passed directly, or an equivalent but limited
        state object should be constructed for invocation of such operations.

        This is likely only an intermediate solution. It's possible it will be
        replaced by a more complete shadow state struct that would be used for
        any operation that is required to draw shadows, if necessary.

        No new tests -- no change in functionality.

        * platform/graphics/cairo/CairoOperations.cpp:
        (WebCore::Cairo::drawGlyphsShadow):
        (WebCore::Cairo::ShadowBlurUsage::ShadowBlurUsage):
        (WebCore::Cairo::ShadowBlurUsage::required const):
        (WebCore::Cairo::fillRectWithRoundedHole):
        (WebCore::Cairo::drawGlyphs):
        (WebCore::Cairo::mustUseShadowBlur): Deleted.
        * platform/graphics/cairo/CairoOperations.h:
        * platform/graphics/cairo/FontCairo.cpp:
        (WebCore::FontCascade::drawGlyphs):
        * platform/graphics/cairo/GraphicsContextCairo.cpp:
        (WebCore::GraphicsContext::fillRectWithRoundedHole):

2018-01-08  Philippe Normand  <pnormand@igalia.com>

        [GStreamer][Soup] Remove dead getCreateOrReadBuffer code path
        https://bugs.webkit.org/show_bug.cgi?id=181376

        Reviewed by Carlos Garcia Campos.

        This code path is no longer used now that the GStreamer HTTP
        source element uses data coming directly from the network process.

        * SourcesGTK.txt:
        * SourcesWPE.txt:
        * loader/MediaResourceLoader.cpp:
        (WebCore::MediaResource::getOrCreateReadBuffer): Deleted.
        * loader/MediaResourceLoader.h:
        * loader/SubresourceLoader.h:
        * loader/cache/CachedRawResource.h:
        * loader/cache/CachedRawResourceClient.h:
        (WebCore::CachedRawResourceClient::finishedTimingForWorkerLoad):
        (WebCore::CachedRawResourceClient::getOrCreateReadBuffer): Deleted.
        * loader/cache/CachedResource.h:
        (WebCore::CachedResource::getOrCreateReadBuffer): Deleted.
        * loader/soup/CachedRawResourceSoup.cpp: Removed.
        * loader/soup/SubresourceLoaderSoup.cpp: Removed.
        * platform/graphics/PlatformMediaResourceLoader.h:
        (WebCore::PlatformMediaResourceClient::loadFinished):
        (WebCore::PlatformMediaResourceClient::getOrCreateReadBuffer): Deleted.
        * platform/graphics/gstreamer/WebKitWebSourceGStreamer.cpp:
        (CachedResourceStreamingClient::getOrCreateReadBuffer): Deleted.
        * platform/network/ResourceHandleClient.h:
        (WebCore::ResourceHandleClient::getOrCreateReadBuffer): Deleted.
        * platform/network/soup/ResourceHandleSoup.cpp:
        (WebCore::ResourceHandle::ensureReadBuffer):

2018-01-08  Zan Dobersek  <zdobersek@igalia.com> and Carlos Garcia Campos  <cgarcia@igalia.com>

        [GStreamer] use FastMalloc-based GstAllocator
        https://bugs.webkit.org/show_bug.cgi?id=165793

        Reviewed by Philippe Normand.

        Add GstAllocatorFastMalloc, a GstAllocator implementation using fast malloc. It's only used when fast malloc is
        enabled and can be disabled using an environment variable for debugging purposes.

        * platform/GStreamer.cmake:
        * platform/graphics/gstreamer/GStreamerUtilities.cpp:
        (WebCore::initializeGStreamer):
        * platform/graphics/gstreamer/GstAllocatorFastMalloc.cpp: Added.
        (gstMemoryFastMallocNew):
        (gstAllocatorFastMallocAlloc):
        (gstAllocatorFastMallocFree):
        (gstAllocatorFastMallocMemMap):
        (gstAllocatorFastMallocMemUnmap):
        (gstAllocatorFastMallocMemCopy):
        (gstAllocatorFastMallocMemShare):
        (gstAllocatorFastMallocMemIsSpan):
        (gst_allocator_fast_malloc_class_init):
        (gst_allocator_fast_malloc_init):
        * platform/graphics/gstreamer/GstAllocatorFastMalloc.h: Added.

2018-01-07  Ms2ger  <Ms2ger@igalia.com>

        Implement createImageBitmap(ImageBitmap)
        https://bugs.webkit.org/show_bug.cgi?id=181287

        Reviewed by Darin Adler.

        Tests: imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-drawImage.html
               imported/w3c/web-platform-tests/2dcontext/imagebitmap/createImageBitmap-invalid-args.html

        * html/ImageBitmap.cpp:
        (WebCore::ImageBitmap::createPromise):

2018-01-07  Ryosuke Niwa  <rniwa@webkit.org>

        Reduce the precision of "high" resolution time to 1ms
        https://bugs.webkit.org/show_bug.cgi?id=180910
        <rdar://problem/36085943>

        Reviewed by Saam Barati.

        Reduced the high prevision time's resolution to 1ms, the same precision as Date.now().

        Also fixed the bug in fillRTCStats that we weren't reducing the time resolution in RTCStats dictionaries.

        * Modules/mediastream/libwebrtc/LibWebRTCMediaEndpoint.cpp:
        (WebCore::fillRTCStats):
        * page/Performance.cpp:
        (WebCore::Performance::reduceTimeResolution):

2018-01-06  Simon Fraser  <simon.fraser@apple.com>

        Possible crash computing event regions
        https://bugs.webkit.org/show_bug.cgi?id=181368
        rdar://problem/34847081

        Reviewed by Zalan Bujtas.

        Don't trigger layout in Element::absoluteEventHandlerBounds(), since this can run arbirary script
        which might delete elements or re-enter Document::absoluteRegionForEventTargets().

        It's OK to not trigger layout, because if layout is dirty, the next layout will update event regions again.

        Add a LayoutDisallowedScope to check that Document::absoluteRegionForEventTargets() doesn't
        trigger layout, and move the check for LayoutDisallowedScope::isLayoutAllowed() from Document::updateLayout()
        to LayoutContext::layout(), since some layouts don't happen via the former (e.g. the one being removed here).

        The test checks that the assertion does not fire. I was not able to get a reliable test for any crash.

        Test: fast/events/event-handler-regions-layout.html

        * dom/Document.cpp:
        (WebCore::Document::updateLayout):
        (WebCore::Document::absoluteRegionForEventTargets):
        * dom/Element.cpp:
        (WebCore::Element::absoluteEventHandlerBounds):
        * page/LayoutContext.cpp:
        (WebCore::LayoutContext::layout):
        * rendering/LayoutDisallowedScope.h: Move the #ifdefs around to avoid defining the enum twice.
        (WebCore::LayoutDisallowedScope::LayoutDisallowedScope):
        (WebCore::LayoutDisallowedScope::isLayoutAllowed):

2018-01-06  Simon Fraser  <simon.fraser@apple.com>

        Crash under RenderLayer::scrollTo() with marquee
        https://bugs.webkit.org/show_bug.cgi?id=181349
        rdar://problem/36190168

        Reviewed by Zalan Bujtas.

        Don't call updateWidgetPositions() synchonously during RenderLayer scrolling, because it
        can run arbitrary script which may trigger destruction of this RenderLayer.

        Instead, queue up updateWidgetPositions() on a zero-delay timer.

        Under some circumstances this may allow a paint to occur before the widgets have been
        updated (which could be fixed with a more invasive change), but in practice I saw no
        painting issues with plug-ins or iframes inside overflow scroll, in WebKit or LegacyWebKit.

        Test: fast/scrolling/marquee-scroll-crash.html

        * page/FrameView.cpp:
        (WebCore::FrameView::FrameView):
        (WebCore::FrameView::updateWidgetPositions):
        (WebCore::FrameView::scheduleUpdateWidgetPositions):
        (WebCore::FrameView::updateWidgetPositionsTimerFired):
        * page/FrameView.h:
        * rendering/RenderLayer.cpp:
        (WebCore::RenderLayer::scrollTo):

2018-01-05  Dean Jackson  <dino@apple.com>

        Accurately clip copyTexImage2D and copyTexSubImage2D
        https://bugs.webkit.org/show_bug.cgi?id=181356
        <rdar://problem/35083877>

        Reviewed by Eric Carlson.

        The code to make sure copyTexSubImage2D and copyTexImage2D will not try to read
        out of bounds had a bad bug introduced here:
        https://bugs.webkit.org/show_bug.cgi?id=51421

        With appropriate parameters, it would produce a rectangle with
        negative dimensions. Most GL drivers just ignored this, but some
        are not happy.

        Test: fast/canvas/webgl/copy-tex-image-and-sub-image-2d-bad-input.html

        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::clip2D): Reimplement this in a more sane manner, and use
        checked arithmetic while here.
        * html/canvas/WebGLRenderingContextBase.h:
        (WebCore::clip1D): Deleted.
        (WebCore::clip2D): Deleted.

2018-01-06  Antti Koivisto  <antti@apple.com>

        Use WeakPtr for RenderTreePosition::m_nextSibling
        https://bugs.webkit.org/show_bug.cgi?id=181363

        Reviewed by Zalan Bujtas.

        For safety. In most cases it is null and won't cause us to instantiate WeakReferences for
        many new objects.

        * rendering/updating/RenderTreePosition.cpp:
        (WebCore::RenderTreePosition::computeNextSibling):
        * rendering/updating/RenderTreePosition.h:
        (WebCore::RenderTreePosition::RenderTreePosition):
        (WebCore::RenderTreePosition::nextSibling const):

2018-01-05  David Kilzer  <ddkilzer@apple.com>

        Re-enable -Wcast-qual in WebCore for Apple ports
        <https://webkit.org/b/177895>
        <rdar://problem/34960830>

        Reviewed by Joseph Pecoraro.

        * Configurations/Base.xcconfig:
        (WARNING_CFLAGS): Remove FIXME and add -Wcast-qual back to
        arguments.

        * crypto/mac/SerializedCryptoKeyWrapMac.mm:
        (WebCore::createAndStoreMasterKey):
        - Use checked_cf_cast<SecACLRef>().

        * editing/cocoa/DataDetection.mm:
        (WebCore::detectItemAtPositionWithRange):
        - Manually cast CFTypeRef to DDResultRef until
          DDResultGetTypeID() is available as SPI.

        * platform/gamepad/mac/HIDGamepad.cpp:
        (WebCore::HIDGamepad::initElementsFromArray):
        - Use checked_cf_cast<IOHIDElementRef>().

        * platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm:
        (WebCore::MediaSampleAVFObjC::createImageSample):
        (WebCore::CMSampleBufferIsRandomAccess):
        (WebCore::CMSampleBufferIsNonDisplaying):
        (WebCore::MediaSampleAVFObjC::createNonDisplayingCopy const):
        - Use checked_cf_cast<CFMutableDictionaryRef>() and
          checked_cf_cast<CFDictionaryRef>().

        * platform/graphics/cocoa/IOSurface.h:
        (WebCore::IOSurface::asLayerContents):
        - Use reinterpret_cast<id>() to cast from IOSurfaceRef to id.

        * platform/graphics/cocoa/WebCoreDecompressionSession.mm:
        (WebCore::WebCoreDecompressionSession::getFirstVideoFrame):
        (WebCore::WebCoreDecompressionSession::automaticDequeue):
        (WebCore::WebCoreDecompressionSession::imageForTime):
        (WebCore::WebCoreDecompressionSession::getDecodeTime):
        (WebCore::WebCoreDecompressionSession::getPresentationTime):
        (WebCore::WebCoreDecompressionSession::getDuration):
        - Use checked_cf_cast<CMSampleBufferRef>().

        * platform/graphics/Font.h:
        (WebCore::Font::m_kernedCFStringAttributes):
        (WebCore::Font::m_nonKernedCFStringAttributes):
        - Change type from RetainPtr<CFDictionaryRef> to
          RetainPtr<CFMutableDictionaryRef> since that's what they are.
        * platform/graphics/mac/SimpleFontDataCoreText.cpp:
        (WebCore::Font::getCFStringAttributes const):
        - Replace local `mutableAttributes` variable with
          `attributesDictionary.get()` since it returns the correct type
          now.

        * platform/ios/wak/WAKView.mm:
        (-[WAKView _initWithViewRef:]):
        (_WAKCopyWrapper):
        * platform/ios/wak/WKView.mm:
        (_WKViewClearSuperview):
        (WKViewFirstChild):
        (WKViewNextSibling):
        - Use static_cast<WKViewRef>(const_cast<void*>()) to convert
          const void* variable to WKViewRef.

        * platform/mac/PasteboardMac.mm:
        (WebCore::flipImageSpec):
        (WebCore::setDragImageImpl):
        - Use const_cast<> to remove 'const' modifier from
          unsigned char pointers.  This regressed while -Wcast-qual was
          disabled for WebCore.

        * platform/mac/SSLKeyGeneratorMac.mm:
        (WebCore::signedPublicKeyAndChallengeString):
        - Use checked_cf_cast<SecACLRef>().

        * platform/mediastream/mac/RealtimeIncomingVideoSourceCocoa.cpp:
        (WebCore::RealtimeIncomingVideoSourceCocoa::OnFrame):
        - Use checked_cf_cast<CFMutableDictionaryRef>().

        * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
        (WebCore::copyCONNECTProxyResponse):
        - Use checked_cf_cast<CFHTTPMessageRef>().

        * platform/network/cocoa/ResourceResponseCocoa.mm:
        (WebCore::ResourceResponse::platformCertificateInfo const):
        - Use checked_cf_cast<SecTrustRef>().

        * platform/network/mac/CertificateInfoMac.mm:
        (WebCore::CertificateInfo::containsNonRootSHA1SignedCertificate const):
        (WebCore::CertificateInfo::dump const):
        - Use checked_cf_cast<SecCertificateRef>().

        * testing/cocoa/WebArchiveDumpSupport.mm:
        (WebCoreTestSupport::createCFURLResponseFromResponseData):
        - Use checked_cf_cast<>() for CFMutable* types.

2018-01-05  John Wilander  <wilander@apple.com>

        Storage Access API: Refactor to make naming accurate and explicit, simplify access table, and prepare for access removal for page
        https://bugs.webkit.org/show_bug.cgi?id=181357
        <rdar://problem/36331031>

        Reviewed by Alex Christensen.

        No new tests. The only changed functionality that isn't covered
        by existing tests is cross-origin iframes in the same partition
        should be handled as already having access. This cannot be
        tested in layout tests since they don't support subdomains.

        This change does the following:
        - Changes function and message names to reflect how this feature
          was eventually implemented, i.e. access per frame.
        - Makes it explicit that the UI process is only involved in
          granting storage access and not removing storage access.
          The latter is done directly by the web process.
        - Simplifies the network process' entry map since only needs to
          be able to give access to one domain in one frame at a time.
          Access goes away on frame navigation so there can only be one
          domain at a time per frame. Also, the map now uses pageIDs as
          main keys to prepare for efficient access removal for all
          frames under a page.
        - Fixes a bug in so that a cross-origin iframe with the same
          partition as the top frame correctly is handled as already
          having access.

        * platform/network/NetworkStorageSession.h:
        * platform/network/cf/NetworkStorageSessionCFNet.cpp:
        (WebCore::NetworkStorageSession::cookieStoragePartition const):
            The only change here is the changed named of the call to
            NetworkStorageSession::hasStorageAccessForFrame().
        (WebCore::NetworkStorageSession::hasStorageAccessForFrame const):
        (WebCore::NetworkStorageSession::grantStorageAccessForFrame):
        (WebCore::NetworkStorageSession::removeStorageAccessForFrame):
        (WebCore::NetworkStorageSession::isStorageAccessGranted const): Deleted.
        (WebCore::NetworkStorageSession::setStorageAccessGranted): Deleted.
        (WebCore::NetworkStorageSession::removeStorageAccess): Deleted.

2018-01-05  Youenn Fablet  <youenn@apple.com>

        Implement Cache API partitioning based on ClientOrigin
        https://bugs.webkit.org/show_bug.cgi?id=181240

        Reviewed by Alex Christensen.

        Covered by updated tests.

        Previously, cache storage was partitioned according the origin of the client, represented as a String.
        We now partition according both client and top origins, represented as a ClientOrigin

        Minor refactoring to use more makePendingActivity.
        Added support for IPC serialization of ClientOrigin.
        Added SecurityOriginData::toString which is used by WebKit2 Cache Storage implementation.

        * Modules/cache/CacheStorageConnection.cpp:
        (WebCore::CacheStorageConnection::open):
        (WebCore::CacheStorageConnection::retrieveCaches):
        * Modules/cache/CacheStorageConnection.h:
        (WebCore::CacheStorageConnection::clearMemoryRepresentation):
        (WebCore::CacheStorageConnection::doOpen):
        (WebCore::CacheStorageConnection::doRetrieveCaches):
        * Modules/cache/DOMCacheStorage.cpp:
        (WebCore::DOMCacheStorage::origin const):
        (WebCore::DOMCacheStorage::retrieveCaches):
        (WebCore::DOMCacheStorage::open):
        (WebCore::DOMCacheStorage::remove):
        * Modules/cache/DOMCacheStorage.h:
        * Modules/cache/WorkerCacheStorageConnection.cpp:
        (WebCore::WorkerCacheStorageConnection::doOpen):
        (WebCore::WorkerCacheStorageConnection::doRetrieveCaches):
        * Modules/cache/WorkerCacheStorageConnection.h:
        * page/ClientOrigin.h:
        (WebCore::ClientOrigin::isolatedCopy const):
        (WebCore::ClientOrigin::encode const):
        (WebCore::ClientOrigin::decode):
        * page/SecurityOriginData.cpp:
        (WebCore::SecurityOriginData::toString const):
        (WebCore::SecurityOriginData::debugString const): Deleted.
        * page/SecurityOriginData.h:
        (WebCore::SecurityOriginData::debugString const):
        * testing/Internals.cpp:
        (WebCore::Internals::clearCacheStorageMemoryRepresentation):

2018-01-05  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Add a way to write blob data to a file URL from the UI process
        https://bugs.webkit.org/show_bug.cgi?id=181236

        Reviewed by Brady Eidson.

        Add support for writing a blob to a designated file path. See comments below for more detail. No new tests, as
        there change in behavior yet. See part 2: https://bugs.webkit.org/show_bug.cgi?id=181199.

        * page/DragController.cpp:
        (WebCore::DragController::dragAttachmentElement):
        * platform/PromisedBlobInfo.h:

        Remove PromisedBlobData entirely. This was added with the premise of having the web process deliver blob data to
        the UI process. However, the new approach I'm taking just has the UI process tell the network process to write
        a blob to a given location, so a data structure to deliver blob data over IPC is no longer necessary.

        (WebCore::PromisedBlobData::hasData const): Deleted.
        (WebCore::PromisedBlobData::hasFile const): Deleted.
        (WebCore::PromisedBlobData::operator bool const): Deleted.
        (WebCore::PromisedBlobData::fulfills const): Deleted.
        * platform/network/BlobRegistryImpl.cpp:
        (WebCore::BlobRegistryImpl::populateBlobsForFileWriting):

        Introduce a new helper to build a list of blob data for file writing.

        (WebCore::writeFilePathsOrDataBuffersToFile):

        Introduce a new static helper to write blob data (a list of file paths and data buffers) to a given file handle.
        Automatically closes the given file handle upon exit.

        (WebCore::BlobRegistryImpl::writeBlobsToTemporaryFiles):
        (WebCore::BlobRegistryImpl::writeBlobToFilePath):

        Pull out common logic in writeBlobsToTemporaryFiles and writeBlobToFilePath into helper methods (see above), and
        refactor both methods to use the helpers.

        * platform/network/BlobRegistryImpl.h:

2018-01-05  Alex Christensen  <achristensen@webkit.org>

        Forbid < and > in URL hosts
        https://bugs.webkit.org/show_bug.cgi?id=181308
        <rdar://problem/36012757>

        Reviewed by Tim Horton.

        https://url.spec.whatwg.org/#forbidden-host-code-point does not include these characters yet, but I think it should.
        Firefox fails to parse URLs with < or > in the host.  Chrome percent encodes them.  Safari needs to do something.
        The web platform tests are unclear on this case, and they will need to be updated with the specification.
        They do show a change in behavior, though.

        * platform/URLParser.cpp:
        Add < and > to the list of forbidden host code points.

2018-01-05  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Add Mac screen capture source
        https://bugs.webkit.org/show_bug.cgi?id=181333
        <rdar://problem/36323219>

        Reviewed by Dean Jackson.

        * SourcesCocoa.txt: Add ScreenDisplayCaptureSourceMac.mm.

        * WebCore.xcodeproj/project.pbxproj: Ditto.

        * platform/cocoa/CoreVideoSoftLink.cpp: Declare new constants used.
        * platform/cocoa/CoreVideoSoftLink.h:

        * platform/mediastream/mac/DisplayCaptureManagerCocoa.cpp:
        (WebCore::displayReconfigurationCallBack): Call refreshCaptureDevices.
        (WebCore::DisplayCaptureManagerCocoa::~DisplayCaptureManagerCocoa): Unregister for display
        reconfiguration callbacks.
        (WebCore::DisplayCaptureManagerCocoa::captureDevices): Register for display reconfigrations.
        (WebCore::DisplayCaptureManagerCocoa::refreshCaptureDevices): Use CGActiveDisplayList to
        get list of active screens.
        (WebCore::DisplayCaptureManagerCocoa::screenCaptureDeviceWithPersistentID): Validate screen
        ID, return CaptureDevice.
        * platform/mediastream/mac/DisplayCaptureManagerCocoa.h:

        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
        (WebCore::VideoCaptureSourceFactoryMac::createVideoCaptureSource): Deal with screen capture
        on macOS.

        Implement Mac screen capture with CGDisplayStream.
        * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.h: Added.
        (WebCore::ScreenDisplayCaptureSourceMac::DisplaySurface::~DisplaySurface):
        (WebCore::ScreenDisplayCaptureSourceMac::DisplaySurface::operator=):
        (WebCore::ScreenDisplayCaptureSourceMac::DisplaySurface::ioSurface const):
        * platform/mediastream/mac/ScreenDisplayCaptureSourceMac.mm: Added.
        (WebCore::roundUpToMacroblockMultiple):
        (WebCore::ScreenDisplayCaptureSourceMac::updateDisplayID):
        (WebCore::ScreenDisplayCaptureSourceMac::create):
        (WebCore::ScreenDisplayCaptureSourceMac::ScreenDisplayCaptureSourceMac):
        (WebCore::ScreenDisplayCaptureSourceMac::~ScreenDisplayCaptureSourceMac):
        (WebCore::ScreenDisplayCaptureSourceMac::createDisplayStream):
        (WebCore::ScreenDisplayCaptureSourceMac::startProducingData):
        (WebCore::ScreenDisplayCaptureSourceMac::stopProducingData):
        (WebCore::ScreenDisplayCaptureSourceMac::sampleBufferFromPixelBuffer):
        (WebCore::ScreenDisplayCaptureSourceMac::pixelBufferFromIOSurface):
        (WebCore::ScreenDisplayCaptureSourceMac::generateFrame):
        (WebCore::ScreenDisplayCaptureSourceMac::startDisplayStream):
        (WebCore::ScreenDisplayCaptureSourceMac::applySize):
        (WebCore::ScreenDisplayCaptureSourceMac::applyFrameRate):
        (WebCore::ScreenDisplayCaptureSourceMac::commitConfiguration):
        (WebCore::ScreenDisplayCaptureSourceMac::displayWasReconfigured):
        (WebCore::ScreenDisplayCaptureSourceMac::displayReconfigurationCallBack):
        (WebCore::ScreenDisplayCaptureSourceMac::frameAvailable):

2018-01-05  Don Olmstead  <don.olmstead@sony.com>

        [curl] Can't load file:// URL with a URL fragment identifier
        https://bugs.webkit.org/show_bug.cgi?id=181170

        Reviewed by Alex Christensen.

        No new tests. No change in behavior.

        * platform/network/curl/CurlRequest.cpp:
        (WebCore::CurlRequest::invokeDidReceiveResponseForFile):

2018-01-05  Don Olmstead  <don.olmstead@sony.com>

        TextCodec uses std::array but does not include it
        https://bugs.webkit.org/show_bug.cgi?id=181340

        Reviewed by Alex Christensen.

        No new tests. No change in behavior.

        * platform/text/TextCodec.h:

2018-01-05  Said Abou-Hallawa  <sabouhallawa@apple.com>

        SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded() should do nothing if the property is not animating
        https://bugs.webkit.org/show_bug.cgi?id=181316
        <rdar://problem/36147545>

        Reviewed by Simon Fraser.

        This is a speculative change to fix a crash which appeared after r226065.
        The crash is very intermittent and sometimes very hard to reproduce. The
        basic code analysis did not show how this crash can even happen.

        * svg/SVGAnimatedTypeAnimator.h:
        (WebCore::SVGAnimatedTypeAnimator::resetFromBaseValues): For SVG property
        with two values, e.g. <SVGAngleValue, SVGMarkerOrientType>,  we need to
        detach the wrappers of the animated property if the animated values are
        going to change. This is similar to what we did in resetFromBaseValue().

        * svg/properties/SVGAnimatedListPropertyTearOff.h:
        (WebCore::SVGAnimatedListPropertyTearOff::synchronizeWrappersIfNeeded):

2018-01-05  Matt Lewis  <jlewis3@apple.com>

        Unreviewed, rolling out r226401.

        This caused timeouts on multiple platforms.

        Reverted changeset:

        "Implement Cache API partitioning based on ClientOrigin"
        https://bugs.webkit.org/show_bug.cgi?id=181240
        https://trac.webkit.org/changeset/226401

2018-01-05  Dan Bernstein  <mitz@apple.com>

        Fixed the build following AppKit API deprecations in a recent SDKs

        * platform/mac/PasteboardMac.mm:
        (WebCore::setDragImageImpl): Suppressed deprecation warnings.
        * platform/mac/WidgetMac.mm:
        (WebCore::Widget::paint): Ditto.

2018-01-05  Joseph Pecoraro  <pecoraro@apple.com>

        ServiceWorkers: Enable UserTiming / ResourceTiming
        https://bugs.webkit.org/show_bug.cgi?id=181297
        <rdar://problem/36307306>

        Reviewed by Youenn Fablet.

        Tests: http/tests/workers/service/service-worker-resource-timing.https.html
               http/tests/workers/service/service-worker-user-timing.https.html

        * loader/ResourceTiming.cpp:
        (WebCore::ResourceTiming::ResourceTiming):
        We used to clear extra NetworkLoadMetrics data early on. However,
        for Workers we want to pass the complete NetworkLoadMetrics to
        the Worker so that a Worker inspector has access to it.

        * page/PerformanceResourceTiming.cpp:
        (WebCore::PerformanceResourceTiming::PerformanceResourceTiming):
        Instead move the clearing of extra data to here, when the NetworkLoadMetrics
        have finally settled into being used only for a performance entry.

2018-01-04  Philippe Normand  <pnormand@igalia.com>

        [EME][GStreamer] Fix wrong ifdef
        https://bugs.webkit.org/show_bug.cgi?id=181289

        Reviewed by Alex Christensen.

        * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
        (WebCore::MediaPlayerPrivateGStreamer::handleMessage): Remove the
        ENCRYPTED_MEDIA ifdef from the VIDEO_TRACK ifdef block. Both have
        nothing to do together.

2018-01-05  Fujii Hironori  <Hironori.Fujii@sony.com>

        [Cairo] Canvas: Path::clear should clear its transform
        https://bugs.webkit.org/show_bug.cgi?id=181320

        Reviewed by Carlos Garcia Campos.

        Path of Cairo port has its cairo context. Path::clear() didn't
        clear the transform matrix of the context.

        Test: fast/canvas/reset-scaling-by-height-change.html

        * platform/graphics/cairo/PathCairo.cpp:
        (WebCore::Path::clear): Reset the transform matrix of Path.

2018-01-04  Devin Rousso  <webkit@devinrousso.com>

        Web Inspector: replace HTMLCanvasElement with CanvasRenderingContext for instrumentation logic
        https://bugs.webkit.org/show_bug.cgi?id=180770

        Reviewed by Joseph Pecoraro.

        No change in functionality.

        * html/HTMLCanvasElement.h:
        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::createContext2d):
        (WebCore::HTMLCanvasElement::createContextWebGL):
        (WebCore::HTMLCanvasElement::createContextWebGPU):
        (WebCore::HTMLCanvasElement::createContextBitmapRenderer):
        (WebCore::HTMLCanvasElement::reset):
        (WebCore::HTMLCanvasElement::paint):
        (WebCore::HTMLCanvasElement::setImageBuffer const):
        (WebCore::HTMLCanvasElement::addObserver): Deleted.
        (WebCore::HTMLCanvasElement::removeObserver): Deleted.
        (WebCore::HTMLCanvasElement::cssCanvasClients): Deleted.
        (WebCore::HTMLCanvasElement::notifyObserversCanvasChanged): Deleted.
        * html/OffscreenCanvas.h:
        * html/canvas/CanvasRenderingContext.h:
        * html/canvas/CanvasRenderingContext.cpp:
        * html/canvas/CanvasRenderingContext2D.h:
        * html/canvas/CanvasRenderingContext2D.cpp:
        (WebCore::CanvasRenderingContext2D::create):
        * html/canvas/CanvasRenderingContext2DBase.h:
        * html/canvas/ImageBitmapRenderingContext.h:
        * html/canvas/ImageBitmapRenderingContext.cpp:
        (WebCore::ImageBitmapRenderingContext::create):
        * html/canvas/WebGL2RenderingContext.h:
        * html/canvas/WebGL2RenderingContext.cpp:
        (WebCore::WebGL2RenderingContext::create):
        * html/canvas/WebGLRenderingContext.h:
        * html/canvas/WebGLRenderingContext.cpp:
        (WebCore::WebGLRenderingContext::create):
        * html/canvas/WebGLRenderingContextBase.h:
        * html/canvas/WebGLRenderingContextBase.cpp:
        (WebCore::WebGLRenderingContextBase::create):
        * html/canvas/WebGPURenderingContext.cpp:
        (WebCore::WebGPURenderingContext::create):
        Instead of adding didCreateCanvasRenderingContext calls at the construction sites of each
        context, we can make the constructors private and force the usage of static `create` functions.
        This way, we have access to the fully constructed object and have a guaranteed path for creation.

        * html/CanvasBase.h:
        * html/CanvasBase.cpp:
        (WebCore::CanvasBase::~CanvasBase):
        (WebCore::CanvasBase::renderingContext const):
        (WebCore::CanvasBase::addObserver):
        (WebCore::CanvasBase::removeObserver):
        (WebCore::CanvasBase::notifyObserversCanvasChanged):
        (WebCore::CanvasBase::notifyObserversCanvasResized):
        (WebCore::CanvasBase::notifyObserversCanvasDestroyed):
        (WebCore::CanvasBase::cssCanvasClients const):
        * Modules/mediastream/CanvasCaptureMediaStreamTrack.h:
        * Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasDestroyed):
        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasResized):
        (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasChanged):
        * css/CSSCanvasValue.h:
        Move the CanvasObserver class to CanvasBase so that it can also be used for OffscreenCanvas.

        * inspector/InspectorInstrumentation.h:
        (WebCore::InspectorInstrumentation::didChangeCSSCanvasClientNodes):
        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContext):
        (WebCore::InspectorInstrumentation::didChangeCanvasMemory):
        (WebCore::InspectorInstrumentation::recordCanvasAction):
        (WebCore::InspectorInstrumentation::didFinishRecordingCanvasFrame):
        (WebCore::InspectorInstrumentation::didEnableExtension):
        (WebCore::InspectorInstrumentation::didCreateProgram):
        (WebCore::InspectorInstrumentation::willDeleteProgram):
        (WebCore::InspectorInstrumentation::isShaderProgramDisabled):
        (WebCore::InspectorInstrumentation::consoleStartRecordingCanvas):
        (WebCore::InspectorInstrumentation::didCreateCSSCanvas): Deleted.
        * inspector/InspectorInstrumentation.cpp:
        (WebCore::InspectorInstrumentation::consoleStartRecordingCanvasImpl):
        (WebCore::InspectorInstrumentation::didChangeCSSCanvasClientNodesImpl):
        (WebCore::InspectorInstrumentation::didCreateCanvasRenderingContextImpl):
        (WebCore::InspectorInstrumentation::didChangeCanvasMemoryImpl):
        (WebCore::InspectorInstrumentation::didFinishRecordingCanvasFrameImpl):
        (WebCore::InspectorInstrumentation::didEnableExtensionImpl):
        (WebCore::InspectorInstrumentation::didCreateProgramImpl):
        (WebCore::InspectorInstrumentation::didCreateCSSCanvasImpl): Deleted.

        * inspector/agents/InspectorCanvasAgent.h:
        * inspector/agents/InspectorCanvasAgent.cpp:
        (WebCore::InspectorCanvasAgent::enable):
        (WebCore::InspectorCanvasAgent::requestNode):
        (WebCore::InspectorCanvasAgent::requestContent):
        (WebCore::InspectorCanvasAgent::requestCSSCanvasClientNodes):
        (WebCore::contextAsScriptValue):
        (WebCore::InspectorCanvasAgent::resolveCanvasContext):
        (WebCore::InspectorCanvasAgent::startRecording):
        (WebCore::InspectorCanvasAgent::stopRecording):
        (WebCore::InspectorCanvasAgent::updateShader):
        (WebCore::InspectorCanvasAgent::frameNavigated):
        (WebCore::InspectorCanvasAgent::didChangeCSSCanvasClientNodes):
        (WebCore::InspectorCanvasAgent::didCreateCanvasRenderingContext):
        (WebCore::InspectorCanvasAgent::didChangeCanvasMemory):
        (WebCore::InspectorCanvasAgent::recordCanvasAction):
        (WebCore::InspectorCanvasAgent::canvasDestroyed):
        (WebCore::InspectorCanvasAgent::didFinishRecordingCanvasFrame):
        (WebCore::InspectorCanvasAgent::consoleStartRecordingCanvas):
        (WebCore::InspectorCanvasAgent::didEnableExtension):
        (WebCore::InspectorCanvasAgent::didCreateProgram):
        (WebCore::InspectorCanvasAgent::canvasRecordingTimerFired):
        (WebCore::InspectorCanvasAgent::clearCanvasData):
        (WebCore::InspectorCanvasAgent::unbindCanvas):
        (WebCore::InspectorCanvasAgent::findInspectorCanvas):
        (WebCore::InspectorCanvasAgent::unbindProgram):
        (WebCore::InspectorCanvasAgent::didCreateCSSCanvas): Deleted.

        * inspector/InspectorCanvas.h:
        * inspector/InspectorCanvas.cpp:
        (WebCore::InspectorCanvas::create):
        (WebCore::InspectorCanvas::InspectorCanvas):
        (WebCore::InspectorCanvas::canvasElement):
        (WebCore::InspectorCanvas::resetRecordingData):
        (WebCore::InspectorCanvas::recordAction):
        (WebCore::InspectorCanvas::buildObjectForCanvas):
        (WebCore::InspectorCanvas::getCanvasContentAsDataURL):
        (WebCore::InspectorCanvas::buildInitialState):
        (WebCore::InspectorCanvas::~InspectorCanvas): Deleted.

        * inspector/InspectorShaderProgram.h:
        * inspector/InspectorShaderProgram.cpp:
        (WebCore::InspectorShaderProgram::context const):

        * page/PageConsoleClient.cpp:
        (WebCore::PageConsoleClient::record):
        (WebCore::PageConsoleClient::recordEnd):

        * dom/Document.h:
        * dom/Document.cpp:
        (WebCore::Document::getCSSCanvasElement):
        (WebCore::Document::nameForCSSCanvasElement const):
        We have no reason to save the CSS canvas name for each InspectorCanvas object, so instead we
        can just query for the name based on the CanvasRenderingContext's HTMLCanvasElement (assuming
        it is not an OffscreenCanvas) when we need it.

2018-01-04  Chris Fleizach  <cfleizach@apple.com>

        AX: Implement updated CSS3 Speech for 'speak' and 'speak-as' properties
        https://bugs.webkit.org/show_bug.cgi?id=180361

        Reviewed by Zalan Bujtas.

        Change speak -> speakAs, and allow a combination of properties.

        Tests: Updated accessibility/mac/css-speech-speak.html

        * accessibility/AccessibilityObject.h:
        (WebCore::AccessibilityObject::speakAsProperty const):
        (WebCore::AccessibilityObject::speakProperty const): Deleted.
        * accessibility/AccessibilityRenderObject.cpp:
        (WebCore::AccessibilityRenderObject::speakAsProperty const):
        (WebCore::AccessibilityRenderObject::speakProperty const): Deleted.
        * accessibility/AccessibilityRenderObject.h:
        * accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
        (-[WebAccessibilityObjectWrapper accessibilitySpeechHint]):
        * accessibility/mac/WebAccessibilityObjectWrapperBase.h:
        * accessibility/mac/WebAccessibilityObjectWrapperBase.mm:
        (-[WebAccessibilityObjectWrapperBase baseAccessibilitySpeechHint]):
        * accessibility/mac/WebAccessibilityObjectWrapperMac.mm:
        (-[WebAccessibilityObjectWrapper accessibilityAttributeValue:]):
        * css/CSSComputedStyleDeclaration.cpp:
        (WebCore::speakAsToCSSValue):
        (WebCore::ComputedStyleExtractor::propertyValue):
        * css/CSSPrimitiveValueMappings.h:
        (WebCore::CSSPrimitiveValue::CSSPrimitiveValue):
        (WebCore::CSSPrimitiveValue::operator ESpeakAs const):
        (WebCore::CSSPrimitiveValue::operator ESpeak const): Deleted.
        * css/CSSProperties.json:
        * css/StyleBuilderConverter.h:
        (WebCore::StyleBuilderConverter::convertSpeakAs):
        * css/parser/CSSParserFastPaths.cpp:
        (WebCore::CSSParserFastPaths::isValidKeywordPropertyAndValue):
        (WebCore::CSSParserFastPaths::isKeywordPropertyID):
        * css/parser/CSSPropertyParser.cpp:
        (WebCore::consumeSpeakAs):
        (WebCore::CSSPropertyParser::parseSingleValue):
        * rendering/style/RenderStyle.h:
        (WebCore::RenderStyle::speakAs const):
        (WebCore::RenderStyle::setSpeakAs):
        (WebCore::RenderStyle::initialSpeakAs):
        (WebCore::RenderStyle::speak const): Deleted.
        (WebCore::RenderStyle::setSpeak): Deleted.
        (WebCore::RenderStyle::initialSpeak): Deleted.
        * rendering/style/RenderStyleConstants.h:
        (WebCore::operator| ):
        (WebCore::operator|= ):
        * rendering/style/StyleRareInheritedData.cpp:
        (WebCore::StyleRareInheritedData::StyleRareInheritedData):
        (WebCore::StyleRareInheritedData::operator== const):
        * rendering/style/StyleRareInheritedData.h:

2018-01-04  Brian Burg  <bburg@apple.com>

        Web Inspector: Capture Element Screenshot looks fuzzy
        https://bugs.webkit.org/show_bug.cgi?id=175734
        <rdar://problem/33803377>

        Reviewed by Joseph Pecoraro and Simon Fraser.

        Screenshots taken by Web Inspector were being downscaled from the
        internal size to the logical size, causing them to be blurry when
        later upscaled to the internal size.

        Replace ScaleBehavior { Scaled, Unscaled } with PreserveResolution { No, Yes }.
        This is a lot less confusing to read both inside ImageBuffer and at its use sites.

        Remove unused CoordinateSystem argument for ImageBuffer::toDataURL,
        and replace it with PreserveResolution. Plumb PreserveResolution into toCFData
        so that PreserveResolution::Yes will preserve the internal size of
        the image buffer, just as it does in other methods that take PreserveResolution.

        At the use site in InspectorPageAgent, always request PreserveResolution::Yes snapshots
        when taking an element screenshot. For now, keep using downscaled (smaller)
        snapshots when capturing canvas previews, as the previews are not full-size.

        Test: inspector/page/hidpi-snapshot-size.html

        * html/HTMLCanvasElement.cpp:
        (WebCore::HTMLCanvasElement::makePresentationCopy):
        (WebCore::HTMLCanvasElement::copiedImage const):
        * html/canvas/CanvasRenderingContext2DBase.cpp:
        (WebCore::CanvasRenderingContext2DBase::createPattern):
        * inspector/agents/InspectorPageAgent.cpp:
        (WebCore::InspectorPageAgent::snapshotNode):
        (WebCore::InspectorPageAgent::snapshotRect):
        * page/TextIndicator.cpp:
        (WebCore::takeSnapshot):
        * platform/DragImage.cpp:
        (WebCore::createDragImageFromSnapshot):
        * platform/graphics/BitmapImage.cpp:
        (WebCore::BitmapImage::drawPattern):
        * platform/graphics/ImageBuffer.h:
        * platform/graphics/cairo/ImageBufferCairo.cpp:
        (WebCore::ImageBuffer::sinkIntoImage):
        (WebCore::ImageBuffer::copyImage const):
        (WebCore::ImageBuffer::toDataURL const):
        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::createBitmapImageAfterScalingIfNeeded):
        (WebCore::ImageBuffer::copyImage const):
        (WebCore::ImageBuffer::sinkIntoImage):
        (WebCore::ImageBuffer::toDataURL const):
        (WebCore::ImageBuffer::toData const):
        (WebCore::ImageBuffer::toCFData const):
        * platform/graphics/gtk/ImageBufferGtk.cpp:
        (WebCore::ImageBuffer::toDataURL const):
        * platform/graphics/win/ImageBufferDirect2D.cpp:
        (WebCore::ImageBuffer::copyImage const):
        (WebCore::ImageBuffer::sinkIntoImage):
        (WebCore::ImageBuffer::toDataURL const):
        * svg/graphics/SVGImage.cpp:
        (WebCore::SVGImage::drawPatternForContainer):

2018-01-04  John Wilander  <wilander@apple.com>

        Storage Access API: Turn feature on by default in Settings.yaml
        https://bugs.webkit.org/show_bug.cgi?id=181298
        <rdar://problem/36302506>

        Reviewed by Brent Fulgham.

        No new tests. This is just a feature settings change.

        * page/Settings.yaml:

2018-01-04  Zalan Bujtas  <zalan@apple.com>

        WebContent process crashes while loading https://www.classicspecs.com
        https://bugs.webkit.org/show_bug.cgi?id=181290
        <rdar://problem/36225906>

        Reviewed by Simon Fraser.

        Floats can overhang multiple blocks (they are called intruding floats).
        Each block keeps track of such intruding floats. When an overhanging float box is destroyed,
        we need to deregister it from all those blocks. We do it by walking up the ancestor block chain
        and check if the parent (grandparent etc) block still contains this float. Once we find the topmost block, 
        we start deregistering it by traversing back on the descendant blocks.
        Normally we do it in RenderElement::takeChildInternal right before the box is getting detached.
        However in certain cases (like when the float's parent happens to be an anonymous wrapper)
        by the time we get to ::takeChildInternal the subtree is already detached and we can't access all the
        ancestors.
        This patch ensure that the floating box is still attached during de-registration. 

        Test: fast/block/float/crash-when-intruding-float-has-anonymous-parent-and-detach.html

        * rendering/RenderObject.cpp:
        (WebCore::RenderObject::removeFromParentAndDestroyCleaningUpAnonymousWrappers):

2018-01-04  Eric Carlson  <eric.carlson@apple.com>

        [MediaStream] Add Mock screen capture source
        https://bugs.webkit.org/show_bug.cgi?id=181291
        <rdar://problem/36298164>

        Reviewed by Dean Jackson.

        Tests:  http/tests/media/media-stream/get-display-media-prompt.html
                GetDisplayMediaTest.BasicPrompt
                GetDisplayMediaTest.Constraints

        * Modules/mediastream/MediaDevices.cpp:
        (WebCore::MediaDevices::MediaDevices): Add static_assert to ensure MediaDevices::DisplayCaptureSurfaceType
        and RealtimeMediaSourceSettings::DisplaySurfaceType values are equivalent.
        (WebCore::MediaDevices::getSupportedConstraints): Remove bogus code.
        * Modules/mediastream/MediaDevices.h: Add DisplayCaptureSurfaceType.
        * Modules/mediastream/MediaDevices.idl: Ditto.

        * Modules/mediastream/MediaStreamTrack.cpp:
        (WebCore::MediaStreamTrack::getSettings const): Add a FIXME.
        * Modules/mediastream/MediaStreamTrack.h: Add displaySurface and logicalSurface.

        * Modules/mediastream/MediaTrackSupportedConstraints.h: Remove displaySurface and logicalSurface.
        * Modules/mediastream/MediaTrackSupportedConstraints.idl:

        * SourcesCocoa.txt: Add DisplayCaptureManagerCocoa.cpp and DisplayCaptureSourceCocoa.cpp.

        * WebCore.xcodeproj/project.pbxproj: Ditto.

        * platform/mediastream/CaptureDevice.h:
        (WebCore::CaptureDevice::encode const): Add.
        (WebCore::CaptureDevice::decode):

        * platform/mediastream/RealtimeMediaSourceCenter.cpp:
        (WebCore::RealtimeMediaSourceCenter::getMediaStreamDevices): Include display capture "devices".
        (WebCore::RealtimeMediaSourceCenter::validateRequestConstraints): Deal with display capture devices.
        (WebCore::RealtimeMediaSourceCenter::captureDeviceWithPersistentID): Ditto.
        * platform/mediastream/RealtimeMediaSourceCenter.h:

        * platform/mediastream/RealtimeMediaSourceSettings.h:
        (WebCore::RealtimeMediaSourceSettings::displaySurface const): Return a DisplaySurfaceType.
        (WebCore::RealtimeMediaSourceSettings::setDisplaySurface): Take a DisplaySurfaceType.

        * platform/mediastream/mac/DisplayCaptureManagerCocoa.cpp:
        (WebCore::DisplayCaptureManagerCocoa::singleton):
        (WebCore::DisplayCaptureManagerCocoa::~DisplayCaptureManagerCocoa):
        (WebCore::DisplayCaptureManagerCocoa::captureDevices):
        (WebCore::DisplayCaptureManagerCocoa::screenCaptureDeviceWithPersistentID):
        (WebCore::DisplayCaptureManagerCocoa::captureDeviceWithPersistentID):
        * platform/mediastream/mac/DisplayCaptureManagerCocoa.h:

        * platform/mediastream/mac/DisplayCaptureSourceCocoa.cpp: Added.
        (WebCore::DisplayCaptureSourceCocoa::DisplayCaptureSourceCocoa):
        (WebCore::DisplayCaptureSourceCocoa::~DisplayCaptureSourceCocoa):
        (WebCore::DisplayCaptureSourceCocoa::capabilities const):
        (WebCore::DisplayCaptureSourceCocoa::settings const):
        (WebCore::DisplayCaptureSourceCocoa::settingsDidChange):
        (WebCore::DisplayCaptureSourceCocoa::startProducingData):
        (WebCore::DisplayCaptureSourceCocoa::stopProducingData):
        (WebCore::DisplayCaptureSourceCocoa::elapsedTime):
        (WebCore::DisplayCaptureSourceCocoa::applyFrameRate):
        (WebCore::DisplayCaptureSourceCocoa::emitFrame):
        * platform/mediastream/mac/DisplayCaptureSourceCocoa.h:

        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
        (WebCore::RealtimeMediaSourceCenterMac::displayCaptureDeviceManager): New.
        * platform/mediastream/mac/RealtimeMediaSourceCenterMac.h:

        * platform/mock/MockRealtimeMediaSource.cpp:
        (WebCore::deviceMap): Add screen capture "devices".
        (WebCore::MockRealtimeMediaSource::displayDevices): New.
        * platform/mock/MockRealtimeMediaSource.h:

        * platform/mock/MockRealtimeMediaSourceCenter.cpp: Clean up includes.
        * platform/mock/MockRealtimeMediaSourceCenter.h:

        * platform/mock/MockRealtimeVideoSource.cpp:
        (WebCore::MockRealtimeVideoSource::MockRealtimeVideoSource): Mock two screen devices.
        (WebCore::MockRealtimeVideoSource::updateSettings): Deal with mock screens.
        (WebCore::MockRealtimeVideoSource::initializeCapabilities): Ditto.
        (WebCore::MockRealtimeVideoSource::initializeSupportedConstraints): Ditto.
        (WebCore::MockRealtimeVideoSource::drawText): Ditto.
        (WebCore::MockRealtimeVideoSource::generateFrame): Ditto.
        * platform/mock/MockRealtimeVideoSource.h:
        (WebCore::MockRealtimeVideoSource::mockCamera const):
        (WebCore::MockRealtimeVideoSource::mockScreen const):

2018-01-04  Youenn Fablet  <youenn@apple.com>

        FetchResponse should set its internal response text encoding name
        https://bugs.webkit.org/show_bug.cgi?id=181284

        Reviewed by Alex Christensen.

        Covered by rebased test.

        * Modules/fetch/FetchResponse.cpp:
        (WebCore::FetchResponse::create): Set response text encoding based on content type charset.

2018-01-04  John Wilander  <wilander@apple.com>

        Storage Access API: Remove JavaScript confirm() prompt from Document::requestStorageAccess()
        https://bugs.webkit.org/show_bug.cgi?id=181276
        <rdar://problem/36290463>

        Reviewed by Alex Christensen.

        No new tests. Existing test expectations updated.

        * dom/Document.cpp:
        (WebCore::Document::requestStorageAccess):

2018-01-04  Carlos Garcia Campos  <cgarcia@igalia.com>

        [GTK] Issues with Ahem's ex / x-height
        https://bugs.webkit.org/show_bug.cgi?id=180581

        Reviewed by Michael Catanzaro.

        Get the x-height value from the TT_OS2 table if available.

        Fixes: fast/text/break-word-pre-wrap.html
               imported/w3c/web-platform-tests/css/css-shapes-1/shape-outside/values/shape-outside-shape-arguments-000.html

        * platform/graphics/freetype/SimpleFontDataFreeType.cpp:
        (WebCore::Font::platformInit):

2018-01-04  Philippe Normand  <pnormand@igalia.com>

        Unreviewed, GTK build fix attempt after r226357

        * platform/graphics/gstreamer/GStreamerUtilities.h: The
        GST_BUFFER_DTS_OR_PTS macro was added in GStreamer 1.8 but old
        versions of Debian might not have this release yet.

2018-01-04  Youenn Fablet  <youenn@apple.com>

        Implement Cache API partitioning based on ClientOrigin
        https://bugs.webkit.org/show_bug.cgi?id=181240

        Reviewed by Alex Christensen.

        Covered by updated tests.

        Previously, cache storage was partitioned according the origin of the client, represented as a String.
        We now partition according both client and top origins, represented as a ClientOrigin

        Minor refactoring to use more makePendingActivity.
        Added support for IPC serialization of ClientOrigin.
        Added SecurityOriginData::toString which is used by WebKit2 Cache Storage implementation.

        * Modules/cache/CacheStorageConnection.cpp:
        (WebCore::CacheStorageConnection::open):
        (WebCore::CacheStorageConnection::retrieveCaches):
        * Modules/cache/CacheStorageConnection.h:
        (WebCore::CacheStorageConnection::clearMemoryRepresentation):
        (WebCore::CacheStorageConnection::doOpen):
        (WebCore::CacheStorageConnection::doRetrieveCaches):
        * Modules/cache/DOMCacheStorage.cpp:
        (WebCore::DOMCacheStorage::origin const):
        (WebCore::DOMCacheStorage::retrieveCaches):
        (WebCore::DOMCacheStorage::open):
        (WebCore::DOMCacheStorage::remove):
        * Modules/cache/DOMCacheStorage.h:
        * Modules/cache/WorkerCacheStorageConnection.cpp:
        (WebCore::WorkerCacheStorageConnection::doOpen):
        (WebCore::WorkerCacheStorageConnection::doRetrieveCaches):
        * Modules/cache/WorkerCacheStorageConnection.h:
        * page/ClientOrigin.h:
        (WebCore::ClientOrigin::isolatedCopy const):
        (WebCore::ClientOrigin::encode const):
        (WebCore::ClientOrigin::decode):
        * page/SecurityOriginData.cpp:
        (WebCore::SecurityOriginData::toString const):
        (WebCore::SecurityOriginData::debugString const): Deleted.
        * page/SecurityOriginData.h:
        (WebCore::SecurityOriginData::debugString const):
        * testing/Internals.cpp:
        (WebCore::Internals::clearCacheStorageMemoryRepresentation):

2018-01-04  Youenn Fablet  <youenn@apple.com>

        Service Worker should expose redirect mode for navigation loads as manual
        https://bugs.webkit.org/show_bug.cgi?id=181067

        Reviewed by Alex Christensen.

        Covered by rebased tests.

        * loader/CrossOriginAccessControl.cpp: Removing ContentType header only if affecting CORS checks.
        This allows extending header filtering in service worker to all modes, including Navigate.
        * workers/service/context/ServiceWorkerFetch.cpp:
        (WebCore::ServiceWorkerFetch::dispatchFetchEvent): Ideally, document loading code should set redirect to manual.
        Since it is not the case yet and that would require changes to various places, manual is set before exposing the corresponding fetch event.

2018-01-04  Youenn Fablet  <youenn@apple.com>

        ServiceWorkerThreadProxy::postTaskForModeToWorkerGlobalScope should be a no-op if worker is being terminated
        https://bugs.webkit.org/show_bug.cgi?id=181245

        Reviewed by Alex Christensen.

        Stop appending tasks to a terminating worker and returning false in that case.
        This mirrors what is done for regular workers.

        * workers/service/context/SWContextManager.cpp:
        (WebCore::SWContextManager::terminateWorker):
        * workers/service/context/ServiceWorkerThreadProxy.cpp:
        (WebCore::ServiceWorkerThreadProxy::postTaskForModeToWorkerGlobalScope):
        * workers/service/context/ServiceWorkerThreadProxy.h:

2018-01-04  Youenn Fablet  <youenn@apple.com>

        Cancel pending script loads when service worker is being terminated
        https://bugs.webkit.org/show_bug.cgi?id=181250

        Reviewed by Alex Christensen.

        Covered by service worker tests no longer crashing in ASAN builds.

        * workers/WorkerScriptLoader.cpp:
        (WebCore::WorkerScriptLoader::notifyFinished): Clearing loader when finished.
        (WebCore::WorkerScriptLoader::cancel): Implementing cancel of a script loader by cancelling the underlying threadable loader.
        * workers/WorkerScriptLoader.h:
        * workers/service/ServiceWorkerContainer.cpp: Canceling loads of all pending jobs.
        (WebCore::ServiceWorkerContainer::stop):
        * workers/service/ServiceWorkerJob.cpp:
        (WebCore::ServiceWorkerJob::cancelPendingLoad):
        * workers/service/ServiceWorkerJob.h:

2018-01-04  Youenn Fablet  <youenn@apple.com>

        Implement  https://fetch.spec.whatwg.org/#main-fetch default referrer policy setting
        https://bugs.webkit.org/show_bug.cgi?id=181239

        Reviewed by Alex Christensen.

        Covered by updated and rebased test.

        Setting the request referrer policy to the Document referrer policy if no one is set.
        If Document has no referrer policy, use no-referrer-when-downgrade as per the spec.

        * loader/cache/CachedResourceLoader.cpp:
        (WebCore::CachedResourceLoader::updateHTTPRequestHeaders):
        (WebCore::CachedResourceLoader::requestResource):
        * loader/cache/CachedResourceLoader.h:
        * loader/cache/CachedResourceRequest.cpp:
        (WebCore::CachedResourceRequest::updateReferrerPolicy):
        (WebCore::CachedResourceRequest::updateReferrerOriginAndUserAgentHeaders):
        * loader/cache/CachedResourceRequest.h:

2018-01-03  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Create attachment elements when dropping files on iOS
        https://bugs.webkit.org/show_bug.cgi?id=181192
        <rdar://problem/36280945>

        Reviewed by Tim Horton.

        Implements support for dropping data as attachment elements on iOS. See comments below for more detail.

        Tests:  WKAttachmentTests.InsertDroppedRichAndPlainTextFilesAsAttachments
                WKAttachmentTests.InsertDroppedZipArchiveAsAttachment
                WKAttachmentTests.InsertDroppedItemProvidersInOrder

        * WebCore.xcodeproj/project.pbxproj:
        * editing/WebContentReader.cpp:
        (WebCore::WebContentReader::ensureFragment):

        Add a new helper to create the WebContentReader's fragment, if it hasn't already been created.

        * editing/WebContentReader.h:
        * editing/cocoa/WebContentReaderCocoa.mm:
        (WebCore::WebContentReader::readFilePaths):

        Rename readFilenames to readFilePaths (which better reflects its parameters, which are file paths). Also, move
        the implementation of readFilePaths to shared iOS/macOS code in WebContentReaderCocoa, and remove the stub
        implementation on iOS.

        There's a bit of code here that I kept macOS-only which deals with inserting file paths as plain text in
        editable areas, but it's unclear to me why and if WebKit clients currently find this useful, so I left a FIXME
        to investigate removing this altogether. Code for handling this plain text insertion of file paths on Mac was
        introduced in r67403.

        * editing/ios/WebContentReaderIOS.mm:
        (WebCore::WebContentReader::readFilenames): Deleted.
        * editing/mac/WebContentReaderMac.mm:
        (WebCore::WebContentReader::readFilenames): Deleted.
        * page/mac/DragControllerMac.mm:
        (WebCore::DragController::updateSupportedTypeIdentifiersForDragHandlingMethod const):

        Teach DragController to accept all types conforming to "public.item" and "public.content" on iOS, only when
        attachment elements are enabled. This allows us to load content from item providers that we otherwise would not
        have loaded, since we now have the ability to fall back to attachment element insertion if the type is not have
        a default representation using standard web content.

        * platform/Pasteboard.h:
        * platform/PasteboardItemInfo.h: Added.
        (WebCore::PasteboardItemInfo::encode const):
        (WebCore::PasteboardItemInfo::decode):

        Add PasteboardItemInfo, a struct that describes an item on the pasteboard. Also, implement encoding and decoding
        support for PasteboardItemInfo. So far, the item info only describes file information about the pasteboard item,
        and flags indicating whether the item prefers attachment or inline presentation.

        * platform/PasteboardStrategy.h:

        Replace getFilenamesForDataInteraction with informationForItemAtIndex. Instead of returning all of the file
        paths associated with any item on the pasteboard, fetch a PasteboardItemInfo at a given item index, which
        includes information about the file path as well as some other metadata we'll need when deciding how to read
        pasteboard contents as a document fragment.

        * platform/PlatformPasteboard.h:
        * platform/cocoa/PasteboardCocoa.mm:
        (WebCore::Pasteboard::read):
        * platform/ios/AbstractPasteboard.h:
        * platform/ios/PasteboardIOS.mm:
        (WebCore::Pasteboard::read):
        (WebCore::Pasteboard::readRespectingUTIFidelities):

        Teach the iOS Pasteboard to read web content using attachment elements, if enabled. There are two scenarios in
        which we would want to insert an attachment element:
        (1) The item provider uses a preferred presentation style of attachment, in which case we bail out of trying to
            handle the drop using the default mechanisms, and simply insert it as an attachment. We need this to deal
            with the case where we drop text or HTML files from the Files app, so that we don't try and insert the
            contents of the text or HTML as inline web content.
        (2) The item provider doesn't have a preferred attachment presentation style, but there's nothing WebKit would
            otherwise do with the dropped content, so insert an attachment element as a fallback. Examples where this is
            relevant are dropping a PDF or ZIP archive without attachment presentation style explicitly set.
        We first check if we fall into case (1). If so, we can bail early by inserting an attachment; otherwise, we
        proceed normally and see if we can read the contents of the drop as web content. If, at the end of default drop
        handling, we don't still have a way to represent the dropped content, enter case (2).

        (WebCore::Pasteboard::readFilePaths):
        (WebCore::Pasteboard::readFilenames): Deleted.

        Rename readFilenames to readFilePaths, and reimplement it using informationForItemAtIndex.

        * platform/ios/PlatformPasteboardIOS.mm:
        (WebCore::pasteboardItemPresentationStyle):
        (WebCore::PlatformPasteboard::informationForItemAtIndex):
        (WebCore::PlatformPasteboard::filenamesForDataInteraction): Deleted.

        Implement informationForItemAtIndex and remove filenamesForDataInteraction. As before, we ask the pasteboard
        (i.e. WebItemProviderPasteboard) for information about dropped file URLs. This time, we limit this to a single
        file, so we don't end up creating multiple attachment elements for each representation of a single item
        provider. See below for -preferredFileUploadURLAtIndex:fileType: for more detail.

        * platform/ios/WebItemProviderPasteboard.h:
        * platform/ios/WebItemProviderPasteboard.mm:
        (-[WebItemProviderLoadResult initWithItemProvider:typesToLoad:]):
        (-[WebItemProviderLoadResult canBeRepresentedAsFileUpload]):

        Remove this synthesized instance variable and instead just check the item provider's preferredPresentationStyle.

        (-[WebItemProviderLoadResult description]):

        Add a verbose -description to the load result object. Useful for debugging what was content was loaded from an
        item provider on drop.

        (-[WebItemProviderPasteboard preferredFileUploadURLAtIndex:fileType:]):

        Return the highest fidelity loaded type identifier for a given item.

        (-[WebItemProviderPasteboard allDroppedFileURLs]):
        (-[WebItemProviderPasteboard typeIdentifiersToLoadForRegisteredTypeIdentfiers:]):

        Prefer flat RTFD to RTFD. In the case where attachments are enabled and we're accepting all types of content
        using attachment elements as a fallback representation, if the source writes attributed strings to the
        pasteboard with com.apple.rtfd at a higher fidelity than com.apple.flat-rtfd, we'll end up loading only
        com.apple.rtfd and dropping the text as an attachment element because we cannot convert the dropped content to
        markup. Instead, if flat RTFD is present in the item provider, always prefer that over RTFD so that dropping as
        regular web content isn't overridden when attachment elements are enabled.

        (-[WebItemProviderPasteboard doAfterLoadingProvidedContentIntoFileURLs:synchronousTimeout:]):
        (-[WebItemProviderPasteboard droppedFileURLs]): Deleted.
        * platform/mac/DragDataMac.mm:
        (WebCore::DragData::containsCompatibleContent const):

        DragData::containsCompatibleContent should be true when attachment elements are enabled, and there are files we
        can drop as attachment elements.

        * platform/mac/PasteboardMac.mm:
        (WebCore::Pasteboard::read):
        (WebCore::Pasteboard::readFilePaths):
        (WebCore::Pasteboard::readFilenames): Deleted.

2018-01-03  Ting-Wei Lan  <lantw44@gmail.com>

        Replace hard-coded paths in shebangs with #!/usr/bin/env
        https://bugs.webkit.org/show_bug.cgi?id=181040

        Reviewed by Alex Christensen.

        * bindings/scripts/InFilesCompiler.pm:
        * bindings/scripts/InFilesParser.pm:
        * bindings/scripts/generate-bindings-all.pl:
        * bindings/scripts/generate-bindings.pl:
        * bindings/scripts/preprocess-idls.pl:
        * css/make-css-file-arrays.pl:
        * css/makeprop.pl:
        * css/makevalues.pl:
        * dom/make_event_factory.pl:
        * dom/make_names.pl:
        * extract-localizable-strings.pl:
        * make-hash-tools.pl:

2018-01-03  Wenson Hsieh  <wenson_hsieh@apple.com>

        [Attachment Support] Add plumbing for starting a drag with promised blob data
        https://bugs.webkit.org/show_bug.cgi?id=181201

        Reviewed by Tim Horton.

        Adds logic to allow dragging an attachment element as a file by sending promised blob information to the UI
        process. See comments below for more detail.

        The only change in behavior is that dragging an attachment element will no longer write web content and injected
        bundle data to the pasteboard if the attachment element's file attribute is nonnull. This will cause one
        existing WK1 layout test to fail, but will otherwise not affect any attachment editing clients. On iOS,
        attachment elements in the Mail viewer can be dragged, but each attachment's file is null, so we fall back to
        current behavior; on macOS, Mail currently overrides the drag completely, beginning at -mouseDown:, so this
        doesn't make a difference to macOS Mail either.

        * editing/Editor.h:
        * editing/cocoa/EditorCocoa.mm:
        (WebCore::Editor::getPasteboardTypesAndDataForAttachment):

        Add a helper method to retrieve an attachment element as web archive data, for moving attachments within the
        same document. Also gives the injected editor bundle a chance to supply custom pasteboard types.

        * loader/EmptyClients.cpp:
        * page/DragClient.h:
        (WebCore::DragClient::prepareToDragPromisedBlob):

        Add new DragClient methods to send information about a promised blob to the UI process.

        * page/DragController.cpp:
        (WebCore::DragController::startDrag):

        Call dragAttachmentElement when starting a drag on an attachment element.

        (WebCore::DragController::dragAttachmentElement):

        Try to begin dragging a given attachment element, propagating promised blob information to the client layers.
        Returns true iff the attachment is backed by blob data (i.e. the file is nonnull).

        * platform/PromisedBlobInfo.h:

        Add a list of additional types and data to PromisedBlobInfo. In addition to the promised blob info, this would
        allow injected bundle data and other private types alongside the main attachment data on the pasteboard.

2018-01-03  Simon Fraser  <simon.fraser@apple.com>

        Remove the 'resolutionScale' parameter from ImageBufferDataCG get/putBytes
        https://bugs.webkit.org/show_bug.cgi?id=181268

        Reviewed by Alex Christensen.

        These functions were always called with resolutionScale=1.

        * platform/graphics/cg/ImageBufferCG.cpp:
        (WebCore::ImageBuffer::getUnmultipliedImageData const):
        (WebCore::ImageBuffer::getPremultipliedImageData const):
        (WebCore::ImageBuffer::putByteArray):
        * platform/graphics/cg/ImageBufferDataCG.cpp:
        (WebCore::ImageBufferData::getData const):
        (WebCore::ImageBufferData::putData):
        (WebCore::affineWarpBufferData): Deleted.
        * platform/graphics/cg/ImageBufferDataCG.h:

2018-01-03  John Wilander  <wilander@apple.com>

        Storage Access API: Refactor XPC for access removal to go straight from the web process to the network process
        https://bugs.webkit.org/show_bug.cgi?id=181270
        <rdar://problem/36289544>

        Reviewed by Alex Christensen.

        No new tests. Existing test re-enabled.

        This change refactors how the web process tells the network process
        to remove storage access. Previously, this was done over the UI process
        just like requests for storage access. But since no further reasoning
        is needed, the message should go straight from the web process to the
        network process for performance reasons and to minimize the risk of a
        race.

        As a consequence, the XPC code for storage access removal in the UI
        process is deleted.

        * platform/network/cf/NetworkStorageSessionCFNet.cpp:
        (WebCore::NetworkStorageSession::cookieStoragePartition const):
            Removes the storageAccessAPIEnabled check since the flag
            doesn't get propagated when the network process is created.
            Figuring this out will take some work which is unnecessary
            when we already gate access to the feature in Document.idl.

2018-01-03  James Craig  <jcraig@apple.com>

        AX: when invert colors is on, double-invert certain media elements in UserAgentStyleSheet
        https://bugs.webkit.org/show_bug.cgi?id=168447
        <rdar://problem/30559874>

        Reviewed by Simon Fraser.

        Double-invert video when platform 'invert colors' setting is enabled. Behavior matches 
        current 'Smart Invert' feature of Safari Reader on macOS/iOS and other iOS native apps.

        Tests: accessibility/smart-invert-reference.html
               accessibility/smart-invert.html

        * Modules/modern-media-controls/controls/media-controls.css:
        (@media (inverted-colors)):
        (:host):
        (picture):
        * css/html.css:
        (@media (inverted-colors)):
        (video):

2018-01-03  Youenn Fablet  <youenn@apple.com>

        LayoutTest http/tests/media/media-stream/disconnected-frame.html to consistently fail an assertion: !m_adoptionIsRequired
        https://bugs.webkit.org/show_bug.cgi?id=181264

        Reviewed by Eric Carlson.

        Covered by http/tests/media/media-stream/disconnected-frame.html not crashing anymore in Debug builds.
        Calling suspendIfNeeded in create method instead of constructor.

        * Modules/mediastream/UserMediaRequest.cpp:
        (WebCore::UserMediaRequest::create):
        (WebCore::UserMediaRequest::UserMediaRequest):

2018-01-03  Antti Koivisto  <antti@apple.com>

        Remove DeprecatedCSSOMValue::equals
        https://bugs.webkit.org/show_bug.cgi?id=181241

        Reviewed by Zalan Bujtas.

        This is dead code.

        * css/DeprecatedCSSOMValue.cpp:
        (WebCore::compareCSSOMValues): Deleted.
        (WebCore::DeprecatedCSSOMValue::equals const): Deleted.
        * css/DeprecatedCSSOMValue.h:
        (WebCore::DeprecatedCSSOMValue::operator== const): Deleted.
        (WebCore::DeprecatedCSSOMComplexValue::equals const): Deleted.
        * css/DeprecatedCSSOMValueList.cpp:
        (WebCore::DeprecatedCSSOMValueList::equals const): Deleted.
        * css/DeprecatedCSSOMValueList.h:

2018-01-03  Simon Fraser  <simon.fraser@apple.com>

        feLighting is broken with primitiveUnits="objectBoundingBox"
        https://bugs.webkit.org/show_bug.cgi?id=181197

        Reviewed by Tim Horton.

        With <filter primitiveUnits="objectBoundingBox"> we need to convert the coordinates
        of fePointLights and feSpotLights into user space coordinates. Following
        https://www.w3.org/TR/SVG/filters.html#FilterElementPrimitiveUnitsAttribute
        this is done by treating them as fractions of the bounding box on the referencing
        element, with treatment for z following https://www.w3.org/TR/SVG/coords.html#Units_viewport_percentage
        
        To do this, store the bounds of the referencing elemenet on SVGFilterBuilder as
        targetBoundingBox, and store the primitiveUnits type. Then do the conversion of lighting
        coordinates in SVGFESpecularLightingElement::build() and SVGFEDiffuseLightingElement::build().

        Remove SVGFELightElement::findLightSource(), since we need to be able to pass the SVGFilterBuilder
        to the lightSource() function so hoist the code up.

        Tests: svg/filters/feDiffuseLighting-fePointLight-primitiveUnits-objectBoundingBox-expected.svg
               svg/filters/feDiffuseLighting-fePointLight-primitiveUnits-objectBoundingBox.svg
               svg/filters/feDiffuseLighting-feSpotLight-primitiveUnits-objectBoundingBox-expected.svg
               svg/filters/feDiffuseLighting-feSpotLight-primitiveUnits-objectBoundingBox.svg
               svg/filters/feSpecularLighting-fePointLight-primitiveUnits-objectBoundingBox-expected.svg
               svg/filters/feSpecularLighting-fePointLight-primitiveUnits-objectBoundingBox.svg

        * rendering/svg/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::buildPrimitives const):
        * svg/SVGFEDiffuseLightingElement.cpp:
        (WebCore::SVGFEDiffuseLightingElement::build):
        * svg/SVGFEDistantLightElement.cpp:
        (WebCore::SVGFEDistantLightElement::lightSource const):
        * svg/SVGFEDistantLightElement.h:
        * svg/SVGFELightElement.cpp:
        (WebCore::SVGFELightElement::findLightSource): Deleted.
        * svg/SVGFELightElement.h:
        * svg/SVGFEPointLightElement.cpp:
        (WebCore::SVGFEPointLightElement::lightSource const):
        * svg/SVGFEPointLightElement.h:
        * svg/SVGFESpecularLightingElement.cpp:
        (WebCore::SVGFESpecularLightingElement::build):
        * svg/SVGFESpotLightElement.cpp:
        (WebCore::SVGFESpotLightElement::lightSource const):
        * svg/SVGFESpotLightElement.h:
        * svg/graphics/filters/SVGFilterBuilder.h:
        (WebCore::SVGFilterBuilder::setTargetBoundingBox):
        (WebCore::SVGFilterBuilder::targetBoundingBox const):
        (WebCore::SVGFilterBuilder::primitiveUnits const):
        (WebCore::SVGFilterBuilder::setPrimitiveUnits):

2018-01-03  Antti Koivisto  <antti@apple.com>

        Crash beneath CSSValue::equals @ csas.cz
        https://bugs.webkit.org/show_bug.cgi?id=181243
        <rdar://problem/35990826>

        Reviewed by Alex Christensen.

        Test: fast/text/oblique-degree-equals-crash.html

        * css/CSSFontStyleValue.cpp:
        (WebCore::CSSFontStyleValue::equals const):

        Null check both oblique pointers.

2018-01-03  Joseph Pecoraro  <pecoraro@apple.com>

        Web Inspector: Slow open time enumerating system fonts (FontCache::systemFontFamilies)
        https://bugs.webkit.org/show_bug.cgi?id=180979
        <rdar://problem/36146670>

        Reviewed by Matt Baker.

        * platform/graphics/cocoa/FontCacheCoreText.cpp:
        (fontNameIsSystemFont):
        (WebCore::FontCache::systemFontFamilies):
        Switch to the original Mac algorithm before r180979 that uses
        CTFontManagerCopyAvailableFontFamilyNames. Previously this wasn't
        available on iOS but now it is. This is a performance improvement on
        both platforms, but significantly so on macOS. It also finds more,
        valid, family names.

2018-01-03  Michael Catanzaro  <mcatanzaro@igalia.com>

        ASSERTION FAILED: !source || is<Target>(*source) in CoordinatedGraphicsLayer::removeFromParent
        https://bugs.webkit.org/show_bug.cgi?id=166568

        Reviewed by Simon Fraser.

        When a GraphicsLayer has a mask layer, it fails to properly unparent the mask layer before
        it is destroyed. This leaves the mask layer with a dangling parent pointer. Fix it, while
        taking care not to introduce yet another virtual function call during the execution of the
        destructor.

        * platform/graphics/GraphicsLayer.cpp:
        (WebCore::GraphicsLayer::willBeDestroyed):

2018-01-03  Simon Fraser  <simon.fraser@apple.com>

        SVG lighting filter lights are in the wrong coordinate system
        https://bugs.webkit.org/show_bug.cgi?id=181147

        Reviewed by Zalan Bujtas.

        Point and spot light coordinates weren't being converted into buffer-relative
        coordinates before being fed into the lighting math, resulting in incorrect light
        rendering on Retina devices, and when the filter primitive region was clipped.

        Fix by storing absoluteUnclippedSubregion on FilterEffect, which allows us to map
        lighting points from user space coordinates into the coordinates of the buffer being
        used for rendering. Also scale the light z coordinate by doing a dummy point mapping in x.

        Rename members of PointLightSource and SpotLightSource to make it clear which coordinate
        system they are in.

        Tests include HiDPI tests.

        Tests: svg/filters/fePointLight-coordinates-expected.svg
               svg/filters/fePointLight-coordinates.svg
               svg/filters/feSpotLight-coordinates-expected.svg
               svg/filters/feSpotLight-coordinates.svg
               svg/filters/hidpi/fePointLight-coordinates-expected.svg
               svg/filters/hidpi/fePointLight-coordinates.svg
               svg/filters/hidpi/feSpotLight-coordinates-expected.svg
               svg/filters/hidpi/feSpotLight-coordinates.svg

        * platform/graphics/FloatPoint3D.h: Make it easy to get and set the X and Y coords as a FloatPoint.
        (WebCore::FloatPoint3D::xy const):
        (WebCore::FloatPoint3D::setXY):
        * platform/graphics/GeometryUtilities.cpp:
        (WebCore::mapPoint):
        (WebCore::mapRect):
        * platform/graphics/GeometryUtilities.h: Helper to make a point between rects.
        * platform/graphics/filters/DistantLightSource.cpp:
        (WebCore::DistantLightSource::initPaintingData):
        * platform/graphics/filters/DistantLightSource.h:
        * platform/graphics/filters/FELighting.cpp:
        (WebCore::FELighting::drawLighting):
        * platform/graphics/filters/FilterEffect.cpp:
        (WebCore::FilterEffect::mapPointFromUserSpaceToBuffer const):
        * platform/graphics/filters/FilterEffect.h:
        (WebCore::FilterEffect::setUnclippedAbsoluteSubregion):
        * platform/graphics/filters/LightSource.h:
        * platform/graphics/filters/PointLightSource.cpp:
        (WebCore::PointLightSource::initPaintingData):
        (WebCore::PointLightSource::computePixelLightingData const):
        (WebCore::PointLightSource::setX):
        (WebCore::PointLightSource::setY):
        (WebCore::PointLightSource::setZ):
        * platform/graphics/filters/PointLightSource.h:
        (WebCore::PointLightSource::position const):
        (WebCore::PointLightSource::PointLightSource):
        * platform/graphics/filters/SpotLightSource.cpp:
        (WebCore::SpotLightSource::initPaintingData):
        (WebCore::SpotLightSource::computePixelLightingData const):
        (WebCore::SpotLightSource::setX):
        (WebCore::SpotLightSource::setY):
        (WebCore::SpotLightSource::setZ):
        (WebCore::SpotLightSource::setPointsAtX):
        (WebCore::SpotLightSource::setPointsAtY):
        (WebCore::SpotLightSource::setPointsAtZ):
        * platform/graphics/filters/SpotLightSource.h:
        (WebCore::SpotLightSource::position const):
        (WebCore::SpotLightSource::direction const):
        (WebCore::SpotLightSource::SpotLightSource):
        * rendering/svg/RenderSVGResourceFilter.cpp:
        (WebCore::RenderSVGResourceFilter::buildPrimitives const):
        * rendering/svg/RenderSVGResourceFilterPrimitive.cpp:
        (WebCore::RenderSVGResourceFilterPrimitive::determineFilterPrimitiveSubregion):

2018-01-03  Youenn Fablet  <youenn@apple.com>

        Select service worker for documents with data/blob URLS
        https://bugs.webkit.org/show_bug.cgi?id=181213

        Reviewed by Alex Christensen.

        Covered by updated test.

        Reusing the service worker of the parent for blob/data URL documents.

        * loader/DocumentLoader.cpp:
        (WebCore::isLocalURL):
        (WebCore::DocumentLoader::commitData):

2018-01-03  Ryan Haddad  <ryanhaddad@apple.com>

        Unreviewed, rolling out r226352.

        Breaks Sierra and El Capitan builds.

        Reverted changeset:

        "Web Inspector: Slow open time enumerating system fonts
        (FontCache::systemFontFamilies)"
        https://bugs.webkit.org/show_bug.cgi?id=180979
        https://trac.webkit.org/changeset/226352