8c7c327a34c7dedcb52d5f8d5b4e1ea829d95b3f
[WebKit-https.git] / Source / WebCore / ChangeLog
1 2017-05-18  Youenn Fablet  <youenn@apple.com>
2
3         Make WebRTC logging happen in Release
4         https://bugs.webkit.org/show_bug.cgi?id=172307
5
6         Reviewed by Eric Carlson.
7
8         No change of behavior.
9         Move from LOG(WebRTC...) to RELEASE_LOG(WebRTC...).
10
11         * Modules/mediastream/PeerConnectionBackend.cpp:
12         (WebCore::PeerConnectionBackend::createOfferSucceeded):
13         (WebCore::PeerConnectionBackend::createOfferFailed):
14         (WebCore::PeerConnectionBackend::createAnswerSucceeded):
15         (WebCore::PeerConnectionBackend::createAnswerFailed):
16         (WebCore::PeerConnectionBackend::setLocalDescriptionSucceeded):
17         (WebCore::PeerConnectionBackend::setLocalDescriptionFailed):
18         (WebCore::PeerConnectionBackend::setRemoteDescriptionSucceeded):
19         (WebCore::PeerConnectionBackend::setRemoteDescriptionFailed):
20         (WebCore::PeerConnectionBackend::addIceCandidateSucceeded):
21         (WebCore::PeerConnectionBackend::addIceCandidateFailed):
22         (WebCore::PeerConnectionBackend::newICECandidate):
23         (WebCore::PeerConnectionBackend::doneGatheringCandidates):
24         * Modules/mediastream/RTCPeerConnection.cpp:
25         (WebCore::RTCPeerConnection::queuedCreateOffer):
26         (WebCore::RTCPeerConnection::queuedCreateAnswer):
27         (WebCore::RTCPeerConnection::queuedSetLocalDescription):
28         (WebCore::RTCPeerConnection::queuedSetRemoteDescription):
29         (WebCore::RTCPeerConnection::queuedAddIceCandidate):
30
31 2017-05-18  Eric Carlson  <eric.carlson@apple.com>
32
33         [MediaStream] do not cache gUM permissions
34         https://bugs.webkit.org/show_bug.cgi?id=172245
35
36         Reviewed by Youenn Fablet.
37
38         No new tests, updated fast/mediastream/MediaDevices-getUserMedia.html.
39
40         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
41         (WebCore::RealtimeMediaSourceCenter::validateRequestConstraints): Add salt parameter.
42         * platform/mediastream/RealtimeMediaSourceCenter.h:
43
44 2017-05-18  Zalan Bujtas  <zalan@apple.com>
45
46         Redundant ellipsis box triggers ASSERT_WITH_SECURITY_IMPLICATION in InlineBox::parent().
47         https://bugs.webkit.org/show_bug.cgi?id=172309
48         <rdar://problem/32262357>
49
50         Reviewed by Simon Fraser.
51
52         This patch stops the redundant ellipsis box trigger ASSERT_WITH_SECURITY_IMPLICATION.
53
54         In RootInlineBox::placeEllipsis we construct an ellipsis box and append it to a static HashMap which
55         keeps track of the ellipsis boxes on each line. However when the line already has an ellipsis, we
56         re-use the existing one and this newly constructed (but redundant) box gets destroyed as we return from this function.
57         In InlineBox's d'tor, we let the parent know that now it has a dangling child and we assert on it
58         later, while accessing the children list. However this redundant ellipsis box was never added to the line,
59         so the assertion hits incorrectly.
60
61         Test: fast/inline/redundant-ellipsis-triggers-assert-incorrectly.html
62
63         * rendering/EllipsisBox.cpp:
64         (WebCore::EllipsisBox::EllipsisBox):
65         * rendering/InlineBox.cpp:
66         (WebCore::InlineBox::invalidateParentChildList):
67         * rendering/InlineBox.h:
68         * rendering/RootInlineBox.cpp:
69         (WebCore::RootInlineBox::placeEllipsis): Use the newly created ellipsis box instead.
70
71 2017-05-18  Andy Estes  <aestes@apple.com>
72
73         ENABLE(APPLE_PAY_DELEGATE) should be NO on macOS Sierra and earlier
74         https://bugs.webkit.org/show_bug.cgi?id=172305
75
76         Reviewed by Anders Carlsson.
77
78         * Configurations/FeatureDefines.xcconfig:
79
80 2017-05-18  Dean Jackson  <dino@apple.com>
81
82         Transform misplaces element 50% of the time
83         https://bugs.webkit.org/show_bug.cgi?id=172300
84
85         Reviewed by Simon Fraser.
86
87         A hardware-accelerated animation of the transform property
88         requires layout to happen if it contains a translate operation
89         using percentages, otherwise it may create an incorrect
90         animation. The "50% of the time" comes in to play because
91         the layout timer may sometimes fire before the animation
92         timer. The test case contains a example that is much more
93         likely to fail without this fix.
94
95         Test: animations/needs-layout.html
96
97         * page/animation/CSSAnimationController.cpp:
98         (WebCore::CSSAnimationControllerPrivate::animationTimerFired): If
99         we've been told that we need a layout, and we have one pending, then
100         force it before doing the rest of the animation logic.
101         (WebCore::CSSAnimationController::updateAnimations): Check if the
102         CompositeAnimation depends on layout, and tell the private controller
103         that it should check for the necessity of a layout as the animation
104         timer fires.
105
106         * page/animation/CompositeAnimation.cpp:
107         (WebCore::CompositeAnimation::animate): Ask the keyframes if this
108         animation depends on layout.
109
110         * page/animation/CompositeAnimation.h:
111         (WebCore::CompositeAnimation::hasAnimationThatDependsOnLayout):
112         * page/animation/KeyframeAnimation.cpp:
113         (WebCore::KeyframeAnimation::KeyframeAnimation):
114         (WebCore::KeyframeAnimation::computeLayoutDependency): Look at all
115         the keyframe properties for something that is a translation using
116         percentages.
117
118         * page/animation/KeyframeAnimation.h:
119
120 2017-05-18  Wenson Hsieh  <wenson_hsieh@apple.com>
121
122         Selection around attachment elements should not persist when beginning a drag
123         https://bugs.webkit.org/show_bug.cgi?id=172319
124         <rdar://problem/32283008>
125
126         Reviewed by Tim Horton.
127
128         When beginning to drag an attachment element, save and restore the visible selection when calling out to the
129         injected bundle for additional data, and when creating the drag image.
130
131         Augmented an existing API test: DataInteractionTests.AttachmentElementItemProviders.
132
133         * page/DragController.cpp:
134         (WebCore::DragController::startDrag):
135
136 2017-05-18  Daniel Bates  <dabates@apple.com>
137
138         Cleanup: Remove unused functions from RuntimeEnabledFeatures
139         https://bugs.webkit.org/show_bug.cgi?id=172315
140
141         Reviewed by Jer Noble.
142
143         * page/RuntimeEnabledFeatures.cpp:
144         (WebCore::RuntimeEnabledFeatures::htmlMediaElementEnabled): Deleted.
145         (WebCore::RuntimeEnabledFeatures::htmlVideoElementEnabled): Deleted.
146         (WebCore::RuntimeEnabledFeatures::htmlSourceElementEnabled): Deleted.
147         (WebCore::RuntimeEnabledFeatures::mediaControllerEnabled): Deleted.
148         (WebCore::RuntimeEnabledFeatures::mediaErrorEnabled): Deleted.
149         (WebCore::RuntimeEnabledFeatures::timeRangesEnabled): Deleted.
150         * page/RuntimeEnabledFeatures.h:
151         (WebCore::RuntimeEnabledFeatures::setDOMIteratorEnabled): Deleted.
152         (WebCore::RuntimeEnabledFeatures::domIteratorEnabled): Deleted.
153         (WebCore::RuntimeEnabledFeatures::setGeolocationEnabled): Deleted.
154         (WebCore::RuntimeEnabledFeatures::geolocationEnabled): Deleted.
155
156 2017-05-18  Daniel Bates  <dabates@apple.com>
157
158         Improve error message for Access-Control-Allow-Origin violation due to misconfigured server
159         https://bugs.webkit.org/show_bug.cgi?id=162819
160         <rdar://problem/28575938>
161
162         Reviewed by Joseph Pecoraro.
163
164         Inspired by Blink change:
165         <https://src.chromium.org/viewvc/blink?view=revision&revision=163406>
166
167         At most one Access-Control-Allow-Origin header may be in an HTTP response. Improve the
168         error message emitted on a CORS failure when Access-Control-Allow-Origin contains more
169         than one origin, indicated by the presence of a ',', as a way to help web developers/server
170         administrators differentiate between a misconfigured Access-Control-Allow-Origin header
171         and a misconfigured server.
172
173         * loader/CrossOriginAccessControl.cpp:
174         (WebCore::passesAccessControlCheck): Defined a local variable to hold the value of securityOrigin.toString()
175         and referenced this variable throughout the code to avoid computing the stringified security
176         origin more than once. Switched to using makeString() to concatenate error message when the
177         origin of the page does not match the value of the Access-Control-Allow-Origin header.
178
179 2017-05-18  John Wilander  <wilander@apple.com>
180
181         Resource Load Statistics: Grandfather domains for existing data records
182         https://bugs.webkit.org/show_bug.cgi?id=172155
183         <rdar://problem/24913532>
184
185         Reviewed by Alex Christensen.
186
187         Test: http/tests/loading/resourceLoadStatistics/grandfathering.html
188
189         * loader/ResourceLoadObserver.cpp:
190         (WebCore::ResourceLoadObserver::setGrandfathered):
191         (WebCore::ResourceLoadObserver::isGrandfathered):
192         (WebCore::ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval):
193         (WebCore::ResourceLoadObserver::setGrandfatheringTime):
194             Functions for testing and configuration.
195             ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval() changed as a result of moving
196             WebKit::WebResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval() here.
197         * loader/ResourceLoadObserver.h:
198         * loader/ResourceLoadStatisticsStore.cpp:
199         (WebCore::ResourceLoadStatisticsStore::createEncoderFromData):
200         (WebCore::ResourceLoadStatisticsStore::readDataFromDecoder):
201             Now contains endOfGrandfatheringTimestamp.
202         (WebCore::ResourceLoadStatisticsStore::clearInMemoryAndPersistent):
203             Now makes a call to m_grandfatherExistingWebsiteDataHandler().
204         (WebCore::ResourceLoadStatisticsStore::setGrandfatherExistingWebsiteDataCallback):
205         (WebCore::ResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval):
206             Changed as a result of moving
207             WebKit::WebResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval() here.
208         (WebCore::ResourceLoadStatisticsStore::setGrandfatheringTime):
209         (WebCore::ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor):
210             Renamed since it now also takes grandfathering into account.
211         (WebCore::ResourceLoadStatisticsStore::updateStatisticsForRemovedDataRecords):
212             Fixed typo in local variable name.
213         (WebCore::ResourceLoadStatisticsStore::handleFreshStartWithEmptyOrNoStore):
214         (WebCore::ResourceLoadStatisticsStore::shouldRemoveDataRecords):
215             Convenience function added.
216         (WebCore::ResourceLoadStatisticsStore::dataRecordsBeingRemoved):
217             Convenience function added.
218         (WebCore::ResourceLoadStatisticsStore::dataRecordsWereRemoved):
219             Convenience function added.
220         (WebCore::ResourceLoadStatisticsStore::prevalentResourceDomainsWithoutUserInteraction): Deleted.
221             Replaced by ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor().
222         * loader/ResourceLoadStatisticsStore.h:
223
224 2017-05-18  Daniel Bates  <dabates@apple.com>
225
226         Bindings: Require value for extended attributes EnabledAtRuntime and EnabledForWorld
227         https://bugs.webkit.org/show_bug.cgi?id=172252
228
229         Reviewed by Sam Weinig.
230
231         According to Sam Weinig it is an anti-feature that EnabledAtRuntime can be specified
232         without a value. We should make it require a value for the name of the RuntimeEnabledFeatures
233         function to use in the generated code. For similar reasons we should also require
234         a value for the extended attribute EnabledForWorld.
235
236         * Modules/websockets/WebSocket.idl: Substitute EnabledAtRuntime=WebSocket for EnabledAtRuntime.
237         * bindings/scripts/CodeGeneratorJS.pm:
238         (GetRuntimeEnableFunctionName):
239         * html/HTMLAudioElement.idl: Substitute EnabledAtRuntime=Audio for EnabledAtRuntime.
240         * page/RuntimeEnabledFeatures.cpp:
241         (WebCore::RuntimeEnabledFeatures::audioEnabled):
242         (WebCore::RuntimeEnabledFeatures::htmlAudioElementEnabled): Deleted. This function duplicated
243         the functionality of RuntimeEnabledFeatures::audioEnabled(). Instead we explicitly
244         write EnabledAtRuntime=Audio in HTMLAudioElement.idl to use RuntimeEnabledFeatures::audioEnabled()
245         to determine whether to expose/conceal the HTMLAudioElement global constructor at runtime.
246         * page/RuntimeEnabledFeatures.h:
247
248 2017-05-18  Jer Noble  <jer.noble@apple.com>
249
250         Allow nested timers to propagate user gestures so long as the total nested interval is less than 1s.
251         https://bugs.webkit.org/show_bug.cgi?id=172173
252
253         Reviewed by Andy Estes.
254
255         Test: media/restricted-audio-playback-with-multiple-settimeouts.html
256
257         Store the current nested timer interval in DOMTimerFireState, and use that value to propagate the
258         nested interval through multiple invocations of setTimeout().
259
260         Drive-by fix: instead of manually resetting the nesting level in DOMTimer::fired(), add the
261         nesting level to the DOMTimerFireState, and reset the nesting level on the state's destruction.
262         This fixes one place in DOMTimer::fire() where an early return lead to the timer's nesting level
263         not being reset.
264
265         * page/DOMTimer.cpp:
266         (WebCore::DOMTimerFireState::DOMTimerFireState):
267         (WebCore::DOMTimerFireState::~DOMTimerFireState):
268         (WebCore::DOMTimerFireState::nestedTimerInterval):
269         (WebCore::shouldForwardUserGesture):
270         (WebCore::userGestureTokenToForward):
271         (WebCore::currentNestedTimerInterval):
272         (WebCore::DOMTimer::DOMTimer):
273         (WebCore::DOMTimer::fired):
274         * page/DOMTimer.h:
275
276 2017-05-18  Youenn Fablet  <youenn@apple.com>
277
278         RealtimeOutgoingAudioSource should use the source sample rate
279         https://bugs.webkit.org/show_bug.cgi?id=172297
280
281         Reviewed by Eric Carlson.
282
283         Covered by manual tests.
284
285         * platform/mediastream/mac/RealtimeOutgoingAudioSource.cpp:
286         (WebCore::RealtimeOutgoingAudioSource::audioSamplesAvailable): Using the audio source sample rate so that the converter does the right conversion.
287
288 2017-05-18  Andy Estes  <aestes@apple.com>
289
290         Add "countryCode" to ApplePayErrorContactField
291         https://bugs.webkit.org/show_bug.cgi?id=172264
292         <rdar://problem/32004909>
293
294         Reviewed by Anders Carlsson.
295
296         Added ApplePayError tests to http/tests/ssl/applepay/ApplePaySession.html
297
298         * Modules/applepay/ApplePayError.idl:
299         * Modules/applepay/PaymentRequest.h:
300
301 2017-05-18  Daniel Bates  <dabates@apple.com>
302
303         Cleanup: Remove unnecessary call to AddToImplIncludes("RuntimeEnabledFeatures.h") in GenerateImplementation()
304         https://bugs.webkit.org/show_bug.cgi?id=172236
305
306         Reviewed by Chris Dumez.
307
308         It is unnecessary for GenerateImplementation() to explicitly call AddToImplIncludes("RuntimeEnabledFeatures.h")
309         to add the header RuntimeEnabledFeatures.h to the list of headers in the generated implementation
310         as this header is added when GetRuntimeEnableFunctionName() is called. And GenerateImplementation()
311         calls GetRuntimeEnableFunctionName().
312
313         No functionality changed. So, no new tests.
314
315         * bindings/scripts/CodeGeneratorJS.pm:
316         (GenerateImplementation):
317
318 2017-05-18  Daniel Bates  <dabates@apple.com>
319
320         REGRESSION (r209608): Cross-origin plugin document opened in child window blocked by parent
321         window CSP when object-src 'none' is set
322         https://bugs.webkit.org/show_bug.cgi?id=172038
323         <rdar://problem/32258262>
324
325         Reviewed by Andy Estes.
326
327         Fixes an issue where a cross-origin plugin document opened in a child window would inherit
328         the Content Security Policy (CSP) of its opener. In particular, a cross-origin plugin
329         document opened in a child window would be blocked when the CSP of its opener disallows
330         plugins (e.g. object-source 'none').
331
332         Prior to r209608 a document opened in a child window never inherited the CSP from its opener
333         and a plugin document loaded in a subframe would unconditionally inherit the CSP from its
334         parent frame. So, a plugin document opened in a child window would be allowed to load
335         regardless of whether its opener had a CSP that prevented plugins. Following r209608 a
336         document opened in a child window would inherit its CSP from its opener if and only if it
337         would inherit the security origin from its opener (e.g. about:blank) or was a plugin
338         document. The latter condition makes plugin documents opened in a child window unconditionally
339         inherit the CSP from their opener and is the cause of this bug. It seems reasonable to exempt
340         cross-origin plugin documents opened in a child window from the CSP inheritance rule because
341         such documents cannot compromise the origin of their opener. Same-origin plugin documents
342         opened in a child window will continue to inherit the CSP from their opener because such
343         documents can compromise the origin of their opener.
344
345         Tests: http/tests/security/contentSecurityPolicy/cross-origin-plugin-document-allowed-in-child-window.html
346                http/tests/security/contentSecurityPolicy/plugin-blocked-in-about-blank-window.html
347                http/tests/security/contentSecurityPolicy/same-origin-plugin-document-blocked-in-child-window.html
348
349         * dom/Document.cpp:
350         (WebCore::Document::shouldInheritContentSecurityPolicyFromOwner): Added.
351         (WebCore::Document::initContentSecurityPolicy):
352         * dom/Document.h:
353
354 2017-05-18  Keith Miller  <keith_miller@apple.com>
355
356         WebAssembly API: test with neutered inputs
357         https://bugs.webkit.org/show_bug.cgi?id=163899
358
359         Reviewed by JF Bastien.
360
361         Make it not possible to transfer an ArrayBuffer that is backed by a
362         wasm memory.
363
364         Test: workers/wasm-mem-post-message.html
365
366         * bindings/js/SerializedScriptValue.cpp:
367         (WebCore::SerializedScriptValue::create):
368
369 2017-05-18  Commit Queue  <commit-queue@webkit.org>
370
371         Unreviewed, rolling out r217031, r217032, and r217037.
372         https://bugs.webkit.org/show_bug.cgi?id=172293
373
374         cause linking errors in Windows (Requested by yusukesuzuki on
375         #webkit).
376
377         Reverted changesets:
378
379         "[JSC][DFG][DOMJIT] Extend CheckDOM to CheckSubClass"
380         https://bugs.webkit.org/show_bug.cgi?id=172098
381         http://trac.webkit.org/changeset/217031
382
383         "Unreviewed, rebaseline for newly added ClassInfo"
384         https://bugs.webkit.org/show_bug.cgi?id=172098
385         http://trac.webkit.org/changeset/217032
386
387         "Unreviewed, fix debug and non-JIT build"
388         https://bugs.webkit.org/show_bug.cgi?id=172098
389         http://trac.webkit.org/changeset/217037
390
391 2017-05-18  Per Arne Vollan  <pvollan@apple.com>
392
393         Protect MediaDeviceRequest instance during context destruction.
394         https://bugs.webkit.org/show_bug.cgi?id=172285
395         <rdar://problem/30369017>
396
397         Reviewed by Brent Fulgham.
398
399         In MediaDevicesRequest::contextDestroyed(), the call to m_enumerationRequest->cancel() might
400         end up deleting itself (MediaDevicesRequest). The std::function member m_completionHandler
401         in MediaDevicesEnumerationRequest contains a captured variable of type
402         RefPtr<MediaDevicesRequest>. When m_completionHandler is set to null in the cancel() method,
403         the MediaDevicesRequest object will be deleted if the m_completionHandler member is holding
404         the last reference.
405
406         No new tests, since I am unable to reproduce.
407
408         * Modules/mediastream/MediaDevicesRequest.cpp:
409         (WebCore::MediaDevicesRequest::contextDestroyed):
410
411 2017-05-18  Antti Koivisto  <antti@apple.com>
412
413         Design mode should not affect UA shadow trees
414         https://bugs.webkit.org/show_bug.cgi?id=171854
415         <rdar://problem/32071037>
416
417         Reviewed by Zalan Bujtas.
418
419         Test: editing/deleting/search-shadow-tree-delete.html
420
421         * html/HTMLElement.cpp:
422         (WebCore::HTMLElement::editabilityFromContentEditableAttr):
423
424             Ignore design mode for UA shadow trees.
425
426         * html/SearchInputType.cpp:
427         (WebCore::SearchInputType::~SearchInputType):
428         (WebCore::SearchInputType::createShadowSubtree):
429         (WebCore::SearchInputType::resultsButtonElement):
430         (WebCore::SearchInputType::cancelButtonElement):
431         * html/SearchInputType.h:
432
433             Use RefPtr.
434
435 2017-05-18  Vanessa Chipirrás Navalón  <vchipirras@igalia.com>
436
437         [GTK][GStreamer][MSE] Crash on youtube when MSE is enabled but gstreamer cant find the decoder element.
438         https://bugs.webkit.org/show_bug.cgi?id=167120
439
440         Reviewed by Žan Doberšek.
441
442         This is because supportCodecs() doesn't check in runtime which plugins the player has.
443         So, a static function which returns a map with the plugins has been created. That map is later
444         used in the supportsCodecs() method to check if the requested codec matches any of the map.
445
446         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:
447         (WebCore::MediaPlayerPrivateGStreamerBase::initializeGStreamerAndRegisterWebKitElements):
448         The declaration is moved into this class.
449         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp:
450         (WebCore::MediaPlayerPrivateGStreamer::isAvailable): This function calls the implementation of
451         initializeGstreamerAndRegisterWebKitElements function.
452         (WebCore::MediaPlayerPrivateGStreamer::load): Ditto
453         (WebCore::mimeTypeSet): Ditto
454         * platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.h: It is static type to expose
455         initializeGStreamerAndRegisterWebKitElements() function to be called from internal function
456         "which runs before MediaPlayerPrivateGStreamerBase initialization but needs to have GStreamer initialized".
457         * platform/graphics/gstreamer/mse/MediaPlayerPrivateGStreamerMSE.cpp:
458         (WebCore::codecSet): It returns a map with the plugins has been created.
459         (WebCore::MediaPlayerPrivateGStreamerMSE::supportsCodecs): To check if the requested codec
460         matches any of the map from codecSet().
461
462 2017-05-18  Romain Bellessort  <romain.bellessort@crf.canon.fr>
463
464         [Readable Streams API] Align getDesiredSize with spec
465         https://bugs.webkit.org/show_bug.cgi?id=172220
466
467         Reviewed by Chris Dumez.
468
469         Aligned implementation of getDesiredSize operation for both controllers:
470         - https://streams.spec.whatwg.org/#readable-stream-default-controller-get-desired-size
471         - https://streams.spec.whatwg.org/#readable-byte-stream-controller-get-desired-size
472
473         Implementation slightly differs from spec as queueTotalSize refactoring is not
474         yet implemented, but behavior is now similar.
475
476         No new tests (already covered by WPT tests, corresponding expectations have been updated).
477
478         * Modules/streams/ReadableByteStreamInternals.js:
479         (readableByteStreamControllerGetDesiredSize): Updated.
480         * Modules/streams/ReadableStreamInternals.js:
481         (readableStreamDefaultControllerGetDesiredSize): Updated.
482
483 2017-05-18  Tim Horton  <timothy_horton@apple.com>
484
485         More WebKit2 header cleanup
486         https://bugs.webkit.org/show_bug.cgi?id=172214
487
488         Reviewed by Simon Fraser.
489
490         * Modules/mediastream/UserMediaController.cpp:
491         * Modules/mediastream/UserMediaController.h:
492
493 2017-05-16  Yusuke Suzuki  <utatane.tea@gmail.com>
494
495         [JSC][DFG][DOMJIT] Extend CheckDOM to CheckSubClass
496         https://bugs.webkit.org/show_bug.cgi?id=172098
497
498         Reviewed by Saam Barati.
499
500         Add DOMJIT interface IDL attribute. Which allows us to define checkSubClassPatchpoint function
501         for that ClassInfo. And we move CheckSubClass patchpoint implementation to ClassInfo's member.
502
503         * CMakeLists.txt:
504         * WebCore.xcodeproj/project.pbxproj:
505         * bindings/js/JSDOMGlobalObject.cpp:
506         * bindings/js/JSDOMWindowBase.cpp:
507         * bindings/js/JSDOMWindowProperties.cpp:
508         * bindings/js/JSDOMWindowShell.cpp:
509         * bindings/js/JSReadableStreamPrivateConstructors.cpp:
510         * bindings/js/JSWorkerGlobalScopeBase.cpp:
511         * bindings/scripts/CodeGeneratorJS.pm:
512         (GenerateHeader):
513         (GenerateImplementation):
514         (GenerateImplementationIterableFunctions):
515         (GenerateConstructorHelperMethods):
516         * bindings/scripts/IDLAttributes.json:
517         * bindings/scripts/test/JS/JSInterfaceName.cpp:
518         * bindings/scripts/test/JS/JSMapLike.cpp:
519         * bindings/scripts/test/JS/JSReadOnlyMapLike.cpp:
520         * bindings/scripts/test/JS/JSTestActiveDOMObject.cpp:
521         * bindings/scripts/test/JS/JSTestCEReactions.cpp:
522         * bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp:
523         * bindings/scripts/test/JS/JSTestCallbackInterface.cpp:
524         * bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp:
525         * bindings/scripts/test/JS/JSTestCustomConstructorWithNoInterfaceObject.cpp:
526         * bindings/scripts/test/JS/JSTestCustomNamedGetter.cpp:
527         * bindings/scripts/test/JS/JSTestDOMJIT.cpp:
528         * bindings/scripts/test/JS/JSTestDOMJIT.h:
529         * bindings/scripts/test/JS/JSTestEventConstructor.cpp:
530         * bindings/scripts/test/JS/JSTestEventTarget.cpp:
531         * bindings/scripts/test/JS/JSTestException.cpp:
532         * bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp:
533         * bindings/scripts/test/JS/JSTestGlobalObject.cpp:
534         * bindings/scripts/test/JS/JSTestInterface.cpp:
535         * bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp:
536         * bindings/scripts/test/JS/JSTestIterable.cpp:
537         * bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp:
538         * bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp:
539         * bindings/scripts/test/JS/JSTestNamedConstructor.cpp:
540         * bindings/scripts/test/JS/JSTestNode.cpp:
541         * bindings/scripts/test/JS/JSTestObj.cpp:
542         * bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp:
543         * bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp:
544         * bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp:
545         * bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp:
546         * bindings/scripts/test/JS/JSTestSerialization.cpp:
547         * bindings/scripts/test/JS/JSTestSerializationInherit.cpp:
548         * bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp:
549         * bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp:
550         * bindings/scripts/test/JS/JSTestTypedefs.cpp:
551         * bridge/c/CRuntimeObject.cpp:
552         * bridge/c/c_instance.cpp:
553         * bridge/objc/ObjCRuntimeObject.mm:
554         * bridge/objc/objc_instance.mm:
555         * bridge/objc/objc_runtime.mm:
556         * bridge/runtime_array.cpp:
557         * bridge/runtime_method.cpp:
558         * bridge/runtime_object.cpp:
559         * dom/Document.idl:
560         * dom/DocumentFragment.idl:
561         * dom/Element.idl:
562         * dom/Event.idl:
563         * dom/Node.idl:
564         * domjit/JSDocumentDOMJIT.cpp:
565         (WebCore::JSDocument::checkSubClassPatchpoint):
566         (WebCore::DocumentDocumentElementDOMJIT::checkDOM): Deleted.
567         (WebCore::DocumentBodyDOMJIT::checkDOM): Deleted.
568         * domjit/JSDocumentFragmentDOMJIT.cpp: Copied from Source/JavaScriptCore/runtime/JSMap.cpp.
569         (WebCore::JSDocumentFragment::checkSubClassPatchpoint):
570         * domjit/JSElementDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
571         (WebCore::JSElement::checkSubClassPatchpoint):
572         * domjit/JSEventDOMJIT.cpp: Copied from Source/JavaScriptCore/tools/JSDollarVM.cpp.
573         (WebCore::JSEvent::checkSubClassPatchpoint):
574         * domjit/JSNodeDOMJIT.cpp:
575         (WebCore::JSNode::checkSubClassPatchpoint):
576         (WebCore::NodeFirstChildDOMJIT::checkDOM): Deleted.
577         (WebCore::NodeLastChildDOMJIT::checkDOM): Deleted.
578         (WebCore::NodeNextSiblingDOMJIT::checkDOM): Deleted.
579         (WebCore::NodePreviousSiblingDOMJIT::checkDOM): Deleted.
580         (WebCore::NodeParentNodeDOMJIT::checkDOM): Deleted.
581         (WebCore::NodeNodeTypeDOMJIT::checkDOM): Deleted.
582         (WebCore::NodeOwnerDocumentDOMJIT::checkDOM): Deleted.
583
584 2017-05-17  Youenn Fablet  <youenn@apple.com>
585
586         r216999 broke win build
587         https://bugs.webkit.org/show_bug.cgi?id=172257
588
589         Unreviewed.
590
591         * testing/Internals.cpp:
592         (WebCore::Internals::setPageVisibility): Moving setPageVisibility out of MEDIA_STREAM compilation flag.
593
594 2017-05-17  Andy Estes  <aestes@apple.com>
595
596         [Cocoa] errors are not propagated to PassKit when calling ApplePaySession.completePayment()
597         https://bugs.webkit.org/show_bug.cgi?id=172253
598         <rdar://problem/32258020>
599
600         Reviewed by Dan Bernstein.
601
602         In ApplePaySession::completePayment(), releaseReturnValue() was being called twice on the
603         same convertedResult. Since the first call moved the errors vector out of convertedResult,
604         the vector is empty in the second call. It's the second call that sends the result to the
605         UI process, so we end up with an empty arary when we call PassKit's delegate completion
606         handler.
607
608         * Modules/applepay/ApplePaySession.cpp:
609         (WebCore::ApplePaySession::completePayment):
610
611 2017-05-17  Ryan Haddad  <ryanhaddad@apple.com>
612
613         Unreviewed, rolling out r217014.
614
615         This change caused mac-wk2 LayoutTests to exit early due to
616         crashes.
617
618         Reverted changeset:
619
620         "Resource Load Statistics: Grandfather domains for existing
621         data records"
622         https://bugs.webkit.org/show_bug.cgi?id=172155
623         http://trac.webkit.org/changeset/217014
624
625 2017-05-17  Zalan Bujtas  <zalan@apple.com>
626
627         Tighten TextIterator::handleTextNode run-renderer mapping logic.
628         https://bugs.webkit.org/show_bug.cgi?id=172174
629
630         Reviewed by Antti Koivisto.
631
632         This patch ensure that when runs and renderers are getting out of sync
633         we don't run into problems like webkit.org/b/172113 (where we end up
634         using incorrect content start/end positions).
635
636         * editing/TextIterator.cpp:
637         (WebCore::TextIterator::handleTextNode):
638
639 2017-05-17  John Wilander  <wilander@apple.com>
640
641         Resource Load Statistics: Grandfather domains for existing data records
642         https://bugs.webkit.org/show_bug.cgi?id=172155
643         <rdar://problem/24913532>
644
645         Reviewed by Alex Christensen.
646
647         Test: http/tests/loading/resourceLoadStatistics/grandfathering.html
648
649         * loader/ResourceLoadObserver.cpp:
650         (WebCore::ResourceLoadObserver::setGrandfathered):
651         (WebCore::ResourceLoadObserver::isGrandfathered):
652         (WebCore::ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval):
653         (WebCore::ResourceLoadObserver::setGrandfatheringTime):
654             Functions for testing and configuration.
655             ResourceLoadObserver::setMinimumTimeBetweeenDataRecordsRemoval() changed as a result of moving
656             WebKit::WebResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval() here.
657         * loader/ResourceLoadObserver.h:
658         * loader/ResourceLoadStatisticsStore.cpp:
659         (WebCore::ResourceLoadStatisticsStore::createEncoderFromData):
660         (WebCore::ResourceLoadStatisticsStore::readDataFromDecoder):
661             Now contains endOfGrandfatheringTimestamp.
662         (WebCore::ResourceLoadStatisticsStore::clearInMemoryAndPersistent):
663             Now makes a call to m_grandfatherExistingWebsiteDataHandler().
664         (WebCore::ResourceLoadStatisticsStore::setGrandfatherExistingWebsiteDataCallback):
665         (WebCore::ResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval):
666             Changed as a result of moving
667             WebKit::WebResourceLoadStatisticsStore::setMinimumTimeBetweeenDataRecordsRemoval() here.
668         (WebCore::ResourceLoadStatisticsStore::setGrandfatheringTime):
669         (WebCore::ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor):
670             Renamed since it now also takes grandfathering into account.
671         (WebCore::ResourceLoadStatisticsStore::updateStatisticsForRemovedDataRecords):
672             Fixed typo in local variable name.
673         (WebCore::ResourceLoadStatisticsStore::handleFreshStartWithEmptyOrNoStore):
674         (WebCore::ResourceLoadStatisticsStore::shouldRemoveDataRecords):
675             Convenience function added.
676         (WebCore::ResourceLoadStatisticsStore::dataRecordsBeingRemoved):
677             Convenience function added.
678         (WebCore::ResourceLoadStatisticsStore::dataRecordsWereRemoved):
679             Convenience function added.
680         (WebCore::ResourceLoadStatisticsStore::prevalentResourceDomainsWithoutUserInteraction): Deleted.
681             Replaced by ResourceLoadStatisticsStore::topPrivatelyControlledDomainsToRemoveWebsiteDataFor().
682         * loader/ResourceLoadStatisticsStore.h:
683
684 2017-05-17  Zalan Bujtas  <zalan@apple.com>
685
686         Debug ASSERT: WebCore::RenderImageResource::shutdown
687         https://bugs.webkit.org/show_bug.cgi?id=172238
688         <rdar://problem/30064601>
689
690         Reviewed by Simon Fraser.
691
692         While constructing new renderers, as part of the render tree update, we check if the insertion point is valid for them. 
693         When this newly constructed child renderer can't be injected to a specific place, we destroy it right away.
694         This assert was added with the assumption that the image resource object gets initialized
695         (through RenderObject::initializeStyle) even when the renderer turns out to be invalid.
696
697         Test: fast/images/assert-when-insertion-point-is-incorrect.html
698
699         * rendering/RenderImageResource.cpp:
700         (WebCore::RenderImageResource::RenderImageResource):
701         (WebCore::RenderImageResource::shutdown):
702         * rendering/RenderImageResource.h:
703
704 2017-05-17  Per Arne Vollan  <pvollan@apple.com>
705
706         Crash under WebCore::AudioSourceProviderAVFObjC::process().
707         https://bugs.webkit.org/show_bug.cgi?id=172101
708         rdar://problem/27446589
709
710         Reviewed by Jer Noble.
711
712         Calling the function MTAudioProcessingTapGetSourceAudio when the value of the
713         MTAudioProcessingTapRef parameter is null, will lead to a null dereference.
714         This can for example happen if MediaPlayerPrivateAVFoundationObjC::cancelLoad()
715         is called on the main thread while MediaToolbox is calling the
716         WebCore::AudioSourceProviderAVFObjC::processCallback function on a secondary
717         thread. MediaPlayerPrivateAVFoundationObjC::cancelLoad() will then call
718         AudioSourceProviderAVFObjC::setPlayerItem(nullptr), which will call
719         AudioSourceProviderAVFObjC::destroyMix(), which will set m_tap to null. When
720         AudioSourceProviderAVFObjC::process is called on the secondary thread, using
721         the m_tap member in the call to MTAudioProcessingTapGetSourceAudio, the process
722         will crash.
723
724         No new tests since I am not able to reproduce.
725
726         * platform/graphics/avfoundation/AudioSourceProviderAVFObjC.mm:
727         (WebCore::AudioSourceProviderAVFObjC::initCallback):
728         (WebCore::AudioSourceProviderAVFObjC::process):
729
730 2017-05-17  Chris Dumez  <cdumez@apple.com>
731
732         Setting URL.search to '' results in a stringified URL ending in '?'
733         https://bugs.webkit.org/show_bug.cgi?id=162345
734         <rdar://problem/31800441>
735
736         Reviewed by Alex Christensen.
737
738         As per the specification for the URL.search setter [1], if the given value is
739         the empty string, then we should set the URL's query to null. We would
740         previously set the URL's query to the empty string in this case. This aligns
741         our behavior with Firefox and Chrome.
742
743         [1] https://url.spec.whatwg.org/#dom-url-search
744
745         No new tests, updated existing tests.
746
747         * html/URLUtils.h:
748         (WebCore::URLUtils<T>::setSearch):
749
750 2017-05-17  Eric Carlson  <eric.carlson@apple.com>
751
752         [MediaStream] videoWidth and videoHeight should be set when 'loadedmetadata' event fires
753         https://bugs.webkit.org/show_bug.cgi?id=172223
754         <rdar://problem/31899755>
755
756         Reviewed by Jer Noble.
757
758         Test: fast/mediastream/get-user-media-on-loadedmetadata.html
759
760         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
761         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentReadyState): If a stream has
762         a video track, return HaveNothing until we have a sample.
763        
764         * platform/mediastream/RealtimeMediaSource.h:
765         * platform/mock/MockRealtimeAudioSource.cpp:
766         (WebCore::MockRealtimeAudioSource::tick): Optionally delay the next sample.
767         (WebCore::MockRealtimeAudioSource::delaySamples):
768         * platform/mock/MockRealtimeAudioSource.h:
769
770         * platform/mock/MockRealtimeVideoSource.cpp:
771         (WebCore::MockRealtimeVideoSource::delaySamples):
772         (WebCore::MockRealtimeVideoSource::generateFrame): Optionally delay the next sample.
773         * platform/mock/MockRealtimeVideoSource.h:
774
775         * testing/Internals.cpp:
776         (WebCore::Internals::delayMediaStreamTrackSamples):
777         * testing/Internals.h:
778         * testing/Internals.idl:
779
780 2017-05-17  Youenn Fablet  <youenn@apple.com>
781
782         iOS WebRTC Media Capture should not allow camera capture from background tab
783         https://bugs.webkit.org/show_bug.cgi?id=172200
784
785         Reviewed by Eric Carlson.
786
787         Test: platform/ios/mediastream/getUserMedia-disabled-in-background-tabs.html and manual tests.
788
789         Making Video Capture Factory aware of Document visibility changes.
790         On iOS, muting/unmuting the current video source according Document visibility.
791         Not using Document visibility change observer as factories are platform and cannot implement
792         the visibility observer interface without moving the visibility observer interface.
793
794         Introducing internals API to switch on/off the page visibility.
795
796         * dom/Document.cpp:
797         (WebCore::Document::visibilityStateChanged):
798         (WebCore::Document::notifyVisibilityChangedToMediaCapture):
799         * dom/Document.h:
800         * platform/mediastream/RealtimeMediaSource.h:
801         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
802         (WebCore::RealtimeMediaSourceCenter::setVisibility):
803         * platform/mediastream/RealtimeMediaSourceCenter.h:
804         * platform/mediastream/mac/AVVideoCaptureSource.mm:
805         (WebCore::AVVideoCaptureSourceFactory::setVisibility):
806         * testing/Internals.cpp:
807         (WebCore::Internals::setPageVisibility):
808         * testing/Internals.h:
809         * testing/Internals.idl:
810
811 2017-05-17  Said Abou-Hallawa  <sabouhallawa@apple.com>
812
813         When the image decoding thread makes a callOnMainThread(), ensure all the objects it needs are protected
814         https://bugs.webkit.org/show_bug.cgi?id=171614
815
816         Reviewed by David Kilzer.
817
818         The asynchronous image decoding was designed to not block the main thread if
819         the image is deleted. To achieve that we allow decoding the current frame
820         even if it is not going to be used after closing the decoding queue. We 
821         protect all the objects which the decoding thread uses. But when a frame
822         finishes decoding the native image frame is cached on the main thread. Not
823         all of the objects are protected when the callOnMainThread() is dispatched.
824         The ImageFrameCache and the ImageDecoder objects are not protected.
825
826         This might lead to two kinds of crashes:
827         1. A segfault inside the ImageDecoder trying to access one of its member
828         2. A segfault inside the ImageFrameCache trying to access one of its frames
829
830         The fix is to protect the ImageFrameCache and the ImageDecoder when the
831         decoding thread makes a callOnMainThread(). Also switch all the pointers
832         the decoding threads protect to be ThreadSafeRefCounted.
833
834         * platform/graphics/ImageFrameCache.cpp:
835         (WebCore::ImageFrameCache::startAsyncDecodingQueue):
836         * platform/graphics/ImageFrameCache.h:
837         * platform/graphics/cg/ImageDecoderCG.h:
838         * platform/graphics/win/ImageDecoderDirect2D.h:
839         * platform/image-decoders/ImageDecoder.h:
840
841 2017-05-17  Wenson Hsieh  <wenson_hsieh@apple.com>
842
843         A URL type is vended for a non-URL plain text string when starting data interaction
844         https://bugs.webkit.org/show_bug.cgi?id=172228
845         <rdar://problem/32166729>
846
847         Reviewed by Andy Estes.
848
849         Previously, when writing a plain text string to WebItemProviderPasteboard, we would write an NSString directly
850         to the item provider by using built-in functionality in NSString+UIItemProvider. However, this causes plain
851         strings such as "apple" to be considered URLs, since -[NSURL URLWithString:] creates a non-null NSURL. To fix
852         this, we instead write the string as UTF8 data, for the UTI kUTTypeUTF8PlainText, if the plain text is not a
853         URL. If the plain text is clearly a URL (determined by constructing a new WebCore URL with no base URL and the
854         plaintext string as the absolute URL) then we additionally write an NSURL to the pasteboard.
855
856         2 new API tests:
857         DataInteractionTests.SinglePlainTextWordTypeIdentifiers
858         DataInteractionTests.SinglePlainTextURLTypeIdentifiers
859
860         * platform/ios/PlatformPasteboardIOS.mm:
861         (WebCore::addRepresentationsForPlainText):
862         (WebCore::PlatformPasteboard::writeObjectRepresentations):
863
864 2017-05-15  Jiewen Tan  <jiewen_tan@apple.com>
865
866         Replace CryptoOperationData with BufferSource for WebKitSubtleCrypto
867         https://bugs.webkit.org/show_bug.cgi?id=172146
868         <rdar://problem/32122256>
869
870         Reviewed by Brent Fulgham.
871
872         In this patch, we replaces CryptoOperationData with BufferSource for WebKitSubtleCrypto in
873         the custom binding codes.
874
875         Test: crypto/webkitSubtle/import-export-raw-key-leak.html
876
877         * bindings/js/JSWebKitSubtleCryptoCustom.cpp:
878         (WebCore::JSWebKitSubtleCrypto::encrypt):
879         (WebCore::JSWebKitSubtleCrypto::decrypt):
880         (WebCore::JSWebKitSubtleCrypto::sign):
881         (WebCore::JSWebKitSubtleCrypto::verify):
882         (WebCore::JSWebKitSubtleCrypto::digest):
883         (WebCore::JSWebKitSubtleCrypto::importKey):
884         (WebCore::JSWebKitSubtleCrypto::unwrapKey):
885         * crypto/WebKitSubtleCrypto.idl:
886
887 2017-05-17  Youenn Fablet  <youenn@apple.com>
888
889         Move-related refactoring on UserMediaPermissionRequestProxy
890         https://bugs.webkit.org/show_bug.cgi?id=172195
891
892         Reviewed by Alex Christensen.
893
894         No behavioral change.
895
896         * platform/mediastream/RealtimeMediaSourceCenter.h: Cleaning the function definition.
897
898 2017-05-17  David Kilzer  <ddkilzer@apple.com>
899
900         BlobDataFileReference::generateReplacementFile() should use mkstemp()
901         <https://webkit.org/b/172192>
902
903         Reviewed by Brent Fulgham.
904
905         * platform/network/mac/BlobDataFileReferenceMac.mm:
906         (WebCore::BlobDataFileReference::generateReplacementFile): Use
907         mkstemp().
908
909 2017-05-17  Matt Lewis  <jlewis3@apple.com>
910
911         Unreviewed, rolling out r216974.
912
913         Revision caused consistent timeouts on all platforms.
914
915         Reverted changeset:
916
917         "Add a RuntimeEnabledFeature for display: contents, defaulted
918         to false."
919         https://bugs.webkit.org/show_bug.cgi?id=171984
920         http://trac.webkit.org/changeset/216974
921
922 2017-05-17  Nan Wang  <n_wang@apple.com>
923
924         ASSERTION FAILED in WebCore::AccessibilityNodeObject::insertChild()
925         https://bugs.webkit.org/show_bug.cgi?id=171927
926         <rdar://problem/32109781>
927
928         Reviewed by Chris Fleizach.
929
930         The nextSibling() logic might include the continuation sibling that's not
931         the child of the current renderer. Make sure we only insert the valid child.
932
933         Test: accessibility/insert-children-assert.html
934
935         * accessibility/AccessibilityObject.cpp:
936         (WebCore::AccessibilityObject::setIsIgnoredFromParentDataForChild):
937         * accessibility/AccessibilityRenderObject.cpp:
938         (WebCore::AccessibilityRenderObject::nextSibling):
939
940 2017-05-17  Ryosuke Niwa  <rniwa@webkit.org>
941
942         getElementById can return a wrong elemnt when a matching element is removed during beforeload event
943         https://bugs.webkit.org/show_bug.cgi?id=171374
944
945         Reviewed by Brent Fulgham.
946
947         The bug was caused by HTMLLinkElement firing beforeload event inside insertedInto before the tree state is updated.
948         Delay the event dispatch to the post insertion callback.
949
950         Test: fast/html/link-element-removal-during-beforeload.html
951
952         * html/HTMLLinkElement.cpp:
953         (WebCore::HTMLLinkElement::insertedInto):
954         (WebCore::HTMLLinkElement::finishedInsertingSubtree):
955         * html/HTMLLinkElement.h:
956
957 2017-05-17  Alex Christensen  <achristensen@webkit.org>
958
959         Interacting with WKHTTPCookieStores before creating WKWebViews and WKProcessPools should affect cookies used
960         https://bugs.webkit.org/show_bug.cgi?id=171987
961
962         Reviewed by Brady Eidson.
963
964         Covered by new API tests.
965
966         * CMakeLists.txt:
967         * platform/Cookie.h:
968         (WebCore::Cookie::Cookie):
969         (WebCore::Cookie::isNull):
970         (WebCore::CookieHash::hash):
971         (WebCore::CookieHash::equal):
972         (WTF::HashTraits<WebCore::Cookie>::emptyValue):
973         (WTF::HashTraits<WebCore::Cookie>::constructDeletedValue):
974         (WTF::HashTraits<WebCore::Cookie>::isDeletedValue):
975         * platform/network/Cookie.cpp: Added.
976         (WebCore::Cookie::operator==):
977         (WebCore::Cookie::hash):
978         * platform/network/cocoa/CookieCocoa.mm:
979         (WebCore::Cookie::operator NSHTTPCookie *):
980         (WebCore::Cookie::operator==):
981         (WebCore::Cookie::hash):
982         * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
983         (WebCore::NetworkStorageSession::setCookies):
984         Use NSHTTPCookie's hash and equality comparison to more closely match the NSHTTPCookie behavior.
985
986 2017-05-17  Emilio Cobos Álvarez  <ecobos@igalia.com>
987
988         Add a RuntimeEnabledFeature for display: contents, defaulted to false.
989         https://bugs.webkit.org/show_bug.cgi?id=171984
990
991         Reviewed by Antti Koivisto.
992
993         The "defaulted to false" is not only because there are spec issues,
994         but because I ran the WPT suite, and there was a fair amount of
995         crashes and messed render trees.
996
997         * css/StyleResolver.cpp:
998         (WebCore::StyleResolver::adjustRenderStyle):
999         * page/RuntimeEnabledFeatures.h:
1000         (WebCore::RuntimeEnabledFeatures::setDisplayContentsEnabled):
1001         (WebCore::RuntimeEnabledFeatures::displayContentsEnabled):
1002
1003 2017-05-17  Antti Koivisto  <antti@apple.com>
1004
1005         Regression (198943): <marquee> shouldn't wrap text
1006         https://bugs.webkit.org/show_bug.cgi?id=172217
1007
1008         Reviewed by Andreas Kling.
1009
1010         RenderMarquee::updateMarqueeStyle mutated the style and then expected it to inherit to children.
1011         This doesn't work anymore because render tree construction is now separated from style resolution
1012         where inheritance happens.
1013
1014         Test: fast/html/marquee-child-wrap.html
1015
1016         * css/StyleResolver.cpp:
1017         (WebCore::StyleResolver::adjustRenderStyle):
1018
1019             Implement marquee hacks in adjustRenderStyle instead. This can't do the childrenInline check
1020             the previous code had but it wasn't working anyway (there are no children when updateMarqueeStyle
1021             gets called).
1022
1023         * rendering/RenderMarquee.cpp:
1024         (WebCore::RenderMarquee::updateMarqueeStyle):
1025
1026             This no longer needs mutable style.
1027
1028 2017-05-16  David Kilzer  <ddkilzer@apple.com>
1029
1030         Remove C-style casts by using xmlDocPtr instead of void*
1031         <https://webkit.org/b/172189>
1032
1033         Reviewed by Alex Christensen.
1034
1035         * dom/TransformSource.h: Fix whitespace indentation.
1036         (typedef PlatformTransformSource): Use xmlDocPtr not void*.
1037         * dom/TransformSourceLibxslt.cpp:
1038         (WebCore::TransformSource::~TransformSource): Remove cast.
1039         * xml/XSLStyleSheetLibxslt.cpp:
1040         (WebCore::XSLStyleSheet::document): Remove cast.
1041         * xml/XSLTProcessorLibxslt.cpp:
1042         (WebCore::xmlDocPtrFromNode): Remove casts.
1043         * xml/parser/XMLDocumentParser.h:
1044         (WebCore::xmlDocPtrForString): Update declaration to return
1045         xmlDocPtr not void*.
1046         * xml/parser/XMLDocumentParserLibxml2.cpp:
1047         (WebCore::XMLDocumentParser::doEnd): Change type of local
1048         variable from void* to xmlDocPtr.
1049         (WebCore::xmlDocPtrForString): Update to return xmlDocPtr
1050         not void*.
1051
1052 2017-05-16  Sam Weinig  <sam@webkit.org>
1053
1054         Bring Notification.idl up to spec
1055         https://bugs.webkit.org/show_bug.cgi?id=172156
1056
1057         Reviewed by Chris Dumez.
1058
1059         Test: http/tests/notifications/notification.html
1060
1061         * CMakeLists.txt:
1062         * DerivedSources.make:
1063         * WebCore.xcodeproj/project.pbxproj:
1064         Add new files.
1065
1066         * Modules/notifications/Notification.cpp:
1067         (WebCore::Notification::create):
1068         (WebCore::Notification::Notification):
1069         (WebCore::Notification::show):
1070         (WebCore::directionString): Deleted.
1071         (WebCore::Notification::permission): Deleted.
1072         (WebCore::Notification::permissionString): Deleted.
1073         * Modules/notifications/Notification.h:
1074         * Modules/notifications/Notification.idl:
1075         * Modules/notifications/NotificationClient.h:
1076         * Modules/notifications/NotificationDirection.h: Added.
1077         * Modules/notifications/NotificationPermission.h: Added.
1078         * Modules/notifications/NotificationPermission.idl: Added.
1079         * Modules/notifications/NotificationPermissionCallback.h:
1080         * Modules/notifications/NotificationPermissionCallback.idl:
1081         Bring up to spec, replacing DOMStrings with enums where appropriate and adding
1082         additional readonly properties to Notification to mirror options provided
1083         in construction.
1084
1085 2017-05-16  Zalan Bujtas  <zalan@apple.com>
1086
1087         Do not skip <slot> children when collecting content for innerText.
1088         https://bugs.webkit.org/show_bug.cgi?id=172113
1089         <rdar://problem/30362324>
1090
1091         Reviewed by Ryosuke Niwa and Brent Fulgham.
1092
1093         "display: contents" elements do not generate renderers but their children might.
1094         This patch ensure that we don't skip them while collecting text content.  
1095
1096         Test: fast/text/inner-text-should-include-slot-subtree.html
1097
1098         * editing/TextIterator.cpp:
1099         (WebCore::TextIterator::advance):
1100
1101 2017-05-16  Filip Pizlo  <fpizlo@apple.com>
1102
1103         GCController::garbageCollectNowIfNotDoneRecently should request Async Full GCs
1104         https://bugs.webkit.org/show_bug.cgi?id=172204
1105
1106         Reviewed by Saam Barati.
1107
1108         No new tests because existing tests will tell us if there is a problem.
1109         
1110         The goal of this change is to reduce the likelihood that we block for a GC. We want it to be
1111         benchmark-neutral.
1112         
1113         It's a 0.14% speed-up on JetStream with 24% probability.
1114         
1115         It's a 0.12% slow-down on PLT3 with 43% probability.
1116         
1117         So it's neutral on my machine.
1118
1119         * bindings/js/GCController.cpp:
1120         (WebCore::GCController::garbageCollectNowIfNotDoneRecently):
1121
1122 2017-05-16  Tim Horton  <timothy_horton@apple.com>
1123
1124         [macOS] REGRESSION: Drag images for links with right-to-left titles are incorrect (172006)
1125         https://bugs.webkit.org/show_bug.cgi?id=172006
1126         <rdar://problem/32165137>
1127
1128         Reviewed by Dean Jackson.
1129
1130         * platform/mac/DragImageMac.mm:
1131         (WebCore::LinkImageLayout::LinkImageLayout):
1132         (WebCore::createDragImageForLink):
1133         (WebCore::LinkImageLayout::addLine): Deleted.
1134         * platform/spi/cocoa/CoreTextSPI.h:
1135         Set and paint the entire frame as a single unit, making use of the
1136         CTFrameMaximumNumberOfLines attribute to limit the number of lines.
1137         This gives CoreText power over text alignment and makes RTL text lay
1138         out correctly.
1139
1140 2017-05-16  Chris Dumez  <cdumez@apple.com>
1141
1142         Implement DOMMatrix / DOMMatrixReadOnly
1143         https://bugs.webkit.org/show_bug.cgi?id=110001
1144
1145         Reviewed by Sam Weinig and Simon Fraser.
1146
1147         Implement DOMMatrix / DOMMatrixReadOnly as per:
1148         - https://drafts.fxtf.org/geometry/#DOMMatrix
1149
1150         For now, these new types co-exist with WebKitCSSMatrix / SVGMatrix. However, in the future,
1151         WebKitCSSMatrix / SVGMatrix are supposed to become aliases to DOMMatrix.
1152
1153         Most of it has been implemented. What remaining to be implemented is:
1154         - Make WebKitCSSMatrix / SVGMatrix aliases to DOMMatrix
1155         - DOMMatrix.fromFloat32Array() / fromFloat64Array()
1156         - DOMMatrixReadOnly.fromFloat32Array() / fromFloat64Array() / toFloat32Array() / toFloat64Array()
1157         - DOMMatrixReadOnly.transformPoint().
1158
1159         Tests: imported/w3c/web-platform-tests/css/geometry-1/*
1160
1161         * CMakeLists.txt:
1162         * DerivedSources.make:
1163         * WebCore.xcodeproj/project.pbxproj:
1164
1165         * bindings/scripts/CodeGeneratorJS.pm:
1166         * bindings/scripts/test/JS/JSTestObj.cpp:
1167         Fix a bug in the bindings generator causing the generator code for
1168         "Constructor(optional (DOMString or sequence<unrestricted double>) init)" to be wrong
1169         and not build.
1170
1171         * css/DOMMatrix.cpp: Added.
1172         (WebCore::DOMMatrix::DOMMatrix):
1173         (WebCore::DOMMatrix::fromMatrix):
1174         (WebCore::DOMMatrix::multiplySelf):
1175         (WebCore::DOMMatrix::preMultiplySelf):
1176         (WebCore::DOMMatrix::translateSelf):
1177         (WebCore::DOMMatrix::scaleSelf):
1178         (WebCore::DOMMatrix::scale3dSelf):
1179         (WebCore::DOMMatrix::rotateSelf):
1180         (WebCore::DOMMatrix::rotateFromVectorSelf):
1181         (WebCore::DOMMatrix::rotateAxisAngleSelf):
1182         (WebCore::DOMMatrix::skewXSelf):
1183         (WebCore::DOMMatrix::skewYSelf):
1184         (WebCore::DOMMatrix::invertSelf):
1185         (WebCore::DOMMatrix::setMatrixValueForBindings):
1186         * css/DOMMatrix.h: Added.
1187         (WebCore::DOMMatrix::create):
1188         (WebCore::DOMMatrix::setA):
1189         (WebCore::DOMMatrix::setB):
1190         (WebCore::DOMMatrix::setC):
1191         (WebCore::DOMMatrix::setD):
1192         (WebCore::DOMMatrix::setE):
1193         (WebCore::DOMMatrix::setF):
1194         (WebCore::DOMMatrix::setM11):
1195         (WebCore::DOMMatrix::setM12):
1196         (WebCore::DOMMatrix::setM13):
1197         (WebCore::DOMMatrix::setM14):
1198         (WebCore::DOMMatrix::setM21):
1199         (WebCore::DOMMatrix::setM22):
1200         (WebCore::DOMMatrix::setM23):
1201         (WebCore::DOMMatrix::setM24):
1202         (WebCore::DOMMatrix::setM31):
1203         (WebCore::DOMMatrix::setM32):
1204         (WebCore::DOMMatrix::setM33):
1205         (WebCore::DOMMatrix::setM34):
1206         (WebCore::DOMMatrix::setM41):
1207         (WebCore::DOMMatrix::setM42):
1208         (WebCore::DOMMatrix::setM43):
1209         (WebCore::DOMMatrix::setM44):
1210         * css/DOMMatrix.idl: Added.
1211         * css/DOMMatrixInit.h: Added.
1212         * css/DOMMatrixInit.idl: Added.
1213         * css/DOMMatrixReadOnly.cpp: Added.
1214         (WebCore::DOMMatrixReadOnly::DOMMatrixReadOnly):
1215         (WebCore::DOMMatrixReadOnly::validateAndFixup):
1216         (WebCore::DOMMatrixReadOnly::fromMatrix):
1217         (WebCore::DOMMatrixReadOnly::isIdentity):
1218         (WebCore::DOMMatrixReadOnly::setMatrixValue):
1219         (WebCore::DOMMatrixReadOnly::translate):
1220         (WebCore::DOMMatrixReadOnly::flipX):
1221         (WebCore::DOMMatrixReadOnly::flipY):
1222         (WebCore::DOMMatrixReadOnly::multiply):
1223         (WebCore::DOMMatrixReadOnly::scale):
1224         (WebCore::DOMMatrixReadOnly::scale3d):
1225         (WebCore::DOMMatrixReadOnly::rotate):
1226         (WebCore::DOMMatrixReadOnly::rotateFromVector):
1227         (WebCore::DOMMatrixReadOnly::rotateAxisAngle):
1228         (WebCore::DOMMatrixReadOnly::skewX):
1229         (WebCore::DOMMatrixReadOnly::skewY):
1230         (WebCore::DOMMatrixReadOnly::inverse):
1231         (WebCore::DOMMatrixReadOnly::toString):
1232         * css/DOMMatrixReadOnly.h: Added.
1233         (WebCore::DOMMatrixReadOnly::create):
1234         (WebCore::DOMMatrixReadOnly::a):
1235         (WebCore::DOMMatrixReadOnly::b):
1236         (WebCore::DOMMatrixReadOnly::c):
1237         (WebCore::DOMMatrixReadOnly::d):
1238         (WebCore::DOMMatrixReadOnly::e):
1239         (WebCore::DOMMatrixReadOnly::f):
1240         (WebCore::DOMMatrixReadOnly::m11):
1241         (WebCore::DOMMatrixReadOnly::m12):
1242         (WebCore::DOMMatrixReadOnly::m13):
1243         (WebCore::DOMMatrixReadOnly::m14):
1244         (WebCore::DOMMatrixReadOnly::m21):
1245         (WebCore::DOMMatrixReadOnly::m22):
1246         (WebCore::DOMMatrixReadOnly::m23):
1247         (WebCore::DOMMatrixReadOnly::m24):
1248         (WebCore::DOMMatrixReadOnly::m31):
1249         (WebCore::DOMMatrixReadOnly::m32):
1250         (WebCore::DOMMatrixReadOnly::m33):
1251         (WebCore::DOMMatrixReadOnly::m34):
1252         (WebCore::DOMMatrixReadOnly::m41):
1253         (WebCore::DOMMatrixReadOnly::m42):
1254         (WebCore::DOMMatrixReadOnly::m43):
1255         (WebCore::DOMMatrixReadOnly::m44):
1256         (WebCore::DOMMatrixReadOnly::is2D):
1257         (WebCore::DOMMatrixReadOnly::fromMatrixHelper):
1258         * css/DOMMatrixReadOnly.idl: Added.
1259         * css/WebKitCSSMatrix.h:
1260         * css/WebKitCSSMatrix.idl:
1261         * svg/SVGMatrix.h:
1262         * svg/SVGMatrix.idl:
1263
1264 2017-05-16  Eric Carlson  <eric.carlson@apple.com>
1265
1266         [MediaStream] AudioSampleBufferList::zeroABL takes byte count, not sample count
1267         https://bugs.webkit.org/show_bug.cgi?id=172194
1268         <rdar://problem/32233799>
1269
1270         Reviewed by Jer Noble.
1271
1272         * platform/mediastream/mac/AudioTrackPrivateMediaStreamCocoa.cpp:
1273         (WebCore::AudioTrackPrivateMediaStreamCocoa::render): Pass number of bytes to zero,
1274         not number of samples.
1275
1276 2017-05-16  Mark Lam  <mark.lam@apple.com>
1277
1278         WorkerRunLoop::Task::performTask() needs to null check context->script() before use.
1279         https://bugs.webkit.org/show_bug.cgi?id=172193
1280         <rdar://problem/32225346>
1281
1282         Reviewed by Filip Pizlo.
1283
1284         According to https://build-safari.apple.com/results/Trunk%20Fuji%20GuardMalloc%20Production%20WK2%20Tests/r216929_459760e0918316187c8e52c6585a3a9ba9181204%20(12066)/results.html,
1285         we see a crash with this crash trace:
1286
1287         Thread 13 Crashed:: WebCore: Worker
1288         0 com.apple.WebCore        0x00000001099607b2 WebCore::WorkerScriptController::isTerminatingExecution() const + 18
1289         1 com.apple.WebCore        0x000000010995ebbf WebCore::WorkerRunLoop::runCleanupTasks(WebCore::WorkerGlobalScope*) + 143
1290         2 com.apple.WebCore        0x000000010995e80f WebCore::WorkerRunLoop::run(WebCore::WorkerGlobalScope*) + 111
1291         3 com.apple.WebCore        0x00000001099621b6 WebCore::WorkerThread::workerThread() + 742
1292         4 com.apple.JavaScriptCore 0x000000010a964b92 WTF::threadEntryPoint(void*) + 178
1293         5 com.apple.JavaScriptCore 0x000000010a964a69 WTF::wtfThreadEntryPoint(void*) + 121
1294         6 libsystem_pthread.dylib  0x00007fffbdb5caab _pthread_body + 180
1295         7 libsystem_pthread.dylib  0x00007fffbdb5c9f7 _pthread_start + 286
1296         8 libsystem_pthread.dylib  0x00007fffbdb5c1fd thread_start + 13
1297
1298         ... and the crashing address is:
1299
1300         Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000022
1301
1302         0x0000000000000022 is the offset of m_scheduledTerminationMutex in the
1303         WorkerScriptController.  This means that WorkerScriptController::isTerminatingExecution()
1304         is passed a NULL this pointer.  This means that it's possible to have a race
1305         where a WorkerRunLoop::Task gets enqueued beyond the Cleanup task that deletes the
1306         context->script().  As a result, WorkerRunLoop::Task::performTask() (called by
1307         runCleanupTasks()) may see a null context->script().
1308
1309         Hence, WorkerRunLoop::Task::performTask() should null check context->script()
1310         before invoking the isTerminatingExecution() query on it.
1311
1312         No new tests because this is already covered by existing tests.
1313
1314         * workers/WorkerRunLoop.cpp:
1315         (WebCore::WorkerRunLoop::Task::performTask):
1316
1317 2017-05-16  Youenn Fablet  <youenn@apple.com>
1318
1319         Modernize WebKit2 getUserMedia passing of parameters
1320         https://bugs.webkit.org/show_bug.cgi?id=172161
1321
1322         Reviewed by Eric Carlson.
1323
1324         No change of behavior.
1325
1326         * platform/mediastream/RealtimeMediaSourceCenter.h: Using WTF::Function to enable capture Ref<>.
1327
1328 2017-05-16  Jeremy Jones  <jeremyj@apple.com>
1329
1330         Captions and subtitles not showing up in picture-in-picture for MSE content.
1331         https://bugs.webkit.org/show_bug.cgi?id=172145
1332
1333         Reviewed by Eric Carlson.
1334
1335         No new tests as this has no affect on the DOM.
1336
1337         Add TextTrackRepresentation code from MediaPlayerPrivateAVFoundationObj to MediaPlayerPrivateMediaSourceAVFObjc.
1338         This moves the TextTrackRepresentation platfrom layer into the fullscreen container layer when going into
1339         pip for fullscreen, allowing the captions to be visible.
1340
1341         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.h:
1342         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm:
1343         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::ensureLayer):
1344         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenLayer):
1345         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setVideoFullscreenFrame):
1346         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::requiresTextTrackRepresentation):
1347         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::syncTextTrackBounds):
1348         (WebCore::MediaPlayerPrivateMediaSourceAVFObjC::setTextTrackRepresentation):
1349
1350 2017-05-16  David Kilzer  <ddkilzer@apple.com>
1351
1352         WebCore::leakCGColor() needs CF_RETURNS_RETAINED annotation
1353         <https://webkit.org/b/172190>
1354
1355         Reviewed by Simon Fraser.
1356
1357         * platform/graphics/cg/ColorCG.cpp:
1358         (WebCore::leakCGColor): Annotate with CF_RETURNS_RETAINED since
1359         it does not follow the CF naming convention, which means the
1360         expected behavior can't be inferred by the clang static
1361         analyzer.
1362
1363 2017-05-16  Youenn Fablet  <youenn@apple.com>
1364
1365         RealtimeOutgoingVideoSource should support sinkWants for rotation
1366         https://bugs.webkit.org/show_bug.cgi?id=172123
1367         <rdar://problem/32200017>
1368
1369         Reviewed by Eric Carlson.
1370
1371         Covered by manual testing.
1372
1373         * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
1374         (WebCore::RealtimeOutgoingVideoSource::AddOrUpdateSink): Triggering pixel rotation based on sink.
1375         (WebCore::RealtimeOutgoingVideoSource::sendFrame): Doing the rotation using libwebrtc API.
1376         * platform/mediastream/mac/RealtimeOutgoingVideoSource.h:
1377
1378 2017-05-16  Myles C. Maxfield  <mmaxfield@apple.com>
1379
1380         REGRESSION(r212513): LastResort is platform-dependent, so its semantics should not be required to perform font loading correctly.
1381         https://bugs.webkit.org/show_bug.cgi?id=168487
1382
1383         Reviewed by Antti Koivisto.
1384
1385         There are three ways a Web author can chain multiple font files together:
1386         1. Multiple entries in the "src" descriptor in an @font-face rule
1387         2. Multiple @font-face rules with the same "font-family" descriptor
1388         3. Multiple entries in the "font-family" property on an element
1389
1390         Before r212513, the code which iterated across #2 and #3 above could have
1391         triggered each item in the chain to download. r212513 tried to solve this
1392         by using LastResort as the interstitial font used during downloads, because
1393         LastResort supports every character and therefore solves #3 above. However,
1394         this change had a few problems:
1395
1396         1. Previously, our code would try to avoid using the interstitial font for
1397         layout or rendering whenever possible (because one of the chains above may
1398         have named a local font which would be better to use). In order to use the
1399         benefits of LastResort, I had to remove this avoidance logic and make
1400         WebKit try to use the interstitial font as often as possible. However, due
1401         to the large metrics of LastResort, this means that offsetWidth queries
1402         during font loading would be wildly inaccurate, causing Google Docs to break.
1403         2. It also means that canvas drawing during font loading would actually draw
1404         LastResort, causing Bing maps to break.
1405         3. LastResort is platform-specific, so only platforms which have it would
1406         actually be able to load fonts correctly.
1407
1408         Instead, we should keep the older logic about avoiding using the
1409         interstitial font so that loading has a better experience for the user.
1410         We solve the unnecessary download problem by giving our loading code a
1411         downloading policy enum, which has two values: allow downloads or forbid
1412         downloads. Whenever our loading code returns the interstitial font, we
1413         continue our search, but we change the policy to forbid downloads.
1414
1415         There is one piece of subtlety, though: It is more common for web authors
1416         to put good fallbacks in the "font-family" property than in the "src"
1417         descriptor inside @font-face. This means that we shouldn't exhaustively
1418         search through the @font-face src list first. Instead, we should look
1419         through the src list until we hit a non-local font, and then immediately
1420         start looking through the other other chains.
1421
1422         Tests: fast/text/font-download-font-face-src-list.html
1423                fast/text/font-download-font-family-property.html
1424                fast/text/font-download-remote-fallback-all.html
1425                fast/text/font-interstitial-invisible-width-while-loading.html
1426                fast/text/font-weight-download-3.html
1427                fast/text/web-font-load-fallback-during-loading-2.html
1428                fast/text/web-font-load-invisible-during-loading.html
1429
1430         * css/CSSFontFace.cpp:
1431         (WebCore::CSSFontFace::fontLoadEventOccurred): Implement support for
1432         the font download policy.
1433         (WebCore::CSSFontFace::setStatus): After 3 seconds of loading, we
1434         will start drawing the fallback font. However, for testing, we have an
1435         internal setting to make this switch happen immediately. This patch now
1436         requires that this internal switch happen synchronously.
1437         (WebCore::CSSFontFace::pump): Implement support for the font download
1438         policy.
1439         (WebCore::CSSFontFace::load): Ditto.
1440         (WebCore::CSSFontFace::font): Ditto.
1441         * css/CSSFontFace.h: Ditto.
1442         * css/CSSFontSelector.cpp:
1443         (WebCore::CSSFontSelector::beginLoadingFontSoon): Implement support for
1444         synchronous font download timeouts.
1445         * css/CSSSegmentedFontFace.cpp:
1446         (WebCore::CSSSegmentedFontFace::fontRanges): Implement support for the
1447         font download policy.
1448         * platform/graphics/Font.cpp: Add new flag which represents if the
1449         interstitial font was created after the 3 second timeout or before.
1450         Previously, we would distinguish between these two cases by knowing
1451         that one font was LastResort and the other font was a fallback. Now that
1452         we're using fallback fonts on both sides of the 3 second timeout, we
1453         now no longer know which one should be invisible. This new enum solves
1454         this problem.
1455         (WebCore::Font::Font):
1456         (WebCore::Font::verticalRightOrientationFont):
1457         (WebCore::Font::uprightOrientationFont):
1458         * platform/graphics/Font.h: Ditto.
1459         (WebCore::Font::create):
1460         (WebCore::Font::origin):
1461         (WebCore::Font::visibility):
1462         * platform/graphics/FontCache.h:
1463         * platform/graphics/FontCascade.cpp: We try to fall back to a local() font
1464         during downloads, but there might not be one that we can use. Therefore, we
1465         can't use the presence of the interstitial font to detect if we should paint
1466         invisibly. Instead, we can move this logic into the font-specific part of
1467         painting, and consult with the specific font to know if it was created from
1468         a timed-out @font-face rule or not.
1469         (WebCore::FontCascade::drawText):
1470         (WebCore::shouldDrawIfLoading):
1471         (WebCore::FontCascade::drawGlyphBuffer):
1472         (WebCore::FontCascade::drawEmphasisMarks):
1473         * platform/graphics/FontCascade.h:
1474         * platform/graphics/FontCascadeFonts.cpp:
1475         (WebCore::FontCascadeFonts::glyphDataForVariant): Implement the logic
1476         described above where we switch the policy if we encounter the intestitial
1477         font.
1478         (WebCore::FontCascadeFonts::glyphDataForNormalVariant): Ditto.
1479         (WebCore::glyphPageFromFontRanges): Ditto.
1480         * platform/graphics/FontRanges.cpp: Implement support for the font download
1481         policy.
1482         (WebCore::FontRanges::Range::font):
1483         (WebCore::FontRanges::glyphDataForCharacter):
1484         (WebCore::FontRanges::fontForCharacter):
1485         (WebCore::FontRanges::fontForFirstRange):
1486         * platform/graphics/FontRanges.h:
1487         * platform/graphics/FontSelector.h:
1488         * platform/graphics/freetype/FontCacheFreeType.cpp:
1489         (WebCore::FontCache::lastResortFallbackFontForEveryCharacter): Deleted.
1490         * platform/graphics/mac/FontCacheMac.mm:
1491         (WebCore::FontCache::lastResortFallbackFontForEveryCharacter): Deleted.
1492         * platform/graphics/win/FontCacheWin.cpp:
1493         (WebCore::FontCache::lastResortFallbackFontForEveryCharacter): Deleted.
1494
1495 2017-05-16  Zalan Bujtas  <zalan@apple.com>
1496
1497         Simple line layout: Move setCollapedWhitespaceWidth call to updateLineConstrains.
1498         https://bugs.webkit.org/show_bug.cgi?id=172178
1499
1500         Reviewed by Antti Koivisto.
1501
1502         No change in functionality.
1503
1504         * rendering/SimpleLineLayout.cpp:
1505         (WebCore::SimpleLineLayout::updateLineConstrains):
1506         (WebCore::SimpleLineLayout::createLineRuns):
1507
1508 2017-05-16  Eric Carlson  <eric.carlson@apple.com>
1509
1510         [MediaStream] Return default device list until user gives permission to capture
1511         https://bugs.webkit.org/show_bug.cgi?id=172168
1512         <rdar://problem/31816884>
1513
1514         Reviewed by Youenn Fablet.
1515
1516         Test: fast/mediastream/media-devices-enumerate-devices.html
1517
1518         * Modules/mediastream/MediaDevicesRequest.cpp:
1519         (WebCore::MediaDevicesRequest::filterDeviceList): Remove all but the "default" number of
1520         devices of each type.
1521         (WebCore::MediaDevicesRequest::start): Call filterDeviceList.
1522         * Modules/mediastream/MediaDevicesRequest.h:
1523
1524 2017-05-16  Claudio Saavedra  <csaavedra@igalia.com>
1525
1526         Silent a few warnings about unused parameters
1527         https://bugs.webkit.org/show_bug.cgi?id=172169
1528
1529         Reviewed by Sam Weinig.
1530
1531         * page/Page.cpp:
1532         (WebCore::Page::mainFrameLoadStarted):
1533         * platform/graphics/cairo/ImageBufferCairo.cpp:
1534         (WebCore::ImageBuffer::toData):
1535         * platform/network/ResourceRequestBase.cpp:
1536         (WebCore::ResourceRequestBase::partitionName):
1537
1538 2017-05-16  Wenson Hsieh  <wenson_hsieh@apple.com>
1539
1540         WebItemProviderPasteboard should be robust when temporary files are missing path extensions
1541         https://bugs.webkit.org/show_bug.cgi?id=172170
1542
1543         Reviewed by Tim Horton.
1544
1545         Makes a slight adjustment to the temporary file URLs are handled when using WebItemProviderPasteboard to load
1546         data off of item providers. Previously, we would bail early and not load any data if the temporary URL is
1547         missing an extension. Since the switch to NSItemProviders from UIItemProviders, some types of temporary files
1548         generated by item providers are missing extensions, so this extra check is meaningless.
1549
1550         Covered by existing data interaction unit tests.
1551
1552         * platform/ios/WebItemProviderPasteboard.mm:
1553         (temporaryFileURLForDataInteractionContent):
1554         (-[WebItemProviderPasteboard doAfterLoadingProvidedContentIntoFileURLs:synchronousTimeout:]):
1555
1556 2017-05-16  Zan Dobersek  <zdobersek@igalia.com>
1557
1558         [WPE] GLContextEGL::createWPEContext() should fall back to pbuffer-based contexts when offscreen target provides no native window
1559         https://bugs.webkit.org/show_bug.cgi?id=172162
1560
1561         Reviewed by Carlos Garcia Campos.
1562
1563         When creating an offscreen GLContext, the underlying implementation might
1564         provide a mock native window that's to be used as the window target upon
1565         which a window-based GLContext should be created. But we should also support
1566         falling back to pbuffer-based GLContexts when the underlying implementation
1567         can't provide such mock targets.
1568
1569         * platform/graphics/egl/GLContextEGLWPE.cpp:
1570         (WebCore::GLContextEGL::createWPEContext):
1571
1572 2017-05-16  Zan Dobersek  <zdobersek@igalia.com>
1573
1574         [GLib] Name more GSource-based RunLoop::Timers
1575         https://bugs.webkit.org/show_bug.cgi?id=172158
1576
1577         Reviewed by Carlos Garcia Campos.
1578
1579         * platform/glib/MainThreadSharedTimerGLib.cpp:
1580         (WebCore::MainThreadSharedTimer::MainThreadSharedTimer):
1581         Specify 'MainThreadSharedTimer' as the name of this GSource-based RunLoop::Timer.
1582
1583 2017-05-16  Romain Bellessort  <romain.bellessort@crf.canon.fr>
1584
1585         [Readable Streams API] Implement ReadableStreamBYOBReader releaseLock()
1586         https://bugs.webkit.org/show_bug.cgi?id=172111
1587
1588         Reviewed by Chris Dumez.
1589
1590         Implemented ReadableStreamBYOBReader releaseLock():
1591         - https://streams.spec.whatwg.org/#byob-reader-release-lock;
1592         - https://streams.spec.whatwg.org/#readable-stream-reader-generic-release.
1593
1594         Added tests to check releaseLock behavior.
1595
1596         * Modules/streams/ReadableStreamBYOBReader.js:
1597         (releaseLock): Implemented.
1598         * Modules/streams/ReadableStreamInternals.js:
1599         (readableStreamReaderGenericRelease): Aligned with spec.
1600
1601 2017-05-16  Carlos Garcia Campos  <cgarcia@igalia.com>
1602
1603         Unreviewed. Try to fix GTK+ build with MEDIA_STREAM enabled after r216918.
1604
1605         * platform/mediastream/openwebrtc/RealtimeMediaSourceCenterOwr.cpp:
1606         (WebCore::RealtimeMediaSourceCenterOwr::validateRequestConstraints):
1607
1608 2017-05-16  Youenn Fablet  <youenn@apple.com>
1609
1610         Remove MediaConstraintsData and MediaConstraintsImpl
1611         https://bugs.webkit.org/show_bug.cgi?id=172132
1612
1613         Reviewed by Eric Carlson.
1614
1615         No observable change of behavior.
1616
1617         Removing MediaConstraintsData and MediaConstraintsImpl allows simplifying the code.
1618         Further simplified the code by making MediaConstraints no longer ref counted and now a struct.
1619         Simplified some RealtimeMediaSource subclasses by removing unused MediaConstraints class members.
1620
1621         * CMakeLists.txt: Removing MediaConstraintsImpl.cpp.
1622         * Modules/mediastream/MediaConstraintsImpl.cpp: Removed.
1623         * Modules/mediastream/MediaConstraintsImpl.h: Removed.
1624         * Modules/mediastream/MediaDevices.cpp:
1625         (WebCore::createMediaConstraints):
1626         (WebCore::MediaDevices::getUserMedia):
1627         (WebCore::createMediaConstraintsImpl): Deleted.
1628         * Modules/mediastream/MediaStreamTrack.cpp:
1629         (WebCore::createMediaConstraints):
1630         (WebCore::MediaStreamTrack::applyConstraints):
1631         (WebCore::createMediaConstraintsImpl): Deleted.
1632         * Modules/mediastream/MediaTrackConstraints.cpp:
1633         (WebCore::createMediaConstraints):
1634         (WebCore::createMediaConstraintsImpl): Deleted.
1635         * Modules/mediastream/MediaTrackConstraints.h:
1636         * Modules/mediastream/UserMediaRequest.cpp:
1637         (WebCore::UserMediaRequest::start):
1638         (WebCore::UserMediaRequest::UserMediaRequest):
1639         (WebCore::UserMediaRequest::allow):
1640         * Modules/mediastream/UserMediaRequest.h:
1641         (WebCore::UserMediaRequest::audioConstraints):
1642         (WebCore::UserMediaRequest::videoConstraints):
1643         * WebCore.xcodeproj/project.pbxproj:
1644         * platform/mediastream/MediaConstraints.cpp:
1645         (WebCore::addDefaultVideoConstraints):
1646         (WebCore::MediaConstraints::isConstraintSet):
1647         (WebCore::MediaConstraints::setDefaultVideoConstraints):
1648         * platform/mediastream/MediaConstraints.h:
1649         (WebCore::MediaConstraints::~MediaConstraints): Deleted.
1650         (WebCore::MediaConstraints::MediaConstraints): Deleted.
1651         * platform/mediastream/MediaStreamConstraintsValidationClient.h:
1652         * platform/mediastream/RealtimeMediaSource.cpp:
1653         (WebCore::RealtimeMediaSource::selectSettings):
1654         (WebCore::RealtimeMediaSource::supportsConstraints):
1655         (WebCore::RealtimeMediaSource::applyConstraints):
1656         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
1657         (WebCore::RealtimeMediaSourceCenter::validateRequestConstraints):
1658         * platform/mediastream/RealtimeMediaSourceCenter.h:
1659         * platform/mediastream/mac/RealtimeIncomingAudioSource.cpp:
1660         (WebCore::RealtimeIncomingAudioSource::supportedConstraints): Deleted.
1661         * platform/mediastream/mac/RealtimeIncomingAudioSource.h:
1662         * platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:
1663         (WebCore::RealtimeIncomingVideoSource::supportedConstraints): Deleted.
1664         * platform/mediastream/mac/RealtimeIncomingVideoSource.h:
1665         * platform/mock/MockRealtimeMediaSource.h:
1666         (WebCore::MockRealtimeMediaSource::constraints): Deleted.
1667
1668 2017-05-16  Andy Estes  <aestes@apple.com>
1669
1670         [Cocoa] Tell NEFilterSource about the presenting app's PID
1671         https://bugs.webkit.org/show_bug.cgi?id=172152
1672         <rdar://problem/32197740>
1673
1674         Reviewed by Dan Bernstein.
1675
1676         * platform/cocoa/NetworkExtensionContentFilter.mm:
1677         (WebCore::NetworkExtensionContentFilter::initialize):
1678         * platform/spi/cocoa/NEFilterSourceSPI.h:
1679
1680 2017-05-16  Manuel Rego Casasnovas  <rego@igalia.com>
1681
1682         [css-grid] Fix static position of positioned grid items
1683         https://bugs.webkit.org/show_bug.cgi?id=172108
1684
1685         Reviewed by Sergio Villar Senin.
1686
1687         This patch makes us follow the text on the spec
1688         (https://drafts.csswg.org/css-grid/#static-position):
1689         "The static position of an absolutely-positioned child
1690          of a grid container is determined as if it were the sole grid item
1691          in a grid area whose edges coincide with the padding edges
1692          of the grid container."
1693
1694         Test: fast/css-grid-layout/absolute-positioning-grid-container-parent.html
1695
1696         * rendering/RenderGrid.cpp:
1697         (WebCore::RenderGrid::prepareChildForPositionedLayout): Modified to avoid
1698         including padding to match the spec behavior.
1699
1700 2017-05-16  Per Arne Vollan  <pvollan@apple.com>
1701
1702         Compile error, include file is not found.
1703         https://bugs.webkit.org/show_bug.cgi?id=172105
1704
1705         Reviewed by Brent Fulgham.
1706
1707         Use __has_include to detect if include file exists.
1708
1709         * platform/mediastream/libwebrtc/H264VideoToolBoxEncoder.mm:
1710
1711 2017-05-15  Andy Estes  <aestes@apple.com>
1712
1713         Make the application PID available to WebCore
1714         https://bugs.webkit.org/show_bug.cgi?id=172133
1715
1716         Reviewed by Andreas Kling.
1717
1718         * CMakeLists.txt:
1719         * PlatformMac.cmake:
1720         * WebCore.xcodeproj/project.pbxproj:
1721         * platform/RuntimeApplicationChecks.cpp: Added.
1722         (WebCore::presentingApplicationPIDOverride):
1723         (WebCore::presentingApplicationPID): Returns the override PID if set, or getCurrentProcessID()
1724         otherwise.
1725         (WebCore::setPresentingApplicationPID):
1726         * platform/RuntimeApplicationChecks.h:
1727         * platform/cocoa/RuntimeApplicationChecksCocoa.mm: Renamed from Source/WebCore/platform/RuntimeApplicationChecks.mm.
1728
1729 2017-05-15  Antti Koivisto  <antti@apple.com>
1730
1731         RenderTheme does not need to be per-page
1732         https://bugs.webkit.org/show_bug.cgi?id=172116
1733         <rdar://problem/30426457>
1734
1735         Reviewed by Zalan Bujtas.
1736
1737         There are no implementations of RenderTheme::themeForPage that actually care about the page.
1738         It can be replaced with a singleton, simplifying a bunch of code.
1739
1740         * Modules/mediacontrols/MediaControlsHost.cpp:
1741         (WebCore::MediaControlsHost::shadowRootCSSText):
1742         (WebCore::MediaControlsHost::base64StringForIconNameAndType):
1743         * css/CSSDefaultStyleSheets.cpp:
1744         (WebCore::CSSDefaultStyleSheets::loadFullDefaultStyle):
1745         (WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement):
1746
1747             Fix a potential crash if we get here when page is null (though it doesn't appear to repro on trunk).
1748
1749         * css/StyleColor.cpp:
1750         (WebCore::StyleColor::colorFromKeyword):
1751         * css/StyleResolver.cpp:
1752         (WebCore::StyleResolver::adjustRenderStyle):
1753         * css/parser/CSSParser.cpp:
1754         (WebCore::CSSParser::parseSystemColor):
1755         * css/parser/CSSParser.h:
1756         * css/parser/CSSPropertyParser.cpp:
1757         (WebCore::CSSPropertyParser::consumeSystemFont):
1758         * editing/FrameSelection.cpp:
1759         (WebCore::FrameSelection::updateAppearance):
1760         * html/HTMLMediaElement.cpp:
1761         (WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript):
1762         * html/HTMLMeterElement.cpp:
1763         (WebCore::HTMLMeterElement::createElementRenderer):
1764         * html/HTMLSelectElement.cpp:
1765         (WebCore::HTMLSelectElement::usesMenuList):
1766         (WebCore::HTMLSelectElement::platformHandleKeydownEvent):
1767         (WebCore::HTMLSelectElement::menuListDefaultEventHandler):
1768         * html/HTMLTextFormControlElement.cpp:
1769         (WebCore::HTMLTextFormControlElement::adjustInnerTextStyle):
1770         * html/InputType.cpp:
1771         (WebCore::InputType::themeSupportsDataListUI):
1772         * html/TextFieldInputType.cpp:
1773         (WebCore::TextFieldInputType::shouldHaveSpinButton):
1774         (WebCore::TextFieldInputType::shouldHaveCapsLockIndicator):
1775         * html/canvas/CanvasRenderingContext2D.cpp:
1776         (WebCore::CanvasRenderingContext2D::setStrokeColor):
1777         (WebCore::CanvasRenderingContext2D::setFillColor):
1778         * html/canvas/CanvasStyle.cpp:
1779         (WebCore::parseColor):
1780         (WebCore::parseColorOrCurrentColor):
1781         (WebCore::CanvasStyle::createFromString):
1782         * html/canvas/CanvasStyle.h:
1783         * html/shadow/MediaControlElements.cpp:
1784         (WebCore::MediaControlPanelElement::startTimer):
1785         (WebCore::MediaControlPanelElement::makeOpaque):
1786         (WebCore::MediaControlPanelElement::makeTransparent):
1787         * html/shadow/MediaControls.cpp:
1788         (WebCore::MediaControls::reset):
1789         (WebCore::MediaControls::reportedError):
1790         (WebCore::MediaControls::updateCurrentTimeDisplay):
1791         * html/shadow/mac/ImageControlsButtonElementMac.cpp:
1792         (WebCore::ImageControlsButtonElementMac::tryCreate):
1793         * page/MemoryRelease.cpp:
1794         (WebCore::releaseNoncriticalMemory):
1795         * page/Page.cpp:
1796         (WebCore::Page::Page):
1797         * page/Page.h:
1798         (WebCore::Page::theme): Deleted.
1799         * platform/wpe/RenderThemeWPE.cpp:
1800         (WebCore::RenderTheme::singleton):
1801         (WebCore::RenderTheme::themeForPage): Deleted.
1802         * rendering/RenderEmbeddedObject.cpp:
1803         (WebCore::RenderEmbeddedObject::getReplacementTextGeometry):
1804         * rendering/RenderObject.cpp:
1805         (WebCore::RenderObject::theme):
1806         * rendering/RenderTheme.cpp:
1807         (WebCore::RenderTheme::focusRingColor):
1808         * rendering/RenderTheme.h:
1809         (WebCore::RenderTheme::defaultTheme): Deleted.
1810         * rendering/RenderThemeGtk.cpp:
1811         (WebCore::RenderTheme::singleton):
1812         (WebCore::RenderTheme::themeForPage): Deleted.
1813         * rendering/RenderThemeIOS.mm:
1814         (WebCore::RenderTheme::singleton):
1815         (WebCore::RenderTheme::themeForPage): Deleted.
1816         * rendering/RenderThemeMac.mm:
1817         (WebCore::RenderTheme::singleton):
1818         (WebCore::RenderTheme::themeForPage): Deleted.
1819         * rendering/RenderThemeWin.cpp:
1820         (WebCore::RenderTheme::singleton):
1821         (WebCore::RenderTheme::themeForPage): Deleted.
1822         * rendering/TextPaintStyle.cpp:
1823         (WebCore::computeTextPaintStyle):
1824
1825 2017-05-15  Said Abou-Hallawa  <sabouhallawa@apple.com>
1826
1827         Do not delete asynchronously decoded frames for large images if their clients are in the viewport
1828         https://bugs.webkit.org/show_bug.cgi?id=170640
1829
1830         Reviewed by Simon Fraser.
1831
1832         The image flickering problem happens when a large image is visible in the
1833         view port and for some reason, the decoded frame gets destroyed. When this
1834         image is repainted, BitmapImage::draw() does not find a valid decoded frame
1835         for that image. It then requests an async decoding for the image and just
1836         draws nothing in the image rectangle. Drawing no content between two drawing
1837         phases in which the image is drawn causes the unwanted flickering.
1838
1839         To fix this issue we need to protect the decoded frames of all the images
1840         in the view port from being destroyed. When BitmapImage::destroyDecodedData()
1841         is called, it is going to check, through the ImageObserver, whether any
1842         of its clients is visible. And if so, the current decoded frame won't be
1843         destroyed.
1844
1845         Tests: Modifying existing tests.
1846
1847         * loader/cache/CachedImage.cpp:
1848         (WebCore::CachedImage::CachedImageObserver::decodedSizeChanged):
1849         (WebCore::CachedImage::CachedImageObserver::didDraw):
1850         (WebCore::CachedImage::CachedImageObserver::canDestroyDecodedData):
1851         (WebCore::CachedImage::CachedImageObserver::imageFrameAvailable):
1852         (WebCore::CachedImage::CachedImageObserver::changedInRect):
1853         (WebCore::CachedImage::decodedSizeChanged):
1854         (WebCore::CachedImage::didDraw):
1855         (WebCore::CachedImage::canDestroyDecodedData): Finds out whether it's okay
1856         to discard the image decoded data or not.
1857         (WebCore::CachedImage::imageFrameAvailable):
1858         (WebCore::CachedImage::changedInRect):
1859         * loader/cache/CachedImage.h:
1860         * loader/cache/CachedImageClient.h:
1861         (WebCore::CachedImageClient::canDestroyDecodedData):
1862         * loader/cache/MemoryCache.cpp:
1863         (WebCore::MemoryCache::destroyDecodedDataForAllImages): This function is
1864         currently not used. Use in the internal destroyDecodedDataForAllImages()
1865         but unlike what CachedImage::destroyDecodedData() does, make it destroy
1866         the decoded frames without deleting the image itself.
1867         * loader/cache/MemoryCache.h:
1868         * platform/graphics/BitmapImage.cpp:
1869         (WebCore::BitmapImage::destroyDecodedData):
1870         (WebCore::BitmapImage::draw):
1871         (WebCore::BitmapImage::canDestroyCurrentFrameDecodedData): 
1872         (WebCore::BitmapImage::advanceAnimation):
1873         (WebCore::BitmapImage::internalAdvanceAnimation):
1874         (WebCore::BitmapImage::imageFrameAvailableAtIndex):
1875         * platform/graphics/BitmapImage.h:
1876         * platform/graphics/GraphicsContext3D.cpp:
1877         (WebCore::GraphicsContext3D::packImageData):
1878         * platform/graphics/ImageFrameCache.cpp:
1879         (WebCore::ImageFrameCache::decodedSizeChanged):
1880         (ImageFrameCache::cacheAsyncFrameNativeImageAtIndex): The assertion in this
1881         function is wrong. frameIsCompleteAtIndex() can be false when the an image
1882         decoding is requested but can be true when the decoding finishes.
1883         * platform/graphics/ImageObserver.h:
1884         * platform/graphics/cairo/ImageCairo.cpp:
1885         (WebCore::Image::drawPattern):
1886         * platform/graphics/cg/ImageCG.cpp:
1887         (WebCore::Image::drawPattern):
1888         * platform/graphics/cg/ImageDecoderCG.cpp:
1889         (WebCore::ImageDecoder::frameIsCompleteAtIndex):
1890         * platform/graphics/cg/PDFDocumentImage.cpp:
1891         (WebCore::PDFDocumentImage::decodedSizeChanged):
1892         (WebCore::PDFDocumentImage::draw):
1893         * platform/graphics/texmap/TextureMapperTiledBackingStore.cpp:
1894         (WebCore::TextureMapperTiledBackingStore::updateContentsFromImageIfNeeded):
1895         * platform/graphics/win/ImageDirect2D.cpp:
1896         (WebCore::Image::drawPattern):
1897         * rendering/RenderElement.cpp:
1898         (WebCore::RenderElement::isVisibleInDocumentRect):
1899         (WebCore::RenderElement::isVisibleInViewport):
1900         (WebCore::RenderElement::imageFrameAvailable):
1901         (WebCore::RenderElement::repaintForPausedImageAnimationsIfNeeded):
1902         (WebCore::RenderElement::shouldRepaintInVisibleRect): Deleted. Function
1903         is renamed to isVisibleInViewport() for better readability.
1904         * rendering/RenderElement.h:
1905         * svg/graphics/SVGImage.cpp:
1906         (WebCore::SVGImage::draw):
1907         * svg/graphics/SVGImageClients.h:
1908         * testing/Internals.cpp:
1909         (WebCore::Internals::destroyDecodedDataForAllImages):
1910         * testing/Internals.h:
1911         * testing/Internals.idl:
1912
1913 2017-05-15  Youenn Fablet  <youenn@apple.com>
1914
1915         Simplify RealtimeMediaSource data production and state
1916         https://bugs.webkit.org/show_bug.cgi?id=171999
1917
1918         Reviewed by Eric Carlson.
1919
1920         RealtimeMediaSource takes 3 booleans:
1921         - m_isProducingData tells whether data is produced or not. In the case of capturing, it tells whether capture
1922           happens.
1923         - m_muted/m_enabled allows JS or WebKit level to start/stop the source.
1924
1925         Changed MediaStream capture state computation so that capture is reported as follows:
1926         - m_isProducing is true, capture is happenning and is active
1927         - m_muted is true, capture is happening but is inactive.
1928
1929         Except in the case of WebRTC incoming sources, for which sources may be created as muted as per the spec,
1930         all sources are unmuted, enabled and not producing data when created.
1931
1932         RealtimeMediaSource is now activable either by calling start/stop or by calling setMuted/setEnabled.
1933         This in turns will set the boolean values accordingly and will call the underlying
1934         startProducingData/stopProducingData methods doing the actual stuff.
1935
1936         Removing from all RealtimeMediaSource subclasses the handling of producing data.
1937         Making more methods non-virtual/member fields private to simplify the model.
1938
1939         * Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
1940         (WebCore::CanvasCaptureMediaStreamTrack::Source::create):
1941         (WebCore::CanvasCaptureMediaStreamTrack::Source::startProducingData):
1942         (WebCore::CanvasCaptureMediaStreamTrack::Source::stopProducingData):
1943         (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasDestroyed):
1944         (WebCore::CanvasCaptureMediaStreamTrack::Source::captureCanvas):
1945         * Modules/mediastream/CanvasCaptureMediaStreamTrack.h:
1946         * Modules/mediastream/MediaStream.cpp:
1947         (WebCore::MediaStream::mediaState):
1948         * platform/mediastream/MediaStreamTrackPrivate.h:
1949         (WebCore::MediaStreamTrackPrivate::startProducingData):
1950         (WebCore::MediaStreamTrackPrivate::stopProducingData):
1951         * platform/mediastream/RealtimeMediaSource.cpp:
1952         (WebCore::RealtimeMediaSource::setMuted):
1953         (WebCore::RealtimeMediaSource::notifyMutedChange):
1954         (WebCore::RealtimeMediaSource::setEnabled):
1955         (WebCore::RealtimeMediaSource::start):
1956         (WebCore::RealtimeMediaSource::stop):
1957         (WebCore::RealtimeMediaSource::requestStop):
1958         (WebCore::RealtimeMediaSource::reset): Deleted.
1959         * platform/mediastream/RealtimeMediaSource.h:
1960         * platform/mediastream/mac/AVMediaCaptureSource.h:
1961         * platform/mediastream/mac/AVMediaCaptureSource.mm:
1962         (WebCore::AVMediaCaptureSource::AVMediaCaptureSource):
1963         (WebCore::AVMediaCaptureSource::captureSessionIsRunningDidChange):
1964         (WebCore::AVMediaCaptureSource::reset): Deleted.
1965         (WebCore::AVMediaCaptureSource::isProducingData): Deleted.
1966         * platform/mediastream/mac/CoreAudioCaptureSource.cpp:
1967         (WebCore::CoreAudioCaptureSource::CoreAudioCaptureSource):
1968         (WebCore::CoreAudioCaptureSource::startProducingData):
1969         (WebCore::CoreAudioCaptureSource::stopProducingData):
1970         (WebCore::CoreAudioCaptureSource::audioSourceProvider):
1971         * platform/mediastream/mac/CoreAudioCaptureSource.h:
1972         * platform/mediastream/mac/MockRealtimeAudioSourceMac.mm:
1973         (WebCore::MockRealtimeAudioSourceMac::render):
1974         (WebCore::MockRealtimeAudioSource::createMuted): Deleted.
1975         * platform/mediastream/mac/MockRealtimeVideoSourceMac.mm:
1976         (WebCore::MockRealtimeVideoSource::createMuted): Deleted.
1977         * platform/mediastream/mac/RealtimeIncomingAudioSource.cpp:
1978         (WebCore::RealtimeIncomingAudioSource::create):
1979         (WebCore::RealtimeIncomingAudioSource::RealtimeIncomingAudioSource):
1980         (WebCore::RealtimeIncomingAudioSource::~RealtimeIncomingAudioSource):
1981         (WebCore::RealtimeIncomingAudioSource::startProducingData):
1982         (WebCore::RealtimeIncomingAudioSource::stopProducingData):
1983         (WebCore::RealtimeIncomingAudioSource::setSourceTrack):
1984         * platform/mediastream/mac/RealtimeIncomingAudioSource.h:
1985         * platform/mediastream/mac/RealtimeIncomingVideoSource.cpp:
1986         (WebCore::RealtimeIncomingVideoSource::create):
1987         (WebCore::RealtimeIncomingVideoSource::RealtimeIncomingVideoSource):
1988         (WebCore::RealtimeIncomingVideoSource::startProducingData):
1989         (WebCore::RealtimeIncomingVideoSource::setSourceTrack):
1990         (WebCore::RealtimeIncomingVideoSource::stopProducingData):
1991         (WebCore::RealtimeIncomingVideoSource::OnFrame):
1992         * platform/mediastream/mac/RealtimeIncomingVideoSource.h:
1993         * platform/mediastream/mac/WebAudioSourceProviderAVFObjC.mm:
1994         (WebCore::WebAudioSourceProviderAVFObjC::setClient):
1995         * platform/mock/MockMediaEndpoint.cpp:
1996         (WebCore::MockMediaEndpoint::createMutedRemoteSource):
1997         (WebCore::MockMediaEndpoint::unmuteTimerFired):
1998         * platform/mock/MockRealtimeAudioSource.cpp:
1999         (WebCore::MockRealtimeAudioSource::createMuted):
2000         (WebCore::MockRealtimeAudioSource::startProducingData):
2001         (WebCore::MockRealtimeAudioSource::stopProducingData):
2002         * platform/mock/MockRealtimeAudioSource.h:
2003         * platform/mock/MockRealtimeMediaSource.cpp:
2004         (WebCore::MockRealtimeMediaSource::startProducingData): Deleted.
2005         (WebCore::MockRealtimeMediaSource::stopProducingData): Deleted.
2006         * platform/mock/MockRealtimeMediaSource.h:
2007         * platform/mock/MockRealtimeVideoSource.cpp:
2008         (WebCore::MockRealtimeVideoSource::createMuted):
2009         (WebCore::MockRealtimeVideoSource::startProducingData):
2010         (WebCore::MockRealtimeVideoSource::stopProducingData):
2011         (WebCore::MockRealtimeVideoSource::generateFrame):
2012         * platform/mock/MockRealtimeVideoSource.h:
2013
2014 2017-05-15  Myles C. Maxfield  <mmaxfield@apple.com>
2015
2016         Migrate Font constructor from bools to enums
2017         https://bugs.webkit.org/show_bug.cgi?id=172140
2018
2019         Reviewed by Tim Horton.
2020
2021         In https://bugs.webkit.org/show_bug.cgi?id=168487, I'm adding a new flag to Font. We can't
2022         keep having just a pile of bools in this class. Instead, we should be using enums.
2023
2024         No new tests because there is no behavior change.
2025
2026         * css/CSSFontFace.cpp:
2027         (WebCore::CSSFontFace::font):
2028         * css/CSSFontFaceSource.cpp:
2029         (WebCore::CSSFontFaceSource::font):
2030         * css/CSSSegmentedFontFace.cpp:
2031         * loader/cache/CachedFont.cpp:
2032         (WebCore::CachedFont::createFont):
2033         * platform/graphics/Font.cpp:
2034         (WebCore::Font::Font):
2035         (WebCore::Font::verticalRightOrientationFont):
2036         (WebCore::Font::uprightOrientationFont):
2037         (WebCore::Font::brokenIdeographFont):
2038         (WebCore::Font::description):
2039         (WebCore::Font::mathData):
2040         * platform/graphics/Font.h:
2041         (WebCore::Font::create):
2042         (WebCore::Font::origin):
2043         (WebCore::Font::isInterstitial):
2044         (WebCore::Font::widthForGlyph):
2045         (WebCore::Font::isCustomFont): Deleted.
2046         (WebCore::Font::isLoading): Deleted.
2047         * platform/graphics/FontRanges.cpp:
2048         * platform/graphics/cocoa/FontCocoa.mm:
2049         (WebCore::Font::platformInit):
2050         * platform/graphics/freetype/SimpleFontDataFreeType.cpp:
2051         (WebCore::Font::platformCreateScaledFont):
2052         * platform/graphics/win/SimpleFontDataCGWin.cpp:
2053         (WebCore::Font::platformInit):
2054         * platform/graphics/win/SimpleFontDataDirect2D.cpp:
2055         (WebCore::Font::platformInit):
2056         * platform/graphics/win/SimpleFontDataWin.cpp:
2057         (WebCore::Font::platformCreateScaledFont):
2058         (WebCore::Font::determinePitch):
2059         * rendering/SimpleLineLayout.cpp:
2060         (WebCore::SimpleLineLayout::canUseForFontAndText):
2061
2062 2017-05-15  Youenn Fablet  <youenn@apple.com>
2063
2064         WebRTC outgoing muted video sources should send black frames
2065         https://bugs.webkit.org/show_bug.cgi?id=170627
2066         <rdar://problem/31513869>
2067
2068         Reviewed by Eric Carlson.
2069
2070         Covered by updated test.
2071
2072         Instead of sending one black frame and then another one asynchronously,
2073         we use the timer to send a black frame every second when outgoing source is muted.
2074
2075         * platform/mediastream/mac/RealtimeOutgoingVideoSource.cpp:
2076         (WebCore::RealtimeOutgoingVideoSource::sourceMutedChanged):
2077         (WebCore::RealtimeOutgoingVideoSource::sourceEnabledChanged):
2078         (WebCore::RealtimeOutgoingVideoSource::sendBlackFrames):
2079         (WebCore::RealtimeOutgoingVideoSource::sendBlackFrame): Deleted.
2080         * platform/mediastream/mac/RealtimeOutgoingVideoSource.h:
2081         * testing/Internals.cpp:
2082         (WebCore::Internals::videoSampleAvailable):
2083
2084 2017-05-15  David Kilzer  <ddkilzer@apple.com>
2085
2086         Crash in libxml2.2.dylib: xmlDictReference
2087         <https://webkit.org/b/172086>
2088         <rdar://problem/23643436>
2089
2090         Reviewed by Daniel Bates.
2091
2092         Speculative fix and code clean-up based on source code
2093         inspection.  The fix for the crash is in two parts that change
2094         XSLStyleSheet::parseString():
2095         1. Always set m_stylesheetDoc to nullptr after freeing it via
2096            XSLStyleSheet::clearXSLStylesheetDocument().
2097         2. Add nullptr check before using m_stylesheetDoc from parent.
2098
2099         Broadly speaking, the changes are:
2100         - Extract code to reset m_stylesheetDoc into new private
2101           XSLStyleSheet::clearXSLStylesheetDocument() method.  There is
2102           a special contract between m_stylesheetDoc and
2103           m_stylesheetDocTaken that wasn't being followed every time.
2104           See comment in XSLStyleSheet::compileStyleSheet().
2105         - XSLStyleSheet::clearDocuments() now calls new
2106           clearXSLStylesheetDocument() method.  Previously, it was not
2107           checking or resetting m_stylesheetDocTaken, and it might have
2108           leaked an xmlDocPtr if m_stylesheetDoc was set and
2109           m_stylesheetDocTaken was false.
2110         - XSLStyleSheet::parseString() now calls new
2111           clearXSLStylesheetDocument() method.  Previously, it did not
2112           clear m_stylesheetDoc after freeing it, and it could return
2113           early due to a failure in xmlCreateMemoryParserCtxt().
2114         - In XSLStyleSheet::parseString() use checked arithmetic when
2115           calculating 'size' for xmlCreateMemoryParserCtxt() and
2116           xmlCtxtReadMemory().  This code used to do an implicit
2117           unsigned -> signed integer conversion that could overflow.
2118         - Always iterate m_children using an 'auto& import' variable.
2119
2120         * xml/XSLStyleSheet.h:
2121         (WebCore::XSLStyleSheet::clearXSLStylesheetDocument): Add declaration.
2122         (WebCore::XSLStyleSheet::m_disabled): Add default initializer.
2123         (WebCore::XSLStyleSheet::m_stylesheetDoc): Ditto.
2124         (WebCore::XSLStyleSheet::m_stylesheetDocTaken): Ditto.
2125         (WebCore::XSLStyleSheet::m_parentStyleSheet): Ditto.
2126
2127         * xml/XSLStyleSheetLibxslt.cpp:
2128         (WebCore::XSLStyleSheet::XSLStyleSheet): Get rid of redundant
2129         initializers.  Set m_parentStyleSheet if needed.
2130         (WebCore::XSLStyleSheet::~XSLStyleSheet): Call
2131         clearXSLStylesheetDocument() instead of custom code.  Switch
2132         m_children fast iteration to use 'auto& import' variable.
2133         (WebCore::XSLStyleSheet::isLoading): Switch m_children fast
2134         iteration to use 'auto& import' variable.
2135         (WebCore::XSLStyleSheet::clearDocuments): Call
2136         clearXSLStylesheetDocument() instead of setting m_stylesheetDoc
2137         to nullptr.  This might fix an occasional xmlDocPtr leak.
2138         (WebCore::XSLStyleSheet::clearXSLStylesheetDocument): Add.  This
2139         method always sets m_stylesheetDoc to nullptr (after freeing it
2140         if necessary) and sets m_stylesheetDocTaken to false.
2141         (WebCore::XSLStyleSheet::parseString): Call
2142         clearXSLStylesheetDocument().  Prior to this, m_stylesheetDoc
2143         might be left pointing to a freed value, and this method could
2144         return early if xmlCreateMemoryParserCtxt() failed.  Switch to
2145         using Checked<> to compute required buffer size to parse XSL
2146         stylesheet, and return early on overflow.  Clean up existing
2147         return statements to use boolean expressions.  Add nullptr check
2148         for m_parentStyleSheet->m_stylesheetDoc before using it.
2149         (WebCore::XSLStyleSheet::loadChildSheet): Get rid of local
2150         variable by calling loadSheet() from last array element.
2151         (WebCore::XSLStyleSheet::compileStyleSheet): Add debug assert
2152         that m_stylesheetDoc is not nullptr.
2153
2154 2017-05-15  Jer Noble  <jer.noble@apple.com>
2155
2156         Add experimental setting to allow document gesture interaction to fulfill media playback gesture requirement
2157         https://bugs.webkit.org/show_bug.cgi?id=172131
2158
2159         Reviewed by Eric Carlson.
2160
2161         Test: media/restricted-audio-playback-with-document-gesture.html
2162
2163         Move all calls to ScriptController::processingUserGestureForMedia() to the new Document equivalent. In Document,
2164         if the new setting is enabled, return true from processingUserGestureForMedia() if the top-level document has had
2165         a user gesture interaction.
2166
2167         * Modules/mediastream/MediaStream.cpp:
2168         (WebCore::MediaStream::processingUserGestureForMedia):
2169         * Modules/mediastream/MediaStream.h:
2170         * Modules/webaudio/AudioContext.cpp:
2171         (WebCore::AudioContext::processingUserGestureForMedia):
2172         (WebCore::AudioContext::willBeginPlayback):
2173         (WebCore::AudioContext::willPausePlayback):
2174         * Modules/webaudio/AudioContext.h:
2175         * dom/Document.cpp:
2176         (WebCore::Document::processingUserGestureForMedia):
2177         * dom/Document.h:
2178         * html/HTMLMediaElement.cpp:
2179         (WebCore::HTMLMediaElement::load):
2180         (WebCore::HTMLMediaElement::audioTrackEnabledChanged):
2181         (WebCore::HTMLMediaElement::seekWithTolerance):
2182         (WebCore::HTMLMediaElement::play):
2183         (WebCore::HTMLMediaElement::playInternal):
2184         (WebCore::HTMLMediaElement::pause):
2185         (WebCore::HTMLMediaElement::pauseInternal):
2186         (WebCore::HTMLMediaElement::setMuted):
2187         (WebCore::HTMLMediaElement::webkitShowPlaybackTargetPicker):
2188         (WebCore::HTMLMediaElement::processingUserGestureForMedia):
2189         * html/HTMLMediaElement.h:
2190         * html/MediaElementSession.cpp:
2191         (WebCore::MediaElementSession::playbackPermitted):
2192         (WebCore::MediaElementSession::dataLoadingPermitted):
2193         (WebCore::MediaElementSession::fullscreenPermitted):
2194         (WebCore::MediaElementSession::canShowControlsManager):
2195         (WebCore::MediaElementSession::showPlaybackTargetPicker):
2196         * page/Settings.in:
2197         * platform/audio/PlatformMediaSession.h:
2198
2199 2017-05-15  Jer Noble  <jer.noble@apple.com>
2200
2201         Only ever initialize LibWebRTCProvider's staticFactoryAndThreads() factories once.
2202         https://bugs.webkit.org/show_bug.cgi?id=172047
2203
2204         Reviewed by Youenn Fablet.
2205
2206         Wrap the initilization of the factories contained in staticFactoryAndThreads() in a call_once to ensure
2207         new factories aren't created every time it's called.
2208
2209         * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
2210         (WebCore::staticFactoryAndThreads):
2211
2212 2017-05-15  Joseph Pecoraro  <pecoraro@apple.com>
2213
2214         Web Inspector: CRASH seen with DOM.setOuterHTML when there is no documentElement
2215         https://bugs.webkit.org/show_bug.cgi?id=172135
2216         <rdar://problem/32175860>
2217
2218         Reviewed by Brian Burg.
2219
2220         Test: inspector/dom/setOuterHTML-no-document-element.html
2221
2222         * inspector/DOMPatchSupport.cpp:
2223         (WebCore::DOMPatchSupport::patchDocument):
2224         Null check the document element which might not exist.
2225
2226 2017-05-15  Said Abou-Hallawa  <sabouhallawa@apple.com>
2227
2228         REGRESSION (216471): Infinite repaint-drawing loop when asynchronously decoding incomplete image frames
2229         https://bugs.webkit.org/show_bug.cgi?id=171900
2230
2231         Reviewed by Tim Horton.
2232
2233         -- Don't destroy incomplete decoded image frames for large images. This
2234         is to avoid flickering while decoding another image frame with the new
2235         data. The old incomplete image frame will be destroyed once the newer one
2236         finishes decoding.
2237
2238         -- Extend the enum ImageFrame::DecodingStatus by adding a new value called
2239         'Decoding'. This new value will never be cached in the ImageFrame::
2240         m_decodingStatus. Add a member m_currentFrameDecodingStatus to BitmapImage.
2241         The purpose of this member is to invalidate the current frame, without
2242         deleting it, when new encoded data is received.
2243
2244         -- Don't wait until the native image is decoded to cache the ImageFrame
2245         decodingStatus. There is a big chance that more data arrives between
2246         starting the decoding and finishing it such that the decoding changes
2247         from Partial to Complete. We need to prevent keeping incomplete ImageFrames
2248         cached because we mistakenly assume they are complete. To fix this issue
2249         we need to know the ImageFrame decodingStatus when the decoding is requested.
2250
2251         * platform/graphics/BitmapImage.cpp:
2252         (WebCore::BitmapImage::destroyDecodedData):
2253         (WebCore::BitmapImage::dataChanged):
2254         (WebCore::BitmapImage::draw):
2255         (WebCore::BitmapImage::internalStartAnimation): At the beginning of this 
2256         function we check whether the next frame is being decoded or not and we 
2257         return DecodingActive if it is. Let's handle the second check here also 
2258         before requesting the decoding of nextFrame. We need to check whether the
2259         nextFrame has a native image with decoded with the native size or not.
2260         (WebCore::BitmapImage::internalAdvanceAnimation):
2261         (WebCore::BitmapImage::imageFrameAvailableAtIndex):
2262         * platform/graphics/BitmapImage.h:
2263         * platform/graphics/ImageFrame.cpp:
2264         (WebCore::ImageFrame::operator=):
2265         (WebCore::ImageFrame::setDecodingStatus):
2266         (WebCore::ImageFrame::decodingStatus):
2267         * platform/graphics/ImageFrame.h:
2268         (WebCore::ImageFrame::isInvalid):
2269         (WebCore::ImageFrame::isPartial):
2270         (WebCore::ImageFrame::isComplete):
2271         (WebCore::ImageFrame::setDecoding): Deleted.
2272         (WebCore::ImageFrame::decoding): Deleted.
2273         (WebCore::ImageFrame::isEmpty): Deleted.
2274         * platform/graphics/ImageFrameCache.cpp:
2275         (WebCore::ImageFrameCache::setNativeImage):
2276         (WebCore::ImageFrameCache::cacheMetadataAtIndex):
2277         (WebCore::ImageFrameCache::cacheNativeImageAtIndex):
2278         (WebCore::ImageFrameCache::cacheNativeImageAtIndexAsync):
2279         (WebCore::ImageFrameCache::startAsyncDecodingQueue):
2280         (WebCore::ImageFrameCache::requestFrameAsyncDecodingAtIndex):
2281         (WebCore::ImageFrameCache::stopAsyncDecodingQueue):
2282         (WebCore::ImageFrameCache::frameAtIndexCacheIfNeeded):
2283         (WebCore::ImageFrameCache::frameDecodingStatusAtIndex):
2284         (WebCore::ImageFrameCache::cacheFrameMetadataAtIndex): Deleted.
2285         (WebCore::ImageFrameCache::cacheFrameNativeImageAtIndex): Deleted.
2286         (WebCore::ImageFrameCache::cacheAsyncFrameNativeImageAtIndex): Deleted.
2287         (WebCore::ImageFrameCache::frameIsCompleteAtIndex): Deleted.
2288         * platform/graphics/ImageFrameCache.h:
2289         (WebCore::ImageFrameCache::ImageFrameRequest::operator==):
2290         * platform/graphics/ImageSource.cpp:
2291         (WebCore::ImageSource::dataChanged):
2292         * platform/graphics/ImageSource.h:
2293         (WebCore::ImageSource::destroyIncompleteDecodedData):
2294         (WebCore::ImageSource::requestFrameAsyncDecodingAtIndex): Let the caller
2295         decide whether another request for the same image frame is allowed or not.
2296         (WebCore::ImageSource::frameDecodingStatusAtIndex):
2297         (WebCore::ImageSource::frameIsCompleteAtIndex): Deleted.
2298         * platform/image-decoders/ImageDecoder.cpp:
2299         (WebCore::ImageDecoder::frameDurationAtIndex):
2300         (WebCore::ImageDecoder::createFrameImageAtIndex):
2301         * platform/image-decoders/bmp/BMPImageReader.cpp:
2302         (WebCore::BMPImageReader::decodeBMP):
2303         * platform/image-decoders/gif/GIFImageDecoder.cpp:
2304         (WebCore::GIFImageDecoder::clearFrameBufferCache):
2305         (WebCore::GIFImageDecoder::haveDecodedRow):
2306         (WebCore::GIFImageDecoder::frameComplete):
2307         (WebCore::GIFImageDecoder::initFrameBuffer):
2308         * platform/image-decoders/jpeg/JPEGImageDecoder.cpp:
2309         (WebCore::JPEGImageDecoder::outputScanlines):
2310         (WebCore::JPEGImageDecoder::jpegComplete):
2311         * platform/image-decoders/png/PNGImageDecoder.cpp:
2312         (WebCore::PNGImageDecoder::rowAvailable):
2313         (WebCore::PNGImageDecoder::pngComplete):
2314         (WebCore::PNGImageDecoder::clearFrameBufferCache):
2315         (WebCore::PNGImageDecoder::frameComplete):
2316         * platform/image-decoders/webp/WEBPImageDecoder.cpp:
2317         (WebCore::WEBPImageDecoder::decode):
2318
2319 2017-05-15  Chris Dumez  <cdumez@apple.com>
2320
2321         Align WebKitCSSMatrix stringifier with spec for DOMMatrix
2322         https://bugs.webkit.org/show_bug.cgi?id=172114
2323
2324         Reviewed by Simon Fraser.
2325
2326         Align WebKitCSSMatrix stringifier with spec for DOMMatrix after:
2327         - https://github.com/w3c/fxtf-drafts/pull/148
2328
2329         The following changes were made:
2330         - Use EcmaScript's ToString() to convert floating point values to string
2331         - Throw an invalid state error if the matrix contains non-finite values
2332         - Made WebKitCSSMatrix.toString enumerable as per [1].
2333
2334         [1] https://heycam.github.io/webidl/#es-stringifier
2335
2336         Test: fast/css/matrix-stringifier.html
2337
2338         * css/WebKitCSSMatrix.cpp:
2339         (WebCore::WebKitCSSMatrix::toString):
2340         * css/WebKitCSSMatrix.h:
2341         * css/WebKitCSSMatrix.idl:
2342         * platform/graphics/transforms/TransformationMatrix.cpp:
2343         (WebCore::TransformationMatrix::containsOnlyFiniteValues):
2344         * platform/graphics/transforms/TransformationMatrix.h:
2345
2346 2017-05-15  Mark Lam  <mark.lam@apple.com>
2347
2348         WorkerRunLoop::Task::performTask() should check !scriptController->isTerminatingExecution().
2349         https://bugs.webkit.org/show_bug.cgi?id=171775
2350         <rdar://problem/30975761>
2351
2352         Reviewed by Filip Pizlo.
2353
2354         Currently, WorkerThread::stop() calls scheduleExecutionTermination() to terminate
2355         JS execution first, followed by posting a cleanup task to the worker, and lastly,
2356         it invokes terminate() on the WorkerRunLoop.
2357
2358         As a result, before the run loop is terminated, the worker thread may observe the
2359         TerminatedExecutionException in JS code, bail out, see another JS task to run,
2360         re-enters the VM to run said JS code, and fails with an assertion due to the
2361         TerminatedExecutionException still being pending on VM entry.
2362
2363         WorkerRunLoop::Task::performTask() already has a check to only allow a task to
2364         run if and only if !runLoop.terminated() and the task is not a clean up task.
2365         We'll fix the above race by changing WorkerRunLoop::Task::performTask() to check
2366         !context->script()->isTerminatingExecution() instead of !runLoop.terminated().
2367         Since WorkerThread::stop() always scheduleExecutionTermination() before it
2368         terminates the run loop, !context->script()->isTerminatingExecution() implies
2369         !runLoop.terminated().
2370
2371         The only time that runLoop is terminated without scheduleExecutionTermination()
2372         being called is when WorkerThread::stop() is called before the WorkerThread has
2373         finished creating its WorkerGlobalScope.  In this scenario, WorkerThread::stop()
2374         will still terminate the run loop.  Hence, after the WorkerGlobalScope is created
2375         (in WorkerThread::workerThread()), we will check if the run loop has been
2376         terminated (i.e. stop() was called).  If so, we'll scheduleExecutionTermination()
2377         there, and guarantee that if runloop.terminated() is true, then
2378         context->script()->isTerminatingExecution() is also true.
2379
2380         Solutions that were considered but did not work (recorded for future reference):
2381
2382         1. In WorkerThread::stop(), call scheduleExecutionTermination() only after it
2383            posts the cleanup task and terminate the run loop.
2384
2385            This did not work because this creates a race where the worker thread may run
2386            the cleanup task before WorkerThread::stop() finishes.  As a result, the
2387            scriptController may be deleted before we get to invoke scheduleExecutionTermination()
2388            on it, thereby resulting in a use after free.
2389
2390            To make this work, we would have to change the life cycle management strategy
2391            of the WorkerScriptController.  This is a more risky change that we would
2392            want to take on at this time, and may also not be worth the gain.
2393
2394         2. Break scheduleExecutionTermination() up into 2 parts i.e. WorkerThread::stop()
2395            will:
2396            1. set the scriptControllers m_isTerminatingExecution flag before
2397               posting the cleanup task and terminating the run loop, and
2398            2. invoke VM::notifyNeedsTermination() after posting the cleanup task and
2399               terminating the run loop.
2400
2401            This requires that we protect the liveness of the VM until we can invoke
2402            notifyNeedsTermination() on it.
2403
2404            This did not work because:
2405            1. We may end up destructing the VM in WorkerThread::stop() i.e. in the main
2406               web frame, but only the worker thread holds the JS lock for the VM.
2407
2408               We can make the WorkerThread::stop() acquire the JS lock just before it
2409               releases the protected VM's RefPtr, but that would mean the main thread
2410               may be stuck waiting a bit for the worker thread to release its JSLock.
2411               This is not desirable.
2412
2413            2. In practice, changing the liveness period of the Worker VM relative to its
2414               WorkerScriptController and WorkerGlobalScope also has unexpected
2415               ramifications.  We observed many worker tests failing with assertion
2416               failures and crashes due to this change.
2417
2418            Hence, this approach is also a more risky change than it appears on the
2419            surface, and is not worth exploring at this time.
2420
2421         In the end, changing WorkerRunLoop::Task::performTask() to check for
2422         !scriptController->isTerminatingExecution() is the most straight forward solution
2423         that is easy to prove correct.
2424
2425         Also fixed a race in WorkerThread::workerThread() where it can delete the
2426         WorkerGlobalScope while WorkerThread::stop() is in the midst of accessing it.
2427         We now guard the the nullifying of m_workerGlobalScope with the
2428         m_threadCreationAndWorkerGlobalScopeMutex as well.
2429
2430         UPDATE: the only new thing in this patch for re-landing (vs one previously landed)
2431         is that instead of nullifying m_workerGlobalScope directly (thereby deleting the
2432         WorkerGlobalScope context), we'll swap it out and delete it only after we've
2433         unlocked the m_threadCreationAndWorkerGlobalScopeMutex.  This is needed because
2434         the destruction of the WorkerGlobalScope will cause the main thread to race against
2435         the worker thread to delete the WorkerThread object, and the WorkerThread object
2436         owns the mutex that we need to unlock after nullifying the m_workerGlobalScope
2437         field.
2438
2439         This issue is covered by an existing test that I just unskipped in TestExpectations.
2440
2441         * bindings/js/JSDOMPromiseDeferred.cpp:
2442         (WebCore::DeferredPromise::callFunction):
2443
2444         * bindings/js/WorkerScriptController.cpp:
2445         (WebCore::WorkerScriptController::scheduleExecutionTermination):
2446         - Added a check to do nothing and return early if the scriptController is already
2447           terminating execution.
2448
2449         * workers/WorkerRunLoop.cpp:
2450         (WebCore::WorkerRunLoop::runInMode):
2451         (WebCore::WorkerRunLoop::runCleanupTasks):
2452         (WebCore::WorkerRunLoop::Task::performTask):
2453
2454         * workers/WorkerRunLoop.h:
2455         - Made Task::performTask() private and make Task befriend the WorkerRunLoop class.
2456           This ensures that only the WorkerRunLoop may call performTask().
2457           Note: this change only formalizes and hardens a relationship that was already
2458           in place before this.
2459
2460         * workers/WorkerThread.cpp:
2461         (WebCore::WorkerThread::start):
2462         (WebCore::WorkerThread::workerThread):
2463         (WebCore::WorkerThread::stop):
2464         * workers/WorkerThread.h:
2465         - Renamed m_threadCreationMutex to m_threadCreationAndWorkerGlobalScopeMutex so
2466           that it more accurately describes what it guards.
2467
2468 2017-05-15  Myles C. Maxfield  <mmaxfield@apple.com>
2469
2470         Unicode characters which can't be rendered in any font are invisible
2471         https://bugs.webkit.org/show_bug.cgi?id=171942
2472         <rdar://problem/32054234>
2473
2474         Reviewed by Tim Horton.
2475
2476         There are some Unicode characters which don't have any font on the system which can render them.
2477         These characters should be drawn as the .notdef "tofu." This is for security and usability, as
2478         well as what Firefox and Chrome do. However, we still shouldn't draw characters with the
2479         Default_Ignorable_Code_Point property, because this is what CoreText does.
2480
2481         This behavior is also what the Unicode spec recommends: In UTR #36 Unicode Security Considerations:
2482         http://www.unicode.org/reports/tr36/#Recommendations_General
2483         "If there is no available glyph for a character, never show a simple "?" or omit the character."
2484
2485         Also relevant is the Unicode Standard section 5.3 Unknown and MIssing Characters, starting at page
2486         marked 203 in the following: http://www.unicode.org/versions/Unicode9.0.0/ch05.pdf
2487
2488         Tests: fast/text/default-ignorable.html
2489                fast/text/unknown-char-notdef.html
2490
2491         * platform/graphics/WidthIterator.cpp:
2492         (WebCore::characterMustDrawSomething):
2493
2494 2017-05-15  Timothy Horton  <timothy_horton@apple.com>
2495
2496         Null deref under WebContentReader::readURL when interacting with a file URL
2497         https://bugs.webkit.org/show_bug.cgi?id=172045
2498         <rdar://problem/25880647>
2499
2500         Reviewed by Wenson Hsieh.
2501
2502         * editing/ios/EditorIOS.mm:
2503         (WebCore::Editor::WebContentReader::readURL):
2504         The AppSupport soft link was wrong, as there is no such framework in /System/Library/Frameworks.
2505         Thus, any time we hit this codepath, the soft linked function would be null, and calling it would crash.
2506         Instead of just fixing the soft link, remove the code, because it does not seem necessary to
2507         special-case fileURLs to images in the media directory.
2508
2509 2017-05-15  Eric Carlson  <eric.carlson@apple.com>
2510
2511         ASSERTION FAILED: wasRemoved in WebCore::RealtimeMediaSourceCenter::removeDevicesChangedObserver(DevicesChangedObserverToken)
2512         https://bugs.webkit.org/show_bug.cgi?id=171529
2513         <rdar://problem/31945791>
2514
2515         Reviewed by Jer Noble.
2516
2517         No new tests, fixes a crash in existing tests.
2518
2519         * Modules/mediastream/MediaDevices.cpp:
2520         (WebCore::MediaDevices::MediaDevices): Use a weak ptr.
2521
2522         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
2523         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
2524         (WebCore::observerMap):  Use a static hash map for observers because the
2525         source center can change at runtime.
2526         (WebCore::RealtimeMediaSourceCenter::addDevicesChangedObserver):
2527         (WebCore::RealtimeMediaSourceCenter::removeDevicesChangedObserver):
2528         (WebCore::RealtimeMediaSourceCenter::captureDevicesChanged):
2529
2530 2017-05-15  Brent Fulgham  <bfulgham@apple.com>
2531
2532         [iOS WK1] Do not try to dispatch messages to subframes if their documents have not been constructed yet.
2533         https://bugs.webkit.org/show_bug.cgi?id=172059
2534         <rdar://problem/31963192>
2535
2536         Reviewed by Zalan Bujtas.
2537
2538         On iOS WK1 we can end up in an inconsistent state, where
2539         1. The web thread is inside a newly-injected iframe's document's constructor and
2540         2. waiting on a delegate callback on the main thread
2541         while the main thread
2542         (a) Evaluates arbitrary JavaScript that modifies storage which
2543         (b) Triggers an event dispatch.
2544  
2545         * storage/StorageEventDispatcher.cpp:
2546         (WebCore::StorageEventDispatcher::dispatchSessionStorageEvents): If the sub-frame's document
2547         is in an inconsistent state, skip it.
2548         (WebCore::StorageEventDispatcher::dispatchLocalStorageEvents): Ditto.
2549         (WebCore::StorageEventDispatcher::dispatchSessionStorageEventsToFrames): Ditto.
2550         (WebCore::StorageEventDispatcher::dispatchLocalStorageEventsToFrames): Ditto.
2551
2552 2017-05-15  Zalan Bujtas  <zalan@apple.com>
2553
2554         Simple line layout: Leading whitespace followed by a <br> produces an extra linebreak.
2555         https://bugs.webkit.org/show_bug.cgi?id=172076
2556
2557         Reviewed by Antti Koivisto.
2558
2559         When the collapsed whitespace does not fit the line, we need to push it to the next line
2560         so that we can decide whether any soft/hard linebreak should be skipped (to avoid double line breaks) or not.
2561
2562         Test: fast/text/simple-line-layout-leading-whitespace-with-soft-hard-linebreak.html
2563
2564         * rendering/SimpleLineLayout.cpp:
2565         (WebCore::SimpleLineLayout::consumeLineBreakIfNeeded): special handling <br>
2566         (WebCore::SimpleLineLayout::firstFragment): Now we need to deal with leading collapsed whitespace.
2567         (WebCore::SimpleLineLayout::createLineRuns): We need to push even the collapsed whitespace to the next line.
2568
2569 2017-05-15  Nael Ouedraogo  <nael.ouedraogo@crf.canon.fr>
2570
2571         Invalid MediaSource duration value should throw TyperError instead of InvalidStateError
2572         https://bugs.webkit.org/show_bug.cgi?id=171653
2573
2574         Reviewed by Chris Dumez.
2575
2576         Modify MediaSource::setDuration to throw a TypeError when duration value is invalid as per MSE specification
2577         (https://www.w3.org/TR/2016/REC-media-source-20161117/#dom-mediasource-duration).
2578
2579         Update expectations of corresponding WPT test.
2580
2581         * Modules/mediasource/MediaSource.cpp:
2582         (WebCore::MediaSource::setDuration):
2583         (WebCore::MediaSource::setDurationInternal):
2584
2585 2017-05-15  Gwang Yoon Hwang  <yoon@igalia.com>
2586
2587         [CAIRO] Painting an image mask with a matrix above Pixman's limit breaks internal states of Cairo
2588         https://bugs.webkit.org/show_bug.cgi?id=169094
2589
2590         Reviewed by Žan Doberšek.
2591
2592         It is the same problem which addressed in r212431.
2593         In HiDPI situation, it happens easily due to the size of coordinates.
2594         Also, if this bug happens, it will break the rendering continuously
2595         since we are reusing graphics contexts to render webpages in same
2596         webview.
2597
2598         Test: fast/hidpi/hidpi-long-page-with-inset-element.html
2599
2600         * platform/graphics/cairo/PlatformContextCairo.cpp:
2601         (WebCore::PlatformContextCairo::pushImageMask):
2602         We can avoid the limit of the Pixman by reducing the source surface's
2603         size, and it will create a minimal pattern matrix.
2604
2605 2017-05-14  Zan Dobersek  <zdobersek@igalia.com>
2606
2607         Unreviewed build fix with newer Perl versions.
2608
2609         * bindings/scripts/CodeGeneratorJS.pm:
2610         (AddLegacyCallerOperationIfNeeded): Support for experimental push on scalar (and
2611         other auto-dereferencing) was removed in Perl 5.24. Instead, the LegacyCallers array
2612         has to be dereferenced when pushing new values to it.
2613
2614 2017-05-14  Sam Weinig  <sam@webkit.org>
2615
2616         [WebIDL/DOM] Remove need for custom bindings for HTMLAllCollection and bring up to spec
2617         https://bugs.webkit.org/show_bug.cgi?id=172095
2618
2619         Reviewed by Darin Adler.
2620
2621         - Adds support for the legacycaller WebIDL special annotation.
2622         - Updates implementation of HTMLAllCollection to match the current HTML spec.
2623
2624         Test: fast/dom/document-all.html
2625
2626         * CMakeLists.txt:
2627         * WebCore.xcodeproj/project.pbxproj:
2628         * bindings/js/JSBindingsAllInOne.cpp:
2629         * bindings/js/JSHTMLAllCollectionCustom.cpp: Removed.
2630         Removed JSHTMLAllCollectionCustom.cpp
2631
2632         * bindings/scripts/CodeGeneratorJS.pm:
2633         (GenerateInterface):
2634         (AddLegacyCallerOperationIfNeeded):
2635         Before code generation, clone all the legacycaller operations and put them
2636         in their own set, so they can form an overload set.
2637         
2638         (AddStringifierOperationIfNeeded):
2639         Use IDLParser::cloneType as the FIXME suggested.
2640
2641         (GenerateHeader):
2642         Group call related functionality together and use new IsCallable predicate.
2643
2644         (GenerateOverloadedFunctionOrConstructor):
2645         Generalize a little bit to allow the function being overloaded to be an overloaded legacycaller.
2646
2647         (GenerateImplementation):
2648         Add call to generate the legacycaller code.
2649
2650         (GenerateLegacyCallerDefinitions):
2651         (GenerateLegacyCallerDefinition):
2652         Generate the legacycaller definition, using GenerateArgumentsCountCheck, GenerateParametersCheck
2653         and GenerateImplementationFunctionCall to do all the heavy lifting.
2654
2655         (IsCallable):
2656         Add helper predicate for both custom calls and legacycaller.
2657
2658         * bindings/scripts/IDLParser.pm:
2659         (cloneType):.
2660         (cloneArgument):.
2661         (cloneOperation):
2662         Add cloning functions for IDLArgument and IDLOperation, and make IDLType's
2663         clone feasible for calling outside the package by removing the unneeded 
2664         self parameter.
2665
2666         * bindings/scripts/test/JS/JSTestObj.cpp
2667         * bindings/scripts/test/JS/JSTestObj.h
2668         * bindings/scripts/test/TestObj.idl:
2669         Add testing of legacycaller overloading.
2670
2671         * dom/Document.cpp:
2672         (WebCore::Document::allFilteredByName):
2673         * dom/Document.h:
2674         Add new collection access for the HTMLAllNamedSubCollection.
2675
2676         * html/CachedHTMLCollection.h:
2677         (WebCore::nameShouldBeVisibleInDocumentAll):
2678         Update list of tags to match the current spec.
2679
2680         * html/CollectionType.h:
2681         Add new type for HTMLAllNamedSubCollection.
2682
2683         * html/GenericCachedHTMLCollection.cpp:
2684         (WebCore::GenericCachedHTMLCollection<traversalType>::elementMatches):
2685         Specify that DocumentAllNamedItems does not want
2686         the default elementMatches.
2687  
2688         * html/HTMLAllCollection.cpp:
2689         (WebCore::HTMLAllCollection::namedOrIndexedItemOrItems):
2690         (WebCore::HTMLAllCollection::namedItemOrItems):
2691         (WebCore::HTMLAllNamedSubCollection::~HTMLAllNamedSubCollection):
2692         (WebCore::HTMLAllNamedSubCollection::elementMatches):
2693         * html/HTMLAllCollection.h:
2694         Move implementations from the custom binding, and re-implement to
2695         match the spec. Alternate names to item/namedItem were needed to not
2696         shadow the existing ones in HTMLCollection. HTMLAllNamedSubCollection
2697         is a simple HTMLCollection that matches on a name, following the rules
2698         of document.all about which tags can have name attributes.
2699
2700         * html/HTMLAllCollection.idl:
2701         Remove custom annotations and add legacycaller which is now supported.
2702
2703         * html/HTMLCollection.cpp:
2704         (WebCore::invalidationTypeExcludingIdAndNameAttributes):
2705         (WebCore::HTMLCollection::~HTMLCollection):
2706         Add DocumentAllNamedItems.
2707
2708 2017-05-14  Zalan Bujtas  <zalan@apple.com>
2709
2710         Remove unused lambda in TextFragmentIterator::TextFragment::split() and cleanup dependencies.
2711         https://bugs.webkit.org/show_bug.cgi?id=172089
2712
2713         Reviewed by David Kilzer.
2714
2715         * rendering/SimpleLineLayout.cpp:
2716         (WebCore::SimpleLineLayout::splitFragmentToFitLine):
2717         * rendering/SimpleLineLayoutTextFragmentIterator.h:
2718         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::split):
2719         (WebCore::SimpleLineLayout::TextFragmentIterator::TextFragment::splitWithHyphen):
2720
2721 2017-05-13  David Kilzer  <ddkilzer@apple.com>
2722
2723         Unused lambda in JSWebKitSubtleCrypto::wrapKey()
2724         <https://webkit.org/b/172087>
2725
2726         Reviewed by Chris Dumez.
2727
2728         Fixes the following warning with newer clang:
2729
2730             Source/WebCore/bindings/js/JSWebKitSubtleCryptoCustom.cpp:594:35: error: lambda capture 'keyFormat' is not used [-Werror,-Wunused-lambda-capture]
2731                 auto exportSuccessCallback = [keyFormat, algorithm, parameters, wrappingKey, wrapper](const Vector<uint8_t>& exportedKeyData) mutable {
2732                                               ^
2733
2734         * bindings/js/JSWebKitSubtleCryptoCustom.cpp:
2735         (WebCore::JSWebKitSubtleCrypto::wrapKey): Remove unused lambda.
2736
2737 2017-05-13  Eric Carlson  <eric.carlson@apple.com>
2738
2739         [MediaStream] deviceId constraint doesn't work with getUserMedia
2740         https://bugs.webkit.org/show_bug.cgi?id=171877
2741         <rdar://problem/31899730>
2742
2743         Reviewed by Jer Noble.
2744
2745         Test: fast/mediastream/get-user-media-device-id.html
2746
2747         * Modules/mediastream/MediaConstraintsImpl.h:
2748         (WebCore::MediaConstraintsData::MediaConstraintsData): Add a constructor that 
2749         takes a const MediaConstraints&.
2750
2751         * Modules/mediastream/MediaDevices.cpp:
2752         (WebCore::MediaDevices::~MediaDevices): m_deviceChangedToken is a std::optional<>.
2753         * Modules/mediastream/MediaDevices.h:
2754
2755         * Modules/mediastream/MediaDevicesEnumerationRequest.cpp:
2756         (WebCore::MediaDevicesEnumerationRequest::topLevelDocumentOrigin): Don't return
2757         NULL for the main frame so the origin matches that returned for a UserMediaRequest.
2758
2759         * Modules/mediastream/UserMediaController.h:
2760         (WebCore::UserMediaController::setDeviceIDHashSalt): Deleted, not used.
2761         (WebCore::UserMediaController::deviceIDHashSalt): Deleted, not used.
2762
2763         * Modules/mediastream/UserMediaRequest.cpp:
2764         (WebCore::UserMediaRequest::allow): Add device ID hash salt parameter, set it on
2765         constraints.
2766         * Modules/mediastream/UserMediaRequest.h:
2767
2768         * platform/mediastream/MediaConstraints.h:
2769         * platform/mediastream/RealtimeMediaSource.cpp:
2770         (WebCore::RealtimeMediaSource::fitnessDistance): ASSERT if called for DeviceId.
2771         (WebCore::RealtimeMediaSource::selectSettings): Special case DeviceId because it
2772         we have to hash the device ID before comparing, and because the DeviceId can't be
2773         changed so it should never be added to the flattened constraints.
2774         (WebCore::RealtimeMediaSource::supportsConstraints):
2775         (WebCore::RealtimeMediaSource::applyConstraints):
2776         * platform/mediastream/RealtimeMediaSource.h:
2777
2778         * platform/mediastream/RealtimeMediaSourceCenter.cpp:
2779         (WebCore::RealtimeMediaSourceCenter::validateRequestConstraints): Implement.
2780         * platform/mediastream/RealtimeMediaSourceCenter.h:
2781
2782         * platform/mediastream/RealtimeMediaSourceSupportedConstraints.cpp:
2783         (WebCore::RealtimeMediaSourceSupportedConstraints::nameForConstraint): Deleted, unused.
2784         (WebCore::RealtimeMediaSourceSupportedConstraints::constraintFromName): Deleted, unused.
2785         * platform/mediastream/RealtimeMediaSourceSupportedConstraints.h:
2786
2787         * platform/mediastream/mac/AVVideoCaptureSource.mm:
2788         * platform/mediastream/mac/RealtimeMediaSourceCenterMac.cpp:
2789         (WebCore::RealtimeMediaSourceCenterMac::bestSourcesForTypeAndConstraints): Pass device
2790         id, not empty string.
2791         (WebCore::RealtimeMediaSourceCenterMac::validateRequestConstraints): Deleted.
2792         * platform/mediastream/mac/RealtimeMediaSourceCenterMac.h:
2793
2794         * platform/mock/MockRealtimeMediaSourceCenter.cpp:
2795         (WebCore::MockRealtimeMediaSourceCenter::validateRequestConstraints): Deleted.
2796         * platform/mock/MockRealtimeMediaSourceCenter.h:
2797
2798 2017-05-13  Chris Dumez  <cdumez@apple.com>
2799
2800         Stop using RefPtr::release()
2801         https://bugs.webkit.org/show_bug.cgi?id=172074
2802
2803         Reviewed by Geoffrey Garen.
2804
2805         * css/parser/CSSPropertyParser.cpp:
2806         (WebCore::FontVariantLigaturesParser::finalizeValue):
2807         (WebCore::FontVariantNumericParser::finalizeValue):
2808         * css/parser/CSSPropertyParserHelpers.cpp:
2809         (WebCore::CSSPropertyParserHelpers::CalcParser::consumeValue):
2810         * loader/SubresourceLoader.cpp:
2811         (WebCore::SubresourceLoader::create):
2812         * loader/archive/mhtml/MHTMLArchive.cpp:
2813         (WebCore::MHTMLArchive::generateMHTMLData):
2814         * loader/archive/mhtml/MHTMLArchive.h:
2815         * loader/archive/mhtml/MHTMLParser.cpp:
2816         (WebCore::MHTMLParser::parseArchiveWithHeader):
2817         * platform/audio/ios/AudioFileReaderIOS.cpp:
2818         (WebCore::AudioFileReader::createBus):
2819         * platform/glib/SharedBufferGlib.cpp:
2820         (WebCore::SharedBuffer::createFromReadingFile):
2821         * platform/graphics/ca/win/CACFLayerTreeHost.cpp:
2822         (WebCore::CACFLayerTreeHost::create):
2823         * platform/graphics/cairo/CairoUtilities.cpp:
2824         (WebCore::copyCairoImageSurface):
2825         * platform/graphics/cairo/ImageBufferCairo.cpp:
2826         (WebCore::getImageData):
2827         * platform/graphics/gtk/IconGtk.cpp:
2828         (WebCore::Icon::createIconForFiles):
2829         * platform/graphics/win/FontCacheWin.cpp:
2830         (WebCore::FontCache::systemFallbackForCharacters):
2831         * platform/win/SharedBufferWin.cpp:
2832         (WebCore::SharedBuffer::createFromReadingFile):
2833
2834 2017-05-13  Javier Fernandez  <jfernandez@igalia.com>
2835
2836         [css-align] Implement the place-self shorthand
2837         https://bugs.webkit.org/show_bug.cgi?id=168846
2838
2839         Reviewed by Zalan Bujtas.
2840
2841         The CSS Box Alignment specification defines a new shorthand to set the
2842         Content Alignment properties (align-self and justify-self) at the
2843         same time.
2844
2845         This patch provides the implementation of the CSS parsing logic and the
2846         required regression tests.
2847
2848         Test: css3/parse-place-self.html
2849
2850         * css/CSSComputedStyleDeclaration.cpp:
2851         (WebCore::ComputedStyleExtractor::propertyValue):
2852         * css/CSSProperties.json:
2853         * css/StyleProperties.cpp:
2854         (WebCore::StyleProperties::getPropertyValue):
2855         * css/parser/CSSPropertyParser.cpp:
2856         (WebCore::CSSPropertyParser::consumePlaceSelfShorthand):
2857         (WebCore::CSSPropertyParser::parseShorthand):
2858         * css/parser/CSSPropertyParser.h:
2859
2860 2017-05-13  Commit Queue  <commit-queue@webkit.org>
2861
2862         Unreviewed, rolling out r216801.
2863         https://bugs.webkit.org/show_bug.cgi?id=172072
2864
2865         Many memory corruption crashes on worker threads (Requested by
2866         ap on #webkit).
2867
2868         Reverted changeset:
2869
2870         "WorkerRunLoop::Task::performTask() should check
2871         !scriptController->isTerminatingExecution()."
2872         https://bugs.webkit.org/show_bug.cgi?id=171775
2873         http://trac.webkit.org/changeset/216801
2874
2875 2017-05-13  Zalan Bujtas  <zalan@apple.com>
2876
2877         AccessibilityRenderObject::textUnderElement needs to assert on unclean tree.
2878         https://bugs.webkit.org/show_bug.cgi?id=172065
2879
2880         Reviewed by Simon Fraser.
2881
2882         r192103 changed the assert logic incorrectly. If the tree is dirty, regardless of the renderer's type,
2883         TextIterator will end up forcing style update/layout on the render tree.
2884         The original assert would have hit with bug 171546 prior to r216726.
2885
2886         * accessibility/AccessibilityRenderObject.cpp:
2887         (WebCore::AccessibilityRenderObject::textUnderElement):
2888
2889 2017-05-12  Simon Fraser  <simon.fraser@apple.com>
2890
2891         event.clientX/clientY should be in layout viewport coordinates
2892         https://bugs.webkit.org/show_bug.cgi?id=172018
2893
2894         Reviewed by Zalan Bujtas.
2895
2896         Fix clientX and clientY on mouse events to be relative to the layout viewport, to match
2897         getBoundingClientRect(), getClientRects() and fixed-position objects.
2898
2899         Also minor cleanup of MouseRelatedEvent to use initializers.
2900
2901         Test: fast/visual-viewport/client-coordinates-relative-to-layout-viewport.html
2902
2903         * dom/MouseRelatedEvent.cpp:
2904         (WebCore::MouseRelatedEvent::MouseRelatedEvent):
2905         (WebCore::MouseRelatedEvent::init):
2906         (WebCore::MouseRelatedEvent::initCoordinates):
2907         (WebCore::contentsScrollOffset): Deleted.
2908         * dom/MouseRelatedEvent.h:
2909
2910 2017-05-12  Sam Weinig  <sam@webkit.org>
2911
2912         [WebIDL] Remove need for custom binding for Worker constructor
2913         https://bugs.webkit.org/show_bug.cgi?id=172050
2914
2915         Reviewed by Chris Dumez.
2916
2917         * CMakeLists.txt:
2918         * WebCore.xcodeproj/project.pbxproj:
2919         * bindings/js/JSWorkerCustom.cpp: Removed.
2920         Remove JSWorkerCustom.cpp
2921
2922         * bindings/scripts/CodeGeneratorJS.pm:
2923         (GenerateCallWith):
2924         * bindings/scripts/IDLAttributes.json:
2925         Add RuntimeFlags as a new option for the ConstructorCallWith extended attribute.
2926
2927         * workers/Worker.cpp:
2928         (WebCore::Worker::create):
2929         * workers/Worker.h:
2930         Update order of arguments to appease the generator.
2931
2932         * workers/Worker.idl:
2933         Add extended attributes for the constructor.
2934
2935 2017-05-12  Simon Fraser  <simon.fraser@apple.com>
2936
2937         The rects returned by Element/Range.getClientRects() should not be rounded
2938         https://bugs.webkit.org/show_bug.cgi?id=172057
2939
2940         Reviewed by Chris Dumez.
2941
2942         Fix createDOMRectVector() to not expand the rects to integer boundaries (which
2943         quad.enclosingBoundingBox() does), but to return rects with floating point
2944         values. This matches Chrome and Firefox, and matches getBoundingClientRect(),
2945         which does not integral snap.
2946
2947         * dom/DOMRect.cpp:
2948         (WebCore::createDOMRectVector):
2949
2950 2017-05-12  Jiewen Tan  <jiewen_tan@apple.com>
2951
2952         Elements should be inserted into a template element as its content's last child
2953         https://bugs.webkit.org/show_bug.cgi?id=171373
2954         <rdar://problem/31862949>
2955
2956         Reviewed by Ryosuke Niwa.
2957
2958         Before this change, our HTML parser obeys the following premises:
2959         1) A fostering child whose parent is a table should be inserted before its parent and under its grandparent.
2960         2) When inserting into a template element, an element should be inserted into its content.
2961
2962         Let's walk through the example:
2963         a) Before eventhandler takes place
2964         template
2965         table
2966             svg <- parser
2967         b) After eventhandler takes place
2968         template
2969             table
2970                 svg <- parser
2971         c) after parsing svg
2972         template
2973             content
2974                 svg
2975                 (table)
2976             table
2977
2978         Finally, in the example, the svg element will be inserted into the content of the template element while
2979         having its next sibling point to the table element. However, the table element is actually under the
2980         template element not its content.
2981
2982         This messy tree is constructed because the second premise is incompleted. It should be: When inserting into
2983         a template element, an element should be inserted into its content as its last child.
2984         Quoted from Step 3 of https://html.spec.whatwg.org/multipage/syntax.html#appropriate-place-for-inserting-a-node
2985         A correct tree will then looks like:
2986         template
2987             content
2988                 svg
2989             table
2990
2991         Tests: fast/dom/HTMLTemplateElement/insert-fostering-child-crash.html
2992                fast/dom/HTMLTemplateElement/insert-fostering-child.html
2993
2994         * html/parser/HTMLConstructionSite.cpp:
2995         (WebCore::insert):
2996         By nullifying task.nextChild, it will force the parser to append the element as task.parent's last child.
2997
2998 2017-05-12  Alex Christensen  <achristensen@webkit.org>
2999
3000         Rename WKContentExtension to WKContentRuleList
3001         https://bugs.webkit.org/show_bug.cgi?id=172053
3002         <rdar://problem/32141005>
3003
3004         Reviewed by Geoffrey Garen.
3005
3006         Covered by existing API tests.
3007
3008         * English.lproj/Localizable.strings:
3009
3010 2017-05-12  Timothy Horton  <timothy_horton@apple.com>
3011
3012         Don't use LinkPresentation URL shortening if it's not available
3013         https://bugs.webkit.org/show_bug.cgi?id=172064
3014         <rdar://problem/32169232>
3015
3016         Rubber-stamped by Wenson Hsieh.
3017
3018         * platform/mac/DragImageMac.mm:
3019         (WebCore::LinkImageLayout::LinkImageLayout):
3020         * platform/spi/cocoa/LinkPresentationSPI.h:
3021
3022 2017-05-11  Simon Fraser  <simon.fraser@apple.com>
3023
3024         Incorrect position when dragging jQuery Draggable elements with position fixed after pinch zoom
3025         https://bugs.webkit.org/show_bug.cgi?id=171113
3026         rdar://problem/31746516
3027
3028         Reviewed by Tim Horton.
3029
3030         Make getBoundingClientRect() and getClientRects() return rects which are relative to the layout
3031         viewport, rather than the visual viewport. This goes part of the way to fixing webkit.org/b/170981,
3032         which aims to make pinch-zoom invisible to web pages ("inert visual viewport"). It fixes issues on various
3033         sites like Facebook when zoomed.
3034
3035         Factor coordinate conversion code into functions on FrameView, which now documents
3036         the various coordinate systems in a big comment. Document::adjustFloatQuadsForScrollAndAbsoluteZoomAndFrameScale()
3037         and Document::adjustFloatRectForScrollAndAbsoluteZoomAndFrameScale() are renamed and factored
3038         to use these helpers.
3039
3040         There are two behavior changes here:
3041
3042         1. FrameView::documentToClientOffset() now uses the origin of the layout viewport in the "document to client"
3043            coordinate mapping.
3044            
3045         2. The two document functions would apply the scale and offset in the wrong order. We need
3046            to first undo the effects of CSS zoom, page zoom and page scale, and then map from document
3047            to client coordinates.
3048
3049         Tests: fast/visual-viewport/client-rects-relative-to-layout-viewport.html
3050                fast/zooming/client-rects-with-css-and-page-zoom.html
3051
3052         * dom/Document.cpp:
3053         (WebCore::Document::convertAbsoluteToClientQuads):
3054         (WebCore::Document::convertAbsoluteToClientRect):
3055         (WebCore::Document::adjustFloatQuadsForScrollAndAbsoluteZoomAndFrameScale): Deleted.
3056         (WebCore::Document::adjustFloatRectForScrollAndAbsoluteZoomAndFrameScale): Deleted.
3057         * dom/Document.h:
3058         * dom/Element.cpp:
3059         (WebCore::Element::getClientRects):
3060         (WebCore::Element::getBoundingClientRect):
3061         * dom/Range.cpp:
3062         (WebCore::Range::borderAndTextQuads):
3063         * page/FrameView.cpp:
3064         (WebCore::FrameView::absoluteToDocumentScaleFactor):
3065         (WebCore::FrameView::absoluteToDocumentRect):
3066         (WebCore::FrameView::absoluteToDocumentPoint):
3067         (WebCore::FrameView::documentToClientOffset):
3068         (WebCore::FrameView::documentToClientRect):
3069         (WebCore::FrameView::documentToClientPoint):
3070         * page/FrameView.h:
3071         * platform/ScrollableArea.h: #pragma once
3072         * platform/Scrollbar.h: #pragma once
3073         * platform/Widget.h: #pragma once
3074
3075 2017-05-12  Mark Lam  <mark.lam@apple.com>
3076
3077         WorkerRunLoop::Task::performTask() should check !scriptController->isTerminatingExecution().
3078         https://bugs.webkit.org/show_bug.cgi?id=171775
3079         <rdar://problem/30975761>
3080
3081         Reviewed by Saam Barati.
3082
3083         Currently, WorkerThread::stop() calls scheduleExecutionTermination() to terminate
3084         JS execution first, followed by posting a cleanup task to the worker, and lastly,
3085         it invokes terminate() on the WorkerRunLoop.
3086
3087         As a result, before the run loop is terminated, the worker thread may observe the
3088         TerminatedExecutionException in JS code, bail out, see another JS task to run,
3089         re-enters the VM to run said JS code, and fails with an assertion due to the
3090         TerminatedExecutionException still being pending on VM entry.
3091
3092         WorkerRunLoop::Task::performTask() already has a check to only allow a task to
3093         run if and only if !runLoop.terminated() and the task is not a clean up task.
3094         We'll fix the above race by changing WorkerRunLoop::Task::performTask() to check
3095         !context->script()->isTerminatingExecution() instead of !runLoop.terminated().
3096         Since WorkerThread::stop() always scheduleExecutionTermination() before it
3097         terminates the run loop, !context->script()->isTerminatingExecution() implies
3098         !runLoop.terminated().
3099
3100         The only time that runLoop is terminated without scheduleExecutionTermination()
3101         being called is when WorkerThread::stop() is called before the WorkerThread has
3102         finished creating its WorkerGlobalScope.  In this scenario, WorkerThread::stop()
3103         will still terminate the run loop.  Hence, after the WorkerGlobalScope is created
3104         (in WorkerThread::workerThread()), we will check if the run loop has been
3105         terminated (i.e. stop() was called).  If so, we'll scheduleExecutionTermination()
3106         there, and guarantee that if runloop.terminated() is true, then
3107         context->script()->isTerminatingExecution() is also true.
3108
3109         Solutions that were considered but did not work (recorded for future reference):
3110
3111         1. In WorkerThread::stop(), call scheduleExecutionTermination() only after it
3112            posts the cleanup task and terminate the run loop.
3113
3114            This did not work because this creates a race where the worker thread may run
3115            the cleanup task before WorkerThread::stop() finishes.  As a result, the
3116            scriptController may be deleted before we get to invoke scheduleExecutionTermination()
3117            on it, thereby resulting in a use after free.
3118
3119            To make this work, we would have to change the life cycle management strategy
3120            of the WorkerScriptController.  This is a more risky change that we would
3121            want to take on at this time, and may also not be worth the gain.
3122
3123         2. Break scheduleExecutionTermination() up into 2 parts i.e. WorkerThread::stop()
3124            will:
3125            1. set the scriptControllers m_isTerminatingExecution flag before
3126               posting the cleanup task and terminating the run loop, and
3127            2. invoke VM::notifyNeedsTermination() after posting the cleanup task and
3128               terminating the run loop.
3129
3130            This requires that we protect the liveness of the VM until we can invoke
3131            notifyNeedsTermination() on it.
3132
3133            This did not work because:
3134            1. We may end up destructing the VM in WorkerThread::stop() i.e. in the main
3135               web frame, but only the worker thread holds the JS lock for the VM.
3136
3137               We can make the WorkerThread::stop() acquire the JS lock just before it
3138               releases the protected VM's RefPtr, but that would mean the main thread
3139               may be stuck waiting a bit for the worker thread to release its JSLock.
3140               This is not desirable.
3141
3142            2. In practice, changing the liveness period of the Worker VM relative to its
3143               WorkerScriptController and WorkerGlobalScope also has unexpected
3144               ramifications.  We observed many worker tests failing with assertion
3145               failures and crashes due to this change.
3146
3147            Hence, this approach is also a more risky change than it appears on the
3148            surface, and is not worth exploring at this time.
3149
3150         In the end, changing WorkerRunLoop::Task::performTask() to check for
3151         !scriptController->isTerminatingExecution() is the most straight forward solution
3152         that is easy to prove correct.
3153
3154         Also fixed a race in WorkerThread::workerThread() where it can delete the
3155         WorkerGlobalScope while WorkerThread::stop() is in the midst of accessing it.
3156         We now guard the the nullifying of m_workerGlobalScope with the
3157         m_threadCreationAndWorkerGlobalScopeMutex as well.
3158
3159         This issue is covered by an existing test that I just unskipped in TestExpectations.
3160
3161         * bindings/js/JSDOMPromiseDeferred.cpp:
3162         (WebCore::DeferredPromise::callFunction):
3163
3164         * bindings/js/WorkerScriptController.cpp:
3165         (WebCore::WorkerScriptController::scheduleExecutionTermination):
3166         - Added a check to do nothing and return early if the scriptController is already
3167           terminating execution.
3168
3169         * workers/WorkerRunLoop.cpp:
3170         (WebCore::WorkerRunLoop::runInMode):
3171         (WebCore::WorkerRunLoop::runCleanupTasks):
3172         (WebCore::WorkerRunLoop::Task::performTask):
3173
3174         * workers/WorkerRunLoop.h:
3175         - Made Task::performTask() private and make Task befriend the WorkerRunLoop class.
3176           This ensures that only the WorkerRunLoop may call performTask().
3177           Note: this change only formalizes and hardens a relationship that was already
3178           in place before this.
3179
3180         * workers/WorkerThread.cpp:
3181         (WebCore::WorkerThread::start):
3182         (WebCore::WorkerThread::workerThread):
3183         (WebCore::WorkerThread::stop):
3184         * workers/WorkerThread.h:
3185         - Renamed m_threadCreationMutex to m_threadCreationAndWorkerGlobalScopeMutex so
3186           that it more accurately describes what it guards.
3187
3188 2017-05-12  Zalan Bujtas  <zalan@apple.com>
3189
3190         [iOS WK1] Do not try to layout a subframe if its document has not been constructed yet.
3191         https://bugs.webkit.org/show_bug.cgi?id=172042
3192         <rdar://problem/32084098>
3193
3194         Reviewed by Antti Koivisto.
3195
3196         On iOS WK1 we can end up in an inconsistent state, where 
3197         1. the web thread is inside a newly injected iframe's document's c'tor and 
3198         2. waiting on a delegate callback on the main thread
3199         while the main thread
3200         1. executes a pending didLayout() task
3201         2. triggers layout on the newly injected iframe.
3202
3203         * rendering/RenderWidget.cpp:
3204         (WebCore::RenderWidget::updateWidgetPosition):
3205
3206 2017-05-11  Jiewen Tan  <jiewen_tan@apple.com>
3207
3208         Check existence of a page before accessing its plugins
3209         https://bugs.webkit.org/show_bug.cgi?id=171712
3210         <rdar://problem/32007806>
3211
3212         Reviewed by Brent Fulgham.
3213
3214         Test: plugins/navigator-plugin-crash.html
3215
3216         * plugins/DOMPlugin.cpp:
3217         (WebCore::DOMPlugin::item):
3218         (WebCore::DOMPlugin::namedItem):
3219
3220 2017-05-12  Simon Fraser  <simon.fraser@apple.com>
3221
3222         Add some logging for layer tree commits, and resize and orientation change events
3223         https://bugs.webkit.org/show_bug.cgi?id=172041
3224
3225         Reviewed by Tim Horton.
3226
3227         Add some logging that's useful during rotation investigations.
3228
3229         * dom/Document.cpp:
3230         (WebCore::Document::orientationChanged):
3231         * page/FrameView.cpp:
3232         (WebCore::FrameView::sendResizeEventIfNeeded):
3233
3234 2017-05-12  Romain Bellessort  <romain.bellessort@crf.canon.fr>
3235
3236         [Readable Streams API] Add ReadableStreamBYOBReader closed getter
3237         https://bugs.webkit.org/show_bug.cgi?id=172024
3238
3239         Reviewed by Youenn Fablet.
3240
3241         Added tests to check closed getter behaviour.
3242
3243         * Modules/streams/ReadableStreamBYOBReader.js:
3244         (closed): Implemented.
3245
3246 2017-05-12  Andreas Kling  <akling@apple.com>
3247
3248         MediaResourceLoader shouldn't keep its HTMLMediaElement alive.
3249         https://bugs.webkit.org/show_bug.cgi?id=172032
3250         <rdar://problem/30816144>
3251
3252         Reviewed by Joseph Pecoraro.
3253
3254         Use a WeakPtr<HTMLMediaElement> in MediaResourceLoader instead, since the loader
3255         is retained by a NSURLSession object we hand over to AVFoundation.
3256
3257         This prevents AVFoundation from keeping entire documents alive outside our control.
3258
3259         * html/HTMLMediaElement.cpp:
3260         (WebCore::HTMLMediaElement::HTMLMediaElement):
3261         * html/HTMLMediaElement.h:
3262         (WebCore::HTMLMediaElement::createWeakPtr):
3263         * loader/MediaResourceLoader.cpp:
3264         (WebCore::MediaResourceLoader::MediaResourceLoader):
3265         (WebCore::MediaResourceLoader::requestResource):
3266         * loader/MediaResourceLoader.h:
3267
3268 2017-05-12  Andreas Kling  <akling@apple.com>
3269
3270         Memory pressure response should only do sync bmalloc scavenge in sync mode.
3271         https://bugs.webkit.org/show_bug.cgi?id=172035
3272
3273         Reviewed by Michael Saboff.
3274
3275         Only call WTF::releaseFastMallocFreeMemory() and his threading-related friends
3276         when releaseMemory() is invoked with Synchronous::Yes, or if it's a critical
3277         pressure response (maintaining the behavior added in r215775.)
3278
3279         * page/MemoryRelease.cpp:
3280         (WebCore::releaseMemory):
3281
3282 2017-05-12  Daniel Bates  <dabates@apple.com>
3283
3284         Cleanup: Use Ref instead of RefPtr to hold DOMWrapperWorld
3285         https://bugs.webkit.org/show_bug.cgi?id=171988
3286
3287         Reviewed by Chris Dumez.
3288
3289         * bindings/js/JSCustomElementInterface.cpp:
3290         (WebCore::JSCustomElementInterface::JSCustomElementInterface):
3291         (WebCore::JSCustomElementInterface::upgradeElement):
3292         (WebCore::JSCustomElementInterface::invokeCallback):
3293         * bindings/js/JSCustomElementInterface.h:
3294         * bindings/js/JSMutationCallback.cpp:
3295         (WebCore::JSMutationCallback::JSMutationCallback):
3296         (WebCore::JSMutationCallback::call):
3297         * bindings/js/JSMutationCallback.h:
3298         * bindings/js/ScheduledAction.cpp:
3299         (WebCore::ScheduledAction::ScheduledAction):
3300         (WebCore::ScheduledAction::execute):
3301         * bindings/js/ScheduledAction.h:
3302         (WebCore::ScheduledAction::ScheduledAction):
3303         * page/DOMWindowExtension.cpp:
3304         (WebCore::DOMWindowExtension::DOMWindowExtension):
3305         * page/DOMWindowExtension.h:
3306         (WebCore::DOMWindowExtension::world):
3307
3308 2017-05-12  Daniel Bates  <dabates@apple.com>
3309
3310         Cleanup: Make QueueTaskToEventLoopFunctionPtr take JSGlobalObject&
3311         https://bugs.webkit.org/show_bug.cgi?id=172021
3312
3313         Reviewed by Mark Lam.
3314
3315         * bindings/js/JSDOMGlobalObjectTask.cpp: Include header JSDOMGlobalObject.h.
3316         (WebCore::JSGlobalObjectTask::JSGlobalObjectTask): Change type of first argument from JSDOMGlobalObject*
3317         to JSDOMGlobalObject& and update code as necessary. Also, use C++11 brace initialization syntax
3318         for member initializer list.
3319         * bindings/js/JSDOMGlobalObjectTask.h: Remove header JSDOMGlobalObject.h and forward declare
3320         JSDOMGlobalObject and JSC::Microtask.
3321         * bindings/js/JSDOMWindowBase.cpp:
3322         (WebCore::JSDOMWindowMicrotaskCallback::create):
3323         (WebCore::JSDOMWindowMicrotaskCallback::JSDOMWindowMicrotaskCallback): Change type of first argument
3324         from JSDOMWindowBase* to JSDOMWindowBase& and update code as necessary. Also, use C++11 brace
3325         initialization syntax for member initializer list.
3326         (WebCore::JSDOMWindowBase::queueTaskToEventLoop):
3327         * bindings/js/JSDOMWindowBase.h:
3328         * bindings/js/JSWorkerGlobalScopeBase.cpp:
3329         (WebCore::JSWorkerGlobalScopeBase::queueTaskToEventLoop):
3330         * bindings/js/JSWorkerGlobalScopeBase.h:
3331
3332 2017-05-12  Jer Noble  <jer.noble@apple.com>
3333
3334         [MediaStream] Streams while play while page is in background can get "stuck" when page is forgrounded.
3335         https://bugs.webkit.org/show_bug.cgi?id=172022
3336
3337         Reviewed by Youenn Fablet.
3338
3339         When an AVSampleBufferDisplayLayer is disconnected from the CA renderer, none of its samples will be decoded
3340         and enqueued for rendering. Once the layer is attached to a renderer again, it's stuffed full of samples which
3341         will never be decoded as their decode time has long passed.
3342
3343         Pass the visibility state of the element through to the MediaPlayer so that MediaPlayerPrivateMediaStreamAVFObjC
3344         can flush its renderers when going from not visible -> visible.
3345
3346         * html/HTMLMediaElement.cpp:
3347         (WebCore::HTMLMediaElement::visibilityStateChanged):
3348         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
3349         * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
3350         (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::setVisible):
3351         * rendering/RenderVideo.cpp:
3352         (WebCore::RenderVideo::updatePlayer):
3353
3354 2017-05-12  Per Arne Vollan  <pvollan@apple.com>
3355
3356         Unreviewed Windows build fix.
3357
3358         * bindings/js/JSWebGLRenderingContextCustom.cpp:
3359
3360 2017-05-12  Antti Koivisto  <antti@apple.com>
3361
3362         Updating class name of a shadow host does not update the style applied by descendants of :host()
3363         https://bugs.webkit.org/show_bug.cgi?id=170762
3364         <rdar://problem/31572668>
3365
3366         Reviewed by Ryosuke Niwa.
3367
3368         We need to invalidate shadow tree style when host classes or attributes change if it may be
3369         affected by host rules.
3370
3371         Test: fast/shadow-dom/css-scoping-host-class-and-attribute-mutation.html
3372
3373         * css/RuleSet.cpp:
3374         (WebCore::isHostSelectorMatchingInShadowTree):
3375         (WebCore::RuleSet::addRule):
3376
3377             Check if we have :host selectors that affect shadow tree.
3378
3379         * css/RuleSet.h:
3380         (WebCore::RuleSet::hasHostPseudoClassRulesMatchingInShadowTree):
3381         * style/AttributeChangeInvalidation.cpp:
3382         (WebCore::Style::mayBeAffectedByHostRules):
3383         (WebCore::Style::AttributeChangeInvalidation::invalidateStyle):
3384
3385             Invalidate the whole subtree if there is a class change that may affect shadow tree style.
3386
3387         * style/ClassChangeInvalidation.cpp:
3388         (WebCore::Style::mayBeAffectedByHostRules):
3389         (WebCore::Style::ClassChangeInvalidation::invalidateStyle):
3390         * style/IdChangeInvalidation.cpp:
3391         (WebCore::Style::mayBeAffectedByHostRules):
3392         (WebCore::Style::IdChangeInvalidation::invalidateStyle):
3393
3394             Same for classes and ids.
3395             This should be refactored at some point to reduce copy-code.
3396
3397 2017-05-12  Carlos Garcia Campos  <cgarcia@igalia.com>
3398
3399         [GTK] ASSERTION FAILED: !m_flushingLayers
3400         https://bugs.webkit.org/show_bug.cgi?id=172025